Original URL: https://www.theregister.com/2013/02/21/us_revamped_cyber_strategy/

Obama's new cyber-security tactics finger corrupt staff, China

Hackers or the guy with root? Trouble is closer to home, warns White House

By John Leyden

Posted in Security, 21st February 2013 17:24 GMT

The White House has unveiled a fresh strategy for combating the theft of American trade secrets - days after a high-profile Chinese cyber-espionage campaign against US corporate giants was exposed.

The strategy, outlined in a 141-page report [PDF] published on Wednesday, focuses on a five-part plan featuring diplomatic efforts, cooperation with private industry to bolster information security, legislation, law enforcement operations and public education campaigns. The US Departments of Commerce, Defense, Homeland Security, Justice, State and Treasury; the Office of the Director of National Intelligence; and the Office of the United States Trade Representative were all involved in drawing up the strategy, and will all be involved in aspects of putting it into play.

The US government report, which cites numerous examples of Chinese espionage and a lesser number of attacks traced to Russia and the countries, makes a fascinating read.

Although recent news headlines focused on state-sponsored cyber-espionage, the new Administration Strategy on Mitigation of Theft of US Trade Secrets also highlights the role of corrupt company insiders in the pilfering of trade secrets. Cyber-espionage is presented as making an existing threat far worse:

Foreign economic collection and industrial espionage against the United States represent significant and growing threats to the nation’s prosperity and security. Cyberspace—where most business activity and development of new ideas now takes place — amplifies these threats by making it possible for malicious actors, whether they are corrupted insiders or foreign intelligence services (FIS), to quickly steal and transfer massive quantities of data while remaining anonymous and hard to detect

Other targets of industrial espionage include firms in Canada, France, Germany, the UK and South Korea as well as US corporations, who seem to bear the brunt of attacks. And what other Western intelligence sources are telling their US counterparts, as summarised in the strategy document, bears repeating: "Russia also is seen as an important actor in cyber-enabled economic collection and espionage against other countries, albeit a distant second to China."

The report states: "Trade-secret theft threatens American businesses, undermines national security, and places the security of the US economy in jeopardy. These acts also diminish US export prospects around the globe and put American jobs at risk."

A key section of the document blames most of this malfeasance on China:

Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the IC {intelligence community] cannot confirm who was responsible.

Russia’s intelligence services are conducting a range of activities to collect economic information and technology from US targets.

Some US allies and partners use their broad access to US institutions to acquire sensitive US economic and technology information, primarily through aggressive elicitation and other human intelligence (HUMINT) tactics. Some of these states have advanced cyber capabilities.

Seven of eight highlighted cases of trade-secret theft in early section of the report involve Chinese nationals or Chinese firms. The exception involves the alleged theft of Goldman Sachs' computing trading source code by an employee of Russian extraction. The Obama administration aims to clamp down on both corporate and state-sponsored trade secret theft.

A summary of the Department of Justice's economic espionage and trade-secret criminal cases since January 2009 lists 18 Chinese suspects, one South Korean and an Indian. It also lists a case involving an attempted sale of Akamai trade secrets to Israel that the Israelis actively helped in thwarting. All the cited cases involve current or former employees of negotiable morals rather than infiltration by outside hackers.

The report is noteworthy in listing the main targets of trade-secret theft: these include information and communications technology; military technologies (particularly marine systems and drones - unmanned aerial vehicles) and other aerospace technologies; and technologies in sectors likely to experience fast growth, such as clean energy; healthcare and pharmaceuticals; and natural resources (including oil and gas).

Intelligence agencies have "used independent hackers at times to augment their capabilities and act as proxies for intrusions, thereby providing plausible deniability", the report states. It singles out the use of the Iranian Cyber Army, a hacker group with links to the Iranian government, in "social engineering techniques to obtain control over internet domains and disrupt the political opposition" as an example of this so-called "hackers for hire" trend.

Other second-tier threats include hacktivists and Wikileaks:

Similarly, political or social activists may use the tools of economic espionage against US companies, agencies, or other entities, with disgruntled insiders leaking information about corporate trade secrets or critical US technology to 'hacktivist' groups like WikiLeaks.

Hacktivists are very much a footnote to the report which focuses on corrupt insiders - such as current and former employees - and state-sponsored hackers based in China as by far the most significant threat.

Cyber-espionage to swipe US trade secrets has been going on for the last six or seven years, we're told, but are occurring with increasing frequency and getting much more media attention of late. The new strategy brings together existing initiatives in diplomacy, promotion of best practice and law enforcement action rather than introducing anything more radical, such as active defence. Strategies involving active defence may involve anything from hacking back against attackers to deliberately feeding hackers misinformation and snaring them with honeypots. The policy document also omits mention of recent debates about charging foreign cyber-spies with hacking into US corporations.

Instead the emphasis is placed far more on the Cyber Intelligence Sharing and Protection Act, or CISPA, legislation designed to facilitate sharing of intelligence about cyber-attacks and talk of how suspicions of industrial scale trade-secret theft may impact international trade negotiations - such as the Trans Pacific Partnership. The threat of trade sanctions against China is raised as a possible move although it's not fully detailed.

The Obama administration's announcement follows a spate of admissions by US high-tech firms, including Apple and Facebook, that they've fallen victim to hacking attacks linked to Java-based browser exploits. A separate run of attacks using spear-phishing and custom malware to compromise systems was levelled at The New York Times and The Wall Street Journal.

A detailed report drawn from a long-running investigation by security response firm Mandiant blamed a Shanghai-based Chinese military unit for spearheading many cyber-espionage campaigns over several years. China has denied these claims, arguing that it has often been a victim of cyber-attacks and called for greater international cooperation. ®