[This article is originally published in theconversation.com written by Misha Ketchell - Uploaded by the Association Member: Jennifer Levin] 

With more than half of its 1.4 billion people online, the world’s most populous country is home to a slew of cyberspies and hackers. Indeed, China has likely stolen more secrets from businesses and governments than any other country.

Covert espionage is the main Chinese cyber threat to the U.S. While disruptive cyber attacks occasionally come from China, those that cause overt damage, like destroying data or causing power outages, are more common from the other top state threats, namely Russia, Iran, and North Korea.

But Chinese cyberaggression toward the U.S. has been evolving. Before their espionage became a serious threat, Chinese hackers were conducting disruptive cyber attacks against the U.S. and other countries.

Hackers unite

Chinese hackers were among the first to come together in defense of their country. Their first operation against the U.S. occurred in 1999 during the Kosovo conflict, when the U.S. inadvertently bombed the Chinese embassy in Belgrade, killing three Chinese reporters. The patriotic hackers planted messages denouncing “NATO’s brutal action” on several U.S. government websites.

Chinese hackers struck the U.S. again in 2001 after a Chinese fighter plane collided with a U.S. reconnaissance aircraft. The midair collision killed the Chinese pilot and led to the forced landing and detention of the American crew. Both Chinese and American hackers responded with disruptive cyberattacks, with the Chinese hackers defacing thousands of U.S.-based websites, including the White House site.

What is especially important about this incident, though, is what happened next. The People’s Daily, China’s Communist Party newspaper, issued an editorial decrying the attack against the White House. The paper called it, and the other attacks, “web terrorism” and “unforgivable acts violating the law.” On the anniversary of the incident in 2002, the government asked Chinese hackers to forgo further attacks against U.S.-based sites. They complied.

That was the last big cyber attack from Chinese patriotic hackers against the U.S. While Russia seems to condone, if not outright encourage or even sponsor, its patriotic hackers, China has taken a stance against that sort of activity, at least with respect to U.S.-based sites.

Targets at home

In addition to reining in its patriotic hackers, China appears to have refrained from conducting cyber attacks that cause overt damage to critical infrastructure in other countries, like the Russians did to Ukraine’s power grid. However, it has used disruptive cyber attacks to help enforce censorship policies within its own borders.

The Chinese government’s “Great Firewall” keeps internet users in China from accessing censored foreign sites such as those that advocate Tibetan autonomy. Users’ traffic is filtered based on domain names, internet addresses, and keywords in web addresses.

Chinese hackers have also used denial-of-service attacks to temporarily take out sites whose activity the government wants to block. These attacks overwhelm target servers with large amounts of activity, preventing others from using the sites and often knocking the servers offline.

Back in 1999, the government launched DoS attacks against foreign websites associated with Falun Gong, a spiritual movement banned in China. Then in 2011, a Chinese military TV program showed software tools being used in possible cyber attacks against Falun Gong sites in the U.S. The tools were developed by the Electrical Engineering University of China’s armed forces, the People’s Liberation Army.

More recently, in 2015, U.S. and other foreign users visiting sites running analytics software from the Chinese search engine provider Baidu unwittingly picked up malware. The malicious code was injected into traffic going back to the users by a device collocated with the Great Firewall. The malware then launched DDoS attacks against GreatFire.org, a site that helps Chinese users evade censorship, and the Chinese language edition of The New York Times.

Espionage at the forefront

By 2003, China’s interest in cyberespionage was apparent: A series of cyberintrusions that U.S. investigators code-named “Titan Rain” was traced back to computers in southern China. The hackers, believed by some to be from the Chinese army, had invaded and stolen sensitive data from computers belonging to the U.S. Department of Defense, defense contractors, and other government agencies.

Titan Rain was followed by a rash of espionage incidents that originated in China and were given code names like “Byzantine Hades,” “GhostNet” and “Aurora.” The thieves were after a wide range of data.

They stole intellectual property, including Google’s source code and designs for weapons systems. They took government secrets, including user names and passwords. And they compromised data associated with Chinese human rights activists, including their email messages. Typically, the intrusions started with spear-phishing.

In 2013, the American cyberintelligence firm Mandiant, now part of FireEye, issued a landmark report on a Chinese espionage group it named “Advanced Persistent Threat 1.” According to the report, APT1 had stolen hundreds of terabytes of data from at least 141 organizations since 2006.

The Mandiant report gave details of the operations and provided evidence linking those thefts to Unit 61398 of the People’s Liberation Army – and named five officers of the unit. This was the first time any security firm had publicly disclosed data tying a cyber operation against the U.S. to a foreign government. In 2014, the U.S. indicted the five Chinese officers for computer hacking and economic espionage.

Mandiant described APT1 as “one of more than 20 APT groups with origins in China.” Many of these are believed to be associated with the government. A report from the nonprofit Institute for Critical Infrastructure Technology describes 15 state-sponsored advanced persistent threat groups, including APT1 and two others associated with PLA units. The report does not identify sponsors for the remaining groups.

The Five-Year Plan

According to the institute, China’s espionage supports the country’s 13th Five-Year Plan (covering the years 2016 to 2020), which calls for technology innovations and socioeconomic reforms. The goal is “innovative, coordinated, green, open and inclusive growth.” The ICIT report said most of the technology needed to realize the plan will likely be acquired by stealing trade secrets from companies in other countries.

In its 2015 Global Threat Report, the American cyberintelligence firm CrowdStrike identified dozens of Chinese adversaries targeting business sectors that are key to the Five-Year Plan. It found 28 groups going after defense and law enforcement systems alone. Other sectors victimized worldwide included energy, transportation, government, technology, health care, finance, telecommunications, media, manufacturing, and agriculture.

China’s theft of military and trade secrets has been so rampant that editorial cartoonists Jeff Parker and Dave Granlund depicted it as “Chinese takeout.”

US-China agreement

In September 2015, President Obama met with China’s President Xi Jinping to address a range of issues affecting the two countries. With respect to economic espionage, they agreed that their governments would not conduct or knowingly support cyber-enabled theft of business secrets that would provide a competitive advantage to their commercial sectors. They did not agree to restrict government espionage, a practice that countries generally consider to be fair game.

In June 2016, FireEye reported that since 2014 there had been a dramatic drop in cyberespionage from 72 suspected China-based groups. FireEye attributed the reduction to several “factors including President Xi’s military and political initiatives, the widespread exposure of Chinese cyberoperations, and mounting pressure from the U.S. Government.” The ICIT believes China may also be asserting greater control over its operatives and focusing on unspecified high-priority targets.

The U.S.-China agreement also calls for the two countries to cooperate in fighting cybercrime. Just weeks after the deal was signed, China announced it had arrested hackers connected with the 2015 intrusions into the Office of Personnel Management’s database. Those had exposed highly sensitive personal and financial data of about 22 million federal employees seeking security clearances. The Washington Post observed that the arrests could “mark the first measure of accountability for what has been characterized as one of the most devastating breaches of U.S. government data in history.”

The cyber threat to the U.S. from China is mostly one of espionage, and even that threat seems to be declining. Nevertheless, companies need to be wary of losing their data, not just to China, but to any country or group seeking to profit from U.S. trade secrets and other sensitive data. That calls for staying ahead of the cybersecurity curve.

Categorized in Internet Privacy

Adylkuzz is believed to have infected more computers than WannaCry, using the same vulnerabilities (AFP Photo/Damien MEYER)

Paris (AFP) - Another large-scale, stealthy cyberattack is underway on a scale that could dwarf last week's assault on computers worldwide, a global cybersecurity firm told AFP on Wednesday.

The new attack targets the same vulnerabilities the WannaCry ransomware worm exploited but, rather than freeze files, uses the hundreds of thousands of computers believed to have been infected to mine virtual currency.

Following the detection of the WannaCry attack on Friday, researchers at Proofpoint discovered a new attack linked to WannaCry called Adylkuzz, said Nicolas Godier, a researcher at the computer security firm.

"It uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different purpose," he said.

Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to "mine" in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus.

Virtual currencies such as Monero and Bitcoin use the computers of volunteers to record transactions. They are said to "mine" for the currency and are occasionally rewarded with a piece of it.

Proofpoint said in a blog that symptoms of the attack include loss of access to shared Windows resources and degradation of PC and server performance, effects which some users may not notice immediately.

"As it is silent and doesn't trouble the user, the Adylkuzz attack is much more profitable for the cyber criminals. It transforms the infected users into unwitting financial supporters of their attackers," said Godier.

Proofpoint said it has detected infected machines that have transferred several thousand dollars worth of Monero to the creators of the virus.

The firm believes Adylkuzz has been on the loose since at least May 2, and perhaps even since April 24, but due to its stealthy nature was not immediately detected.

"We don't know how big it is" but "it's much bigger than WannaCry", Proofpoint's vice president for email products, Robert Holmes, told AFP.

A US official on Tuesday put the number of computers infected by WannaCry at over 300,000.

"We have seen that before -- malwares mining cryptocurrency -- but not this scale," said Holmes.

The WannaCry attack has sparked havoc in computer systems worldwide.

Britain's National Health Service, US package delivery giant FedEx, Spanish telecoms giant Telefonica and Germany's Deutsche Bahn rail network were among those hit.

While the rate of new infections has slowed, researchers at cybersecurity firm Check Point said the malware continues to spread rapidly.

And another expert added that despite a quick breakthrough that WannaCry to be slowed down, researchers don't fully understand it.

"The problem is that we're still not certain about the origin of the infections" as contrary to many previous attacks it wasn't via emails which deceive users into installing the virus, said the expert on condition of anonymity.

More attacks could be soon be underway as the hacker group TheShadowBrokers that leaked the vulnerabilities used by WannaCry and Adylkuzz has threatened to publish more.

It said in a post it would begin providing information monthly by subscription in June, saying that in addition to Windows 10 vulnerabilities it would include "compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs".

Source: This article was published yahoo.com By Julie CHARPENTRAT

Categorized in Internet Privacy

As the scope of cyber­se­cu­rity con­tinues to evolve, so, too, do the demands facing those entering the field. This has prompted many in higher edu­ca­tion to revisit the ques­tion: What’s the best way to pre­pare stu­dents to enter the field? And for those inter­ested in pur­suing a career in cyber­se­cu­rity to ask: What do I need to know?

During a round­table Tuesday morning, a panel of five experts in dif­ferent sectors—including finance, health­care, and higher education—discussed the com­plex nature of cyber­se­cu­rity and the “soft skills” required to suc­ceed in the ever- changing cyber landscape.

Titled “Cre­ating Aligned and Rel­e­vant Path­ways for Stu­dents” the event was co- hosted by Northeastern’s Lowell Insti­tute School and the Business- Higher Edu­ca­tion Forum.

The Lowell Insti­tute School offers sci­ence, tech­nology, and engi­neering bachelor’s degree com­ple­tion pro­grams for stu­dents who already have some col­lege credit. It also offers post- graduate stu­dents and pro­fes­sionals the oppor­tu­nity to pursue new or related careers in those growing industries.

Here are five tips for those looking to break into the cyber­se­cu­rity field, with insight from the round­table experts.

Be a good communicator

All five of the experts said they had inter­viewed a can­di­date for a cyber­se­cu­rity posi­tion who pos­sessed a strong tech­nical under­standing of run­ning a cyber­se­cu­rity oper­a­tion but who strug­gled to explain how it worked to someone without a tech­nology background.

This posed a grave problem for someone like Jim Graham, sales engi­neering man­ager at the cyber­se­cu­rity com­pany Imperva, whose busi­ness relies on employees’ ability to explain to other com­pa­nies what his can offer.

Or, for someone like Ari Seit­elman, infor­ma­tion assur­ance engi­neer at Raytheon, a U.S. defense con­tractor, who needs people within his team to be able to effec­tively com­mu­ni­cate with each other.

“Those com­mu­ni­ca­tion skills are impor­tant,” Seit­elman said. “The larger part is being able to trans­late these tech­nical solu­tions to your audi­ence. You have to make sure that you can not only com­mu­ni­cate what you’re doing, but artic­u­late these tech­nical solu­tions in a way that people who aren’t in that field can understand.”

Craig Ben­nett, director of cor­po­rate com­pli­ance at Dea­coness Med­ical Center, recalled joining the team at Dea­coness in 2004, when the hos­pital was in the midst of con­verting from paper med­ical files to dig­ital files.

“Some of the best people I dealt with from an IT per­spec­tive were those who came from dif­ferent dis­ci­plines,” he said, such as soci­ology or psy­chology. “They brought to the table that crit­ical thinking, which was really impor­tant in healthcare.”

Under­stand that cyber­se­cu­rity is “not just a tech­nical issue; it’s a human issue”

Cyber­se­cu­rity is more than just a neb­u­lous con­cept tucked into the deep web, the experts argued Tuesday.

Kemi Jona, founding director of the Lowell Insti­tute School and asso­ciate dean for under­grad­uate edu­ca­tion in the Col­lege of Pro­fes­sional Studies, said, “Cyber­se­cu­rity is not just a tech­nical issue; it’s a human issue, a sys­tems issue, an eth­ical issue—it impacts everything.”

In fact, Mark Nar­done, chief infor­ma­tion secu­rity officer at North­eastern, posited that cyber­se­cu­rity is hardly a tech­nology problem at all.

“If you look at the new aspects of cyber­crime, they’re just dig­i­tized ver­sions of the oldest con in the book: the con­fi­dence game,” he said. “That is, tricking someone using social engi­neering, just now through a dig­ital format.”

Dis­cern why people get conned

Graham said that the largest- scale cyber­at­tacks tend to stem from phishing—a tactic whereby a hacker scams an account holder into releasing impor­tant infor­ma­tion by posing as a legit­i­mate company.

If that’s the case, and if, like Nar­done said, cyber­se­cu­rity is just the latest ver­sion of the oldest trick in the book, then why do people keep falling for it? That’s what cyber­se­cu­rity teams have to figure out, said Michael Woodson, infor­ma­tion sys­tems secu­rity director at State Street Corp., a finan­cial ser­vices company.

“It’s a matter of saying, ‘Let’s peel back the onion and con­sider, what were they thinking? What did they do?’ It’s about taking a human approach to cyber­se­cu­rity,” Woodson said.

Main­tain a strong moral compass

There’s an eth­ical com­po­nent to cyber­se­cu­rity as well, par­tic­u­larly when it comes to teaching, Nar­done argued.

“We’re basi­cally talking about teaching people how to com­pro­mise accounts, how to com­pro­mise sys­tems, and if we’re going to be teaching those skills, we need to be teaching it in a way that makes stu­dents under­stand the ethics of it,” he said. “Just because you can do some­thing, doesn’t nec­es­sarily mean you should.”

Find the right bal­ance between secu­rity and usability

It’s also impor­tant to strike a bal­ance between incor­po­rating too many secu­rity mea­sures and leaving a system open to attack, Graham said.

“Secu­rity is a bal­ancing act. You can make things so hard on the end user that they start writing things down on sticky notes and putting them under their key­board or on their desk,” he said. “You don’t want to crack down so hard that people can’t remember their passwords.”

Source:  northeastern.edu

Categorized in Science & Tech

Music lovers were also unable to access Spotify due to the cyberattack Friday. (Getty)

Twitter, the popular social media platform with more than 300 million users every month, was suddenly unreachable on Friday — along with dozens of other popular sites ncluding the music streaming site Spotify — for at least part of the internet. The massive outage was the result of a cyberattack now under investigation by federal authorities.

The attacks reportedly utilized a software program called Mirai, that was released onto the “dark web” — the areas on the internet hidden from major search engines — earlier this month,according to a report in USA Today. Mirai is a simple program that requires no specialized hacking experts, the report said.

At least three separate attacks were reported starting at around 7 a.m. Eastern Time, continuing past the 4 p.m. hour.

What happened? Here’s what you need to know.

1. The Outage Resulted From Massive Cyberattacks Involving Millions of Computers

The outage that sent Twitter and at least 60 sites offline was the work of hackers — though who they were and where they were from remains unknown. The hackers unleashed at least three massive Distributed Denial of Service, or DDoS, attacks not against Twitter and the other sites specifically, but against Dyn, Inc., the company that proves Domain Name Server services to those sites. The company is based in Manchester, New Hampshire.

A Domain Name Server is something like a phonebook for the internet. It’s a computer that translates human-readable domain names such as “Twitter.com” or “Spotify.com” into numerical addresses, known as IP addresses. Without access to those IP addresses, your internet-connected computer cannot figure out where to send your requests. So without a DNS lookup, when you click on link containing, for example, twitter.com — you get nothing.

Dyn, Inc. called the attacks, “well planned and executed, coming from tens of millions IP addresses at same time.”

“It’s a very smart attack. We start to mitigate, they react. It keeps on happening every time,” Dyn, Inc. Chief Strategy OfficerKyle York told reporters Friday afternoon.

2. Homeland Security is Investigating the Cyberattack

Early Friday afternoon, NBC News reported that the United States Department of Homeland Security was investigating the widespread cyberattack.

The White House was aware of the situation, and according to presidential Spokesperson Josh Earnest, Homeland Security was “monitoring” the attacks, but there was currently no information as to who may have been behind them.

According to a Reuters report, the FBI is also investigating the source of the expansive cyberattack.

As of Friday morning, the culprits behind the massive DDoS attack were a mystery. Malicious hacking has become a major concern over the past few years, with hacker attacks hitting theHollywood movie studio Sony Pictures, and more recently, the Democratic National Committee and the Hillary Clinton presidential campaign.

Those attacks, mainly designed to steal information, have been blamed by U.S. intelligence agencies on “state actors,” such as North Korea and Russia. Friday’s attack appears primarilydesigned to disrupt service.

The Friday cyberattack came just two days after police in the Czech Republic, working with the F.B.I., announced the arrest of a Russian hacker allegedly involved with a huge data breach targeting the business networking site LinkedIn in 2012. Read about that arrest in the story at this link.

3. Many of the Internet’s Top Sites Went Down

In addition to Twitter and Spotify, there were also reports that the self-described “front page of the internet” Reddit was also out for several hours. The attack, which was confined mainly to the United States east coast, was first reported at 7:10 a.m. Eastern Daylight Time.

Other sites hit included Easy, Github, SoundCloud, Heroku, PagerDuty and Shopify.

Amazon.con reported outages, as did CNN.com, People.com and The New York Times wen site.

There were also reports that Netflix and PayPal went down for a period of time Friday morning, as well as iHeart Radio, Air BnB, HBO Now, Yelp and others.

4. Service Was Restored — Until a Second Attack, Then a Third

“Starting at 11:10 UTC on October 21st-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time,” Dyn DNS reported this morning.

But the DNS provider later reported on its web site that the issues stemming from the cyberattack were cleared up by 9:40 a.m. Eastern.

But at 11:52 a.m., Dyn reported that a second wave of DDoS attacks was underway, taking out access to many major sites yet again.

Just after 2 p.m. Dyn announced that it had solved the problem — again — and was trying to figure out what happened.

Advertisment

become-an-internet-research-specialist

But a third attack hit soon after — affecting the company which provides DNS services to six percent of American Fortune 500 companies.

Just last month, cybersecurity expert Bruce Schneier published a report entitled, “Someone Is Learning How to Take Down the Internet.” In the report, Schneider warned that hackers — who may or may not be state-sponsored — have been attempting and succeeding in carrying out DDoS attacks on increasingly larger scales.

“Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down,” Schneider wrote. “We don’t know who is doing this, but it feels like a large a large nation state. China and Russia would be my first guesses.”

5. You Can Buy a DNS Attack, and it’s Pretty Cheap

 

Even if the hackers are found, the true forces behind Friday’s cyberattack could still remain unknown. According to a report by Trend Micro Research, Russian hackers will pull of a DDoS attack for as little as $150. Cybersecurity experts report about 2,000 DDoS attacks on the internet every day.

To carry out a DDoS attack, hackers use what they call a “BotNet,” which is a network of computers that has been infected with a malware, programming them to send out requests to specific sites on the internet without the owner of the infected computer having any idea. BotNets are bought and sold on the black market, and when the hacker-in-charge gives the signal, every computer on the BotNet fires off hundreds or thousands of requests to a specific address.

The idea is to overwhelm a server, rendering in incapable of functioning. The result for a user who wants to access a particular site — say, Twitter, for example — is that the site appears offline, or “down.” the video, above, provides a basic explanation of how DDoS attacks work.

Source : heavy.com

Categorized in Internet Privacy

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Newsletter Subscription

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media

Book Your Seat for Webinar GET FREE REGISTRATION FOR MEMBERS ONLY      Register Now