“Britain’s signals intelligence spy chief raised eyebrows this week with warnings that Russia is coordinating both cyberattacks and physical acts of sabotage against the West. There’s evidence to back her claims—and the West may be returning the favor. Coming soon after FBI Director Christopher Wray warned that China is targeting American infrastructure, it looks like the world is not only fracturing once again, but that the hostile blocs are engaged in covert warfare.”
https://reason.com/2024/05/17/world-war-war-iii-may-already-have-started-in-the-shadows/
“Millions of documents from a Chinese cybersecurity contractor and the Iranian court system revealing how both governments repress dissent abroad have been posted online over the past two weeks.”
…
“dozens of Chinese government agencies, from local police departments to the army, had hired I-Soon to gather information on opponents by hacking into social media platforms and foreign government databases.
The alleged targets included people from a range of regions suffering unrest: Hong Kongers, Tibetans, and Uyghurs. The United Nations has accused the Chinese government of subjecting Uyghurs to sterilization and forced labor in Xinjiang, where hundreds of thousands have been detained in “re-education camps,” a process the U.S. government considers genocide.
Where foreigners saw a horror show, security contractors saw a lucrative yet difficult business opportunity. “Everyone thinks of Xinjiang like a nice big cake…but we have suffered too much there,” an I-Soon employee complained in one internal email, according to The Guardian.
The Associated Press confirmed the leaks were real. Employees told the A.P. that Chinese police are investigating the identity of the leaker, and Google cybersecurity analyst John Hultquist speculated that the leak could have come from “a rival intelligence service, a dissatisfied insider, or even a rival contractor.””
…
“over 3.2 million files from the Iranian court system were posted to a searchable online database by a group known as Ali’s Justice, named for a Shiite Muslim saint. The files included secret orders and instructions on how to deal with some of Iran’s most well-known dissidents.
Iranian prosecutors had issued a secret list of Iranian athletes living abroad who should be arrested if they ever returned to Iran, according to Iran International, an opposition TV station based outside the country. Other documents included discussions on the “management” of the family of Mahsa Amini, an Iranian woman who died in police custody after being arrested for “bad hijab” in September 2022, the BBC reported.
“The [Amini] family is still on top of the matter and they have no intention of backing down,” a memo read. Iranian authorities have claimed that Amini died of a pre-existing medical condition rather than police mistreatment, and the memo predicted that it would be “very effective” if Amini’s father were to “reflect” on her illnesses in a “brief interview.””
…
“The hacked documents also show a fair amount of paranoia and internal discord within the Iranian government, with officials accusing each other of espionage and corruption, according to the BBC and IranWire, an investigative news site based outside the country.
Like the I-Soon leaker, the exact identity of Ali’s Justice is unclear. The group previously published security camera footage showing abuses inside Iranian prisoners in August 2021 and February 2022 and hacked into a TV station to broadcast anti-government messages in October 2022.”
https://reason.com/2024/02/27/china-and-iran-have-their-wikileaks-moment/
“Chinese hackers have found a dangerous vulnerability in U.S. military computer networks nearly 8,000 miles from the Pentagon — on the serene South Pacific island of Guam.
They attacked essential infrastructure in the military outpost in May, infiltrating networks in the U.S. territory closest to China. Lawmakers and federal officials fear these attacks, which used a new method that allows intruders to linger undetected, could threaten security in the volatile region and sabotage any U.S. response to a Chinese invasion of Taiwan.”
…
“Officials in Guam welcome the help.
“When it comes to not just cyber, but our critical infrastructure as a whole, it’s important to realize that we are isolated,” Scott said. “We have proximity to the pacing threats, and we don’t have a lot of the resources on our own to self-sustain.””
https://www.politico.com/news/2023/09/16/potential-cyber-threat-guam-00116354
https://www.vox.com/recode/22950633/cyberattacks-russia-ukraine-us-cyberwar
“Beijing is heading for global dominance because of its advances in artificial intelligence, machine learning and cyber capabilities, he said. Compared to China’s advancement, US cyber defences in some government departments were at the kindergarten level.
Chaillan blamed the reluctance of Goggle to work with the US defence department on AI. Chinese companies, on the other hand, are obliged to work with Beijing, and were making “massive investment” into AI without regard to ethics, he said to Financial Times.”
“The foreign hackers behind the massive cybersecurity failures dominating recent headlines had one critical strategy in common — they leased computers in the United States to burrow into their victim’s networks. Because U.S. cybersecurity systems don’t regard domestic connections as inherently suspect, the attackers were able to hide in plain sight. Like secretive investors deploying a series of shell companies and trusts to mask true ownership, Russia, China and other sophisticated nations effect cyber-maliciousness through a series of intermediary, innocuous-looking internet servers.”
…
“No government agency — even our powerful spy agencies — currently has a sufficiently agile legal authority to catch foreign cyber malefactors in the act of co-opting U.S. computer networks. The National Security Agency is allowed to surveil only foreign actors; pursuing them on the home front is the job of the FBI. But by the time the NSA notices suspicious foreign activity and hands the case off to the FBI, it’s often too late. The foreign malware might well have been injected into American networks, and the FBI investigation simply confirms that now-dormant internet servers in the U.S. were used by foreigners to stage their attacks.”
…
“The difficulty lies in resolving deeply felt concerns over any increase in government surveillance authority, no matter how important the purpose. We are also paralyzed by a sense of fatalism that cyber vulnerabilities are simply the price we pay for being online, and an erroneous belief that the Constitution stands in the way of any solution.
Most cybersecurity experts agree an effective public-private cyber information-sharing system is essential in stopping foreign cyber maliciousness before it causes too much damage. But information sharing isn’t enough; it would be hamstrung from the start if the government cannot seamlessly and quickly track malicious cyber activity from its foreign source to its intended domestic victims. If some government agency had that legal power, then it could, for example, quickly check out a domestic IP address after an alert from the NSA that the address was communicating with a suspicious overseas server. If that IP address showed questionable activity, the government and the private sector jointly could take steps to reconfigure firewalls or otherwise curtail the hack. Admittedly, this wouldn’t prevent hacks and attacks that were based on previously unknown software bugs (so called zero-day exploits). But the reality is that most large-scale hacks by foreign countries rely on already known software imperfections and hardware deficiencies.”
“Russia, China and others knowingly exploit two fundamental gaps in our cybersecurity architecture. They acquire or co-opt domestic computers and cloud services as a platform to launch malicious cyber operations. They appreciate that our intelligence services are focused on cyber activities beyond our borders, and that these services are generally not allowed to track foreign mischief once it moves onshore. Moreover, the private sector — very much a component of our national security — is largely left to fend for itself against foreign cyberattacks, yielding a situation inconsistent with the federal government’s role of providing our “common defense” under the Constitution.
Addressing these gaps raises enormously complex legal and policy questions about the scope of government in protecting us from foreign cyber malevolence. Yet our understandable hesitancy in confronting these questions allows adversaries to continue to exploit the situation. We must start that discussion and consider how our foreign intelligence services could work with the FBI and CISA — in a manner fully consistent with our values and the Constitution — to pursue foreign cyber maliciousness when it involves using domestic parts of the internet.
To have prevented this hack, we would have had to piece together information from the intelligence community about Russian intentions and activity, link it to hints (from affected agencies or DHS) that some government systems had suspicious domestic internet connections, and then monitor those internet connections. Media reports indicate that the Russians used a domestic internet domain leased from Go Daddy, a reputable and popular host for web domains, to control the malware that was inserted in government networks. Normally a search warrant or other legal process, often taking days, is required before the FBI can fully review the traffic connecting with a suspected malicious internet site. None of the foregoing steps could, at least under current structures, have been taken in sufficient time to detect the attack in the first place; at a very minimum, we could be better structured to stop such attacks from spreading.
There is no single structural or legal solution to the problem of foreign cyberattacks. More robust sanctions against foreign adversaries and better international efforts to stop the export of cyber mischief and bring cyber criminals to justice will also help. Working with other like-minded nations, we need to raise the risks and costs of cyber espionage and cyber damage.
But steps like those outlined above are also needed to bolster our federal government’s defenses and to give us more robust tools to use against foreign cyber wrongdoers. That, along with more vigorous sharing with private businesses of otherwise classified information about the techniques of those wrongdoers, would go a long way to addressing the vulnerabilities of the private sector, and thus help fulfill government’s responsibilities in that regard. As if we needed an illustration of the private sector’s vulnerability, the recent sophisticated attack was undetected even by cybersecurity incident response firm FireEye, apparently itself a victim, with some of its cybertools used to test customer network security audaciously stolen by the intruders.”
“we don’t need a new agency that will disrupt and distract a system that has many of the pieces it needs to succeed already in place. What we do need is better coordination, accountability and leadership to make sure that the federal government’s existing cyber expertise, assets and partners are engaged at maximum capacity to address the many varied and variable threats that will continue to emerge from cyber space.”