Level 6
Oct 1, 2019
This week, the U.S. Department of Justice (DoJ) indicted two Chinese nationals on charges that include the theft of American trade secrets and a recent targeting of COVID-19 research centers. The DoJ claims that the suspects acted sometimes for their own financial gain, and sometimes to benefit the Chinese Ministry of State Security. Their hacking campaign lasted more than ten years, the indictment alleges, targeting industries such as high tech manufacturing, industrial engineering, business software, solar energy, pharmaceuticals, and defense. Recent targets include companies developing COVID-19 vaccines, testing technology, and treatments, the indictment further claims.

While the Chinese hackers are residents of China, it is unlikely that either man, both in their 30’s, will face trial. “This case demonstrates the FBI’s dedication to pursuing these criminals no matter who is sanctioning their activities,” said Special Agent in Charge Raymond Duda of the FBI’s Seattle Division. If arraigned in the U.S., each defendant will face 11 counts of criminal acts, including computer fraud, wire fraud, and the theft of trade secrets.

Avast Security Evangelist Luis Corrons commented, “When a country decides to go on the offensive in cyberspace, they have three options. One is to create their own teams. Two is to become a safe haven for cybercriminals in exchange for their services when needed. But it seems China went for option three, which is basically combining one and two. It is known that they’ve been running cyberattacks from certain branches of their military, and as this example shows, they are also outsourcing, using cybercriminals to carry out their instructions.” Read the DoJ’s bulletin for the full story.

Family Tree Maker exposes data of 60,000 users
Researchers discovered an exposed ElasticSearch server containing 25 GB of data linked to users of Family Tree Maker software. Email addresses, IP addresses, location data, technical details, user IDs, and support messages for 60,000 users were among the leaked details found in the database, the combination of which could serve multiple attacks – the users’ personal data could be used to launch phishing campaigns, the technical support messages could be used by Family Tree Maker competitors to target unhappy customers, and the technical details could be used to leverage further cyberattacks on the system. The researchers informed Family Tree Maker of the problem, and the database was secured shortly thereafter. More on this at InfoSecurity.

Facebook fact-checks...unless it’s considered opinion
U.S. Senator Elizabeth Warren is leading a group of senators to demand Facebook explain its fact-checking policy, which the lawmakers criticize as inconsistent. The social media company uses third-party fact checking services and has vowed to crack down on disinformation following the 2016 U.S. presidential election. Problems quickly arose when one of Facebook’s fact-checkers flagged bogus climate change data. The climate-change denial organization that posted the misinformation complained to Facebook that the fact-check was biased. Ultimately, Facebook removed the fact check from the post, choosing to view the faulty info as posing an opining versus stating a fact. Critics wonder how useful the social giant’s fact-checking will be to the general public if disinformation is allowed to be posted under the guise of opinion. Read more at Ars Technica.