The CI Shield Your News Source

Volume 2, Issue 20 4 June 2010

Companies Fight Endless War Against Computer Attacks The NY Times, 17 Jan 10: The recent computer attacks on the mighty Google left every corporate network in the world looking a little less Overview: This safe. Google‟s confrontation with China — over government censor- newsletter presents real ship in general and specific attacks on its systems — is an exceptional world examples of case, of course, extending to human rights and international politics as threats posed against well as high-tech spying. But the intrusion into Google‟s computers and corporate proprietary related attacks from within China on some 30 other companies point to the rising sophisti- and U.S. military cation of such assaults and the vulnerability of even the best defenses, security experts technologies. say. “The Google case shines a bright light on what can be done in terms of spying and getting into corporate networks,” said Edward . Stroz, a former high-tech crime agent with the F.B.I. who now heads a computer security investigation firm in New York. Com- Goal: Educate readers puter security is an ever-escalating competition between so-called black-hat attackers for methods used to and white-hat defenders. One of the attackers‟ main tools is malicious software, known as exploit, compromise, malware, which has steadily evolved in recent years. Malware was once mainly viruses and / or illegally obtain and worms, digital pests that gummed up and sometimes damaged personal computers information or and networks. Malware today, however, is likely to be more subtle and selective, nesting technologies inside corporate networks. And it can be a tool for industrial , transmitting digital copies of trade secrets, customer lists, future plans and contracts. Corporations and gov- ernment agencies spend billions of dollars a year on specialized security software to de- Source: This newsletter tect and combat malware. Still, the black hats seem to be gaining the upper hand. In a incorporates open survey of 443 companies and government agencies published last month, the Computer source news articles as Security Institute found that 64 percent reported malware infections, up from 50 percent a training method to the previous year. The financial loss from security breaches was $234,000 on average for educate readers on each organization. “Malware is a huge problem, and becoming a bigger one,” said security matters in Robert Richardson, director of the institute, a research and training organization. “And compliance with USC now the game is much more about getting a foothold in the network, for spying.” Title 17, section 107, Paragraph a. Security experts say employee awareness and training are a crucial defense. Often, mal- ware infections are a result of high-tech twists on old-fashioned cons. One scam, for exam- ple, involves small U.S.B. flash drives, left in a company parking lot, adorned with the com- pany logo. Curious employees pick them up, put them in their computers and open what looks like an innocuous document. In fact, once run, it is software that collects passwords and other confidential information on a user‟s computer and sends it to the attackers. More advanced malware can allow an outsider to completely take over the PC and, from there, explore a company‟s network. With this approach, the hackers do not need to break through a company‟s network defenses because a worker has unknowingly invited them inside. Another approach, one used in the Google attacks, is a variation on so- called phishing schemes, in which an e-mail message purporting to be from the recipient‟s bank or another institution tricks the person into giving up passwords. Scammers send such messages to thousands of people in hopes of ensnaring a few. But with so-called spear- INSIDE THIS ISSUE phishing, the bogus e-mail is sent to a specific person and appears to come from a friend or colleague inside that person‟s company, making it far more believable. Again, an at- tached file, once opened, unleashes the spy software. Other techniques for going inside companies involve exploiting weaknesses in Web-site or network-routing software, using those openings as gateways for malware. To combat leaks of confidential information, Companies Fight Endless War 1 Against Computer Attacks network security software looks for anomalies in network traffic — large files and rapid rates of data transmission, especially coming from corporate locations where confidential Former Boeing Engineer Gets 3 information is housed. “Fighting computer crime is a balance of technology and behav- 15 Years in China Spy Case ioral science, understanding the human dimension of the threat,” said Mr. Stroz, the former Britain Warned Businesses of 4 F.B.I. agent and security investigator. Threat of Chinese Spying

SIM Card Spy Elite 4 Continued on the next page

Page 1 The CI Shield

“There is no law in the books that will ever throw a computer in prison.” As cellphones become more powerful, they offer new terrain for malware to exploit in new ways. Recently, security experts have started seeing malware that surreptitiously switches on a cellphone‟s microphone and cam- era. “It turns a smartphone into a surveillance device,” said Mark D. Rasch, a computer security consultant in Bethesda, Md., who formerly prosecuted computer crime for the Justice Department. Hacked cellphones, Mr. Rasch said, can also provide vital corporate intelligence because they The views expressed can disclose their location. The whereabouts of a cellphone belonging to an investment banker in articles obtained who is representing a company in merger talks, he said, could provide telling clues to rival bidders, from public sources for example. Security experts say the ideal approach is to carefully identify a corporation‟s most valuable intellectual property and data, and place it on a separate computer network not linked within this product do to the Internet, leaving a so-called air gap. “Sometimes the cheapest and best security solution is not necessarily reflect to lock the door and don‟t connect,” said James P. Litchko, a former government security official those of the who is a manager at Cyber Security Professionals, a consulting firm. Some companies go further, New Mexico building “Faraday cages” to house their most critical computers and data. These cages typically Counterintelligence have a metal grid structure built into the walls, so no electromagnetic or cellphone transmissions Working Group can come in or out. Defense contractors, aerospace companies and some automakers have built Faraday cages, named for the 19th-century English scientist Michael Faraday, who designed them to shield electrical devices from lightning and other shocks. But in the Internet era, isolationism is often an impractical approach for many companies. Sharing information and knowledge with industry partners and customers is seen as the path to greater flexibility and efficiency. Work is rou- tinely done by far-flung project teams. Mobile professionals want vital company data to be acces- The New Mexico sible wherever they are. Most of that collaboration and communication is done over the Internet, Counterintelligence increasing the risk of outside attacks. And the ubiquity of Internet access inside companies has its Working Group own risks. (NMCIWG) is In a case of alleged industrial theft that became public recently, a software engineer at Goldman comprised of Sachs was accused last year of stealing proprietary software used in high-speed trading, just be- counterintelligence, fore he left for another firm. The engineer, who pleaded not guilty, had uploaded the software to cyber, intelligence a server computer in Germany, prosecutors say. The complexity of software code from different analysts, legal, and suppliers, as it intermingles in corporate networks and across the Internet, also opens the door to security professionals security weaknesses that malware writers exploit. One quip among computer security experts is: in the New Mexico “The sum of the parts is a hole.” But, security experts say, the problem goes well beyond different kinds of software not playing well together. The software products themselves, they say, are riddled business community with vulnerabilities — thousands of such flaws are detected each year across the industry. Several weaknesses, it seems, including one in the Microsoft Internet Explorer browser, were exploited in the recent attacks on Google that were aimed at Chinese dissidents. The long-term answer, some experts assert, lies in setting the software business on a path to becoming a mature industry, with standards, defined responsibilities and liability for security gaps, guided by forceful self-regulation The NMCIWG or by the government. Just as the government eventually stepped in to mandate seat belts in cars membership includes and safety standards for aircraft, says James A. Lewis, a computer security expert at the Center for Strategic and International Studies, the time has come for software. Mr. Lewis, who advised the representatives from Obama administration about online security last spring, recalled that he served on a White House these agencies: 902nd advisory group on secure public networks in 1996. At the time, he recommended a hands-off ap- MI, AFOSI, AFRL, proach, assuming that market incentives for the participants would deliver Internet security. Today, DCIS, DOE, DSS, Mr. Lewis says he was mistaken. “It‟s a classic market failure — the market hasn‟t delivered secu- DTRA, FBI, ICE, MDA, rity,” he said. “Our economy has become so dependent on this fabulous technology — the Inter- NAG, NCIS, Sandia net — but it‟s not safe. And that‟s an issue we‟ll have to wrestle with. Labs, and the U.S.

Attorney’s Office

Page 2 The CI Shield

Former Boeing Engineer Gets 15 Years in China Spy Case Associated Press, 9 Feb 10: A Chinese-born engineer was sentenced Monday to more than 15 years in prison for hoarding sensitive information about the US space shuttle that prosecutors say he intended to share with China. The case against Dongfan "Greg" Chung was the United States' first trial on economic espionage charges. The 74-year-old former Boeing engineer was convicted in July of six counts of economic espionage and other federal charges for keeping 300,000 pages of sensitive papers in his home. Before sentencing Chung, US District Judge Cormac Carney said he didn't know exactly what information The NMCIWG also Chung passed to China. "But what I do know is what he did, and what he did pass, hurt our na- tional security and it hurt Boeing," the judge said. Carney said Chung's scheme with the Chinese produces a daily government spanned 30 years. (U) During brief remarks, Chung begged the judge to give him a Cyber Threat lenient sentence. He spoke from a podium while wearing a tan prison jumpsuit with his hands newsletter for cuffed to a belly chain. "Your honor, I am not a spy, I am only an ordinary man," he said, adding that he had brought the Boeing documents home to write a book. "Your honor, I love this country. Information ... Your honor, I beg your pardon and let me live with my family peacefully." Despite Chung's age, Technology and prosecutors requested a 20-year sentence, in part to send a message to other would-be spies. But Security the judge said he couldn't put a value on the amount of information that Chung stole and could- Professionals. To n't determine exactly how much the breaches hurt Boeing and the nation. He also cited the engi- neer's age and frail health in going with a sentence of 15 years and eight months. "It's very difficult subscribe to this having to make a decision where someone is going to have to spend the rest of their adult life in newsletter please prison," Carney said. "I take no comfort or satisfaction in that." Assistant US Attorney Greg Staples click HERE. noted in sentencing papers that Chung amassed a personal wealth of more than $3 million while betraying his adopted country. "The (People's Republic of China) is bent on stealing sensitive infor- mation from the United States and shows no sign of relenting," Staples wrote. "Only strong sen- tences offer any hope of dissuading others from helping the PRC get that technology."

The government accused Chung, a stress analyst with high-level clearance, of using his 30-year career at Boeing and Rockwell International to steal the documents. They said investigators found papers stacked throughout Chung's house that included sensitive information about a booster rocket fueling system, documents that employees were ordered to lock away at the end of each day. They said Boeing invested $50 million in the technology over a five-year period. During the To subscribe to this non-jury trial, Chung's lawyers argued that he may have violated Boeing policy by bringing the espionage newsletter papers home, but he didn't break any laws by doing so, and the US government couldn't prove he had given secret information to China. In his ruling, Carney wrote that the notion that Chung was please click HERE. merely a pack rat was "ludicrous" and said the evidence showed that he had been passing infor- mation to Chinese officials as a spy. The government believes Chung began spying for the Chi- In the email text nese in the late 1970s, a few years after he became a naturalized US citizen and was hired by please include the Rockwell. Chung worked for Rockwell until it was bought by Boeing in 1996. He stayed with the name of your company until he was laid off in 2002, then was brought back a year later as a consultant. He was fired when the FBI began its investigation in 2006. When agents searched Chung's house that year, employer, your name / they discovered more than 225,000 pages of documents on Boeing-developed aerospace and job title / phone defense technologies, according to trial briefs. The technologies dealt with a phased-array an- number and if you are tenna being developed for radar and communications on the U.S.space shuttle and a $16 million fueling mechanism for the Delta IV booster rocket, used to launch manned space vehicles. Agents interested in having a also found documents on the C-17 Globemaster troop transport used by the US Air Force and mili- NMCIWG taries in Britain, Australia and Canada— but the government later dropped charges related to representative contact those finds. Prosecutors discovered Chung's activities while investigating another suspected Chi- you for additional nese spy living and working in Southern California. That man, Chi Mak, was convicted in 2007 of conspiracy to export US defense technology to China. He was sentenced to 24 years in prison. cyber security or counterintelligence assistance.

Page 3 The CI Shield

Britain Warned Businesses of Threat of Chinese Spying New York Times, 1 Feb 10: British business executives dealing with China were given a formal warning more than a year ago by Britain‟s security service, MI5, that Chinese intelligence agencies were engaged in a wide-ranging effort to hack into British companies‟ computers and to blackmail British busi- nesspeople over sexual relationships and other improprieties, according to people familiar with the MI5 document. The warning, in a 14-page docu- Reminder: If you are ment titled “The Threat from Chinese Espionage,” was prepared in 2008 by asked to provide MI5‟s Center for the Protection of National Infrastructure, and distributed in what security officials sensitive / classified described as a “restricted” form to hundreds of British banks and other financial institutions and information that the businesses. The document followed public warnings from senior MI5 officials that China posed “one requestor is not of the most significant espionage threats” to Britain. The document‟s existence was first reported in authorized to receive, the British newspaper . In January, Google announced that it was considering IMMEDIATELY notify ending its operations in China after a “sophisticated and targeted” cyberattack that it said aimed your organization’s primarily to gain access to the e-mail accounts of Chinese human rights activists. Google said it counterintelligence was no longer willing to cooperate with China in what amounted to censorship of its search en- officer or security gine, which Google had operated in a way that prevented millions of Chinese from reaching Web manager sites deemed hostile by Beijing. Secretary of State Hillary Rodham Clinton has called on China to investigate the cyberattacks, and said that companies like Google should refuse to support “politically motivated censorship.” Without acknowledging any government involvement in the attacks, China has responded by saying that Internet companies like Google are welcome to do business in China “according to the law.” A Foreign Ministry spokesman said that “Chinese law pro- Reminder: Email scribes any form of hacking activity.” But a starkly different picture emerges from the document poses a serious threat circulated by MI5, Britain‟s domestic security service. The Sunday Times account, quoting from the to sensitive document, said that officers from the People‟s Liberation Army and the Ministry of Public Security information. If you had approached British businesspeople at trade fairs and exhibitions with offers of “gifts” that in- receive an email that cluded cameras and computer memory sticks that were found to contain bugs that provided the seems suspicious do Chinese with remote access to the recipients‟ computers. “There have been cases where these NOT open, delete, „gifts‟ have contained Trojan devices and other types of malware,” the document said, according print, or forward the to The Sunday Times. The accuracy of the paper‟s citations from the document was verified by the email without the two people contacted by who said they had seen the document. The MI5 assistance of your report described how China‟s computer hacking campaign had attacked British defense, energy, organization’s communications and manufacturing companies, as well as public relations companies and inter- counterintelligence national law firms. The document explicitly warned British executives dealing with China against so- officer or security called honey trap methods in which it said the Chinese tried to cultivate personal relationships, manager “often using lavish hospitality and flattery,” either within China or abroad. “Chinese intelligence services have also been known to exploit vulnerabilities such as sexual relationships and illegal ac- tivities to pressurize individuals to cooperate with them,” it warned. “Hotel rooms in major Chinese cities such as Beijing and Shanghai which have been frequented by foreigners are likely to be bugged. Hotel rooms have been searched while the occupants are out of the room.” Britain‟s Reminder: If you are powerful Joint Intelligence Committee, responsible for analyzing and coordinating policy between traveling out of the MI5 and MI6, the Secret Intelligence Service that is responsible for Britain‟s foreign intelligence ac- U.S., attending a tivities, warned last year that China‟s growing sophistication in cyberespionage could enable it to scientific conference, shut down critical services, including power, food and water supplies.” participating in a DoD / scientific test SIM Card Spy Elite event or hosting a UberGizmo, 3 Aug 09: Have you accidentally deleted items on your SIM foreign national to card only to realize that that is the only copy of the message available? your home or facility Well, the $199.95 SIM Card Spy Elite is here to help as it is capable of ex- you need to tracting data from virtually any SIM, alongside being compatible with immediately notify Smart Cards, allowing you to review all data on your computer. Such your organization’s information include deleted text messages, phonebook contacts and counterintelligence phone logs among others directly on your computer. We suppose those who are suspicious of their officer or security partners or want to keep track on who their kids have been keeping in touch with will definitely manager to receive a find the SIM Card Spy Elite to be worth the purchase. threat briefing

Page 4