@War: The Rise of the Military-Internet Complex by Shane Harris
Author:Shane Harris
Language: eng
Format: epub, azw3
Publisher: Houghton Mifflin Harcourt
Some of the FBI’s most important intelligence targets today are Chinese cyber spies stealing intellectual property. “We do a lot of collection on China’s victimizing US companies,” says a former senior FBI official who managed cyber cases. The bureau has broken in to the computers of Chinese hackers and stolen the lists of specific companies they’re targeting. “We identify and notify those companies: ‘This is a computer on your network taken over by China. This is how we know.’”
FBI cyber operators have also obtained the e-mail addresses of employees whom Chinese hackers intend to spear phish, sending them legitimate-looking e-mails that actually contain spyware. “We knew what luring words and phrases the e-mails used before they were sent,” the former official says. “We told companies what to be on the lookout for. What e-mails not to open. We could tell them ‘You’re next on the list.’”
Among the most worrisome people on those lists were employees of American oil and natural gas companies. These businesses own and operate major refineries and pipelines that are run by SCADA (supervisory control and data acquisition) systems, the same kinds of devices that the NSA attacked in the Iranian nuclear facility to make centrifuges break down. Chinese attempts to penetrate oil and natural gas companies “were never-ending,” the former official says. The campaign reached a fever pitch in the spring of 2012, when hackers penetrated the computer networks of twenty companies that own and operate natural gas pipelines. FBI and Homeland Security Department officials swooped in and gave classified briefings to executives and security personnel. They watched the hackers move on the networks in order to get a better sense of how they got in, and what damage they might cause. There’s no evidence that they gained access to the critical SCADA systems that actually control the pipelines—the spies could also have been looking for strategy documents or information about US energy supplies. But the penetrations were so rampant, and so alarming, that the Homeland Security Department issued a broad alert to the energy industry about the threat and what steps they could take to protect their systems.
The former official says the FBI has also infiltrated Russian and Eastern European criminal organizations that specialize in stealing money out of companies’ bank accounts—to the tune of several billions of dollars a year. The FBI discovered the crooks’ targets, then warned those people and companies that an attack was coming. And the bureau infiltrated the computers of the hacker collective Anonymous, found its target lists, and warned the people on them.
Does any of this intelligence actually stop attacks from happening? “I definitely saw prevention,” the former official says, in the form of software patches applied, particular IP addresses blocked from connecting to corporate computer networks, or improvements in basic security practices such as using longer or harder-to-guess passwords, which even sophisticated companies sometimes fail to do. But success is hard to quantify. Companies don’t acknowledge individual cases where assistance from the government paid off, because they don’t want to admit that they were at risk in the first place.
Download
@War: The Rise of the Military-Internet Complex by Shane Harris.azw3
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Cryptography | Encryption |
Hacking | Network Security |
Privacy & Online Safety | Security Certifications |
Viruses |
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(3831)
Machine Learning Security Principles by John Paul Mueller(3562)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(3555)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(3238)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(3214)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3102)
Future Crimes by Marc Goodman(3095)
Mastering Python for Networking and Security by José Manuel Ortega(3090)
Blockchain Basics by Daniel Drescher(3000)
Mobile App Reverse Engineering by Abhinav Mishra(2683)
Operationalizing Threat Intelligence by Joseph Opacki Kyle Wilhoit(2645)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2611)
Solidity Programming Essentials by Ritesh Modi(2584)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2563)
The Art Of Deception by Kevin Mitnick(2385)
The Code Book by Simon Singh(2365)
Microsoft 365 Security, Compliance, and Identity Administration by Peter Rising(2224)
Incident Response with Threat Intelligence by Roberto Martínez(2161)
Hands-On AWS Penetration Testing with Kali Linux by Benjamin Caudill & Karl Gilbert(1990)