@War: The Rise of the Military-Internet Complex by Shane Harris

Author:Shane Harris
Language: eng
Format: epub, azw3
Publisher: Houghton Mifflin Harcourt

Some of the FBI’s most important intelligence targets today are Chinese cyber spies stealing intellectual property. “We do a lot of collection on China’s victimizing US companies,” says a former senior FBI official who managed cyber cases. The bureau has broken in to the computers of Chinese hackers and stolen the lists of specific companies they’re targeting. “We identify and notify those companies: ‘This is a computer on your network taken over by China. This is how we know.’”

FBI cyber operators have also obtained the e-mail addresses of employees whom Chinese hackers intend to spear phish, sending them legitimate-looking e-mails that actually contain spyware. “We knew what luring words and phrases the e-mails used before they were sent,” the former official says. “We told companies what to be on the lookout for. What e-mails not to open. We could tell them ‘You’re next on the list.’”

Among the most worrisome people on those lists were employees of American oil and natural gas companies. These businesses own and operate major refineries and pipelines that are run by SCADA (supervisory control and data acquisition) systems, the same kinds of devices that the NSA attacked in the Iranian nuclear facility to make centrifuges break down. Chinese attempts to penetrate oil and natural gas companies “were never-ending,” the former official says. The campaign reached a fever pitch in the spring of 2012, when hackers penetrated the computer networks of twenty companies that own and operate natural gas pipelines. FBI and Homeland Security Department officials swooped in and gave classified briefings to executives and security personnel. They watched the hackers move on the networks in order to get a better sense of how they got in, and what damage they might cause. There’s no evidence that they gained access to the critical SCADA systems that actually control the pipelines—the spies could also have been looking for strategy documents or information about US energy supplies. But the penetrations were so rampant, and so alarming, that the Homeland Security Department issued a broad alert to the energy industry about the threat and what steps they could take to protect their systems.

The former official says the FBI has also infiltrated Russian and Eastern European criminal organizations that specialize in stealing money out of companies’ bank accounts—to the tune of several billions of dollars a year. The FBI discovered the crooks’ targets, then warned those people and companies that an attack was coming. And the bureau infiltrated the computers of the hacker collective Anonymous, found its target lists, and warned the people on them.

Does any of this intelligence actually stop attacks from happening? “I definitely saw prevention,” the former official says, in the form of software patches applied, particular IP addresses blocked from connecting to corporate computer networks, or improvements in basic security practices such as using longer or harder-to-guess passwords, which even sophisticated companies sometimes fail to do. But success is hard to quantify. Companies don’t acknowledge individual cases where assistance from the government paid off, because they don’t want to admit that they were at risk in the first place.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.