Tag: Secrets | Page 4

Chinese hackers cast wide net for trade secrets in US, Europe and Asia, researchers say

May 4, 2022/in Computer Security

The hackers targeted blueprints for producing materials with broad applications to the pharmaceutical and aerospace sectors, according to Boston-based security firm Cybereason. The firm discovered the activity last year but said the hacking campaign dates to at least 2019, and it suggested that reams of data could have been stolen in the interim.

The research is an unsettling reminder of the scope of the cyber threats facing US businesses and government agencies as the Biden administration attempts to thwart them. For all of the attention on potential Russian hacking due to the war in Ukraine, China’s digital operatives have been very active.

“It’s clearly industrial espionage, IP [intellectual property] theft at the highest level,” Assaf Dahan, Cybereason’s research lead, told CNN.

Asked to respond to the Cybereason report, Liu Pengyu, a spokesperson at the Chinese Embassy in Washington, claimed that China “will never encourage, support or condone cyber attacks.”

“China opposes groundless speculation and accusations on the issue of hacker attacks,” Liu added. “If the firm really care [sic] about global cyber security, they should pay more attention to the cyber attacks by the US government-sponsored hackers on China and other countries.”

Cybersecurity researchers, and US officials, have for years accused Chinese spy and military agencies of hacking and stealing trade secrets.

China “has a massive, sophisticated cyber theft program,” FBI Deputy Director Paul Abbate alleged in a speech last week to the American Hospital Association, “and it conducts more cyber intrusions than all other nations in the world combined.”

The FBI declined to comment on the Cybereason report.

US officials and cyber-intelligence analysts point to China’s “Made in 2025” plan — an ambitious state plan for achieving economic dominance — as a rubric for the types of companies whose data Chinese hackers have targeted.

The plan, released in 2015, calls for advancements in manufacturing in the aerospace and biomedical fields, among several others. The Justice Department has in the years since unsealed indictments accusing Chinese hackers of targeting those very sectors.

Chinese President Xi Jinping and then-US…

Source…

U.S. catches Kremlin insider who may have secrets of 2016 hack

January 3, 2022/in Computer Security

In the days before Christmas, U.S. officials in Boston unveiled insider trading charges against a Russian tech tycoon they had been pursuing for months. They accused Vladislav Klyushin, who’d been extradited from Switzerland on Dec. 18, of illegally making tens of millions of dollars trading on hacked corporate-earnings information.

Yet as authorities laid out their securities fraud case, a striking portrait of the detainee emerged: Klyushin was not only an accused insider trader, but a Kremlin insider. He ran an information technology company that works with the Russian government’s top echelons. Just 18 months earlier, Klyushin received a medal of honor from Russian President Vladimir Putin. The U.S. had, in its custody, the highest-level Kremlin insider handed to U.S. law enforcement in recent memory.

Klyushin’s cybersecurity work and Kremlin ties could make him a useful source of information for U.S. officials, according to several people familiar with Russian intelligence matters. Most critically, these people said, if he chooses to cooperate, he could provide Americans with their closest view yet of 2016 election manipulation.

According to people in Moscow who are close to the Kremlin and security services, Russian intelligence has concluded that Klyushin, 41, has access to documents relating to a Russian campaign to hack Democratic Party servers during the 2016 U.S. election. These documents, they say, establish the hacking was led by a team in Russia’s GRU military intelligence that U.S. cybersecurity companies have dubbed “Fancy Bear” or APT28. Such a cache would provide the U.S. for the first time with detailed documentary evidence of the alleged Russian efforts to influence the election, according to these people.

Klyushin’s path to the U.S. — his flight from Moscow via private jet, his arrest in Switzerland, and his wait in jail as Russia and the U.S. competed to win his extradition — is described in U.S., European and Swiss legal filings, as well as in accounts of more than a half-dozen people with knowledge of the matter who requested anonymity to speak about Moscow’s efforts and its causes for concern.

According to these accounts, Klyushin was…

Source…

Here are some tips, secrets of professional hackers

November 19, 2021/in Computer Security

I probably sound like a broken record when I say to be careful of scammers who are pretending to be authorities.

Or to beware if an email or a phone call has information that seems too good to be true or has a sense of urgency to help someone in a serious bind.

We all know there are scammers around the world whose full-time job is to “catch” people who will answer that email or tell the person on the phone some information to unlock access to their bank account. And the sad part is, there are still people every day who get caught by such scams, which are getting more sophisticated.

But there are a lot of less subtle scams and campaigns being perpetrated every day.

Every year, my parent company requires all employees to take various trainings, including one on cyber security.

This year, several of my colleagues and I commented that the training was a really good one. (Come on, those of you who have to go through human resources trainings know they are often not the first thing on your list of things you are excited about).

The training we took this year was by security experts and professional included hackers sharing their secrets on the tools of the trade and how our knowledge of these tactics can protect us and our company.

Many of the things I’ve heard before or shared with readers. But some of them were new or updated scams that I didn’t know.

All of this information is helpful for all consumers to have in their everyday digital life, in addition to workers protecting their company’s systems.

In fact, in a text exchange with two colleagues after the training, I told them the training scared me at times with some of the things we could be targeted for and I joked whether they were really my friends and colleagues or had they made up their identities to try to earn my trust to scam me?

Social Engineering

What I jokingly described above is an example of social engineering. It’s a real thing.

Source…

Rickrolling submarine secrets • Graham Cluley

October 14, 2021/in Computer Security

Smashing Security podcast #247: Rickrolling submarine secrets

A married couple are accused of selling nuclear sub secrets, Facebook continues to make young lives a misery, and a school hacker lets loose one heck of a prank.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Hosts:

Graham Cluley – @gcluley
Carole Theriault – @caroletheriault

Guest:

Maria Varmazis – @mvarmazis

Show notes:

Sponsor: 1Password

With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now at 1password.com

Follow the show:

Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, Spotify, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Source…

Tag Archive for: Secrets

Hosts:

Guest:

Show notes:

Follow the show: