Tag Archives: cyberattack United States

What is the Real Trump Card of China

Leave a reply

Chinese officials acknowledged in a secret December 2024 meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate. The Chinese delegation linked years of intrusions into computer networks at U.S. ports, water utilities, airports and other targets, to increasing U.S. policy support for Taiwan, the people, who declined to be named, said.  …The Chinese official’s remarks at the December meeting were indirect and somewhat ambiguous, but most of the American delegation in the room interpreted it as a tacit admission and a warning to the U.S. about Taiwan, a former U.S. official familiar with the meeting said.

Excerpts from Dustin Volz, In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks, WSJ, Apr. 10, 2025

How Russia Invaded Microsoft

Leave a reply

Microsoft  said in March 2024 a Russian state-sponsored hacking group that stole information from its senior leadership team is still using that information to gain unauthorized access to its internal systems. The technology company disclosed in January  2024 that the group, which it has identified as Midnight Blizzard, had extracted information from a small percentage of employee email accounts, including members of its senior leadership team and employees in its cybersecurity and legal teams. Since that disclosure, the group has used that information to gain access to Microsoft’s source code repositories and internal systems. The volume of some aspects of the attack, including password sprays, jumped 10-fold in February compared with the already large volume Microsoft encountered in January, it said.

“Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” Microsoft said. The company said that its investigations of Midnight Blizzard activities are continuing and that it is coordinating efforts with federal law enforcement. In a blog post last August 2023, Microsoft said it had detected Midnight Blizzard, previously known as Nobelium, launching targeted social-engineering attacks that used Microsoft Teams chats to phish for credentials. The former Nobelium group has been linked by U.S. authorities to the Foreign Intelligence Service of the Russian Federation and is known for its involvement in the massive SolarWinds hack of 2020.

Excerpts from Dean Seal, Microsoft Says Russian-Sponsored Hackers Still Using Stolen Information, WSJ, Mar. 9, 2024

Delete America: China’s Document 79

Leave a reply

A 2022 Chinese government directive aims to get US technology out of China—an effort some refer to as “Delete A,” for Delete America.  Document 79 was so sensitive that high-ranking officials and executives were only shown the order and weren’t allowed to make copies… It requires state-owned companies in finance, energy and other sectors to replace foreign software in their IT systems by 2027. 

American tech giants had long thrived in China as they hot-wired the country’s meteoric industrial rise with computers, operating systems and software. Chinese leaders want to sever that relationship, driven by a push for self-sufficiency and concerns over the country’s long-term security…Document 79, named for the numbering on the paper, targets companies that provide software—enabling daily business operations from basic office tools to supply-chain management. The likes of  Microsoft  and Oracle are losing ground in China

Excerpts from Liza Lin, China Intensifies Push to ‘Delete America’ From Its Technology, Mar. 7, 2024

Perpetual Attack: 25-Year Cyberattack, Russia v. US

Leave a reply

They US Federal Bureau of Investigation (FBI)  disabled a piece of malware Russia’s intelligence agency has allegedly used for two decades (!) to steal documents from NATO-allied governments and others, in an operation that highlights the FBI’s increasing efforts to go beyond arresting hackers and find new ways to disrupt cyberattacks.

In an affidavit filed in federal court in Brooklyn, a Federal Bureau of Investigation agent said the bureau had identified a long-running cyber-espionage campaign by officers in a unit of Russia’s Federal Security Service, or FSB, to take documents from other governments’ defense and foreign ministries, journalists and others, and route them through infected computers in the U.S. to cover their tracks. Security researchers have sometimes referred to the group of hackers as “Turla,” who are known to use a malware called “Snake.”

FBI agents identified U.S. computers infiltrated with the Snake malware, including in Oregon, South Carolina and Connecticut, and obtained court approval to issue commands to the malware to permanently disable it on those computers, officials said. The operation is the latest example of the FBI using an obscure legal authority to proactively disrupt Russian or Chinese cyberattacks by essentially infiltrating their systems. Investigators tracked the group’s daily activities to an FSB facility in Ryazan, outside Moscow.

Cybersecurity experts and U.S. officials said that Turla’s espionage activities can be traced back more than 25 years, though with rare exception the group’s hackers are adept at infiltrating systems without being noticed. For example, the group was linked to a major breach of U.S. classified systems in the late 1990s that compromised the Pentagon, other government agencies and defense contractors and was considered a watershed cyberattack that demonstrated the national security threat posed by Russian government hackers. In that case, it took years before the U.S. discovered the campaign (!).

Aruna Viswanatha and Dustin Volz, FBI Disables Malware Russia Allegedly Used to Steal Documents from NATO Allies, WSJ, May 9, 2023

Algorithms as Weapons –Tracking,Targeting Nuclear Weapons

Leave a reply

 
New and unproved technologies—this time computer systems capable of performing superhuman tasks using machine learning and other forms of artificial intelligence (AI)—threaten to destabilise the global “strategic balance”, by seeming to offer ways to launch a knockout blow against a nuclear-armed adversary, without triggering an all-out war.

A report issued in November by America’s National Security Commission on Artificial Intelligence, a body created by Congress and chaired by Eric Schmidt, a former boss of Google, and Robert Work, who was deputy defence secretary from 2014-17, ponders how AI systems may reshape global balances of power, as dramatically as electricity changed warfare and society in the 19th century. Notably, it focuses on the ability of AI to “find the needle in the haystack”, by spotting patterns and anomalies in vast pools of data…In a military context, it may one day find the stealthiest nuclear-armed submarines, wherever they lurk. The commission is blunt. Nuclear deterrence could be undermined if AI-equipped systems succeed in tracking and targeting previously invulnerable military assets. That in turn could increase incentives for states, in a crisis, to launch a devastating pre-emptive strike. China’s rise as an AI power represents the most complex strategic challenge that America faces, the commission adds, because the two rivals’ tech sectors are so entangled by commercial, academic and investment ties.

Some Chinese officials sound gung-ho about AI as a path to prosperity and development, with few qualms about privacy or lost jobs. Still, other Chinese fret about AI that might put winning a war ahead of global stability, like some game-playing doomsday machine. Chinese officials have studied initiatives such as the “Digital Geneva Convention” drafted by Microsoft, a technology giant. This would require states to forswear cyber-attacks on such critical infrastructure as power grids, hospitals and international financial systems.  AI would make it easier to locate and exploit vulnerabilities in these…

One obstacle is physical. Warheads or missile defences can be counted by weapons inspectors. In contrast, rival powers cannot safely show off their most potent algorithms, or even describe AI capabilities in a verifiable way….Westerners worry especially about so-called “black box” algorithms, powerful systems that generate seemingly accurate results but whose reasoning is a mystery even to their designers.

Excerpts from Chaguan: The Digital Divide, Economist, Jan 18, 2019

Who is Afraid of Shamoon? How to Wipe a Country Off the Face of the Earth

Leave a reply

Suspected Iranian hackers infiltrated critical infrastructure and government computers in the Persian Gulf nation of Bahrain in July-August  2019, raising fears among leaders in the region that Tehran is stepping up its cyberattacks amid growing tensions…Hackers broke into the systems of Bahrain’s National Security Agency—the country’s main criminal investigative authority—as well as the Ministry of Interior and the first deputy prime minister’s office, according to one of the people familiar with the matter.

On July 25, 2019 Bahrain authorities identified intrusions into its Electricity and Water Authority. The hackers shut down several systems in what the authorities believed was a test run of Iran’s capability to disrupt the country, the person said. “They had command and control of some of the systems,” the person said.  The breaches appeared broadly similar to two hacks in 2012 that knocked Qatar’s natural-gas firm RasGas offline and wiped data from computer hard drives belonging to Saudi Arabia’s Aramco national oil company, a devastating attack that relied on a powerful virus known as Shamoon.  Bahrain is the smallest country in the Persian Gulf, but it is strategically important because it’s the permanent home of the U.S. Navy’s Fifth Fleet and Navy Central Command. It is closely allied with its much larger neighbor, Saudi Arabia, a regional rival of Iran.

The Bahrain authorities haven’t definitively attributed the attack to Iran, but they have been provided intelligence by the U.S. and others suggesting Iran is behind it, the people familiar with the matter said….“In the first half of 2019, the Information & eGovernment Authority successfully intercepted over 6 million attacks and over 830,000 malicious emails. The attempted attacks did not result in downtime or disruption of government services,” 

Excerpt from High-Level Cyber Intrusions Hit Bahrain Amid Tensions With Iran, WSJ, Aug. 7, 2019

Predators: Tax Avoidance in Luxembourg

Leave a reply

Antoine Deltour and Raphaël Halet, two ex-employees of PwC, an accounting firm, and Edouard Perrin, a French journalist, had been tried in Luxembourg for their role in leaking documents that revealed sweetheart tax deals the Grand Duchy had offered to dozens of multinationals. ..The whistle-blowers faced up to ten years behind bars. However, the prosecutor—perhaps sensitive to the strong public and, in some places, political support for them abroad—called for suspended sentences of 18 months. In the end the judge handed Messrs Deltour and Halet suspended sentences of 12 months and nine months, respectively. But a conviction is a conviction; Transparency International, an anti-corruption group, called it “appalling”. Mr Perrin, who had published an article that drew on the leaked documents, was acquitted.

The “LuxLeaks” affair has highlighted the role played by certain European Union countries, including Ireland and the Netherlands as well as Luxembourg, in facilitating tax avoidance. Luxembourg is not a typical tax haven levying no or minimal income tax; its statutory rate is 29%. Instead, it is a haven “by administrative practice”, argues Omri Marian of the University of California, Irvine, who has studied LuxLeaks in detail. Luxembourg’s tax authority in effect sold tax-avoidance services to large firms by rubber-stamping opaque arrangements that helped them to cut their tax bills dramatically in both their countries of residence and their countries of operation.]

Excerpt from Tax avoidance: Grand dodgy, Economist, July 2, 2016