Cyber Espionage

Cyber espionage is the act of attempting to penetrate an adversarial system for the purposes of extracting sensitive or protected data of either social or technical in nature. They are illicit activities that range from the commercial and economic to the political and strategic. They include small nuisance attacks to matters of high magnitude and importance like the national security and intelligence (Cornish 2012). Chinese cyber espionage has continued to escalate in recent years; it has continued to gain attention in many institutions including the media, the technology and information services industries, in scientific research and innovations, and as well as the general public. All these institutions are aware that china is taking part in the systematic development of cyber techniques that they intentionally use to invade international organizations, national governments, commercial companies, universities, and research institutes (Cornish, 2012).

It is tacit that both folks and organizations all over the country have been under attacked in past few days by an email purporting to be from Microsoft, which says receivers to upgrade their accounts for the reason of not having available storage space.

The biggest security flaw of this breach was the lack of concern by the security team regarding the vulnerability that was detected by the malware detection software. The company, FireEye, had installed the $1.6 million malware detection tool, notified the Target security team of a possible breach of data on November 30, 2013, only three days after the malware software had begun to collect customer data. This had allowed the Target security team enough time to begin to research

Reconnaissance by attackers may have included a Google search that would have supplied a great deal of information about how Target interacts with vendors. Results would have revealed a vendor portal and a list of HVAC and refrigeration companies (Krebs, 2014g). The results would have also revealed how Target uses Microsoft virtualization software, centralized name resolution and Microsoft System Center Configuration Manager (SCCM), to deploy security patches and system

This is a renowned USA government information technology service provider yet it suffered a serious attack on its database that the management termed as "significant and tenacious" (Daily Tech, 2011). This attack was majorly directed towards the enormous Gaithersburg, Maryland center that is located close to the headquarters of the company in Bethesda.

The underlying motivation behind the attacks was to gain access to high profile companies’ login credentials and intellectual property with the purpose of stealing the technological ideas and research and use it as their own (Chuck & Taylor, 2011). The fact that this type of attack originated from China is a sure indicator that this stolen information was intended for malicious purposes. The targets were strong sources of technology and intelligence and were considered powerhouses in the technology

Pfleeger, S. Pfleeger, and Margulies (2015) outline possible examples of cyber warfare between Canada and China (p. 844). According to Pfleeger, S. Pfleeger, and Margulies (2015), “the Canadian government revealed that several of its national departments had been victims of a cyber attack…” (p. 844). Eventually, the attack was unofficially traced to a computer in China (p. 844). Cyber warfare can be used negatively and positively. It is evident that China was seeking to gain protected information form Canada. Although a purpose of cyber warfare, it is not a conventional way of obtaining information. Additionally, cyber warfare can be used to collect intelligence on an enemy. Anyone seeking to gather intelligence on another individual or group can launch a cyber attack that gains access to protected files. This could be used to help future militant operations or expose critical information. Lastly, cyber warfare can be used to test systems internally. Acting with no malicious intent, “insiders” can utilizing cyber warfare tactics to attack their own cyber security barriers in order to test the strength of their systems. Seeking to expose the vulnerabilities in a system that contains important assets without actually harming the assets provides the system a diagnosis of what needs to be strengths and fixed. Identifying the problem or threats before an actual attack can ultimately save the protected

June 2010, VirusBlokAda a computer company in Belarus receives an email containing information on a computer located in Iran that appears to have a virus causing it to continually reboot. The virus is using a “zero-day” exploit from a LNK file of Windows Explorer, then infects the computer when a flash drive (USB stick) is installed and scanned and then the virus is automatically copied from the flash drive to the computer. Zero-day exploits are extremely rare occurring in approximately 1 in 1 million viruses. Because of the rarity of “zero-day” exploits, the cyber community usually takes notice and contacts the appropriate vendor, in this case Microsoft, so the vendor can patch the software and eliminate the issue. Microsoft then began building its patch for Stuxnet, but in the background Stuxnet continued on its mission.

There has been too much focus on protecting the power plants and other critical infrastructure systems from attacks on the Internet Protocol (IP) networks. However, it’s much easier to attack a power plant through serial communication devices. In addition, the APT could potentially hack into the wireless radio networks or use social engineering to gain physical access to the power plant.

One main security attack that was big to me was the U.S. government of personnel records database. It’s report that 22.5 million was affected by this breach including me; therefore, not only the federal employee’s information but family’s sensitive information as well. James B.Comey of the FBI and other U.S. officials feel China is the mastermind of this security attack. According to article Hacks of OPM database the security attack may have expose information dating back to 2000. A cybersecurity tools had been installed and this is where the breach of personnel records was discovered. The report of how this breach happen boils down to thieves using stolen contractor logins and passwords. There was a trace done which pointed to the Chinese government; on the other hand, the Obama administration has not formally accused Beijing off this breach. Mr. Comey’s strongly feels the hackers obtained his “SF 86” form, which all applicants for security clearances must fill out. This kind of information contains known address

While the hacking is said to originate from large outside antagonists like China and Russia, unsuspecting American citizens may find themselves being targeted. Have you ever received a suspicious looking email or text message with a link attached and clicked on it? The possibility of the message having come from a hacker or being “infected”

There are indications that this may be the work of the Chinese espionage group tied to the breach disclosed earlier this year at Anthem, an intrusion

Further, Harris is clearly troubled by certain tactics taken by the NSA, such as when it has become aware of vulnerabilities in particular software or systems. On some occasions, the NSA has decided not to disclose those vulnerabilities or else it has encouraged firms not to cure them in order to permit the NSA to better identify the adversary and determine its goals. Harris also describes the tactic of injecting malware into an adversary’s computers and servers overseas, and shows that this tactic may have unforeseen

The team needs to isolate infected workstations and servers as soon as possible, apply necessary patches to all systems, turn of appropriate network devices, and disable network services (Bryce, 2014). Control of financial information during incident response and investigation is crucial. Giving sensitive information to wrong individuals can cause undesirable effects. All release of information have to go through approval process by BMF Information Security Officer (ISO). Any suspicious information requests should be reported to the BMF

One attribute of APT refers to the continuous attacks from threat actors to penetrate SPE infrastructure. Although the attack on Sony Corporation in 2011 to its network might not have been related to this incident in 2014, it has been proven “the hackers behind the SPE attack exploited a previously undisclosed or unknown [Zero-Day] vulnerability in its computer systems that gave them unlimited access to the entirety of SPE’s network.” (Bechor,