Monday, January 25, 2016

Spy Stories for Lawyers: Former FBI Counterintelligence Officer on Combating Cyber Espionage

This is an excellent article, the FBI expert says the OPM attack is by far the worst attack on the US Cyber Space, it is worse than Snowden and the rest by far. It may stay the worst for years to come. OPM really does not know how long the malware was collecting data, and actually all of what they got. We do know this in recruiting Spies in the now and in the future, you look for secrets we all have, and usually can be seen by reviewing out clearance applications. Not to mention they have the history of everyone in the data base, people that will be rising through the ranks in the next decade. So the Chinese can target the folks they need, and have most of what could ever be found out about them. Keep an eye on the fall out from the OPM hack, it will be showing up for years. Now OPM was hit at least twice, the first they came in through a contracted vendor to OPM, doing clearance background work. The second and most damaging came directly into OPM, probably assisted from information gained from the first hack. We need to understand how they the Chinese keep doing this. One is persistence, they constantly keep trying, hitting every entry point they can. With the OPM hack, they know which people are getting access to what sensitive data, and then target them as well. In Washington DC, most major hotels near major attack points like the Pentagon, Capital Hill and such have visitors that come from far and wide to meet with the people in these places. Chinese use both lower end and high end trained cyber hackers to attack, they log on to the Hotel Internet and then use off the shelf programs like Cybershark and more sophisticated programs to sniff what is going on, on the Hotel network. They look for people signing on to high security databases, as well as non secure data bases. This often gives them access to information they can both just capture as it comes over the Hotel network, as well as send log in data to folks in China so they can log in and target the data they want. After a week, or if the attacker has enough good data, they pack up and leave, letting another agent come in to the hotel, and keep looking. They have teams that hit the Starbucks, and other cyber access points around the city, trolling for anything they can find. Now with the OPM data, they can also as soon as they find something interesting, look up other people working on the data of interest and then look up home addresses to make attempts there. Now look at this scenario, they use OPM data they already have to find addresses of people of interest, now they head to the home of the person. They see a number of wireless cameras outside the home. Since many are made in China and have backdoors into their operating systems, they look to see what the wireless router codes are, which the cameras use to link them up to your home computers to use as monitors. Now they have router codes and passwords, next just like the hotel they sit and watch the traffic on your local home internet, looking for things of interest, and other log on information you send. Like folks logging on to Government and Corporate systems. Not spending to much time on site, so they can limit the chances of getting caught, they send the log on data and any other passwords they can get back home to China, usually almost in real time, so it an be exploited from there. By the way all the attackers would need to zero in on the Clinton email server, which was also the database server for much of the Clinton private data, was the header info from one email. Then you enter a whoisit command that then tells you what kind of system they had, what the operating system was, and the address of where the server is to some extent. So it would not be to hard to believe that the Clinton's system was hacked even before she left the Senate. But I think the same could be said of the Unclassified State Department email servers.
from CTI Consulting

No comments:

Post a Comment