Menu
Navigation

Global articles on espionage, spying, bugs, and other interesting topics.

Keep abreast of the espionage threats facing your organisation.

Firms ‘don’t take cyber espionage threat seriously’

March 10, 2011

Urged to restrict access to sensitive data

Carrie-Ann Skinner

Firms don’t take the threat of cyber espionage seriously enough, says Ovum.

A report by the research firm urged businesses to address the issue as it’s “as relevant to them as it is to national security organisations”.

“Cyber criminals are graduating from stealing credit cards and banking credentials to targeting corporate plans and proprietary information. They want valuable information such as product and technology blueprints, customer lists, or information that can be used to embarrass or disadvantage a victim,” said Graham Titterington, Ovum’s principal analyst.

“Almost every organisation has sensitive information that would damage it if it were to be leaked out; however, many have overlooked cyber espionage in their preoccupation with preventing the theft of financial data. This needs to change, and enterprises need to wake up to the danger posed or risk losing valuable information and having to deal with the consequences.”

Titterington said employees that work from home are the weakest link in corporate security defences. He urged firms to restrict the number of staff that have access to sensitive data, as well as conducting a risk analysis of all devices that access the network including removeable media.

Alex Donnelly, portfolio manager of Damovo UK, said it was “extremely worrying” that companies are turning a blind eye to cyber espionage.

“Even more worrying is the suggestion that home and remote workers are a possible weak link. If you have the right technology in place and your remote workers are sticking to the rules then there is absolutely no reason for there to be any risk to them or the company,” he said.

“Businesses must therefore take every opportunity to ensure policies can be enforced and that mobile devices are within the control of the IT department, to minimise risk and the threat of cyber espionage.”


Prosecutors ask to use code at trial in NSA espionage case

Federal prosecutors in the espionage case against a former National Security Agency employee, who allegedly gave classified information to a Baltimore Sun reporter, want to invoke a little-used rule that allows them to use code words in the courtroom — making portions of a public trial private.

The “silent witness rule,” is meant to minimize the disclosure of classified information by allowing only those directly involved in a case — the judge, jury, witnesses, lawyers and defendants — to see it. Any public discussion of the secret details must be done in code.

“They literally have a key, a glossary, that the jury would have that the public would not,” said Abbe D. Lowell, a Washington, D.C., defense attorney. He argued against the rule’s use in an espionage case that was filed (and later dropped) against two pro-Israel lobbyists.

 

Judges typically allow the rule to be used only in a very limited way, lawyers said, noting that secret codes quickly become confusing and risk violating the defendant’s constitutional rights to a public trial.

“It’s literally been used three or four times in the last 30 years,” said Jonathan Lamb, a California attorney who published a lengthy article about the rule in 2008 while attending Pepperdine University Law School.

Plans to use the “silent witness rule,” first reported Thursday by Politico, were outlined last month in legal documents in the case of Thomas Drake. The former high-ranking NSA employee was indicted under the Espionage Act in April on charges that he illegally retained national defense information, obstructed justice and made false statements to agents for the FBI.

The 10-count indictment states that Drake, who worked at the NSA from 2001 to 2008, gave classified information to an unidentified reporter, but it does not charge him with leaking.

Defense filings identify the journalist as Siobhan Gorman, who now works for The Wall Street Journal.

In 2006 and 2007, while at The Baltimore Sun, Gorman wrote a series of articles exposing management and programmatic problems at the Fort Meade-based agency, sometimes quoting anonymous sources. Drake was a source for many of the articles, his indictment states.

A private hearing has been set in Baltimore for March 31 to discuss the issue and the evidence with Judge Richard D. Bennett of U.S. District Court.

It’s unclear how much information the federal government wants to introduce under the silent witness rule in the Drake case. Court filings have referred only to “several … exhibits” and “several classified statements.”

Both the prosecution and defense attorneys declined to comment beyond the legal filings Thursday.

Lowell gave an example from his case that would have forced witnesses to utter statements like, “When [the defendant] and I were talking about Country A, we discussed the fact that there was a possibility that Leader 1 might not appreciate the United States’ sanction on Topic C.”

That’s “impossible for a jury to follow, and it will cripple a defendant’s rights to really cross-examine and confront the evidence against him,” Lowell said.

Free speech advocates point to his case as an example of hypocrisy within the Obama administration, which campaigned on a platform of government transparency, yet has brought more leak prosecutions than the three previous administrations combined. Drake’s defense attorneys say he is more whistleblower than traitor.

“The documents at issue in this case concern NSA’s waste, fraud, and abuse,” Maryland federal public defender James Wyda, who represents Drake, wrote in court filings. “Most importantly, Mr. Drake’s activities relating to these documents were intended to reveal the waste, fraud, and abuse that cost the taxpayers money, weakened our civil liberties, and hindered our nation’s ability to identify potential threats against our security.”

Federal prosecutors have filed a motion asking that Gorman’s newspaper articles not be admitted, or acknowledged, during trial, calling them “irrelevant.”

Bennett has yet to rule on that motion. He’ll consider the “silent witness rule” at the end of the month, though his actual order in the case could also be secret, said Lamb, the California attorney.

“Often, the records are sealed, so we don’t actually know whether the court ended up applying the rule,” Lamb said. “It’s this murky doctrine that’s out there that may or may not be used, and when it is used, it’s unclear … how.”

tricia [dot] bishop [at] baltsun [dot] com


New cyber espionage unit revealed

ASIO has created a unit to combat cyber spying, in the latest move by government to protect Australia’s online networks.

Known as the cyber espionage branch, it was formed in the past nine months and is believed to be under the control of ASIO’s counter-espionage and interference division.

The unit’s existence is expected to be announced by Attorney-General Robert McClelland in a speech tonight at Canberra’s National Security College.

”ASIO is … working to guard against foreign interference and espionage,” Mr McClelland will say, according to a copy of the speech provided to this website.

”This co-operation is crucial, especially to countering the threat posed by those using the internet as a modern espionage tool.”


Industrial Espionage at Dow Chemical

Dow Chemical Company logo

Industrial Espionage at Dow Chemical

This starts off as one of those quintessential American success stories. It finishes with a criminal conviction. In between is not merely a story but a life — which may well end in prison.

A Quarter of a Century on the Job

In the 1960s, Wen Chyu Liu, aka David W. Liou, came to the United States from China as a graduate student. In 1965, Liu started working as a research scientist at Dow Chemical Company’s Plaquemine, La., facility.   At Plaquemine, Liou worked on various aspects of the development and manufacture of Dow elastomers, including Tyrin CPE.

Dow is a leading producer of chlorinated polyethylene (CPE), an elastomeric polymer.  Dow’s Tyrin CPE is used in a number of worldwid applications, such as automotive and industrial hoses, electrical cable jackets and vinyl siding.

By 1992, after more than a quarter of a century in Dow’s employ, Liou resigned. This should have been a time for sitting back, taking it easy, and enjoying the fruits of a lifetime of hard work.  Instead, the government alleges that Liou embarked upon a second career that would take him down a very dark and twisted road. 

Indictment

On March 24, 2005, a federal grand jury indicted Liou on 15 counts that charged him with conspiracy, receipt and possession of stolen trade secrets, wire fraud, illegal monetary transactions, and perjury. On August 22, 2006, Liou was arrested in Seattle, WA on an intercontinental flight from Taipei, Taiwan. If fully convicted on all counts, he faced up to 300 years in prison, and nearly $10 million in fines or twice his gross gain (whichever is greater).

According to the indictment, Liou conspired with at least four current and former employees of Dow’s facilities in Plaquemine and Stade, Germany, who had worked in Tyrin CPE production. This conspiracy’s goal was to misappropriate trade secrets in an effort to develop and market CPE process design packages to various Chinese companies.  As part of the enterprise, Liou traveled extensively throughout China to market the stolen information, and he paid current and former Dow employees for Dow’s CPE-related material and information.   In one instance, Liou bribed a then-employee at the Plaquemine facility with $50,000 in cash to provide Dow’s process manual and other CPE-related information.

Perjury

When eventually confronted during a deposition as part of a Dow federal civil suit against him, Liou falsely denied under oath that he made arrangements for a co-conspirator to travel to China to meet with representatives of a Chinese company interested in designing and building a new CPE plant.  Thereafter, federal criminal charges ensued.

Conviction

On February 7, 2011, after a three-week trial, a federal jury in Baton Rouge, La. convicted Liou, 74, of one count of conspiracy to commit trade secret theft and one count of perjury in connection with his theft  trade secrets from Dow Chemical Company and selling them to companies in the People’s Republic of China. He now faces a maximum of 10 years in prison on the conspiracy to commit trade secrets theft charge, and a maximum of five years in prison on the perjury charge.   Each count also carries a maximum fine of $250,000.


FBI probes cyber-espionage attacks on oil groups


SymbolPriceChangeINTC21.46-0.18Chart for Intel CorporationMFE47.91-0.01Chart for MCAFEE, Inc{“s” : “INTC,MFE”,”k” : “a00,a50,b00,b60,c10,g00,h00,l10,p20,t10,v00″,”o” : “”,”j” : “”}

The US Federal Bureau of Investigation is probing a series of cyber-espionage attacks on at least five major oil, gas and petrochemical companies by hackers based in China.

The attacks, which began more than a year ago and are continuing, have succeeded in capturing sensitive financial information, including plans for bidding on drilling rights in specific fields, and production information, such as the configuration of equipment.

Such data would be worthless to most people but highly valuable to competitors in the industry, suggesting an economic motive for the intruders. The penetration followed a similar pattern at all of the targets identified so far and appeared to have been conducted by a group of a dozen or fewer people working from about 9am to 5pm Beijing time during the week.

“These were company worker bees, not freestyle hackers”, said Dmitri Alperovitch, a researcher at Intel (NASDAQ: INTCnews) -owned antivirus firm McAfee (NYSE: MFEnews) and a contributor to a white paper on the campaign being published on Thursday.

Mr Alperovitch said he and his colleagues had briefed the FBI and that the agency was investigating.

“We are aware of the threat to the oil and gas industry” from cyber-espionage, said FBI spokeswoman Jenny Shearer, adding that she could not confirm or deny specific inquiries.

The National Cyber-Forensics Training Alliance, a US non-profit that works with private companies as well as law enforcement and academia, has also been researching the case, and group chief executive Rob Plesco said it was the first that he knew of against the oil and gas industry.

Mr Plesco praised McAfee for going public with a description of the attacks on its clients, since targeted companies themselves rarely confess to such breaches and they can serve as an effective warning.

According to the white paper and Mr Alperovitch, the attacks began with an assault on the companies’ external websites using a common technique known as ‘SQL injection’, named after holes in the Structured Query Language used to communicate with databases. Hacking tools readily available on underground forums in China were then used to gain access inside the company’s servers, and automated cracking techniques gave the intruders user names and passwords.

The hackers then installed software to control the compromised machines and sent off e-mails and targeted documents to internet addresses in China.

They used previously known software flaws and did not go to great lengths to cover their tracks, the researchers found.

Such attacks are commonplace in many industries, investigators and law enforcement officials say, but are rarely divulged or explained.