SWNEpisode11

From Security Weekly Wiki
Jump to navigationJump to search

Recorded February 11, 2020 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Jason Wood
    Threat hunter at CrowdStrike, penetration tester, sysadmin, and Founder of Paladin Security.
  • Security News

    Security Weekly News -- Week of 11 -- February -- 2020

    1. CIA and BND secretly sell crypto equipment to 120 countries for a LONG time.
    2. Ben Nimmo hunts disinformation bots from Scotland.
    3. Five measures to harden election technology.
    4. Part one of the election technology article.
    5. Israel's entire voter registry exposed by bad app.
    6. In the United States, a school district decides to implement facial recognition.
    7. ICS is a big threat.
    8. MITRE ATT&CKK for ICS.
    9. Ransomware is likely your biggest threat.
    10. The return of the Equifax Monster.
    11. How the Equifax hack happened.
    12. GAO report on Equifax.
    13. Could NASA have just used USB chargers for Apollo 11? Maybe.

    Expert Commentary: Jason Wood

    U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

    Yesterday the United States announced indictments against four soldiers of China’s Peoples Liberation Army for the 2017 data breach of Experian. As you recall, this is when nearly every adult in the US and half of UK adults got free credit monitoring due to their data being compromised. The Department of Justice announced a 9 count indictment against Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei. All four are members of the PLA’s 54th Research Institute.

    The breach itself was huge and involved large amounts of data being copied from Experian’s systems. According to the indictment, the operators routed their traffic through over 20 different countries and 34 different servers. They went to great lengths to obscure their activities and to blend in with traffic inside the Experian network. If the indictment is accurate, the US somehow were able to piece this back to these four individuals and get pictures of three of them in uniform. How the US gathered their evidence and traced back to the alleged operators is not documented in the indictment.

    According to Attorney General Barr, the decision to indict these men in this breach is due to the wholesale collection of data about US citizens, who the US does not regard as legitimate espionage targets. "The United States, like other nations, has gathered intelligence throughout its history to ensure that national security and foreign policy decision-makers have access to timely, accurate and insightful information," Barr said. "But we collect information only for legitimate national security purposes. We don’t indiscriminately violate the privacy of ordinary citizens."

    In other words, it’s one thing to go after military and economic data, but another to steal bulk data about people whose only reason for being targeted is that they are US citizens. This could raise objections from some as the US intelligence services have been accused of violating the privacy of ordinary citizens in domestic surveillance programs intended to combat terrorism. Regardless, this is the line the US government has decided to draw.

    So what does this mean for the men who have been indicted? Probably not much in the sense of their day to day lives. China is not going to put these men on a plane to the US so that they can be arrested and stand trial. The operation, if China’s, would have been approved by others in leadership, nor would China admit responsibility for such an operation. However, it does provide some risk to the men of eventually being arrested.

    If they travel internationally, then that increases their risk of arrest. In July of 2014, the US Secret Service arrested a Russian citizen named Roman Seleznev for his activities in credit card fraud operations. He was arrested while in the Maldives and extradited to the US. It’s entirely possible that the four men named in this indictment could travel to a country that is more sympathetic to the US than they expected and be arrested there.

    Obviously, facilitating the arrest of Chinese soldiers is a bit different than that of a regular citizen. Other countries may be more wary of providing that level of cooperation. China would almost certainly express its outrage and look for ways to respond. When Huawei’s CFO was arrested in Canada for violating sanctions on Iran, China responded by arresting a Canadian couple in China. Similar responses would be likely if these four were ever arrested.

    Events like this are a bit uncomfortable as we watch nations try to figure out how to respond to events in a highly connected world. Now we can have thefts occur from the other side of the globe without any real hope of holding those involved to any accountability. In this case, we have the US deciding to indict members of the Chinese military in response to a data breach. What will China’s response be? It’s anyone’s guess.

    https://www.wired.com/story/equifax-hack-china/