The Long Arm of China’s Security Services
SUBSCRIBER+ EXCLUSIVE REPORTING — When Chinese President Xi Jinping came to San Francisco last November to meet with President Joe Biden, Chinese pro-democracy activists in […] More
OPINION — Two events last week made me more aware than ever of the danger to individuals and to governments from the internet.
First, I was hacked by a scam that froze my computer and then, hackers claiming to be contractors for my service, wanted several hundred dollars to provide a firewall that I already had. It took assistance from my local Computer Geeks group to clean up the problem and explain how often such scams take place.
Second, was a revelation I had after a Center for Strategic and International Studies (CSIS) webinar featuring Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA) and General Paul M. Nakasone, who runs both U.S. Cyber Command and the National Security Agency (NSA).
When asked what responses have been put in place if a major event such as the May 2021 Colonial Pipeline hacking took place again, Easterly referred to what was done when “Log4Shell” occurred – which was a serious vulnerability contained in open source software that was incredibly easy to exploit.
It involved a vulnerability in Apache Log4j2, a popular Java library for logging error messages in applications. The vulnerability, which quickly became known to malicious actors, enabled remote attackers to take over any Log4j2 user’s internet-connected service.
Apparently, the Chinese company Alibaba first reported the problem to Apache in late November 2021, but it was not until December 9, 2021, that Apache informed its users. What followed was what one security expert called “an exploit storm,” with some 50,000 scams or exploitation attempts made within nine hours, expanding to 100-per-minute. It quickly grew to over one million, because most Java users did not know they had that Apache Log4j application.
Easterly explained that after the Apache disclosure in December, CISA marshaled the Federal government on the Log4j problem. “We were very worried about incursions on federal or civilian networks or ransomware” and worked together to ensure we were putting out authoritative guidance – how do you find this vulnerability and how do you mitigate it.”
The Cipher Brief hosts expert-level briefings on national security issues for Subscriber+Members that help provide context around today’s national security issues and what they mean for business. Upgrade your status to Subscriber+ today.
She explained how CISA had “led the Federal response working with all our partners, terrific collaboration with the technology and with the researchers that gave us amazing insights into what they saw across the eco-system.”
The result, Easterly said, showed wider cybersecurity cooperation over the past year with the so-called “public-private partnership” enabling the transformation of “the whole idea of partnership into real time operational collaboration, so we are getting those insights so we can take those dots, connect those dots and we can drive them to the nation’s scale.”
On the international side, Easterly said she had been incredibly impressed by the Ukranian’s ability to withstand cyberattacks which she attributed in part to “the power of international partnerships.”
She said the U.S. had been working with the Ukrainian Emergency Computer Response Team, but also with “our partners from Latvia, Lithuania, Estonia, Poland, the Czech Republic, in a fantastic sharing platform to essentially get ahead of potential cyber activity. I think that’s also something that’s helped give us some insight of what could potentially happen here.”
For Gen. Nakasone, the lesson was, “How am I going to be able to bring that kind of action with a number of really important partners and synchronize it in terms of when we need it. We’ve learned a lot on that.”
Based on the idea that foreign allies had experiences that helped contribute to cyberattack responses, I looked at list of significant cyber incidents that CSIS maintains covering “attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars.” The CSIS list described 96 such attacks worldwide so far this year.
Here for illustration, are those CSIS reported for September 2022:
As Easterly observed, “This is a borderless cyber space.”
Nakasone said in this type of international cyber warfare, “You judge your success by staying ahead of the adversary.”
He added, “That’s something we do very well at the agency [NSA] and the command [CYBERCOM], and trying to figure out the next act, the next tool, the next operation.” The success of the latter steps, he attributed to “the creativity of the people I work with.”
Easterly agreed, “At the end of the day it’s all about the talent of the people who are doing these operations — the defenders, the folks who are listening for intel, that are doing the hunt for admissions, that’s where the creativity lies and that’s going to enable us to be successful in protecting the nation.”
The Internet today is like a small town in the Old Wild West, with no sheriff yet controlling all of the evil doers drawn to that town.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
Related Articles
SUBSCRIBER+ EXCLUSIVE REPORTING — When Chinese President Xi Jinping came to San Francisco last November to meet with President Joe Biden, Chinese pro-democracy activists in […] More
SUBSCRIBER+EXCLUSIVE EXPERT PERSPECTIVE — More than two years after its withdrawal from Afghanistan, the U.S. still does not have a clear way forward in the […] More
SUBSCRIBER+ EXCLUSIVE REPORTING — Ukrainians greeted Saturday’s long-awaited House passage of $60.8 billion in aid with justifiable jubilation. For months, their soldiers, civilians, and political […] More
SUBSCRIBER+ EXCLUSIVE REPORTING — A race for control of space is underway, and just as on earth, the U.S. and China are the top competitors. […] More
SUBSCRIBER+ EXCLUSIVE REPORTING — For nearly a week, the Middle East and much of the world were on a knife’s edge, waiting for a promised […] More
BOTTOM LINE UP FRONT – Less than one week after Iran’s attack against Israel, Israel struck Iran early on Friday, hitting a military air base […] More
Search