It’s a brave new world out there. According to cyber security experts, expanded hacking efforts by China and Russia at US. and European targets of all types has led to a sea change in the nature of the global spying game. It used to be that, at least for the most part, government-employed hackers went after foreign government networks for military or political information, and private/criminal hackers tried to break in to private company networks for financial gain.
Today, however, many governments across the globe are increasingly blurring the lines and trying to access sensitive data from anybody, anywhere. Foreign governments such as China and Russia are teaming up with or even employing criminal gangs specializing in cybercrime, and are attacking both private and state networks for a variety of purposes.
Recent hack of U.S. government database likely by China
Many security experts are saying that the hack of the giant personnel database of government employees is the worst cyber attack on the US government in history. It has also just emerged that the huge amount of stolen data included information people supplied in order to receive security clearances. That means information such as details of their sex lives, past or present drug use and personal finances.
All of this sensitive information is now almost certainly in the hands of a foreign government, who can use it to blackmail people to get access to valuable or even classified information.
A number of knowledgeable sources, including Director of National Intelligence James Clapper, have suggested that the evidence points to China as the culprit, but it has denied any involvement.
That said, it’s not at all surprising that cyber security was a key topic on the agenda when President Obama got down to business with visiting Chinese officials in Washington this week.
Suspected Chinese hack of Rio Tinto hack cost company over $1 billion
In another significant hack back in 2012, a major London listed company ended up losing well over a billion dollars as a result of a hostile state cyber attack. The company has now finally been by identified number of sources as the British – Australian mining company Rio Tinto.
The firm will not comment on the matter, but it is well known that the mining sector has been a target for Chinese spies as the country must import huge quantities of raw materials, such as the iron ore for the steel to build homes, skyscrapers, cars and other household goods.
Analysts point out that back in 2009, Rio Tinto undertook extensive negotiations involving fixing iron ore prices with China for long periods of time for very large amounts of money.
Negotiating these iron ore pricing contracts is much like a poker game, and it didn’t turn out well for the company, as notable differences between the market price and the price that had been fixed soon became the norm. This led to a big stink and an investigation, and several Rio Tinto employees were even arrested.
Analysts and security experts say that China apparently worked to lower prices through a mixture of “traditional” means (such as bribing/pressuring staff) as well cyber theft of key information at the crucial moment, therefore enabling the Chinese to “negotiate” a better deal
Russian hacks typically more subtle
Cybersecurity experts say that Russia’s hackers, on the other hand, are typically highly expert and remain below the radar compared to hackers from China and most other global hackers.
Experts also note that cyber espionage is more and more frequently combined with human espionage to today, with the idea of carefully researching vulnerable targets to approach. A recent Russian espionage attack supposedly involved research into the personal life of a business executive who was gay but not yet out of the closet.
In a sneaky psychological twist, the Russia based hackers then sent the exec an email message supposedly from a gay rights organization which they thought he would open since it was sent personally to him. The message was a spoof message that appeared real, and also contained sophisticated malware. The hackers counted on the fact that, even if the exec did suspect the message contained malware, he would not risk going to his firm’s IT staff or ask for help from security because he was afraid that might out him.