Top FBI official warns of strategic threat from China through economic and other forms of espionage, the Washington Post reported this week. A senior FBI official on Wednesday said that Chinese economic espionage as well as efforts to steal U.S. research and influence American discourse amount to “the most severe counterintelligence threat” facing the United States today.
On Tuesday, the New York Times reported the Marriott breach had been just one part of a Chinese intelligence-gathering effort that also included health insurers and the security clearance files of millions more Americans.
Meanwhile, the Wall Street Journal reported Chinese hackers have targeted Navy contractors, triggering a top-to-bottom review of cyber vulnerabilities. Navy officials confirmed that there were more than a handful of incidents over the last 18 months, including one major breach of a Navy contractor in June, which involved the theft of secret plans to build a supersonic anti-ship missile planned for use by American submarines. In response, Navy Secretary Richard Spencer ordered a review to examine his service branch’s cybersecurity weaknesses that would give adversaries access to critical information.
A recent report from McAfee similarly found evidence of espionage. Reporting on this new research released Wednesday, CNBC wrote “hackers infiltrated dozens of companies around the world with advanced malicious software that extracted information from their systems”. Raj Samani, chief scientist and fellow at McAfee, told CNBC “We know that this campaign was intended to conduct espionage, indeed it was only recently launched. The question of the ultimate purpose remains to be seen.”
In big bug news, TechCrunch reported that a string of bugs in Microsoft’s login system when chained together created the perfect attack to gain access to someone’s Microsoft account — simply by tricking a user into clicking a link. The bug, mitigated by the Microsoft Security Response Center in November, was identified and disclosed to Microsoft by Sahad Nk, an India-based bug hunter.
TechCrunch also reported that popular avatar app, Boomoji had exposed personal data of its entire user base of more than five million. The company’s failure to put passwords on two of its internet-facing databases resulted in exposure not only of its more than 5 million user accounts, but every phone book entry of every user who had allowed the app access to their contacts.
NBCNews covered Bugcrowd’s Inside the Mind of a Hacker report, which found that half of the ethical hackers — or security experts hired to penetrate networks and computer systems on behalf of their owners — have full-time jobs. About 80 percent said the endeavor helped them land a job in cybersecurity.
Meanwhile, CNET wrote about the company’s recent Bug Bash with Atlassian. For Atlassian, and CISO Adrian Ludwig’s team specifically, “this is a golden opportunity to build relationships with some of the best hackers and security researchers in the world, to encourage them to work on Atlassian products. That’s the endgame for Ludwig. It’s his job to make Atlassian’s products as safe as possible. Events like these make that possible.”
That’s all for this week’s edition of Bug Bytes. Tune in next week for another recap of the week’s cyber security news.