Cyber Week in Review: June 18, 2020

Internal Report Says Elite CIA Hacking Unit Failed to Secure its Own Systems

Made partially public on Tuesday, the October 2017 Central Intelligence Agency (CIA) Wikileaks Task Force report said that the 2016 theft of CIA cyber tools was caused by a lax workplace culture where agency hackers “prioritized building cyber weapons at the expense of securing their own systems.” The redacted excerpt from the report was published by the office of Senator Ron Wyden (D-OR) in a letter [PDF] to Director of National Intelligence John Ratcliffe, seeking further information on the intelligence community’s cybersecurity problems. Specifically, the report detailed how the CIA’s elite Center for Cyber Intelligence (CCI) “had become woefully lax…Most of our sensitive cyber weapons were not compartmented [sic], users shared systems administrator-level passwords, there were no effective removable media controls, and historical data was available to users indefinitely.” The 2016 theft of cyber tools, which were subsequently posted on Wikileaks as “Vault 7,” was the largest data loss in CIA history, with between 180 gigabytes to 34 terabytes of information exfiltrated. CIA Press Secretary Timothy Barrett declined to comment on the report.

Chinese Scientists Report Progress in Developing Secure Satellite Transmissions

On Monday, a team of twenty-four Chinese scientists reported that they successfully transmitted a secret key to encrypt and decrypt messages between a satellite and two separate ground stations. Published in the journal Nature, the scientists describe implementing quantum key distribution (QKD), a method of encryption utilizing quantum entanglement, which posits that a pair of subatomic particles are still intrinsically linked even if light-years apart. The advancement in QKD has vast implications for satellite communications. Currently, states are constantly directing their constellations of satellites to jam, spy on, and blind competing satellites, owing to the fact that satellites use easily intercepted radio waves. Not only could implementing QKD communication at scale theoretically help China secure its satellite communications, but it could also provide it with an advantage in what has been referred to as the U.S.-China “quantum arms race.”

Russian Scientist Charged with Passing Classified Information to China

Valery Mitko, president of the Arctic Civic Academy of Sciences in St. Petersburg, was charged on Monday with “treason in the form of espionage,” and accused of passing classified information to China. While Russian prosecutors did not comment on the specifics of the case, Mr. Mitko’s attorney indicated that his client was accused of “transmitting information to do with hydro-acoustics,” and state-owned Russian news agency TASS reported that the information was related to “research on hydro-acoustics and submarine detection methods.” The charges highlight that despite efforts by Russia and China to project a strong relationship to the world, both countries continue to compete with one another for geopolitical advantage. The alleged information passed to China follows the country’s prioritized effort to expand and modernize its fleet of submarines, which Russia fears could threaten its interests in the Arctic.

Hackers Used LinkedIn to Target European and Middle Eastern Defense Companies

On Wednesday, Slovakian-based cybersecurity firm ESET reported that spies had used LinkedIn to conduct a spearphishing campaign in late 2019 against European and Middle Eastern defense companies. The published white paper [PDF] shows how hackers impersonated recruiters from Collins Aerospace and General Dynamics to lure in employees with enticing job offers, subsequently tricking them into opening malicious files sent via LinkedIn’s private messaging app. The goal of the campaign appeared to be espionage, though in one instance hackers impersonated a compromised company to steal money from a client. While ESET acknowledged that they compiled the report by working with two affected Central European firms, they declined to specify which companies had been affected. They also did not identify the culprit of the attack but noted that the hackers bore similarities to the Lazarus Group, an advanced persistent threat (APT) group linked to North Korea. The attack is notable as it is the first reported instance of LinkedIn being used to deliver malware to victims.

DOJ Proposes Major Rollback of Section 230 Protections for U.S. Tech Firms

The U.S. Department of Justice (DOJ) unveiled on Wednesday a proposed rollback of Section 230, the longstanding law that shields tech companies from legal liability for content posted on their platforms, saying that it was time to realign tech companies’ legal immunity “with the realities of the modern internet.” The proposed changes follow President Trump’s May executive order that aimed to limit the legal immunity enjoyed by social media companies deemed to be unfairly curbing users’ speech. However, the DOJ proposal went even further, seeking to strip civil immunity for tech firms complicit in unlawful behavior. The proposal was poorly received by the Internet Association (IA), a trade group of major online companies: “The threat of litigation for every content moderation decision would hamper IA member companies’ ability to set and enforce community guidelines and quickly respond to new challenges in order to make their services safe, enjoyable places for Americans.”