Ahead of top Chinese diplomat’s U.S. visit, Five Eyes officials call attention to Chinese hacking | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Welcome to The Cybersecurity 202! I love a good, well-placed, unexpected shift in a song. I doubt you’ll see it coming, even though you’re expecting … something.

Also: Make sure to check out The Post’s upcoming summit on the rise of AI, which features many of our colleagues, on Thursday!

Was this forwarded to you? Sign up here.

Below: An ex-NSA employee admits trying to sell secrets to Russia, and record turnover is putting local election offices in peril. First:

Ahead of Chinese official’s trip, Five Eyes call attention to Chinese hacking

China’s top diplomat will be in Washington later this week amid a bid to restart re-engagement between Beijing and the United States, and a group of Western nation spy leaders are warning about Chinese hacking.

Chinese Foreign Minister Wang Yi is set to arrive on Thursday for three days of meetings. As my colleague Michael Birnbaum pointed out, it’s the first high-level visit from a Chinese official since a Chinese air balloon entered U.S. airspace and exacerbated tensions between the two countries.

News of Wang’s visit comes one day after a “60 Minutes” interview aired with officials from an intelligence alliance of Western nations known as the “Five Eyes,” which is made up of Australia, Canada, New Zealand, the United Kingdom and the United States. The officials called attention to what they said was an extensive Chinese effort to steal U.S. technology, including via hacking.

“All countries spy. Our countries spy,” said Mike Burgess, the director general of security in charge of the Australian Security Intelligence Organization. “All governments have a need to be covertly informed. All countries seek strategic advantage. But the behavior we’re talking about here goes well beyond traditional espionage. This scale of the theft is unprecedented in human history.”

Here are some highlights of Wang’s visit as planned:

  • Wang will meet with Secretary of State Antony Blinken, who traveled to Beijing in June. That visit apparently offered no breakthroughs on hacking-related tensions.
  • Wang will also meet with Jake Sullivan, national security adviser to President Biden. The National Security Council has been very active on cyber issues under Biden.
  • It’s possible that Wang will meet with Biden himself, just as Blinken met with Chinese President Xi Jinping.

The Wang visit could lay the groundwork for a visit from Xi, perhaps to a summit of Asia-Pacific leaders in San Francisco next month. It would be his first visit to the United States since 2017.

There are plenty of other tensions for the nations to work through besides cyber, of course — from the Ukraine-Russia war to a deterioration of military communications — that might take precedence over cyber concerns during Wang’s visit. But at the very least, cyber issues serve as a key bit of context for the talks and they will no doubt be on officials’ minds as they go into the meetings.

We recently wrote about some of the current and potential future cyber tensions between the United States and China, but the interview with the Five Eyes intelligence officials this weekend expounded on the subject at length. The interview came during the first-ever public meeting of the intelligence chiefs as they visited Silicon Valley.

One message the spy agency leaders tried to hammer home is that the Chinese theft affects everyone.

  • “This is not just about government secrets or military secrets,” said Ken McCallum, director general of Britain’s MI5. “It’s not even just about critical infrastructure. It’s about academic research in our universities. It’s about promising start-up companies. People, in short, who probably don’t think national security is about them.”
  • “When people talk about stealing innovation or intellectual property, that’s not just a Wall Street problem,” said FBI Director Christopher A. Wray. “That’s a Main Street problem. That means American jobs, American families, American livelihoods and the same thing for every one of our five countries, directly impacted by that theft. It’s not some abstract concept. It has flesh and blood, kitchen-table consequences.”
  • Wray cited the case of a U.S. company that he said developed software for wind turbines, lost sales because of Chinese theft and laid off hundreds of workers in response.

Besides outright hacking, there are other online vectors to the Chinese theft, said McCallum.

“We have seen, for example, the use of professional networking sites to reach out in sort of masked, disguised ways to people in the U.K., either who have security clearance or who are working in interesting areas of technology,” he said. “We’ve now seen over 20,000 examples of that kind of disguised approach to people in the U.K. who have information that the Chinese state wishes to get its hands on.”

Here’s the bottom line from Wray:

  • “I would say the Chinese government, if they want to be a great nation, it’s time for them to start acting like one,” he said. “And that includes abiding by its own commitments not to steal innovation.”
  • “That includes not exporting repression to other countries,” he said. “That includes working with all of our countries and all the other countries that we work with all the time who have common threats, like cybercrime, fentanyl trafficking, money laundering. It means not working with criminals but rather working to uphold the rule of law.”

The Chinese government responded to the Five Eyes claims on “60 Minutes,” telling the outlet that “we firmly oppose the groundless allegations and smears toward China.”

Ex-NSA employee admits trying to sell secrets to Russia

Former National Security Agency employee Jareh Dalke pleaded guilty Monday to attempting to sell secret information to a Russian operative who ended up being an undercover FBI employee, Alexander Mallin reports for ABC News.

The 31-year-old “pleaded to six counts of attempting to transmit national defense information to a foreign government, admitting that in August and September of 2022 he sought to sell copies of three classified documents containing information marked top secret-SCI (for sensitive compartmented information) to a person who identified themselves as an agent from Russia, according to plea documents,” Mallin writes. That person was actually a covert FBI employee, according to the plea agreement.

  • “There is an opportunity to help balance scales of the world while also tending to my own needs,” Dalke wrote at one point in the exchanges. He had first shared information with the undercover FBI operative in August 2022, receiving “large sums of cryptocurrency” for payment, according to ABC.
  • He was arrested in Denver after agreeing to meet in-person to transfer more classified materials. He will be sentenced April 26.

The plea comes a month after an IT contractor for the State Department and the Justice Department was charged with espionage, facing allegations that he had transferred classified data to Ethiopia’s intelligence service since August of last year.

After Okta breach, 1Password flags suspicious activity in internal Okta account

Password manager service 1Password disclosed suspicious activity occurring on an internal company account provided by sign-on and authentication tools provider Okta, just days after the latter announced that hackers stole access tokens affecting a handful of customers, Ars Technica’s Dan Goodin reports.

  • “On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps,” 1Password Chief Technology Officer Pedro Canahuati wrote in a blog post. “We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing.” It’s not currently known how access to the Okta session was gained, an incident report says.
  • Goodin’s report notes: “The files the threat actor obtained in the Okta compromise comprised HTTP archive, or HAR, files, which Okta support personnel use to replicate customer browser activity during troubleshooting sessions.” Stored data in those files includes authentication cookies and tokens that hackers could use to impersonate users on a network, he adds.
  • An anonymous 1Password employee provided Ars Technica with a report “dated October 18 and shared on an internal 1Password Notion workspace [that] said the threat actor obtained a HAR file a company IT employee had created when recently engaging with Okta support,” according to the outlet. 1Password did not respond to confirm its authenticity, Ars Technica reported.

Security firm BeyondTrust on Oct. 19 flagged that it was affected by the broader Okta breach, making 1Password the second known company to have been impacted. BeyondTrust had notably warned Okta some two weeks ahead of its disclosure, Krebs on Security reported Friday.

  • “All customers who were impacted by this have been notified. If you’re an Okta customer and you have not been contacted with another message or method, there is no impact to your Okta environment or your support tickets,” Okta Chief Security Officer David Bradbury said in an Oct. 20 blog post.

Record turnover puts local election offices in peril

The year 2020 marked a tipping point for record-low election office staffing as workers faced pandemic-based operational challenges coupled with hostility from stolen-election claims, the Associated Press’s Christina A. Cassidy reports.

  • “A wave of retirements and resignations has followed, creating a vacuum of institutional knowledge across the country. Experts in the field say widespread inexperience creates risk in an environment where the slightest mistake related to voting or ballot counting can be twisted by conspiracy theorists into a nefarious plot to subvert the vote,” Cassidy writes.
  • “People growing weary of dealing with the constant criticism, the unending workload, the inability to have any sort of work-life balance at all, and then finding themselves constantly in the spotlight and under scrutiny has, I think, put us in a national crisis,” Jennifer Morrell, a former local election official in Utah and Colorado, told the outlet.

Pennsylvania officials, for instance, have estimated that 40 of the state’s 67 county election offices now have new directors, according to the report. Those turnover rates are even more prevalent in presidential swing states like Arizona, where some 12 out of 15 counties have lost their head election official, it adds.

  • The dynamic puts states on thin ice for what is expected to be an intense presidential election season next year as voting machine companies work to shore up protections to protect their equipment against tampering or fraud. 

Banks say CFPB needs to beef up security in open banking plan (Bloomberg Law)

TSA renews railroad security directives with updated measures for incident response testing, cyber assessments (Inside Cybersecurity)

As Congress idles, key lawmakers retain sense of urgency on surveillance law (The Record)

Companies look to human moderators to keep AI apps in line (Wall Street Journal)

Google Maps disables live traffic data in Israel, Gaza at military request (Bloomberg News)

Alleged covert wiretap on Russian messaging service blown by expired TLS certificate (The Record)

U.S. chip curbs stymie efforts by China surveillance group to diversify (Financial Times)

China crackdown on cyber scams in Southeast Asia nets thousands but leaves networks intact (Associated Press)

Spanish police arrest 34 alleged cybercriminals for scamming operation (The Record)

China’s crackdown on cyber scams in Southeast Asia ensnares thousands but leaves the networks intact (Associated Press)

Hackers update Cisco IOS XE backdoor to hide infected devices (Bleeping Computer)

Cyberattack on NY hospitals forces ambulance diversions (Health IT Security)

Hackers possibly accessed personal info from DC voters in breach, Board of Elections says (ABC 7 DC)

Social Security Numbers compromised in UMich cyberattack (Michigan Daily)

Amazon enables passwordless passkeys on iOS and the web (The Verge)

Google Chrome’s new ‘IP Protection’ will hide users’ IP addresses (Bleeping Computer)

  • The Senate Commerce Committee holds a hearing on combating robocalls at 10 a.m.
  • The American Enterprise Institute convenes a discussion on manipulated media and platform accountability at 10 a.m.
  • The Institute for Security and Technology holds a webinar on U.S.-China tech investments at 4 p.m.

Thanks for reading. See you tomorrow.


Click Here For The Original Story From This Source.

National Cyber Security