China

FBI says: “China has Your Personal Data”

https://www.fbi.gov/news/speeches/the-threat-posed-by-the-chinese-government-and-the-chinese-communist-party-to-the-economic-and-national-security-of-the-united-states

From the FBI website the director Christopher Wray:

“If you are an American adult, it is more likely than not that China has stolen your personal data.

In 2017, the Chinese military conspired to hack Equifax and made off with the sensitive personal information of 150 million Americans—we’re talking nearly half of the American population and most American adults—and as I’ll discuss in a few moments, this was hardly a standalone incident.”

Every 10 hours a new counterintelligence case is opened. Of about 5000 active FBI cases half are from China. At this point the Chinese are actively attacking health care organizations, pharmaceutical companies, and academic institutions conducting essential COVID-19 research.

The Chinese are attacking us with several methods, bribery (Thousand Talents Program), outright physical theft of intellectual property and secrets, or other means.

Everyone should be aware of the possible attacks that the

Chinese can and are performing in our country

Here are the some culprits of the equifax hack:

Why does this matter to you if you have a small company or if it is  in a non-health-care field?

Because in cyberspace  every affected(infected) machine attacks another, or at least has the potential to infect.

In the above image explaining DDOS (Distributed Denial Of Service and my old blog post:  https://oversitesentry.com/new-ddos-attacks-change-likelihood-in-risk-assessments/

where I discussed a botnet (Mirai malware) created by a hacker which attacked many other systems in the United States and the world

Moneyquote from Computerworld article: Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.”

The hackers used the weak default passwords of these devices (cameras and DVRs – IoTs) to create a program that controlled many of these devices to then create an attack using the simplest method of all – just ask for a connection.

Asking for a connection might be innocuous but when a hundred thousand devices do it then it becomes a traffic jam. And pretty soon it is not a regular traffic jam, but the monster trucker traffic jam.

We have discussed this IoT powder keg before in our “Hidden hacks in Network”  Also “IoT Botnet can DDOS Your Webserver”

What does this new DDOS attack mean for the foreseeable future?

We have to figure out Risk in our compliance-IT departments.

Risk assessment:

Risk = Impact * Likelihood

The interesting thing of security is that Likelihood can change with the latest occurrences in the world.

The topic of risk analysis is a complex topic, but there is definitely a connection between hackers making attacks. When one can do it, another thinks they can also. Think about the basic mind altering ability of a new method will now make the computer code aware individual make new programs and allow this person to attack in more potential destruction.

The reality is that if you have not thought about how to protect your computer assets in a systemic way it will come back to haunt you one day.

I am going to point to this wanted criminal story:

Peteris has been indicted for wire fraud as in the image:

{ Peteris Sahurovs is wanted for his alleged involvement in an international cybercrime scheme that took place from February of 2010 to September of 2010. The scheme utilized a computer virus that involved the online sale of fraudulent computer security programs that defrauded Internet users of more than $2 million.

It is alleged that in February of 2010, Sahurovs contacted an online newspaper claiming to work for an online advertising agency that represented a hotel chain that was seeking to place advertisements on the paper’s website. Sahurovs utilized fraudulent references and bank accounts to deceive the newspaper into believing he represented a legitimate advertising agency.

Sahurovs provided electronic files containing the fictitious hotel advertisements to the newspaper, which began running the advertisements on its website. He then replaced the hotel advertisements with a file containing a malicious computer code, or malware, which infected the computers of people who visited the website and required them to purchase antivirus software for $49.95 to regain control of their computers. If the users did not purchase the software, their computers immediately became inundated with pop-ups containing fraudulent “security alerts,” and all information, data and files stored on the computers became inaccessible.

Sahurovs allegedly conducted the same fraudulent advertising and infection scheme against numerous online businesses. }

Contact me to discuss your situation.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.