Meanwhile, in his Washington Post column Josh Rogin finds an urgent need to do something about Chinese cybercrime:
The mere fact the Chinese government is attempting to steal coronavirus information should make clear that the blame for the lack of U.S.-China cooperation on the pandemic lies primarily on the Chinese side. China has restricted its own researchers from sharing coronavirus research and has refused to hand over early virus samples. Chinese research institutions have even tried to copy and patent leading U.S. drugs sent to China for trials.
Now, China is trying to steal coronavirus data from inside U.S. institutions through hacking and “nontraditional actors,†according to a draft notice prepared by the FBI and the Department of Homeland Security (and seen by the New York Times). Assistant Attorney General for National Security John C. Demers didn’t confirm the report, but he talked about the threat Monday on CNBC.
“It would be crazy to think that right now the Chinese were not behind some of the cyber activity that we’re seeing targeting U.S. pharmaceutical companies and targeting research institutes around the country that are doing coronavirus research, treatments and vaccines,†he said. “This is the holy grail of biomedical research right now, [and has] tremendous value both commercially and geopolitically.â€
He suggests imposing the same sort of sanctions we have imposed on Russia on China.
I’ve seen the logs for a number of web sites, not just this one but some high traffic sites as well. Nearly all of the unwanted malicious traffic emanated from China. I find it hard to believe that activity is not state sanctioned.
I’m not sure that sanctions will actually do much to stop Chinese hacking. It would probably be better to use China’s own strategies against them. An embarrassing publicity campaign, for example. Or, as the State of Missouri has done, take them to court.
Failing those I’d suggest harnessing a major untapped resource: privateers. Put a bounty on taking major Chinese sites down. That might take the whimsy out of cybercrime.
What I have heard from people doing cybersecurity for the banking sector is that China, Russia and Iran are the primary source of attacks with the level of sophistication and frequency in the same order. N Korea also generates some attacks but they think those are usually pretty weak.
The privateer approach, as I understand it is what China and Russia at least pretend to use, trying to keep some level of plausible deniability. It has some appeal, but does risk getting out of control as crooks tend to go where the money hangs out.
Steve
I have no sympathy. Hacking has been going on for decades. The people to blame here are the CEO’s and CIO’s of the organizations being raided. Those people know full-well it’s happening, but they take no precautions whatsoever, and claim victim status. They are not victims. They are close to being co-conspirators with the hackers.
In every organization that is hacked, public or private, the first thing to do is to fire the CEO and CIO and blacklist them.
People always try to blame others for their own failures. The CDC/FDA and the clown Fauci are good examples in another arena.
Chinese are moving on every front available. Buying up movie studios to inject soft propaganda, placing Chinese reporters in White House press conferences, (CBS), buying up bankrupt Texas oilfields at bargain prices. All the while we treat them like disadvantaged racial minorities who are off limit for criticism, (or muscular legal sanctions). We’re still not fighting back. Trump alone sees the threat AFAICS.