China and the US have stolen the show this week with their negotiations of what may become the world’s first major arms control agreement for cyberspace. Bilateral discussions focus on establishing a no first use policy in regards to the targeting a state’s critical national infrastructure during peacetime. While potentially ground breaking, the agreement would bear no relevance to China’s alleged hacking of either US corporations or the Office of Personnel Management.
It’s a promising turn of events for what’s been a highly sensitive topic in the bilateral relationship. Obama has also refrained from enacting the proposed economic sanctions on Chinese corporations for the cyber theft of US intellectual property. There’s been a noticeable drop in the frequency of Chinese cyber attacks against US corporations recently, which may be an effort to build good will in the lead up to Xi’s first state visit to Washington later this week. Unfortunately, tensions are far from resolved. At the same time as Xi’s visit, China will host a tech forum in Seattle where it’ll pressure US corporations to adopt a ‘pledge of compliance’ regarding company networks within China. The pledge requires companies to make their data ‘secure and controllable’, a condition that may involve providing authorities with backdoors to systems for surveillance. By successfully drawing large players such as Apple, Facebook, IBM, Google and Uber to the forum despite current bilateral tensions, the Chinese are set to demonstrate the leverage they wield over any cybersecurity discussion.
Two US Democratic Senators have shone the spotlight on automakers’ responsibility to secure their increasingly networked vehicles. Edward Markey and Richard Blumenthal requested information about cyber security policy from 18 large automakers this week, including BMW, Fiat Chrysler and Toyota Motor Co. A similar survey was conducted in December 2013, however, the recent hacking of a Jeep Cherokee in July has returned attention to the vulnerabilities of vehicle connectivity. Intel, which provides infotainment technology to some of the largest automakers and is a key target for potential hackers, has this week revealed its interest in the issue by establishing a new Automotive Security Review Board. This board will conduct security audits on its products and has already released a ‘white paper’ outlining automotive cybersecurity best practice.
There was a win for cybercrime fighters this week, with infamous Russian hacker Vladimir Drinkman pleading guilty to criminal charges. Drinkman and four other defendants are on trial in the US for stealing 160 million credit card numbers from corporations including Diners Singapore, Nasdaq, JCP, 7-Eleven, Dow Jones and Jet Blue. The group exploited SQL database vulnerabilities in order to install ‘packet sniffers’—malware that monitors and documents network traffic. Drinkman initially pled not guilty when captured in 2010 but has now confessed to his cybercrimes and is facing up to 30 years in prison. The theft incurred a corporate cost of $300 million, plus enormous private losses, and has been deemed the largest data breach scheme ever prosecuted.
The US has announced plans to post a prosecutor at Europol in order to facilitate greater international cooperation in the fight against cybercrime. US Attorney General Loretta Lynch said that the representative will be a day-to-day presence, aiding investigations into botnet networks and dark web marketplaces. Europol Director, Rob Wainwright, is hopeful that the presence of a US prosecutor will encourage the support of large US technology companies in international cybercrime investigations.
Anonymous has been busy this week, hacking government websites of both Vietnam and the Philippines. The infamous hacktivist group defaced the homepage of the Philippines’ National Telecommunications Commission (NTC) as a demonstration against poor internet service delivery. The group’s hack left a message protesting against the ‘over promised, under delivered system’ that it believes is an obstacle to equality of internet access. The breach came days after the agency’s service test which revealed ISPs falling short of advertised speeds, and has prompted the NTC to guarantee an increase in the monitoring of internet speeds starting in October.
Across the South China Sea, Vietnam suffered a blow to its government portal on its recent National Day thanks to the collaborative hacking efforts of Anonymous, AntiSec and HagashTeam. The cyber vandalism was an attempt to pressure the Vietnamese government to include political activists, journalists, bloggers and human rights defenders in their recent mass pardoning of more than 15,000 prisoners, including drug traffickers and murderers.