Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Authentication

6/24/2015
10:30 AM
Adam Meyers
Adam Meyers
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
100%
0%

Why China Wants Your Sensitive Data

Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.

Leading into 2015, the cybersecurity community was still reeling from the impact of a destructive attack unlike any other we have seen in terms of visibility, scale, and impact. Already halfway into 2015, there is no shortage of breaches. We have already witnessed major compromises in healthcare, the US government, the Bundestag, and media being attacked by sophisticated adversaries, in most cases, roaming freely on networks for months at a time.

Attackers from China, Russia, North Korea, ISIS, and even potentially friendly governments have dominated the headlines. In case you have your head in the sand, this is not going away anytime soon. Compared to traditional espionage, "cyber espionage," or CNE as the military likes to designate it, has a lower cost of entry, less risk if you are caught or compromised, and can often yield equivalent intelligence to feed an ever-growing set of interested consumers. For criminals, the use of e-commerce systems and vulnerable payment mechanisms provides an avenue for rapid monetization and prosperity. Activists or hacktivists as they present themselves on the Internet are able to use electronic mediums to disseminate messaging from banal greets to truly meaningful causes that impact people's lives across the globe.

Since May of 2014, the Chinese government has been amassing what can only be described as the "Facebook for human intelligence targeting" from the databases lifted from some of our most fundamental and essential systems. Why would anyone want healthcare records? If you take a step back, these records are part of a bigger picture, used in concert with the personnel records of US government workers and any other databases that have been stolen over the years. The beneficiary of that data can build an interesting picture detailing the confidential history, preferences, behavioral patterns, and more, of millions of potential intelligence targets.

The point that most people miss is that "cyber" data doesn't just get used for cyber attacks, or cyber bullying, or cyber theft. The People's Republic of China doesn't only conduct network-based espionage, they are a major government on the world stage. They have human intelligence collectors whose job is to identify people with access to interesting or useful information and to collect that information. MICE is a common acronym we use in the information security industry -- Money, Ideology, Compromise, and Ego - a simple set of motivations that can be used to entice or coerce a target to provide continued or temporary access to data.

Using stolen healthcare data, these human collectors can identify someone with access to sensitive information who unfortunately has a sick relative. As the healthcare bills pile up and they become increasingly despondent to help their sick relative get the medical treatment they need, an opening begins to emerge. The human collector, if they are able to identify this opening, can approach the target and begin to sow the seed for access, a simple trade of money for information, information that may seem insignificant to the target, but in aggregate across many different sources becomes quite valuable.

[Learn more from Adam about how to consume, operationalize and integrate threat intel during his training session on the fundamentals of intelligence-driven security, Black Hat 2015 Las Vegas August 1-2 & 3-4.]

It has been said that the network defender must be right 100 percent of the time, while the attacker need only be lucky once. The asymmetry of this is terrifying! Your network defenders should be in front of 10 monitors with an intravenous drip of caffeine and sugar twitching at every packet surging across your enterprise. The reality is that this is true, but we have systems and tools to help deter and detect these attackers.

These tools out of the box, while capable, don't necessarily have all the smarts they need to root out these attackers:  these tools need intelligence. Intelligence-driven security means learning from previous attacks whether successful or not, and incorporating what you have learned into your defense posture. The military, in dealing with asymmetry encountered in Latin America in the 1980's pioneered a process for incorporating intelligence into their targeting processes that has been continuously improved upon in the past 10 years.

This process involves taking the intelligence gleaned from every action, operation, or encounter and feeding it into the next operation to rapidly adapt to the changing environment. This same process introduced into security operations, what I call intelligence-driven security, can drive the cost of protecting the enterprise down, while simultaneously allowing the Security Operations Center (SOC) to have meaningful conversations with the business owners, the C-Suite, and the Board. Enterprise security isn't just about blocking malware anymore, it's about protecting the business and against dedicated and sophisticated threat actors.

Adam Meyers has over a decade of experience within the information security industry. He has authored numerous papers that have appeared at peer reviewed industry venues and has received awards for his dedication to the field. At CrowdStrike, Adam serves as the VP of ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
6/26/2015 | 9:31:47 AM
Re: Have you considered....
It makes sense. In US we have been already experiencing those types of analytics driven targeting individuals. That is what Google, Facebook, Amazon, ... and other social media networks are all bout. Knowing what you do, what you buy and target you based on the knowledge gain from it. This includes medications and other health related products.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/26/2015 | 9:26:02 AM
Re: That follows my own thinking as well
Interesting... There is always some type of related undercover operation when we think China, they are just doing what all other countries have been doing for long time. :--))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/26/2015 | 9:23:08 AM
Re: Have you considered....
I hear you. Or the reason as simple as if you know more information about the public you can adjust, control and do better in sating in power. It may be as simple as that.  :--))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/26/2015 | 9:20:55 AM
intelligence-driven security
I agree with the article. We are going beyond protecting ourselves from malware or DDOS attacks to your network infrastructure or systems. It is becoming more about protecting overall business and customer and employee private information. As recent attacks, such as Sonny Pictures and Federal Employees, show it is becoming very costly to lose any employees' personal information.
Adam Meyers
100%
0%
Adam Meyers,
User Rank: Apprentice
6/25/2015 | 3:59:31 PM
Re: Have you considered....
Absolutely - in fact the Chinese agenda for healthcare is well documented in the 12th Five Year Plan. The Chinese have interest in not just pharmaceutical drugs, but also medical technology ranging from advanced diagnostics to simple stints and tubing. As China continues to mature they are increasingly facing a huge issue in terms of preventable and treatable disease.  In the current 5 yearplan, they also outline the need to improve domestic hostpital systems, and other medical related infrastructure. First to market is one possible outcome, however, there is also a huge potential market domestically in China that can be served through Chinese enterprises. First to market may not be as important as fullfilling the domestic market.

One must also consider multiple intelligence requirements being filled by targeting health insurance companies. This could faciliate future targeting of pharma and medical victims, it could provide insight into how the US Healthcare System works to aid Chinese healthcare systems, and it could be used to facilitate and corroborate information on specific individuals for human intelligence collection. I imagine the answer is all that and more, the Chinese have a lot of work to do as the endeavor to increase their position on the world stage.

 
jries921
50%
50%
jries921,
User Rank: Ninja
6/25/2015 | 3:44:53 PM
That follows my own thinking as well
But it could and probably will be used to recruit agents of influence as well as spies; and I'm guessing that it will also be used to dig up dirt on or otherwise punish persons deemed to be enemies residing in the US.
Kevin Runners
100%
0%
Kevin Runners,
User Rank: Apprentice
6/25/2015 | 8:36:59 AM
Re: Have you considered....
smb2015 is totally right in my opinion. China always wanted to be first to market with Pharma drugs.
smb2015
100%
0%
smb2015,
User Rank: Apprentice
6/24/2015 | 1:16:18 PM
Have you considered....
That a reason China is collecting medical data is to be 1st to market with potential Pharma drugs. The Pharma industry is huge as we all know. China can compete better in this space if they can predict through data analytics what kinds of medical treatments and medicines are going to be in need for US citizens. The amount of data they have collected can easily show trends. The data can also provide China with insight into what Pharma's are doing in the US to treat illnesses (conventional and test treatments). This would given China a bit of a leap in its research efforts.
<<   <   Page 2 / 2
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13693
PUBLISHED: 2020-05-29
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.
CVE-2020-13173
PUBLISHED: 2020-05-28
Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing...
CVE-2019-6342
PUBLISHED: 2020-05-28
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
CVE-2020-11082
PUBLISHED: 2020-05-28
In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.
CVE-2020-5357
PUBLISHED: 2020-05-28
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time wi...