Seven US companies have been attacked by government-associated Chinese hackers in the three weeks since the US and China announced a pact that banned government spying on companies, a US security firm said Monday.
The hacks by "actors we have affiliated with the Chinese government" targeted five technology companies and two pharmaceutical companies, US security company CrowdStrike said in a blog post. The first of these occurred the day after the two countries struck a landmark pact in which they agreed not to spy on one another to steal business secrets. They "are continuing to this day", the company said.
Facebook will now warn people if it has a strong suspicion an account is being targeted by a nation-state.
The social networking service already takes steps to secure accounts that may have been compromised but has decided to directly alert users of the type of attack that's under way, wrote Alex Stamos, Facebook's chief security officer.
Since state-sponsored attacks can be more sophisticated "having an account compromised in this manner may indicate that your computer or mobile device has been infected with malware," he wrote.
Related Stories
The Biden administration on Tuesday warned the nation's governors that drinking water and wastewater utilities in their states are facing "disabling cyberattacks" by hostile foreign nations that are targeting mission-critical plant operations.
"Disabling cyberattacks are striking water and wastewater systems throughout the United States," Jake Sullivan, assistant to the president for National Security Affairs, and Michael S. Regan, administrator of the Environmental Protection Agency, wrote in a letter. "These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities."
[...] The letter extended an invitation for secretaries of each state's governor to attend a meeting to discuss better securing the water sector's critical infrastructure. It also announced that the EPA is forming a Water Sector Cybersecurity Task Force to identify vulnerabilities in water systems. The virtual meeting will take place on Thursday.
"EPA and NSC take these threats very seriously and will continue to partner with state environmental, health, and homeland security leaders to address the pervasive and challenging risk of cyberattacks on water systems," Regan said in a separate statement.
(Score: 1, Insightful) by Anonymous Coward on Tuesday October 20 2015, @07:01AM
(Score: 2) by LoRdTAW on Tuesday October 20 2015, @11:44AM
This isn't some one way street where China is the only aggressor. Though i'm sure the US government wants to paint that picture so we forget about their little NSA snafu.
I'm pretty sure everyone, and I mean everyone, is hacking everyone else.
(Score: 1, Interesting) by Anonymous Coward on Tuesday October 20 2015, @05:51PM
To me it seems more like Facebook trying to scare more users into giving them their real phone numbers.
From the article:
When Facebook sees someone logging on from a different browser or computer, it sends a one-time passcode to their mobile phone that must be entered in order to access the account.
Anyone who knows their IT security stuff would know that the one-time passcode would be traveling in clear-text form through many unencrypted channels to that phone.
So if a nation state is truly targeting you and they aren't hiring/using completely incompetent fools Facebook would be helping them gain control over your account!
Doesn't even need to be a nation-state:
https://en.wikipedia.org/wiki/IMSI-catcher [wikipedia.org]
http://www.wired.com/2010/07/intercepting-cell-phone-calls/ [wired.com]
http://www.twelvesec.com/using-a-gsm-tester-to-intercept-calls-and-sms-part-2-equipment-and-setup/ [twelvesec.com]
And if it really is a Nation-State, as far as I know the encryption is only between the phone and the cellular tower- the messages on the wire are plaintext (or effectively plaintext to the Telco). So a determined Nation-State with significant resources might be able to pwn the Telco if it didn't already own it- e.g. you're visiting/living in that Nation-State and using their Telco's network - they just have to look at the log/archive of text messages.
(Score: 2) by DeathMonkey on Tuesday October 20 2015, @06:01PM
Does that perhaps include being targeted by the United States of America?
No, too much alarm fatigue. [wikipedia.org]