Tag Archive for: Charge

US authorities charge seven over Chinese hacking


The US Department of Justice (DoJ) has unsealed an indictment charging seven Chinese nationals with conspiracy to commit computer intrusions and conspiracy to commit wire fraud, alleging their involvement in the state-backed APT31 hacking group over a 14-year period.

Concurrent with new sanctions issued today by deputy prime minister Oliver Dowden, APT31 is accused by the Americans of a wide-ranging campaign of espionage furthering the intelligence objectives of the Chinese government.

Those named are Ni Gaobin, 38; Weng Ming, 37; Cheng Feng, 34; Peng Yaowen, 38; Sun Xiaohui, 38; Xiong Wang, 35; and Zhao Guangzong, 38. All are believed to be located in China, and it is highly unlikely they will face a court.

“Over 10,000 malicious emails, impacting thousands of victims, across multiple continents. As alleged in today’s indictment, this prolific global hacking operation – backed by the People’s Republic of China government – targeted journalists, political officials and companies to repress critics of the Chinese regime, compromise government institutions and steal trade secrets,” said US deputy attorney general Lisa Monaco.

“The Department of Justice will relentlessly pursue, expose and hold accountable cyber criminals who would undermine democracies and threaten our national security.”

Attorney general Merrick Garland added: “The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses.

“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies.”

“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies”
Merrick Garland, US attorney general

The US said it was pulling back the curtain on China’s vast hacking…

Source…

Britain summons Chinese charge d’affaires over alleged cyber hacking, ET Telecom


LONDON: Britain on Tuesday summoned the charge d’affaires of the Chinese Embassy in London after accusing Chinese state-backed hackers of stealing data from Britain’s elections watchdog and carrying out a surveillance operation against parliamentarians.

Britain said the Chinese hackers stole the voter registration data – mostly names and addresses – of about 40 million people from the Electoral Commission and tried to break into lawmakers’ emails.

“The (Foreign Office) set out the government’s unequivocal condemnation of Chinese state-affiliated organisations and individuals undertaking malicious cyber activity against UK democratic institutions and parliamentarians,” a spokesperson for Britain’s Foreign Office said in a statement.

A spokesman for Prime Minister Rishi Sunak said on Tuesday the government is close to finalising a new foreign influence registration system that would require anyone working undeclared for a foreign country in the so-called “enhanced tier” to declare their activity.

Under Britain’s new National Security Act, individuals, such as lawyers, a public relations company or an undercover spy working for a country in the “enhanced tier” would have to record their activity in a register or face prosecution.

British Deputy Prime Minister Oliver Dowden said on Monday that China’s alleged hacking of British democratic institutions meant there was a “strong case” for including the country in the enhanced tier.

China has denied the spying allegations. The Chinese embassy in London said on Monday the claims said the claims were ”completely fabricated” and it will make “a justified and necessary response”.

The British government has previously said it would be inappropriate to call China a “threat” because it is too simplistic to view relations with the world’s second biggest economy through a single word.

Source…

Twitter to charge for a basic security feature that costs nothing on other platforms


What you need to know

  • Twitter’s SMS-based two-factor authentication will now cost you a monthly subscription fee.
  • The security feature will be restricted only to Twitter Blue subscribers starting March 20.
  • Accounts with SMS 2FA still enabled will automatically lose this feature after that date.

After locking some of its longstanding features, such as the blue check mark, behind a monthly subscription, Twitter will now charge you for SMS-based two-factor authentication.

The social networking platform surprised users by announcing (opens in new tab) that only Twitter Blue subscribers will be able to secure their accounts using this security option after March 20. After that date, the feature will automatically be disabled, assuming you haven’t done so by then.

Source…

Good News, Bad News for Security Researchers: Feds Are Less Likely to Charge You, States Are Another Thing


A talk at a security conference in Washington offered a little long-awaited reassurance to security researchers: Federal prosecutors just aren’t that into you anymore. 

In a talk at ShmooCon(Opens in a new window) Friday evening, Venable LLP cybersecurity lawyer Harley Geiger(Opens in a new window) told attendees that two laws long considered harmful by information-security types have grown less toxic because of recent actions in Washington.

“The Computer Fraud and Abuse Act and the Digital Millennium Copyright Act have evolved in favor of hackers,” he said at the start of his “Hacker Law for Hackers” presentation. 

The CFAA, passed in 1986 after growing alarm over the risks of hacks (catalyzed to some degree(Opens in a new window) by the 1983 classic WarGames), criminalizes access to a computer system “without authorization” or that “exceeds authorized access.” The DMCA, enacted in 1998 at the behest of Hollywood, makes it a crime to disable security measures that control access to copyrighted material. Both measures have been used to threaten and harass security researchers.

But in 2021, the Supreme Court held (PDF(Opens in a new window)) that the CFAA does not cover unauthorized use of “information that is otherwise available” to a person. That essentially took terms-of-service violations out of the law’s scope. As Geiger put it, “that may be a violation of a contract, but it is not a federal hacking crime.”

In May 2022, the Justice Department went further, announcing that it would no longer prosecute good-faith security research under the CFAA. “That is a big deal,” Geiger said. 

He sounded a little less cheery about the DMCA and its Section 1201(Opens in a new window) ban on circumventing copyright-protection systems. Change has come to that statute mainly through the Library of Congress’s Copyright Office, which can grant and renew public-interest exceptions to the anti-circumvention provision every three years.

In 2021, the office renewed and expanded(Opens in a new window) a “1201” exemption on breaking copyright protection for security research. It still, however, prohibits distributing those circumvention tools, which Geiger called an…

Source…