Chinese focus on the acquisition of intellectual property is a recurring topic, percolating to the forefront, the most recent being Operation CuckooBees, which has been detailed in a comprehensive Cybereason report. The report noted that the Chinese advanced persistent threat (APT) group has had many labels including Winnti and APT41 and is credited with being operational from at least 2019. Over the course of the past few years, the group siphoned off, according to Cybereason, hundreds of gigabytes of data from their targets.
Author: Christopher Burgess
The SolarWinds compromise of 2020 had a global impact and garnered the resources of both public and private sectors in an all-hands-on-deck remediation effort. The event also had a deleterious effect on the SolarWinds stock price. These two events, were, predictably, followed by a bevy of civil lawsuits. Fast forward to late March 2022 and we have a federal court saying the suit that named SolarWinds; its vice president of security and CISO, Tim Brown; as well as two prime investor groups Silver Lake and Thoma Bravo may go forward.
In a move demonstrative of international cooperation and partnership, the Five Eyes (United States, Australia, Canada, New Zealand, and United Kingdom) issued an alert giving a “comprehensive overview of Russian state-sponsored and cybercriminal threats to critical infrastructure.” The alert also includes remediation guidance, which CISOs will find of particular import.
Alert AA22-110A – Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure, provides details on the cyber operations attributable to Russian state actors, including the Russian Federal Security Service (FSB), Russian Foreign Intelligence Service (SVR), Russian General Staff Main Intelligence Directorate (GRU), and Russian Ministry of Defense, Central Scientific Institute of Chemistry and Mechanics (TsNIIKhM). It also identifies cybercriminal organizations, including some which have expressed fealty to the Russian Federation, that have pledged to conduct cyber operations against entities that are providing support to Ukraine. Thus, your company’s position on Russia’s invasion of Ukraine very well may place your company in the target sights of Russian state actors or their cybercriminal cronies.
On the surface, the case of Racho Jordanov, CEO of JHL Biotech (Eden Biologics), and COO Rose Lin seemed like another case of corporate espionage. They targeted a technology they needed and then set out to acquire the technology. For many years they were successfully stealing Genentech’s secrets.
That is until the spigot was turned off with the 2018 indictment of Xanthe Lam and Allen Lam, wife and husband, who with others were collectively indicted in October 2018 for the theft of Genentech’s trade secrets. Xanthe Lam was a principal scientist at Genentech, where she worked from 1986 until 2017. Allen Lam, her husband, worked in quality control at the company from 1989 to 1998.
A recent Bloomberg piece highlighted how Meta Platforms, Inc., (parent company of Facebook) and Apple, Inc., had been successfully socially engineered into providing customer data in response to “emergency data requests” to individuals who they believed to be representing the U.S. government. If your entity is collecting customer data, it is possible you’ll receive a lawful request for the data from a government entity. This may take the form of a warrant, subpoena or national security letter. Do you have a process for handling these requests?
Will your company’s decision and position on the Russian invasion of Ukraine or their continued presence in the Russian market (or exit from this market) carry with it the prospect of retaliation? The answer, unfortunately, is yes. Decisions, even to decide to do nothing and straddle the fence, carry consequences. Even if the consequences are wrong-headed, unjust and unwarranted, individuals, governments and organizations will make their own interpretations.
I’ve spoken to the disruption in supply chains, to threading the needle on exiting or not exiting the Russian market due to Russia’s invasion of Ukraine. In addition, the U.S. government’s effort at outreach to ensure companies have the opportunity to digest and implement advisories being issued by CISA has reached a new level of both urgency and frequency.
The existence of policies and procedures surrounding the implementation of a business strategy are the hallmarks of maturity within a company’s growth. When insiders make business decisions that violate the law, or those policies, the potential for increased risk to the business is present. We see this most often when individuals in positions of trust violate policy or procedural constraints, whether on purpose (theft) or accidentally (human error) and data goes missing or flies out the door into the public domain.
A recent settlement order, dated March 3, between the Federal Trade Commission (FTC) and Weight Watchers International and its wholly owned subsidiary Kurbo demonstrates what may occur if those insiders evolve a business model that ignores the law. Weight Watchers and Kurbo agreed to pay a fine of $1.5 million, delete information “illegally collected from children under 13,” and “destroy any algorithms derived from the data.”
On March 10, the Senate Select Committee on Intelligence (SSCI) hosted the annual Global Threat Assessment briefing during which representatives of the US intelligence community availed themselves for questions. The intelligence community contingent was led by Director of National Intelligence Avril Haines, who was supported by CIA Director William Burns, DIA Director Lieutenant General Scott Berrier, NSA Director General Paul Nakasone, and FBI Director Christopher Wray.
Contemporaneously, the Office of the Director of National Intelligence (ODNI) released the unclassified version of the Annual Threat Assessment of the US Intelligence Community – February 2022. The assessment was prepared using data available through January 21, 2022, and thus was not adjusted due to Russia’s invasion into Ukraine which occurred on February 24.
Whether we wish to admit it, the way the internet is used is in the midst of a major morph due to the consequences of Russia’s invasion of Ukraine. Russia is moving to cut off internet access to Ukraine and to limit internet access to its own populace. Ukraine is seeking to limit Russia’s disinformation and ability to conduct commerce. Organizations continue to navigate their way through a world of sanctions and direct government requests to take specific actions
While the situation may appear to be black and white, it is, in reality, several shades of gray and is happening in the midst of the internet’s transition to multistakeholder governance. On March 10, 2022, the internet community issued a paper titled “Multistakeholder Imposition of Internet Sanctions.” This “conversation document,” signed by a plethora of individuals from companies and organizations, posited seven principles: