Computer Espionage

Introduction

Without a doubt, the age of computer technology has made everyday tasks easier to complete. Life has become more interesting in the modern era because almost everything can be done with the click of a button on a computer or smartphone. Simple tasks like shopping, as well as more complex activities like automobile assembly, banking, governance, and healthcare, all rely heavily on computer technologies for performance. The reliance on computer technologies and the sensitive nature of information shared across computer networks has given rise to a new level of online criminal activity known as cyber-attacks. Cyber espionage is a type of cyberattack that will be discussed in this paper, as well as the technology involved, future trends, companies involved in cyber espionage, regulatory issues, and global implications of cyber espionage.

Computer Spying

Cyber criminals steal sensitive information and intellectual property in order to gain an advantage or destroy their victim. Cyber espionage is one of the most common types of cyberattacks, in which cyber criminals spy on their target victims, who could be foreign governments or competing companies, in order to obtain intellectual information about them (Libicki, 2017). Cyber espionage is a global online criminal activity that targets everyone. When it comes to espionage, different types of cyber criminals have different goals and motivations. Attackers recognize the value of information within a corporation and may seek to steal it through extortion, ransom campaigns, and the sale of stolen information on the black market. Cybercriminals may also wish to harm the reputation of an organization with which they disagree by leaking confidential information such as customer data, which may result in legal ramifications. For example, a competitor healthcare organization may use cybercriminals to spy on another organization, steal sensitive patient data from a celebrity patient, and release the information to the public, causing reputational harm to both the hospital and the patient. The hospital faces legal ramifications. At this point, the competitor who orchestrated the attack takes advantage of the opportunity to rise and even attract patients from the hospital whose reputation has been harmed. Another reason cyber criminals may conduct espionage is for mercenary purposes, in which they seek payment from any willing body that hires them to steal sensitive data from opponents. Cyber espionage activities can be state-sponsored or carried out by independent protest groups targeting government agencies and large corporations (Brown, 2015).

Given its dominant position as the global trade center, the United States has been a major target for economic and industrial espionage. White-hat hacking has primarily been used by governments against suspected criminals. It entails hacking into an adversary’s computer systems in order to prevent a cyber-crime from occurring. In many cases, the United States government has engaged in espionage to defend the states against enemies who plot attacks via computer networks. The September 11 attacks on the World Trade Center in New York and the Pentagon in Washington, D.C. in 2001 prompted the implementation of cybersecurity measures to prevent future cyberattacks. Since the attacks, there have been foreign intelligence operations in which the US government secretly spies on countries that it believes pose a threat as a security measure. Despite criticism for violating people’s privacy and demeaning their ethical rights, the Central Intelligence Agency, or CIA, has been at the forefront of computer espionage, which is a necessary evil. When there is a justifiable reason to conduct the spying for the safety of the people, the CIA ensures that it conducts the espionage properly and in a morally defensible manner. Notably, computer espionage is similar to human espionage in that a spy is dispatched to a specific region to study their activities and gather sensitive information belonging to the region, company, or organization. In computer espionage, an implant may be implanted in target computers for a set period of time in order to collect sensitive data.

The technology used in computer espionage

Because computer users already have security software in place to protect networks from malicious activity, cyberattacks necessitate the use of sophisticated technology. Hackers conduct exploitation via the internet, networks, or individual computers, employing cracking techniques and malicious software (Banks, 2016). The most common type of attack is a denial of service attack, which prevents computer users from accessing certain information on their computers until the attacker has finished retrieving the required data. The DoS method is preferred because large corporations are easily harmed. Malware such as Trojan horses, viruses, and worms can be used to disrupt normal operations within an organization, giving the attacker enough time to steal data from computer networks or otherwise destroy the organization. Logic Bombs are malware techniques in which malware is planted in an unsuspecting victim’s computer system and remains dormant until a specific time. IP spoofing occurs when an attacker successfully disguises himself and gains access to sensitive data and secure networks.

Bots are one of the most common methods used by hackers in their cyber operations, which include target identification, penetration, presence, exploitation, and harm causation. The bot is used by a hacker, who may be state-sponsored, to conduct a massive survey on cyber systems in order to identify those with the target qualities required in the attack. Some SCADA systems, for example, are likely to have vulnerabilities that an attacker can easily exploit. The hacker can build a database of targets and use it for personal/state gain by detecting the presence of unpatched software or unchanged passwords.

After identifying the target, the hacker begins an initial penetration of the systems. Botnets and infected flash drives are two methods that may be used. Botnets, which are made up of a number of internet-connected devices such as computers and smartphones, are used to commit a variety of cybercrimes. Among the activities carried out by hackers using botnets are distributed denial-of-service (DDoS) attacks, spam and malware distribution, and unrestricted access to devices and network connections. The attacker uses command and control (C&C) software to remotely control the botnet and spy on the target victim. Infected flash drives are used to spread worms on the target network, disrupting activities in the organization and giving the hacker enough time to penetrate the systems. To avoid detection by network monitoring tools, the hacker can then establish a long-term presence in the victim’s systems by installing additional malware and creating additional accounts. Hackers have enough time to exploit information from target networks, which could include real-time monitoring of email content and using the data gathered to cause harm.

In 2008, the Department of Defense’s computer networks were compromised by malware via the use of an infected flash drive in operation Buckshot Yankee (OBY). The drive was pre-loaded with malware before being inserted into a military laptop at a Middle Eastern base. The malware code replicated itself on the computer network of the United States Central Command, from which it spread throughout the entire military system. Both classified and unclassified computers had been infected. The attackers were looking for the nature of information within the DoD’s networks, then reporting to the controller and syphoning the desired information. The malware was created by a foreign intelligence agency, according to the DoD. Stuxnet’s operation was successful because the malware was designed to jump the air gaps between classified and unclassified computer networks. The malware was programmed in such a way that when legitimate users of the flash drive transferred data between networks, the malware would ride the drive for infection, resulting in the hitchhiking of data on the drive from classified to unclassified networks. The gathered sensitive data could be transferred over the internet via unclassified networks. The OBY cyber espionage was a clear target on official information systems, with the goal of gathering information about US national security.

The majority of internet traffic travels via submarine cables, which could be a gold mine for espionage, particularly by governments through cable tapping. The US government has been collecting information from undersea communication cables for many years, and in the 1970s it attached recording boxes to the undersea Soviet cables. Repeater junctions are used to improve access and transmission of gathered information. The combined cyber-kinetic method had to include the use of physical equipment required to gather cyber intelligence. Divers, for example, had to move deep into the sea every few weeks to retrieve the tapes from the Soviet Cables. Cable tapping involves national security and commercial data, as well as personal data, which is why hackers refer to it as a gold mine. Physical devices attached to underwater cables have the potential to clog and interfere with normal electronic traffic passing through the cables.

Companies that engage in cyber espionage

Foreign economic and industrial espionage against the United States pose a great threat to America’s prosperity. Being the global center for research, innovation and development, America contains numerous amount of information that is very appealing to hackers. Computer espionage can either be economic or state-based. Economic espionage target multinational companies and businesses while nation-state espionages focus on gathering the national security intelligence of another state (NSAEBB, 2011). Being a global criminal activity, most cyber espionage operations focus on the U.S., China, North Korea, and Russia. Many cyber criminals make use of advanced persistent attacks to infiltrate into targeted network systems and stay undetected for quite a long period of time. Economic or industrial espionage involves stealing of trade data without appropriate authorization. It also involves copying, duplicating, downloading, or destroying of propriety information among other activities such as communicating, sending, and delivering of the information without the consent of the owner. Companies and individuals may be convicted for espionage if they intentionally buy, receive, and possess propriety information that has been unlawfully obtained from the owner. Countries such as China, Russia, and Iran have the greatest potential to conduct espionage on the U.S. trade secrets and propriety information. Being close to the U.S., the countries have in notable occasions conducted espionage to obtain the U.S. technology and economic information.

Chinese companies invade the U.S. cyberspace to acquire information on the technology used by the U.S. which the companies’ later use for their commercial gains (Hjortdal, 2011). One of the ways that China has successfully managed to conduct its espionage on the U.S. is through buying companies that have technology, facilities, and employees that end up as Committee on Foreign Investment in the United States cases. The Ford Motor Company has been involved in espionage through its former product engineer Xiang Dong Yu, who was a Chinese national. The named individual 4,000 Ford documents to an external hard drive and made his return to China with the hard drive. Among the information that was stolen included; sensitive Ford design documents for the Engine/Transmission Mounting System, Electrical Distribution System, and information on the Generic Body Module (Gazula, 2017). Ford had spent its time and resources to improve the design specifications that were contained in the stolen document. The named perpetrator, Yu, began work with a different company in China known as the Beijing Automotive Company which was Ford’s direct competitor. This was a clear indication of espionage operation where Yu, was working for the rival company to syphon delicate data from Ford, and through the use of an external hard drive, he copies and shared Ford’s data to Beijing Automotive Company. After a search of his company laptop, 41 trade secrets belonging to Ford were retrieved and he was hence arrested in the U.S. According to Ford, the value of the information lost was worth about $50million dollars which led to Yu being sentenced to 70 month in federal prison on April 2011 for theft of trade secrets and economic espionage.

Goldman Sachs, a trading company, experienced a case of espionage through its computer programmer Sergey Aleynikov in 2009 (Gazula, 2017). The programmer was responsible for developing computer programs that supported the firms high-frequency trading on its range of commodities. The system that was developed by Aleynikov brought in millions of dollars in revenue for Goldman Sachs. However, in April 2009, he resigned from the company and started working for Teza Technologies where he was to develop a similar program but specifically designed for Teza. Aleynikov instead transferred substantial amount of data and computer codes from Sachs. He was responsible for transferring the codes to his home computer before leaving Sachs without the knowledge of Goldman Sachs which led to his 97 months prison sentencing in Manhattan Federal court.

Future trends in Cyber Espionage.

As technology advances, so are the techniques used by the cybercriminals. The Internet of Things which has introduced the concept of interconnection of devices and enabled communication between them is the new target for cyber criminals. Through a smart phone, users can monitor their home appliances and security systems which give room for cyber criminals to hack information more readily. Computer espionage will see a shift to instances where criminals will infiltrate personal data to get information on the organization a target works for or on their personal or company trade secrets. It is therefore advisable that companies educate employees on the need to make cybersecurity measures that the organization has put in place. The future is technology, both in terms of prosperity and failure through cybercrimes.

Regulatory issues with Computer Espionage

The Electronic communications privacy act of 1986 prohibits any form of unauthorized eavesdropping through the electronic systems. Computer espionage is a form of eavesdropping as it involves spying the target client through the computer networks where even smartphones may be targeted to spy on the target and infiltrate propriety information. The Homeland security act of 2002 (HSA) is among the widely known cybersecurity laws across the United States that prohibits any form of cybercrime (Fischer, 2014). Given that the U.S. is a target for many foreign countries in matter national security and trade, the government had to put in place cybersecurity measures to protect the information intelligence of the states. In 2018, the current president Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018 (CISA) whose aim is to build the national capacity to defend against cyber-attacks. By working hand in hand with the federal government, the CISA is designed to provide cybersecurity tools, incident response services, and assessment capabilities that aim at safeguarding the government networks. Countries such as China and Russia have been for a long time been trying to espionage national security information of the U.S. government through the cyber space. The CISA will help in securing the federal networks and protecting critical infrastructure hence promoting cyber safety and national security.

Global Implication of Cyber Espionage

The success or failure of companies, organizations, and businesses is highly dependent on how well they develop, implement, and protect technology. Cyber espionage has been among the most prominent factors affecting the economic space globally (Rubenstein, 2014). Some of the most notorious cyber criminals causing havoc globally are from China. The hacking group APT10 with support for the Chinese government invaded 10 major global communication carriers and used the networks to spy high-end business leaders as well as members of foreign government. The highly sophisticated group of cyber criminals has the ability to make a total takeover whereby they assume a low profile and a complete access to the target networks until their operation is complete. Cybercrimes can cause destabilization of the world economy if they are targeted at major trade centers in the world. The 9/11 attack was a form of espionage where the target was the world trade center and the pentagon responsible for national security. The attack on the two regions affected the economy of the world at the time since network was the headquarters of global trade.

Summary

Computer espionage is a type of cybercrime that targets information intelligence of a company, government or organization through spying. The U.S. government has for the longest time been a major target for the espionage attacks by rival countries such as China, Russia, and North Korea. The 9/11 attacks were a major wake-up call on the U.S. government which gave rise to the need to increase national-security measures not only physically but also through the cyberspace. The CISA is one of the regulations by president Donald Trump formulated to protect the national-security of the U.S. through protecting the computer networks. Among the technologies involved in cyber espionage includes; Smartphones, Bots, Botnets, IP Spoofing, Logic Bombs, and Infected Flash drive. Cable tapping that is conducted on communication cables found undersea is another technology that hackers have managed to use, to infiltrate information intelligence especially that belonging to the U.S. government hence threatening the national security of the states. Goldman Sachs and the Ford Motor Company are among the companies that have been negatively affected by computer espionage activities conducted by an insider. Globally, an espionage that targets the major trade centers such as the U.S. affects the economy of the world hence destabilizing economic ties between nations.

References

Banks, W. C. (2016). Cyber espionage and electronic surveillance: Beyond the media coverage. Emory LJ, 66, 513.

Bapna, S. A Publication of the Association of Management.

Brown, G. (2015). Spying and Fighting in Cyberspace: What Is Which. J. Nat’l Sec. L. & Pol’y, 8, 621.

Fischer, E. A. (2014). Federal laws relating to cybersecurity: Overview of major issues, current laws, and proposed legislation.

Gazula, M. B. (2017). Cyber warfare conflict analysis and case studies (Doctoral dissertation, Massachusetts Institute of Technology).

Hjortdal, M. (2011). China’s use of cyber warfare: Espionage meets strategic deterrence. Journal of Strategic Security, 4(2), 1-24.

Libicki, M. (2017, May). The coming of cyber espionage norms. In 2017 9th International Conference on Cyber Conflict (CyCon) (pp. 1-17). IEEE.

National Counterintelligence and Security Center. (2018). Foreign Economic Espionage in Cyberspace. Retrieved from https://fas.org/irp/ops/ci/feec-2018.pdf

NSAEBB. (2011). Foreign Spies Stealing US Economic Secrets in Cyberspace. Retrieved from https://nsarchive2.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-055.pdf

Rubenstein, D. (2014). Nation State Cyber Espionage and its Impacts. Dept. of Computer Science and Engineering WUSTL, Saint Louis.

Published by
Essays
View all posts