On July 12, 2014 the Financial Times broke the story of the arrest of Su Bin, a Chinese national living in Canada, for cyberespionage. Bin is accused of computer crimes related to the C-17 transport as well as the F-22 and F-35 fighter planes.
As interesting as the press accounts are, they pale in comparison to the charging document itself. The affidavit of FBI Special Agent Noel A. Neeman details the methods used by cyberspies to infiltrate targeted organizations and evade detection. The affidavit provides a rare glimpse into the details of an Advanced Persistent Threat (APT) attack.
This is the FBI agent’s description of how the spy infiltrated Boeing:
Special Agent Neeman then provides a detailed discussion of the anti-forensic methods that the Chinese spies used to evade detection and exfiltate gigabytes (yes Gigabytes with a “G”) of classified data from Boeing. One example from a seized email:
This excerpt from a seized email vividly illustrates the impact of cyberespionage:
2.7 million RMB is less than half a million dollars.
This unfortunate chain of events was triggered by employees who were tricked by deceptive emails. Yet again, we see that email is an ideal medium for attackers to deceive users into compromising systems. Every user with an email account is an inside man who is a potential unwitting accomplice to attackers. Letting users decide which emails are trustworthy is dangerous. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner. You can contact us at 408-727-6342,ext 3 or use our online form.