Crouching Tiger, Hidden Hacker Unit
New reports indicate that China has restarted its aggressive state-funded cyber espionage on the US private sector. The resumption follows a three year lull initiated by the Obama era agreement between the two countries. Security experts say that China’s tactics have become more stealthy as they seek out technologies with an eye for gaining a military advantage. Previously, PLA Unit 61398, a special hacker unit within China’s People’s Liberation Army, was seen as China’s main weapon for cyber espionage. First identified in 2013, PLA Unit 61398 has been connected to or responsible for a wide range of cyber espionage operations. Security experts now say PLA Unit 61398 has been replaced by stealthier operatives in the China’s intelligence agencies. Some say that the Chinese are simply trying to steal what they cannot create. The issue is that China’s government and intelligence agencies regularly assist private companies in the espionage. As Presidents Trump and Xi prepare to meet in Buenos Aires at the G-20 summit this weekend, China’s espionage is likely to be a core US grievance. Cybersecurity experts warn that China isn’t even 2018’s biggest offender though: Russia and Iran have been responsible for three of the year’s largest hacks.
- Lawfare: The SEC and Cybersecurity Regulation
- Wired: The Worst Cybersecurity Breaches of 2018 So Far
- South China Morning Post: We’ve been targeted by hackers too, says China in wake of US cyber-espionage claims
- Mandiant: APT1 Exposing One of China’s Cyber Espionage Units Full Report
- New York Times: After a Hiatus, China Accelerates Cyberspying Efforts to Obtain U.S. Technology
Outcry over China’s FrankenBabies Shuts Down Research
Researchers at China’s Southern University of Science and Technology in Shenzhen are said to have used CRISPR technology on unimplanted embryos to eliminate CCR5, a gene responsible for vulnerability to HIV, smallpox, and cholera. The researchers began recruiting couples to create gene-edited babies last year; initially, they declined to confirm whether the experiments resulted in any live births. Lead researcher He Jiankui sparked outrage when he confirmed that his team had altered the genes of twin baby girls so they could not contract HIV. CRISPR has allowed scientists to essentially press ‘ctrl-F’ on gene sequences. Security experts have warned that ethical and moral disagreements over the use of gene editing could spark a new cold war. Experts are set to discuss these dilemmas as well as legal, regulatory, and policy considerations this week in Hong Kong at the Second International Summit on Human Genome Editing. But don’t fear the Stepford Children just yet: researchers warn that we’re a long way from traits on demand, and China’s Ministry of Science and Technology has reportedly already shut down the research.
- MIT: EXCLUSIVE: Chinese scientists are creating CRISPR babies
- Nature: Genome-edited baby claim provokes international outcry
- Market Watch: With genetically edited babies, a scientist transgresses a moral boundary
- Motherboard: ‘Society Will Decide What to Do Next’: Chinese Researchers Claim to Create the First Gene-Edited Babies
Researchers out of NYU’s Center for Cybersecurity have developed a technique that allows AI to generate synthetic fingerprints that work as smartphone master keys. Fingerprint verification systems identify these fake fingerprints, or DeepMasterPrints, as many different people. Their goal was to “design a MasterPrint that a commercial fingerprint system matches to 22% of all users in a strict security setting, and 75% of all users at a looser security setting.” Given the uniqueness of physical traits, biometric IDs were once the gold standard for identification systems. But they have come under increasing doubt as researchers began demonstrating how easily the systems can be fooled. But don’t burn off your fingertips just yet. At the highest security setting, DeepMasterPrints only had a 1.2% success rate of fooling sensors. And, fingertips aren’t totally useless: you can still use them to send a secret message. Researchers at China’s Fudan University have developed a way to use fingerprints to encode secret messages. The researchers first constructed a digital fingerprint and then used the spiral points on that fingerprint to encode simple, secret messages.
- Motherboard: Researchers Created Fake ‘Master’ Fingerprints to Unlock Smartphones
- Forbes: Yes, Cops Are Now Opening iPhones With Dead People’s Fingerprints
- IEEE Spectrum: How to Encode a Secret Message in a Fingerprint
- Science Daily: Machine learning masters the fingerprint to fool biometric systems
Forget Santa–Alexa Sees What You’re Doing & Knows When You’re Awake
Recent patent filings and trade shows indicate that Amazon and Google are attempting to expand their presence in people’s homes. Google has applied for 2 new patents for smart-home devices. One device simultaneously scans its surroundings, sorts browser history, makes inferences about users, and then offers tailored content. Sophisticated analysis and object recognition allows the device to calculate a “fashion taste” score and estimate user income. Another Google patent outlines a device that uses sensors and cameras to monitor and restrict child behavior. Of the 12 new devices Amazon unveiled at its annual hardware event, 11 are designed specifically for the home. A recently published study by researchers at the University of Michigan finds that many Americans are aware of the privacy risks of smart-home technology and appear resigned to the idea of constant surveillance. The researchers concluded that for many Americans, the erosion of privacy is now a fact of life. In Europe, privacy groups have filed complaints against Google and contend that Google is in violation of the European Union’s new General Data Protection Regulations (GDPR), which require companies to provide a legal basis for collecting personal data. If all this sounds invasive, keep in mind that it’s already happening whenever you use Google or Facebook. Both track and sort user behavior to target users with custom ads. So, just sit back, relax, and welcome to the machine home.
- Axios: The most elusive media bundle: households
- The Atlantic: The Next Data Mine Is Your Bedroom
- Motherboard: People Who Buy Smart Speakers Have Given Up on Privacy, Researchers Find
- Pymnts: EU Watchdogs File Privacy Complaint Against Google
Modern Hitchhiker’s Guide to the Galaxy: Space Debris & Security Dilemma
According to the US Air Force’s Space Surveillance Network (SSN), there are more than 29,000 objects larger than 10 cm in orbit around Earth. This “space debris” is all exclusively human-made and includes things like defunct satellites, broken spacecraft pieces, screwdrivers, and lost gloves. If simply left alone this debris poses a security threat since it all moves at thousands of kilometers an hour and could accidentally collide and send fragments into the atmosphere. Unfortunately, the technology that can eliminate the debris can also eliminate functioning spacecraft. The European Space Agency warns in Space Operations Space Debris: The Esa Approach that the machinery required to remove the debris creates a security dilemma since the intent behind commercial space debris cleanup technologies cannot be verified and there are no laws governing the militarization of janitorial space technologies. Scientists are currently looking to a warmer Russian Arctic as a potential location to monitor the debris in polar orbits. But space debris isn’t the only problem in need of galactic custodial care–antibiotic-resistant bacteria has been found in the International Space Station.
- Government Executive: Why Space Debris Cleanup Might Be a National Security Threat
- Space: Cluttering the Space Commons? Upcoming SpaceX Launch Irks
- Phys.Org: What goes up doesn’t come down: Tracking space junk from WA
- Motherboard: Scientists Want to Monitor Space Debris from Warming Russian Arctic
- Popular Mechanics: China Wants to Use a Laser to Clean Up Space Junk