Cyber spying on universities

Last updated

Cyber spying on universities is the practice of obtaining secrets and information without the permission and knowledge of the university through its information technology system. Universities in the United Kingdom, including Oxford and Cambridge, have been targets, [1] as have institutions in the United States [2] and Australia. [3]

Universities are targets for cyber espionage due to the wealth of personally identifiable information they possess on students, employees, people who buy tickets to sporting events, and, if the university has an academic medical center, on patients treated there. Information about research projects with industrial or military application are also targets. The culture of information sharing within universities tends to make them easy targets. [4] [5] [6]

Breaches can occur from people sharing credentials, phishing, web-crawlers inadvertently finding exposed access points, password cracking, and other standard hacking methods. [5] University credentials are bought and sold on web forums, darknet markets and other black markets. [7] [8] [9]

The result of such efforts have included theft of military research into missile design or stealth technologies, [1] [10] as well as medical data. [11]

As a precaution against such attacks, Stanford University advises its employees to take IT precautions when they travel abroad. [12]

Moreover, in March 2018, the United States charged and sanctioned nine Iranians and the Iranian company Mabna Institute for hacking and attempting to hack hundreds of universities on behalf of the Iranian government. [2] [13] [14]

Credentials used by Sci-Hub to access paywalled scientific articles have been subsequently used by hackers seeking to breach university firewalls to access other information. [7]

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security, or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

The Government of China is engaged in espionage overseas, directed through diverse methods via the Ministry of State Security (MSS), the Ministry of Public Security (MPS), the United Front Work Department (UFWD), People's Liberation Army (PLA) via its Intelligence Bureau of the Joint Staff Department, and numerous front organizations and state-owned enterprises. It employs a variety of tactics including cyber espionage to gain access to sensitive information remotely, signals intelligence, human intelligence as well as influence operations through united front activity targeting overseas Chinese communities and associations. The Chinese government is also engaged in industrial espionage aimed at gathering information and technology to bolster its economy, as well as transnational repression of dissidents abroad such as supporters of the Tibetan independence movement and Uyghurs as well as the Taiwan independence movement, the Hong Kong independence movement, Falun Gong, pro-democracy activists, and other critics of the Chinese Communist Party (CCP). The United States alleges that the degree of intelligence activity is unprecedented in its assertiveness and engagement in multiple host countries, particularly the United States, with economic damages estimated to run into the hundreds of billions according to the Center for Strategic and International Studies.

A data breach, also known as data leakage, is "the unauthorized exposure, disclosure, or loss of personal information".

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

<span class="mw-page-title-main">Chinese espionage in the United States</span>

The United States has often accused the People's Republic of China of attempting to unlawfully acquire U.S. military technology and classified information as well as trade secrets of U.S. companies in order to support China's long-term military and commercial development. Chinese government agencies and affiliated personnel have been accused of using a number of methods to obtain U.S. technology, including espionage, exploitation of commercial entities, and a network of scientific, academic and business contacts. Prominent espionage cases include Larry Wu-tai Chin, Katrina Leung, Gwo-Bao Min, Chi Mak and Peter Lee. The Ministry of State Security (MSS) maintains a bureau dedicated to espionage against the United States, the United States Bureau.

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

Cyberwarfare by China is the aggregate of all combative activities in the cyberspace which are taken by organs of the People's Republic of China, including affiliated advanced persistent threat (APT) groups, against other countries.

An insider threat is a perceived threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems.

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack.

The Office of Personnel Management data breach was a 2015 data breach targeting Standard Form 86 (SF-86) U.S. government security clearance records retained by the United States Office of Personnel Management (OPM). One of the largest breaches of government data in U.S. history, the attack was carried out by an advanced persistent threat based in China, widely believed to be the Jiangsu State Security Department, a subsidiary of the Government of China's Ministry of State Security spy agency.

<span class="mw-page-title-main">Sci-Hub</span> Scientific research paper file sharing website

Sci-Hub is a shadow library website that provides free access to millions of research papers, regardless of copyright, by bypassing publishers' paywalls in various ways. Unlike Library Genesis, it does not provide access to books. Sci-Hub was founded in Kazakhstan by Alexandra Elbakyan in 2011, in response to the high cost of research papers behind paywalls. The site is extensively used worldwide. In September 2019, the site's operator(s) said that it served approximately 400,000 requests per day. In addition to its intensive use, Sci-Hub stands out among other shadow libraries because of its easy use/reliability and because of the enormous size of its collection; a 2018 study estimated that Sci-Hub provided access to 95% of all scholarly publications with issued DOI numbers, and on 15 July 2022, Sci-Hub reported that its collection comprised 88,343,822 files.

Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

A medical device hijack is a type of cyber attack. The weakness they target are the medical devices of a hospital. This was covered extensively in the press in 2015 and in 2016.

The city of Atlanta, Georgia was the subject of a ransomware attack which began in March 2018. The city recognized the attack on Thursday, March 22, 2018, and publicly acknowledged it was a ransomware attack.

Charming Kitten, also called APT35, Phosphorus or Mint Sandstorm, Ajax Security, and NewsBeef, is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, was an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was globally active, and has had members arrested in Brazil and the UK.

China is regularly accused by the United States and several other nations of state-organized economic espionage and theft of intellectual property, in violation of international trade agreements. The espionage and theft would not be limited to business, but also include academia and government. The Ministry of State Security (MSS), united front groups, and their affiliates have been reported as frequent perpetrators of such theft. China has repeatedly and vigorously denied the allegations, stating that Western companies willingly transfer technology to get access to China's market. China however also state they are taking steps to address the concerns. In 2019, China banned forced technology transfers via the Foreign Investment Law.

References

  1. 1 2 Yeung, Peter; Bennett, Rosemary (5 September 2017). "University secrets are stolen by cybergangs". The Times.
  2. 1 2 "Foreign Economic Espionage in Cyberspace" (PDF). US National Counterintelligence and Security Center (. 2018.
  3. Koziol, Michael (8 June 2018). "Major universities hit by data breach affecting thousands of job applicants at top firms". The Sydney Morning Herald.
  4. Thompson, Cadie (21 August 2014). "Hackers next big target: Your kids' college". CNBC.
  5. 1 2 Roman, Jeffrey (February 3, 2015). "Universities: Prime Breach Targets". Data Breach Today.
  6. Campbell, Susan (28 August 2018). "Why schools are prime targets for data breaches". WPRI.
  7. 1 2 Pitts, Andrew (18 September 2018). "Guest Post: Think Sci-Hub is Just Downloading PDFs? Think Again - The Scholarly Kitchen". The Scholarly Kitchen.
  8. Guilford, Gwynn (September 10, 2014). "For $390 you can illegally buy an elite university email account on China's biggest online marketplace — Quartz". Quartz.
  9. "Public Service Announcement: Cyber-Related Scams Targeting Universities, Employees, And Students". FBI Internet Crime Complaint Center. May 5, 2014.
  10. Blair, Dennis C.; Alexander, Keith (August 15, 2017). "Op-Ed: China's Intellectual Property Theft Must Stop". The New York Times.
  11. "Columbia Medical Center, Hospital To Pay $4.8M Fine for Data Breach". iHealthBeat. California HealthCare Foundation. 8 May 2014. Archived from the original on 7 February 2016. Retrieved 17 February 2015.
  12. Weed, Julie (November 13, 2017). "Foiling Cyberspies on Business Trips". The New York Times.
  13. Volz, Dustin (March 23, 2018). "U.S. charges, sanctions Iranians for global cyber attacks on behalf of Tehran". Reuters. Retrieved March 24, 2018.
  14. Carpenter, Todd A. (28 March 2018). "FBI Indicts 9 Iranians who Targeted Scholars to Steal Content". The Scholarly Kitchen.