This week was particularly revelatory in the world of cyber security: the U.S. formally charged five Chinese military officials with cybertheft, eBay announced it was hacked, and it turns out the National Security Agency has been listening to some countries in Central America while the U.S. House of Representatives passed a bill to try to curb the NSA's practices.
The Chinese Hack
Tensions between China and the U.S. reached a new high point this week, as the U.S. officially charged five members of the Chinese military with stealing industrial trade secrets, as we previously reported. The five Chinese men allegedly helped hack into major U.S. nuclear, metal, and solar companies like Allegheny Technologies Inc., U.S. Steel, and Westinghouse Electric co.
China fired back with its U.S. Ambassador Cui Tiankai saying that the "accusations" were "purely fictitious and extremely absurd." It also took some concrete steps, backing out of a joint think tank working on cyber issues, banning Microsoft's Windows 8 operating system from use on Chinese government computers, and threatening "more countermeasures... in case Washington obstinately sticks to the wrong track," as reported by Chinese state news agency Xinhua.
What the Chinese (Allegedly) Stole
The Justice Department is saying that the Chinese hackers stole solar panel innovations and manufacturing data from Solar World AG, a Germany-based company, as well as thousands of emails and files from three SolarWorld executives. This data could give Chinese companies access to technical knowhow and regulatory information that gives them an unfair advantage, considering the innovations took years for scientists to develop, according to Time.
Other alleged stolen information from the hack includes data on nuclear technology from Westinghouse Electric, including technical and design specifications on piping systems within cutting edge nuclear plants. Westinghouse was also relieved of countless private emails, going as far up as the CEO, containing competitive business strategies (specifically about negotiating deals with China).
As for U.S. Steel, as early as 2010, the Chinese hackers allegedly sent a phishing email to install malware on the company's computers, which could give them access to regulation and trade suit strategies, which the company was developing to combat Chinese dumping of below-market imported steel.
According to Time, which spoke with several industry and cybersecurity experts, these allegations are just the "tip of the iceberg." It should be noted that this isn't the first time China has been exposed for cybertheft: last year, it was revealed that China had been stealing plans for secret U.S. weapons systems, including the F-35 fighter, the Global Hawk surveillance drone, and the PAC-3 Patriot Missile defense system.
eBay Hacked: Asks Customers to Reset Passwords
Within days of international hacking rising to our attention, eBay announced it's own network had been hacked by a cyberattack. According to the company's release, the hacking "compromised a database containing encrypted passwords and other non-financial data." The theft of encrypted passwords, it should be noted, is not as catastrophic as, for example, Target's data breach, which exposed unencrypted credit card numbers and other data to eastern European hackers at the end of last year.
But the hackers did get email addresses, encrypted passwords, birthdates, mailing addresses, and other information from about 145 million user accounts, making it the second-largest data breach in U.S. history -- after the Adobe hack in October of last year. eBay is urging customers to reset their passwords as soon as possible, which is probably a process you're going to have to get used to, considering how fast and loose hacking attacks like eBay's and cybersecurity vulnerabilities, like the Heartbleed bug, are being exposed.
NSA Recording Conversations From Mexico, While Congress Tries to Act
Yet another revelation about the NSA's broad surveillance practices came to the fore this week, as Glenn Greenwald's The Intercept reported about another top-secret project called SOMALGET, based again off of whistleblower Edward Snowden's documents.
SOMALGET was a program to record every phone call in the Bahamas, but Greenwald also exposed that Mexico, Kenya, and the Philippines were targets of metadata collection and full audio. He reserved one country to be left unnamed, due to worries that exposing it in the report would lead to the death of innocents, but Wikileaks' Julian Assange accused Greenwald of acting like the Bush administration on Twitter.
Meanwhile, the U.S. House of Representatives passed legislation on Thursday intended to curb the NSA's collection of U.S. citizens' metadata, according to Time. The "U.S.A. FREEDOM Act," though passing 303 to 120 in the House, contains enough compromises that proponents are calling it watered down. The coalition of Silicon Valley giants that met with President Obama on two occasions and pushed for the bill, along with advocacy groups like the Electronic Frontier Foundation and the Center for Democracy and Technology, all dropped their endorsement of the bill before it came to a vote. The bill now moves to the Senate, where one of its biggest sponsors, senior Senator Patrick Leahy, D-Vt., is expected to push to reincorporate some of the language and reforms that were eventually dropped from the House version.