FBI To Issue Warning on Hackers Stealing Coronavirus Research
The Federal Bureau of Investigation, as well as the Department of Homeland Security, are set to issue a cybersecurity warning to state-backed hackers that have been attempting to steal COVID-19 research and vaccine data.
The news comes via a report from The New York Times that cites officials within the Trump administration looking to curb the rate of nation-states stealing data and exploiting the pandemic with attacks on vital critical infrastructure.
The FBI and DHS are set to make the announcement any day now, as they prepare a warning to China’s elite-level hackers and spies that are reportedly launching a number of attacks every day on America’s COVID research on the treatment of the virus, as well as the results of its fast-tracked vaccine program.
“The efforts are part of a surge in cybertheft and attacks by nations seeking advantage in the pandemic,” the authors write. “More than a dozen countries have redeployed military and intelligence hackers to glean whatever they can about other nations’ virus responses.
The New York Times has reportedly reviewed the forthcoming public warning, which says that China is looking to steal “valuable intellectual property and public health data through illicit means related to vaccines, treatments and testing.”
The warning will focus on the actions of cybertheft from “nontraditional actors,” a potential reference to students and researchers who the Trump administration alleges are being manipulated into stealing data from private laboratories and academic institutions.
The FBI’s Deputy Assistant Director for the Cyber Division, Tonya Ugoretz said in a panel discussion in Aspen last month that “we certainly have seen reconnaissance activity, and some intrusions, into some of those institutions, especially those that have publicly identified themselves as working on COVID-related research.”
A spokesperson for China’s foreign ministry has said that “it is immoral for anyone to engage in rumor-mongering without presenting any evidence,” while Bill Evanina, Director of the National Counterintelligence and Security Center has said that intellectual property theft from China alone costs the U.S. $400 billion each year.
Last week, the Cybersecurity & Infrastructure Security Agency teamed up with their UK counterpart in issuing a warning for healthcare organisations in both countries, stating that the agencies had noticed “malicious cyber campaigns targeting organisations involved in the coronavirus response.”
They advised that any healthcare or medical research organisation should change their passwords to more complex passphrases, as well as implementing two-factor authentication to reduce the chance of a compromise.
Current and former officials told The NYT that the move to issue a specific warning to state-backed hackers is “part of a broader deterrent strategy that also involved United States Cyber Command and the National Security Agency.”
“Under legal authorities that President Trump issued nearly two years ago, they have the power to bore deeply into Chinese and other networks to mount proportional counterattacks,” the report says.
The warning could be seen as a formal response from the U.S. who just last week was hit by a cyberattack on Gilead Sciences Inc, the manufacturers of an FDA-approved coronavirus treatment. Reuters reported on May 8 that hackers, possibly from Iran were responsible for the phishing campaign that attempted to fool Gilead staff.
According to Ohah Zaidenberg, the lead intelligence researcher at ClearSky, the attackers impersonated journalists on an email exchange with staff members of Gilead.
David Sanger and Nicole Perlroth added that “the warning comes as Israeli officials accuse Iran of mounting an effort in late April to cripple water supplies as Israelis were confined to their houses, though the government has offered no evidence to back its claim.”
News of the announcement comes as the FBI’s Internet Crime Complaint Center (IC3) celebrates its 20th year of operating and cracking down on cyber scams and attacks. The IC3 has received more than 5 million complaints since its inception.
A spokesperson for the IC3 has said that “all that data has improved the public’s awareness of online crimes and helped the FBI and other law enforcement agencies better address internet-enabled attacks, fraud, thefts and scams.”
In its first year of operation, the IC3 received 49,711 complaints of fraud, non-delivery scams and notorious phishing emails from Nigerian princes.
Donna Gregory said that in spite of the information out there on scams, “people still fall victim to that letter and versions of it.”
“We still see scams that involve lotteries or windfalls where the victim just needs to pay what they believe are taxes or some fee to receive the winnings or a share of the fortune,” Gregory concluded.