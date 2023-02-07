Comment on this story Comment Gift Article Share

Don’t forget about Chinese hackers

Cyber experts watched the furor surrounding the Chinese balloon that was shot down off the coast of South Carolina this weekend with a mix of amusement, bemusement and a certain degree of familiarity.

While details about the balloon's spying capabilities remain unknown, experts say they probably pale in comparison to the amount of information China has collected via cyberespionage against the United States over the years.

The reaction “seems a little out of whack,” Adam Segal, a cybersecurity and China expert at the Council on Foreign Relations, told me.

But that’s not altogether uncommon when something that can happen in cyberspace has a corollary in the physical world, like with cybertheft versus robbery. And there’s no one explanation for the phenomenon.

Chinese espionage

The United States has blamed Chinese government-affiliated hackers for some of the biggest breaches ever.

“China’s vast hacking program is the world’s largest, and they have stolen more Americans’ personal and business data than every other nation combined,” FBI Director Christopher A. Wray told the House Homeland Security Committee in November.

Chinese cyber snooping hasn’t shown any signs of letting up, said Tom Hegel, senior threat researcher for cybersecurity company SentinelOne’s SentinelLabs.

“They’re literally touching everything,” Hegel told me.

By contrast, it’s not entirely clear what the balloon’s spying capabilities were, but it’s difficult to imagine it comparing to the kind of data China has gleaned from cyberespionage. China has denied that the balloon was a surveillance vessel.

As my colleague Olivier Knox wrote, “If you think the balloon incident is a major wake-up call about Chinese actions, abilities or intentions, it may just mean you’ve been asleep.”

Here’s Tom Tugendhat, the minister of security for the United Kingdom:

Worried about being spied on from the sky? Look at what some apps are collecting on your phone and consider your cyber security.



Some risks are much closer to home.https://t.co/qMIB0RgS1q — Tom Tugendhat (@TomTugendhat) February 4, 2023

Still, it makes sense that China would conduct both cyberespionage and aerial surveillance, with the latter more useful for taking pictures of things like missile sites, Segal noted. My colleagues Alex Horton, Dan Lamothe and Ellen Nakashima have more details on the potential capabilities of such a balloon.

It makes a certain kind of sense

Despite the disparity in capabilities between China’s cyberspace abilities and those of a spy balloon, it’s understandable in some ways why people reacted how they did to the balloon.

“I mean, it’s a balloon in the sky,” Segal said. “You can see it, you can post to your Twitter feed a picture of you pointing a gun at the sky. I guess you could post a picture of you pointing a gun at the computer. It’s not really the same impact.”

Unless someone has suffered a financial loss personally, they might not connect to cyberespionage the way they would to a balloon floating over their heads, Hegel said. The most common way someone might have directly experienced the Equifax breach, for instance, is getting a check from the settlement for, say, $3.24, Segal said.

Then there’s the fact that Chinese cyberespionage has become a fact of life to the degree that it’s become almost commonplace, minimizing the impact of each incident, Hegel said.

“We're reporting on new breaches, a new major intrusion, like weekly at this point,” he said.

The potential impact of China’s balloon on U.S. relations, versus its long history of cyberespionage, strikes another contrast. President Biden postponed a trip to China by State Department Secretary Antony Blinken in response to the balloon dispute.

Here’s Kevin Collier of NBC News:

It is funny a balloon might do more damage to US-China relations than a decade+ of the PRC getting caught stealing the PII of every single American over and over again. (Not to mention whatever NSA has collected on China over the years.) https://t.co/yLJKEl8h4h — Kevin Collier (@kevincollier) February 4, 2023

The keys

Texas Republican’s campaign lost $150,000 in wire fraud

Texas Republican Rep. Troy E. Nehls’s campaign account had more than $150,000 stolen from it in 2022 via an “unauthorized wire transfer” and sent to the entity “Misty J Productions,” the Texas Tribune’s Patrick Svitek reports. The theft was first reported by Raw Story.

The new information comes after the campaign disclosed the fraudulent incident to the Federal Election Commission in July in its third quarter report. Although the campaign was able to recover a majority of the funds in that same period, the FEC said it is asking for “further clarifying information” from Nehls’s office.

For their part, Nehls spokesperson Taylor Hulsey told the Texas Tribune in an email that “we are unable to comment further as all information has been submitted to the FBI for criminal investigation.”

Nehls, who was just elected to his second term in the U.S. House, is a strong supporter of former president Donald Trump.

Campaigns are particularly vulnerable to digital threats. The news of theft from Nehls’s campaign funds follows an incident last year in which cybercriminals stole nearly $700,000 from the campaign of Sen. Jerry Moran (R-Kan.). The FBI is investigating that case as well.

White House to issue an executive order on data privacy after State of the Union

The White House is planning to announce an executive order aimed at boosting data privacy protections after President Biden’s State of the Union address, according to two people familiar with the decision who spoke on the condition of anonymity to discuss the private conversations, FedScoop’s John Hewitt Jones and Tonya Riley report.

The directive’s details are still being hammered out by officials, but the people said it is meant to expand on a pledge Biden made last year during the annual speech to “prevent and detect identity theft involving public benefits” and “direct new actions to support the victims of identity fraud.”

Specifically, it would compel federal agencies to use Login.gov, a General Services Administration backed identity management platform, so that citizens can securely log in to public services.

The Office of Personnel Management, the U.S. Small Business Administration, the IRS and the Department of Veterans Affairs already deploy the site as an alternative to authentication platform ID.me.

A prominent U.K. cybersecurity stock is under attack from New York short sellers

The U.K.-based cybersecurity company Darktrace was targeted last week in a short seller report by the New York asset management firm Quintessential Capital Management over alleged flaws in the company’s financial statements, Ryan Browne reports for CNBC.

“We would like to give our strongest possible warning to investors and believe that DT’s equity is overvalued and liable to a major correction, or worse,” QCM said in the report, adding that Darktrace was likely engaged in “channel stuffing” and “round tripping” — activities that artificially inflate a company’s reported sales — with individuals believed to be involved in fraud, money laundering and organized crime, Browne writes.

Darktrace develops tools that help firms combat cyberattacks with artificial intelligence. In a statement, CEO Poppy Gustafsson defended Darktrace from QCM’s “unfounded inferences,” Browne reports.

Global cyberspace

Cyber insecurity

Trying to imagine my reaction to this headline if you went back in time and showed it to me 2 weeks ago. Like what would my first guess have been pic.twitter.com/UgI5tLfieB — Jeff Stein (@JStein_WaPo) February 6, 2023

Thanks for reading. See you tomorrow.

