Despite a lot of official denials, it seems pretty clear the Chinese have no qualms about stealing as much intellectual property as they can get their hands on.
On Friday, the Department of Justice announced that one Gregg William Bergersen of Alexandria, Virginia was sentenced to 57 months in prison (plus three years of supervised release) for disclosing secret information to a naturalized American citizen of Chinese descent (Tai Shen Kuo), who was then providing it to the People's Republic of China.
In his day job, Gregg Bergersen was a Department of Defense Analyst.
Kuo provided Bergersen with gifts, cash payments, dinners and gambling money in exchange for the information. The information involving military sales to Taiwan was then passed to Kuo's handler, an official of the People's Republic of China.
The official DOJ press release states that Bergersen didn't know the information was going to China. It would be interesting to discover, who he thought it was going to?
Kuo, who was found guilty on May 13th, is currently awaiting sentencing on August 8th and faces life in prison.
On May 28th, Yu Xin Kang, also of New Orleans pleaded guilty to aiding and abetting an unregistered agent of the People's Republic of China. According to court documents, Kang sometimes assisted Kuo in providing the stolen information to the unnamed foreign official. Kang faces ten years in prison.
Last year, another naturalized American citizen of Chinese descent, Chi Mak, was convicted of selling sensitive defense technology to China. This case was a family affair and Mak's sister in law and brother were caught by the FBI trying to board a plane to China with three encrypted CD's containing the stolen information.
The FBI site covered the Bergersen/Kuo case and another one involving a Boeing engineer, Dongfan “Greg” Chung, in a recent press release. Allegedly Chung was tied into the Mak case and sold information on the Space Shuttle and military aircraft to the People's Republic of China.
Although, the government isn't commenting much there is speculation that they are investigating information being stolen from Commerce Secretary Carlos M. Gutierrez's laptop during a recent visit to China. It is alleged that this information was used to hack into government computers.
Hacking incidents traced to the Chinese, although always denied by the PRC, have been reported all over North America, Europe and even Asia. A good place to learn about Chinese hacking activity is a site (maintained by a former DOD official) called The Dark Visitor (Information on Chinese Hacking) .
The Chinese are also suspected (in a lot of instances) of stealing corporate information. According to sources within the technology industry, it isn't recommended to carry laptops or other personal data storage devices when travelling in China.
On a personal note, I believe a lot of this is enabled by our free trade agreement with the People's Republic of China. While this agreement is lucrative for a few corporate entities -- the wholesale theft of intellectual property, counterfeiting, unsafe and defective products, as well as, all the human rights violations in China call for taking a hard and educated look at what is going on.
The problem is will special interests -- who represent the corporate entities making a lot of money from this -- prevent our leadership in Washington from taking effective action against what is becoming an alarming issue?
If you suspect anyone of selling government secrets, you can report them to the FBI by submitting an anonymous tip online.
Showing posts with label spies. Show all posts
Showing posts with label spies. Show all posts
Sunday, July 13, 2008
Tuesday, June 26, 2007
RFID sniffing could be used by spies and criminals to commit all kinds of dastardly deeds!
Dark Reading wrote about a pretty scary flaw in RFID technology this week. Apparently, it's now possible for corporate spies and even organized retail criminal types to "sniff" RFID chips in a cargo container and use the information to commit a dastardly deed.
Apparently, truckers will be particularly vulnerable to being "sniffed" (compromised). Of course, if you use a little imagination, sniffing RFID might put more than "truckers" at risk, also.
From the story in Dark Reading:
RFID has been pushed by retailers, such as Walmart, and the military (not mentioned in the Dark Reading article). The Department of Defense now uses RFID to monitor it's supply management system.
Stealing shipments of plasma TVs is one thing, but on a personal level, I'm a little more worried about how some of this technology might be used by those with more sinister intentions than stealing high-tech merchandise.
So far as the passwords mentioned in the article -- easily compromised by the Packet Focus folks, they can be made more secure -- but passwords are hacked by software and more social methods, fairly frequently.
All it takes is one dishonest person with access to one, or even a honest person, who is tricked into giving up one to compromise an entire system.
Hacking for Dummies has an interesting write-up on how passwords are hacked, here.
Besides that, the bad guys are always coming up with new exploits to defeat security fixes.
Interestingly enough, according to Wikipedia, RFID's predecessor was invented by a Soviet inventor as a tool to commit espionage. It also was used the World War II era for a lot of military applications.
Perhaps, in this case, history (or the original intent) should give us a little perspective on RFID?
In the recent past, government experts have seen China show an interest in stealing (hacking) logistics (supply) information. Here is a post, I wrote about that:
How Dangerous is China
Dark Reading's interesting article, here.
I've written a few posts about RFID and it's potential abuses, which can be seen, here.
Dark Reading got it's information for the article from PacketFocus Security Solutions, which is a company that performs what is known as "ethical hacking" for the public at large. Ethical hacking is where good guys test vulnerabilities in technology to stay ahead of the bad guys.
There might very well be some useful applications for RFID, but we need to slow down, and consider the safety implications before continuing to have this technology take over our daily lives.
It's not worth the money a very few people are making off it!
Apparently, truckers will be particularly vulnerable to being "sniffed" (compromised). Of course, if you use a little imagination, sniffing RFID might put more than "truckers" at risk, also.
From the story in Dark Reading:
That means your competitor could use this information for intelligence purposes. "He could get an idea of what you are shipping and how much, and how often," Perrymon says, adding that an attacker could also write to those tags, either disabling or changing them if you don't apply the proper authorization and passwords to your EPC system. That's PacketFocus's next step in its research.
And sniffing the truck's payload could also provide criminals with intelligence they wouldn’t otherwise be able to get very easily, thus helping them target their holdups or other heists, he says. "Unless they had a lot of inside information, they don't have enough information to rob that truck. Now they can scan it if it's not secure -- they don't want to rob that toilet paper truck, but if it's got plasma TVs with surround sound, [that's their] target."
RFID has been pushed by retailers, such as Walmart, and the military (not mentioned in the Dark Reading article). The Department of Defense now uses RFID to monitor it's supply management system.
Stealing shipments of plasma TVs is one thing, but on a personal level, I'm a little more worried about how some of this technology might be used by those with more sinister intentions than stealing high-tech merchandise.
So far as the passwords mentioned in the article -- easily compromised by the Packet Focus folks, they can be made more secure -- but passwords are hacked by software and more social methods, fairly frequently.
All it takes is one dishonest person with access to one, or even a honest person, who is tricked into giving up one to compromise an entire system.
Hacking for Dummies has an interesting write-up on how passwords are hacked, here.
Besides that, the bad guys are always coming up with new exploits to defeat security fixes.
Interestingly enough, according to Wikipedia, RFID's predecessor was invented by a Soviet inventor as a tool to commit espionage. It also was used the World War II era for a lot of military applications.
Perhaps, in this case, history (or the original intent) should give us a little perspective on RFID?
In the recent past, government experts have seen China show an interest in stealing (hacking) logistics (supply) information. Here is a post, I wrote about that:
How Dangerous is China
Dark Reading's interesting article, here.
I've written a few posts about RFID and it's potential abuses, which can be seen, here.
Dark Reading got it's information for the article from PacketFocus Security Solutions, which is a company that performs what is known as "ethical hacking" for the public at large. Ethical hacking is where good guys test vulnerabilities in technology to stay ahead of the bad guys.
There might very well be some useful applications for RFID, but we need to slow down, and consider the safety implications before continuing to have this technology take over our daily lives.
It's not worth the money a very few people are making off it!
Subscribe to:
Posts (Atom)
