This Week in Hacking

Espionage in the MLB, plus government hacks in the U.S. and Canada.

Announcing his candidacy for president on Monday, Donald Trump promised the construction of a “great, great wall” to separate the United States from Mexico. (And they said he’d never get the Latino vote!) What the U.S. really needs, though, is a great, great firewall. In late 2014, a group calling itself “Guardians of the Peace” hacked Sony servers and leaked thousands of emails, the most embarrassing of which the American press was quick to pounce on. Over half a year later, our domestic encryptions remain flimsy. Take April’s Chinese cyberattack on the Federal Office of Personnel Management, where hackers stole the personal information of four million civil servants—including members of Congress.

Reporting on the Russian and Chinese hacks of federal mainframes, Jared Keller called the U.S. government “a hacker’s paradise.” A recent survey by the RAND Corporation supports this worrisome characterization. Corporate security professionals worry that current innovation can’t keep pace with hackers. Globally, businesses spend nearly $70 million each year on cybersecurity, a number that grows “10 percent to 15 percent annually,” according to RAND:  

Many chief information security officers believe that hackers may gain the upper hand two to five years from now, requiring a continual cycle of development and implementation of stronger and more innovative defensive measures.

These security officers echo in the private sector what Keller urges in the public: “The U.S. government may want to consider updating its security infrastructure, and taking cyber security as seriously as its citizens—and the rest of the world—do.”

Among those recovering from cyber security hits this week: the governments of both America and Canada, plus (yes) the Houston Astros.

1. CHINA VS. THE U.S.

After details about the Chinese hack went public, this week was open season on Katherine Archueta, director of the Office of Personnel Management, as members of a House oversight panel burnished their outrage for the benefit of their constituents. Tight-lipped throughout, Archueta would not explain why certain sets of data had been left unencrypted. Her silence prompted Rep. Jason Chaffetz (R-Utah) to shake his head: “You failed, you failed utterly and totally.”

Democrats, ever eager to keep pace, offered similarly sardonic soundbites. “I wish that you were as strenuous and hardworking at keeping information out of the hands of hackers as you are at keeping information out of the hands of Congress,” said Representative Stephen Lynch (D-Massachusetts). For her part, Archueta noted that the OPM foils hackers 10 million times each month, and insisted that the technical weaknesses of her agency’s network were “decades in the making”—a fine way to diffuse blame, but also probably true. Next week brings the Sino-American summit in Washington, where we’ll learn whether and how these hacks will affect relations with Beijing. In the meantime, visit the dark Web if you wish to bid on the pilfered OPM intel.

2. CANADA VS. ANONYMOUS

Canada’s Bill C-51, a muscular update to the country’s counterterrorism policy, passed the Canadian Senate in June. Detractors say the bill grants the Canadian Security Intelligence Service dangerous access to personal information—information that CSIS can now legally share with 16 other government agencies. To protest C-51, the hacking collective Anonymous (or rather, hackers claiming to represent Anonymous) shut down a variety of government websites, including the intelligence mainframe and the homepage for Canadian parliament. The pages went dark on Wednesday, and members of parliament could not say for sure whether data had been compromised. The hackers, meanwhile, posted a video explaining their raid:

The message: If you mess with our data, we will mess with yours. And we’re better at it.

3. THE CARDINALS VS. THE ASTROS

It now seems that the St. Louis Cardinals had two motives in hacking the operations database of the Houston Astros: 1.) to steal useful statistics and scouting reports, and 2.) to avenge the franchise against Jeff Luhnow, a former Cardinals executive who is now general manager of the Astros. (The New York Times characterizes Luhnow’s executive tenure in St. Louis as “polarizing”; he left the Cardinals in 2011.) The FBI has already subpoenaed members of the Cardinals organization, as well as reams of emails from the MLB. As the Times reports:

The attack would represent the first known case of corporate espionage in which a professional sports team hacked the network of another team. Illegal intrusions into companies’ networks have become commonplace, but they are generally conducted by hackers operating in foreign countries, like Russia and China, who steal large amounts of data or trade secrets for military equipment and electronics.

Indeed. The most American of sports is borrowing saboteur strategies from America’s trade enemies—even if the Cardinals’ hackers still need better schooling in Tor. Gone are the simpler days, when an Astros scandal involved Mike Scott and scuffed game-balls, rather than dummy IP addresses.

This Week In explores ongoing revelations and research on trending news topics.

Related Posts