recommended reading

An ambiguous FBI cyber alert raises more questions than it answers


A vague FBI warning about bad actors infecting U.S. computers in foreign hotels is raising questions about whether authorities are withholding information to avoid rattling relations with a foreign country, possibly China.

The bureau’s Internet Crime Complaint Center on May 8 issued an alert about pop-up messages “targeting travelers abroad” that prompt users to download an update for a “widely used software product” that then installs a virus when clicked. The warning does not say American vacationers are at risk -- just people conducting business. “The FBI recommends that all government, private industry and academic personnel who travel abroad take extra caution before updating software products on their hotel Internet connection,” the notice states.

One cybersecurity researcher suggested the FBI omitted certain details that could more effectively protect computer users, but such information might unsettle U.S.-China diplomacy. In October 2011, the Office of the Director of National Intelligence issued a report calling “Chinese actors” the “world's most active and persistent perpetrators of economic espionage.” The study added U.S. corporations and cybersecurity specialists have reported an onslaught of intrusions traced back to computer addresses in China, with some alleging Chinese government sponsorship, but the intelligence community has not been able to link many of the breaches to a state sponsor.

“By coincidence, earlier this week, for the first time in almost 10 years, a Chinese defense minister visited the United States,” Graham Cluley, senior technology consultant at antivirus firm Sophos, wrote in a May 10 post on the blog NakedSecurity. “The day before the FBI's warning was issued, U.S. Defense Secretary Leon Panetta met his Chinese counterpart, Liang Guanglie, in Washington D.C., and told the world's press that the two countries must work together to avoid cyber war and emphasized the importance of the relationship between China and the USA. Maybe there was more that the authorities could have said about this hotel malware threat, but thought it undiplomatic to publicize.”

The FBI release does not cite the brand of software that is involved in the scam or the countries where the incidents are occurring. Nor does it inform potential victims of what the “malicious software” does to a computer.

While the FBI alert does list steps for safeguarding computers, Cluley said some of them might not be widely understood, such as: “Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack.”

Other suggestions might not be possible, depending on a business traveler’s schedule: “The FBI also recommends that travelers perform software updates on laptops immediately before traveling.”

Late last week, Cluley told Nextgov he publicly blogged about the matter after noticing media reports of the “advice” were missing critical details about the threat.

“Without more information it's easy to feel like someone is telling you to be careful crossing the road whilst simultaneously putting a bag over your head,” Cluley, who is based in the United Kingdom, said in an email. “Only the FBI will know for certain why it hasn't shared more details . . . but if, say, the alert had warned that it was people who were traveling to China who were being affected, or that the malware was sending information back to Chinese servers, then people might view the FBI's warning as an indication the attacks were somehow supported or perpetrated by the Chinese authorities. And that wouldn't be something that they'd probably want to say while the Chinese defense chief is in town.”

He stressed that he has no direct knowledge of whether China is involved, a different country is to blame, or there is no government sponsor at all.

“All I know is the FBI's advisory is lacking lots of useful information. I find it very strange that the advisory doesn't give more examples of what people should look out for, the name of the malware, what the malware is trying to do, name some countries where this has occurred, etc.,” Cluley said.

FBI officials said in an interview that the alert stemmed from the bureau’s own continuing probe so it could not be as explicit as observations received by the Internet Crime Complaint Center, a partnership organization between the FBI and the nonprofit National White Collar Crime Center.

“The reason the FBI provided the warning information was to give the public a better understanding of the techniques that are being used to infect computers,” bureau spokeswoman Jenny Shearer said Friday. “I can’t provide you with name of specific countries . . . We don’t typically name names in that arena. Doing so could compromise the investigation.”

She said the FBI is not able to comment on foreign relations because diplomacy falls outside its jurisdiction.

“The way that the alert was crafted, it needed to be general” about the description of the commercially available product and other discoveries “because they are ongoing matters,” Shearer added.

Before the warning was issued, a senior Pentagon official on May 7 said the Defense Department had concerns about certain behaviors in the cyber realm that appear to originate in China. “One is the question of norms and another is the question of intrusions,” the official said. “These are all important issues that we need to be able to talk about with the Chinese.”

That day, during a joint press briefing with Panetta, Guanglie, China’s minister of defense, disputed the notion that cyberattacks against the United States emanate only from China. “I can hardly agree with the proposition that the cyberattacks directed to the United States are directly coming from China,” he said. “We cannot attribute all the cyberattacks to United States to China.”

Panetta stressed the criticality of joining forces to prevent cyber incidents from escalating into more serious conflicts.

“Because the United States and China have developed technological capabilities in this arena, it's extremely important that we work together to develop ways to avoid any miscalculation or misperception that could lead to crisis in this area,” he said. “And I appreciate the general's willingness to see if we can develop an approach to having exchanges in this arena in order to develop better cooperation when it comes to cyber.”

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.