recommended reading

An ambiguous FBI cyber alert raises more questions than it answers

Thinkstock

A vague FBI warning about bad actors infecting U.S. computers in foreign hotels is raising questions about whether authorities are withholding information to avoid rattling relations with a foreign country, possibly China.

The bureau’s Internet Crime Complaint Center on May 8 issued an alert about pop-up messages “targeting travelers abroad” that prompt users to download an update for a “widely used software product” that then installs a virus when clicked. The warning does not say American vacationers are at risk -- just people conducting business. “The FBI recommends that all government, private industry and academic personnel who travel abroad take extra caution before updating software products on their hotel Internet connection,” the notice states.

One cybersecurity researcher suggested the FBI omitted certain details that could more effectively protect computer users, but such information might unsettle U.S.-China diplomacy. In October 2011, the Office of the Director of National Intelligence issued a report calling “Chinese actors” the “world's most active and persistent perpetrators of economic espionage.” The study added U.S. corporations and cybersecurity specialists have reported an onslaught of intrusions traced back to computer addresses in China, with some alleging Chinese government sponsorship, but the intelligence community has not been able to link many of the breaches to a state sponsor.

“By coincidence, earlier this week, for the first time in almost 10 years, a Chinese defense minister visited the United States,” Graham Cluley, senior technology consultant at antivirus firm Sophos, wrote in a May 10 post on the blog NakedSecurity. “The day before the FBI's warning was issued, U.S. Defense Secretary Leon Panetta met his Chinese counterpart, Liang Guanglie, in Washington D.C., and told the world's press that the two countries must work together to avoid cyber war and emphasized the importance of the relationship between China and the USA. Maybe there was more that the authorities could have said about this hotel malware threat, but thought it undiplomatic to publicize.”

The FBI release does not cite the brand of software that is involved in the scam or the countries where the incidents are occurring. Nor does it inform potential victims of what the “malicious software” does to a computer.

While the FBI alert does list steps for safeguarding computers, Cluley said some of them might not be widely understood, such as: “Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack.”

Other suggestions might not be possible, depending on a business traveler’s schedule: “The FBI also recommends that travelers perform software updates on laptops immediately before traveling.”

Late last week, Cluley told Nextgov he publicly blogged about the matter after noticing media reports of the “advice” were missing critical details about the threat.

“Without more information it's easy to feel like someone is telling you to be careful crossing the road whilst simultaneously putting a bag over your head,” Cluley, who is based in the United Kingdom, said in an email. “Only the FBI will know for certain why it hasn't shared more details . . . but if, say, the alert had warned that it was people who were traveling to China who were being affected, or that the malware was sending information back to Chinese servers, then people might view the FBI's warning as an indication the attacks were somehow supported or perpetrated by the Chinese authorities. And that wouldn't be something that they'd probably want to say while the Chinese defense chief is in town.”

He stressed that he has no direct knowledge of whether China is involved, a different country is to blame, or there is no government sponsor at all.

“All I know is the FBI's advisory is lacking lots of useful information. I find it very strange that the advisory doesn't give more examples of what people should look out for, the name of the malware, what the malware is trying to do, name some countries where this has occurred, etc.,” Cluley said.

FBI officials said in an interview that the alert stemmed from the bureau’s own continuing probe so it could not be as explicit as observations received by the Internet Crime Complaint Center, a partnership organization between the FBI and the nonprofit National White Collar Crime Center.

“The reason the FBI provided the warning information was to give the public a better understanding of the techniques that are being used to infect computers,” bureau spokeswoman Jenny Shearer said Friday. “I can’t provide you with name of specific countries . . . We don’t typically name names in that arena. Doing so could compromise the investigation.”

She said the FBI is not able to comment on foreign relations because diplomacy falls outside its jurisdiction.

“The way that the alert was crafted, it needed to be general” about the description of the commercially available product and other discoveries “because they are ongoing matters,” Shearer added.

Before the warning was issued, a senior Pentagon official on May 7 said the Defense Department had concerns about certain behaviors in the cyber realm that appear to originate in China. “One is the question of norms and another is the question of intrusions,” the official said. “These are all important issues that we need to be able to talk about with the Chinese.”

That day, during a joint press briefing with Panetta, Guanglie, China’s minister of defense, disputed the notion that cyberattacks against the United States emanate only from China. “I can hardly agree with the proposition that the cyberattacks directed to the United States are directly coming from China,” he said. “We cannot attribute all the cyberattacks to United States to China.”

Panetta stressed the criticality of joining forces to prevent cyber incidents from escalating into more serious conflicts.

“Because the United States and China have developed technological capabilities in this arena, it's extremely important that we work together to develop ways to avoid any miscalculation or misperception that could lead to crisis in this area,” he said. “And I appreciate the general's willingness to see if we can develop an approach to having exchanges in this arena in order to develop better cooperation when it comes to cyber.”

Threatwatch Alert

Accidentally leaked credentials / Software vulnerability

Cloudflare Bug Leaked Passwords, Dating Chats and Other Sensitive Info for Months

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.