The Homeland Security Department is distributing details about hacks to critical infrastructure operators in response to continuing cyber assaults that, according to people familiar with the cases, involve recent breaches at Apple, Microsoft and other technology firms.
The intelligence sharing also fulfills part of a Feb. 12 cybersecurity executive order, DHS officials told Nextgov. The policy required agencies to exchange information on threats to private computers running critical U.S. assets and asked businesses to do the same.
"Various cyber actors have engaged in malicious activity against U.S. government and private sector entities. The apparent objective of this activity has been the theft of intellectual property, trade secrets, and other sensitive business information," a DHS bulletin issued on Friday states.
The bulletin notifies energy suppliers, hospitals and other sectors vital to society that confidential guidance is available on “ongoing malicious cyber activity against U.S. government and private sector entities.” To receive the sensitive information, the companies or their Internet service providers must use "secure channels," according to the alert. As Nextgov reported on Friday, the government is building a restricted communications system for cyber tips patterned after the network facilitating the See Something, Say Something counterterrorism campaign.
A former federal official familiar with the ongoing investigations said the activities referenced in the notice include recent infections of corporate computers at technology companies. The hackers exploited an Oracle Java software vulnerability on computers to inject malicious software. Twitter, Facebook and Apple this month disclosed intrusions, reportedly perpetrated when their employees visited an infected software developer website that then passed on the malware to their machines. On Friday, Microsoft confirmed its corporate systems also had suffered similar compromises. Some experts suspect Chinese hackers are behind the malware campaign, while others now are fingering Eastern Europeans.
Earlier in the week, computer forensics firm Mandiant released an unprecedented public report with evidence connecting a Chinese military unit to more than a hundred network infiltrations at companies in mainly English-speaking countries.
The Pentagon and DHS since 2011 have experimented with disseminating classified threat information from the Defense Department's National Security Agency to military contractors. This month’s executive order allows the rest of the U.S. critical sectors to see the NSA intelligence. The level of sensitivity of Friday’s data is unknown.
The information offered includes computer network addresses, website extensions and malicious software "indicators," or the unique hallmarks of a specific virus, according to the bulletin. Department officials added that the threat indicators will help government and commercial network operators "take action to mitigate adverse impacts from this activity and protect their sensitive information."
Late Sunday night, a DHS official said in a statement, “Consistent with the recently signed executive order,” the release of the “bulletin by the Department of Homeland Security, in collaboration with the FBI, is an important part of our broader effort to provide critical infrastructure entities with the information they need to protect their networks from malicious cyber activity.”
The official added, “The administration is committed to protecting the nation’s security and economy, maintaining competitiveness and stopping criminal activity within cyberspace, and this whole of government effort is an important step toward that goal.”