What is it ?
Cyber espionage is an electronic spying technique, used to gain access to information by using computer networks. In an age where computers are used for everything and connectivity is the new paradigm, data is the new oil and hence cyber espionage is very common, whether it be between corporations or nation-states.
The goal is to spy and obtain valuable/sensitive information by nefarious methods and this is done in the digital age with the help of various processes that can be set up to work unnoticed in the background till the attackers have what they want. These type of cyber espionage incidences are called APTs (advanced persistent threats), and these are used to steal information over long periods of time.
Tactics
Cyber espionage is a form of cyberwarfare, but the difference is that the goal of cyberwarfare is to disrupt activities, whereas the goal of cyber espionage is to remain hidden in the system/network and gather information. There are various ways that are used to achieve this. For example, by infecting the target with trojans and malware, or by exploiting vulnerabilities in websites and systems. Once the system/network has been infected, the malware will quietly do the harvesting of data, and so it is important to periodically check systems for any breach or vulnerabilities.
Huawei
Spying allegations have hounded Huawei consistently over the last decade, and the company has a record of operating on the fringes of the law, with many accusations of intellectual property theft and violations of international sanctions. Experts who worked on the US government’s review of Huawei found coding errors and vulnerabilities which left Huawei’s equipment open to being hacked. However, it could not be determined whether these were just coding errors and mistakes in software, or whether backdoors were left open explicitly for reasons of espionage. Australia, Japan and New Zealand have also banned Huawei’s equipment from the roll-outs of their 5G network infrastructure.
US President Donald Trump signed an executive order banning US companies and government agencies from utilising telecommunications equipment that pose a risk to national security on May 15, 2019. Soon after this announcement, the US Commerce Department added Huawei to the Entity List. Being placed on this list essentially bans an entity from doing any business in the United States.
Snapchat
Snapchat allows users to send messages and media to other users, which are then deleted immediately after viewing from users’ mobile phones and also from the Snapchat database. On December 31 2013, the phone numbers and usernames of more than 4 million Snapchat users were posted on a website by hackers, who said that they did it to raise awareness about Snapchat’s security flaws. Snapchat faced an investigation by the Federal Trade Commission regarding deceiving clients about how much user data Snapchat stored, and also how the application actually worked.
Then in October 2014, Snapchat suffered a high-profile leak, of more than 100000 user images, sourced from the database of SnapSaved, a third-party Snapchat client that reverse engineered Snapchat’s API (Application Programming Interface) and allowed users to physically store media sent on Snapchat on its database. This breach raised questions about the responsibility of both Snapchat and its users, to provide security and protect user data. Snapchat blamed its users’ utilisation of third-party apps for this leak, citing the Terms of Use agreement, which prohibits using of third-party apps in conjunction with Snapchat, but this raised questions about the enforceability of this provision in a court of law as it gives users no warning or explanation about why third-party applications are prohibited.
Smart TVs
Smart TVs, that come with an internet connection, cameras, microphones and sometimes facial recognition technology also, are like doorways. The FBI has raised concern about advanced television sets, as they are inadequately secured by the manufacturer. These vulnerabilities can be exploited by cybercriminals.
Besides the risk that the manufacturer and app developers may be watching and listening to customers at the lower end of the risk spectrum, In the worst–case scenario that was outlined, hackers can turn on the television’s camera and microphone and cyberstalk victims.
The FBI has advised customers to understand all the features of the TV, and to familiarise themselves with the various functions so that they can disable them should the need arise.
Precautions
There are various steps that can be taken to be safe from cyber espionage attacks. Knowledge of malware and of viruses is very important as these are used to conduct data breaches. Individuals need to monitor any unexpected behaviour, and always be alert about new threats as these come out very frequently. Employees must also be made aware that the only way for cyber espionage to work is by first infecting the system/network, and so it is also very important to be up-to-date with antivirus, security updates and to backup all important information.
Author – Mr. Naman Sareen, Associate Researcher, CyberPeace Foundation
Reviewed – Mr. Abhishek Singh, Research Associate – Policy and Advocacy, CyberPeace Foundation
