Posted on Thursday, November 2, 2017
What is Cyber espionage? - Cyber espionage is the act or pracce of obtaining sensitive or proprietary information from individuals, competitors, rivals, groups or governments for military, political and/or economic advantage by using illegal exploitation methods on internet, networks, software and/or computers.
What is the objective? - Recently, information has been discovered that a coordinated cyber espionage campaign has taken place which targeted Tibetan people of interest with the objective of gaining sensitive information using their personal/government computers. The cyber espionage method used allowed the hackers to gain access and control of these individual’s computers and extract any desired information. All this was completed without the individual’s knowledge and possibly through their inadvertent participation. The hackers used a method commonly known as phishing.
What are my responsibilities? - From a Department of National Defence/Canadian Armed Forces (DND/CAF) user’s perspective, this incident highlights the following points:
1. Cyber-espionage is a real threat. Just because Canada or DND may not be a specific target does not mean that your personal or DND/CAF computer/network could not be targeted to facilitate a similar attack;
2. Phishing is a popular method for unauthorized parties to gain access to computers and networks. All DND/CAF users should be alert for signs that a phishing attack e-mail could have been sent to them and react accordingly. If you don’t recognize a sender, and cannot verify the sender, do not open the email and report the incident to your Information System Security Officer in accordance with the published Information Systems (IS) Security Incident Handling process; and
3. DND/CAF users working at/from home should take all necessary measures to protect themselves from becoming phishing targets. This includes using the Defence Virtual Private Network Infrastructure (DVPNI), Public Key Infrastructure (PKI), maintaining and updating anti-virus/firewall/malware software on your personal or work computers;
4. DND/CAF users must remember that hackers are constantly developing new and improved methods to gain access or control of your Information Technology (IT) assets. With this is mind, best practices must be used when handling personal electronic devices such as cellular phone, personal digital assistant, MP3 or 4 and Universal Serial Bus (USB).
The best defence is a good offence. Be security aware, Take it seriously!