Editor’s Note: The Defense Security Service (DSS) report, “Targeting U.S. Technologies: A Trend Analysis of Reporting From Defense Industry 2012” is attached here.
The DSS report analyzes “information contained in reports from industry to develop analytical assessments that articulate the threat to U.S. information and technology resident in cleared industry.” As the report explains, our “national security is also at risk in the potential loss of our technological edge, which is closely tied to the economic success of the cleared contractor community and the well-being of our economy.” Below are a few excerpts from the report concerning cyber-threats to our security.
From: The Defense Security Service
In particular, increased attribution of cyber incidents highlights the multifaceted nature of the threat to U.S. information and technology originating in East Asia and the Pacific. Overt collection efforts by commercial entities run in parallel with aggressive cyber collection activities, which target cleared contractor networks in attempts to exfiltrate data relating to sensitive U.S. information and technologies and the companies that produce them.
Analyst Comment: While limited in number, the recent Near East-originating spear phishing campaigns likely served to collect information about the recipients so as to check the accuracy of target lists and the effectiveness of the messages in getting recipients to open them. Collection agents almost certainly sought this data in order to more effectively target particular employees when conducting future spear phishing operations against cleared contractors. (Confidence Level: Moderate)
Cyber-based collection, characterized as suspicious network activity (SNA), will almost certainly continue to increase as adversaries apply new malicious programs to target the vulnerabilities inherent in systems connected to the Internet. (Confidence Level: High)
CASE STUDY: “WON’T YOU COME INTO MY PARLOR…?”
Between November 2010 and February 2011, a U.S. cleared contractor employee received three email invitations to an international science conference, to be held in Europe and Eurasia. The invitations were sent to the employee’s work email address.
IC reporting shows that in 2010, employees from two separate cleared contractors received invitations to the previous conference, held the year before, also in Europe and Eurasia. Such conferences hosted in Europe and Eurasia may have indirect connections with Europe and Eurasia intelligence services, although the full extent of the relationship is unknown.
Analyst Comment: Scientific conferences present opportunities for foreign intelligence services to spot and assess persons with access to technology intelligence. The successive iterations of this Europe and Eurasia conference may be used to elicit technology information that is responsive to government collection requirements. (Confidence Level: Low)
Leave a Reply