A Chinese Spy Wanted GE’s Secrets,

But the US Got China’s Instead

 

source: bloomberg.com  |  Image by Image by Arek Socha from Pixabay
How the arrest of a burned-out intelligence officer exposed an economic-espionage machine.

 

In January 2014, Arthur Gau, an aerospace engineer who was nearing retirement age, received an unexpected email from a long-lost acquaintance in China. Years before, Gau had made a series of trips from his home in Phoenix to speak at the Nanjing University of Aeronautics and Astronautics, or NUAA, one of China’s most prestigious research institutions. The original invitation had come from the head of a lab there studying helicopter design. Increasingly, however, Gau had heard from someone else, a man who worked at the university in a vague administrative capacity. Little Zha, as the man called himself, was the one who made sure Gau never had to pay his own airfare when he came to give talks. When Gau brought his mother on a 2003 visit, Zha arranged and paid for them to take a Yangtze cruise to see the river’s dramatically sculpted middle reaches before they were flooded by the Three Gorges Dam.

The relationship had ended awkwardly, though, when Zha offered Gau money to come back to China with information about specific aviation projects from his employer, the industrial and defense giant Honeywell International Inc. Gau ignored the request, and the invitations stopped.

Now, in 2014, Little Zha was reaching out again. The two started corresponding. In early 2016, Gau, whose interests extended far beyond avionics, said he’d planned a trip to China to visit some friends in the musical theater world. Zha was there that spring to meet him at the airport in Beijing. Waiting with him was a colleague Zha was eager for Gau to meet.

Xu Yanjun was on the tall side, at 5 feet 10 inches, with closely cropped hair, glasses, and a tendency toward bluntness. The three had dinner and met up again before Gau flew back to the US. Over pastries in Gau’s hotel room, they discussed Taiwanese politics—Gau grew up there—as well as the engineer’s evolving responsibilities at Honeywell. Late in the evening, Xu handed Gau $3,000 in cash. Gau would later testify that he tried to hand it back, but Xu was insistent. “And then, you know, back and forth, but I took it eventually.”The next year, Gau came back to China to give another lecture—this time a private one in a hotel room to several engineers and officials, including Xu. In preparation, Gau had emailed over PowerPoint slides containing technical information, including algorithms and other sensitive design data for the aircraft auxiliary power units Honeywell makes. “Because of the payment, I felt obligated,” he would later tell a judge.

Xu paid him $6,200 more, and two of his associates accompanied the visiting engineer on a two-day sightseeing trip to West Lake, famed for its picturesque gardens, islands, and temples. Gau was planning his next visit when, in the fall of 2018, agents from the FBI appeared at his home in Arizona to execute a search warrant. There would not be another trip. Xu, the agents explained, was not in Nanjing anymore. He wasn’t even in China. He was in Ohio, in a county jail awaiting trial.

Continue reading “A Chinese Spy Wanted GE’s Secrets…”

Uber investigating wide-reaching security breach

 

source: axios.com  |  image by Mikhail Nilov for pexels.com

Uber is currently responding to what could be one of the worst breaches in the company’s history — all because of a few text messages.

Why it matters: The hacker who has claimed responsibility for the ongoing Uber breach is believed to have access to the company’s source code, email and other internal systems — leaving employee, contractor and customer data at risk.

Details: A hacker first gained access to Uber’s systems on Thursday after sending a text message to an employee claiming to be an IT person and asking for their login credentials, according to the New York Times, which first reported the breach.

Continue reading “Uber investigating wide-reaching security breach”

Software engineers from big tech firms like Google, Amazon, Microsoft, and Meta are paying at least $75,000 to get 3 inches taller, a leg-lengthening surgeon says

source: businessinsider.com  |  image:  pixabay.com

  • Workers from Google, Microsoft, Amazon, and Meta are paying $75,000 to be taller, a surgeon told GQ.
  • The Las Vegas surgeon can lengthen patients’ legs via a painful months-long process.
  • He breaks the thigh bones and inserts nails that are extended every day for three months.

 

A Las Vegas cosmetic surgeon who specializes in leg-lengthening procedures that can extend people’s height by 3 to 6 inches told GQ magazine that many of his patients are tech workers.

Kevin Debiparshad founded LimbplastX Institute in 2016, and the clinic’s business has boomed during the pandemic, he told GQ. 

Here’s how it works: The doctor breaks the patients’ femurs, or thigh bones, and inserts metal nails into them that can be adjusted. The nails are extended a tiny bit every day for three months with a magnetic remote control, GQ reported.

Continue reading “Big Tech Engineers Pay to Get Taller”

New York to install surveillance cameras

in every subway car

source: nbcnews.com  |  image by Luca Nardone for Pexels.com
Some privacy advocates are worried the move will increase surveillance without necessarily increasing safety.

New York, home of the largest rapid transit system in the country, will install surveillance cameras in every New York City subway car by 2025, Gov. Kathy Hochul announced Tuesday.

The move is aimed at increasing riders’ confidence in subway safety, Hochul said, as ridership numbers are still lagging behind pre-pandemic levels. It also follows several highly publicized crimes that have occurred in the transit system, including the rape of a touriston a subway platform this month; a mass shooting on a subway car in Brooklyn in April that left 10 passengers wounded; and the fatal shooting of a Goldman Sachs employee on a train in May.

Star American Professor Masterminded a Surveillance Machine for Chinese Big Tech

source: yahoo.com  |  image: pexels.com

 

A star University of Maryland (UMD) professor built a machine-learning software “useful for surveillance” as part of a six-figure research grant from Chinese tech giant Alibaba, raising concerns that an American public university directly contributed to China’s surveillance state.

Alibaba provided $125,000 in funding to a research team led by Dinesh Manocha, a professor of computer science at UMD College Park, to develop an urban surveillance software that can “classify the personality of each pedestrian and identify other biometric features,” according to research grant documents obtained via public records request.

“These capabilities will be used to predict the behavior of each pedestrian and are useful for surveillance,” the document read.

Alibaba’s surveillance products gained notoriety in 2020, when researchersfound that one of its products, Cloud Shield, could recognize and classify the faces of Uyghur people. Human rights group believe these high-tech surveillance tools play a major role in the ongoing Uyghur genocide in Xinjiang.

Continue reading “Star American Professor Masterminded a Surveillance Machine for Chinese Big Tech”

Purdue honored for counterintelligence contributions

source: purdue.edu  |  image: purdue.edu

 

WEST LAFAYETTE, Ind. — In an on-campus ceremony on Tuesday (Aug. 16), the U.S. Defense Counterintelligence and Security Agency (DCSA) recognized Purdue University as one of four recipients of its Excellence in Counterintelligence (CI) Award for fiscal year 2020. Those chosen were among more than 10,000 contractors considered.

The honor places Purdue among the top universities in protecting sensitive national information from foreign adversaries and makes Purdue one of only two universities singled out twice to receive the award. Texas A&M University was also so honored.

Purdue was named as a recipient of the award in 2020, but the ceremony conferring the award was delayed by COVID.

Senior DCSA leaders selected the award winners based on the organizations’ CI/insider threat reports.

Continue reading “Purdue honored for counterintelligence contributions”

How advanced technology is changing deterrence

source: defensenews.com  |  image: pixabay.com

 

History’s bloodiest wars often begin with underestimation. The architects of the First World War expected fighting to last less than a year. In starting a war of aggression against Ukraine, Vladimir Putin incorrectly thought Kyiv lacked the will and the capability to resist.

Changes in military technology will increase the frequency of these mistakes. Wars are increasingly being decided by capabilities that are hard to observe or demonstrate before conflict begins.

Today’s would-be Putins might count divisions of tanks, aircraft carrier strike group visits or missile siloes captured on satellite imagery — and think twice. But wars in Azerbaijan and Ukraine have demonstrated that victory often rests on immaterial conditions: the ability to out-detect and out-communicate the enemy and the ability to outpace the enemy’s speed of decision.

These are difficult to assess until war has already begun. More wars of underestimation will be fought if leaders fail to appreciate the dynamic of this change.

Continue reading “How advanced technology is changing deterrence”

TryHackMe: The Story Behind

the UK’s Most Innovative

Cyber SME

source: infosecurity-magazine.com  |  image: pixabay.com

One of the many highlights of this year’s Infosecurity Europe 2022 event (21-23 June 2022) was the annual UK’s Most Innovative Cyber SME competition. The contest, run by the Department for Digital, Culture, Media & Sport (DCMS) and Tech UK in partnership with Infosecurity Europe, showcases the startup community’s enormous contribution to the UK’s booming cybersecurity sector. This is highlighted by the impressive list of previous winners, which include cybersecurity reskilling provider CAPSLOCK (2021), white hacking training platform Hack the Box (2019), communication security firm KETS Quantum Security (2018) and email security specialist Check Recipient (now trading as Tessian) (2017).

 

In the past two competitions, the judges have awarded first prize to companies involved in creating innovative solutions to resolve the much-publicized cyber-skills shortage, and this trend continued in 2022. The newly crowned winner of this award is TryHackMe, a cybersecurity training platform launched in 2018 that focuses on providing gamified lessons to its users. Once the celebrations had concluded, Infosecurity caught up with TryHackMe co-founder Ashu Savani to learn more about the company’s story, journey and future aspirations.

 

Savani described the application process for the Most Innovative Cyber SME competition as “very reflective,” allowing the team to reaffirm its goals following a whirlwind few years. “The application process was quite fun as it solidified our mission and the work we’re doing in our mind,” he explained. “We were very excited to be accepted as it gave us recognition for the work we are doing, which is to make it as easy as possible for anyone to learn cybersecurity, whether you’re a construction worker or a school teacher.”

 

Did he expect TryHackMe to win though? “We weren’t sure we were going to win; we were just really happy that we got through to the final and got a chance to give TryHackMe more exposure,” Savani replied modestly. Win they did though, and the award represented the culmination of many years of hard work, challenges and innovative thinking.

 

The Beginnings

 

The idea for TryHackMe was born after Savani met co-founder Ben Spring during a summer internship at the consultancy Context Information Security. “It was during the internship that we realized there isn’t a lot of cybersecurity learning material,” and most of it was orientated towards people already proficient in security, which, Savani explained, “isn’t very conducive to learning security.”

 

Spring began a side-project that involved building systems on the cloud. He then suggested the idea of adding training material and notes to Savani. “That ended up being the very early prototype of TryHackMe, where you could launch training material with a touch of a button and have some sort of learning focus there,” explained Savani.

 

As the pair developed the prototype, they put the word out on platforms heavily used by the amateur hacking community like Reddit, “and people started using our products.” This was the motivation to keep developing the product, carefully incorporating user feedback. “Fast-forward four years, and we’ve been very fortunate to have a loyal user base still using us. We believe we’re positively contributing to closing the cyber skills gap and we’re excited to continue doing that work,” said Savani.

Overcoming Challenges 

 

As with all startups, there were significant challenges and bumps in the road to overcome in the early years. One of the key difficulties for TryHackMe was acquiring users beyond its base. After attempting a number of different strategies, the company found the most effective approach was holding events that allowed the participants to win prizes by competing in cybersecurity challenges. This included partnering with universities through events called ‘HackBack.’

 

The other major challenge was building out the product “sustainably,” which required hiring the right people to develop and scale the business. “It’s one of those things that’s tough to solve overnight,” reflected Savani. However, they now have “some really amazing people” on board. “We’ve been very fortunate to bring on people who love teaching and have that cybersecurity experience,” he noted, adding: “All our different pockets and departments at TryHackMe have an impact on the work we’re doing on a day-to-day basis.”

 

In terms of the training platform’s evolution, there has been a strong emphasis on gamification, which TryHackMe found most effective in engaging users. “We’re focusing on ensuring the users enjoy the material and stick to what they’re doing.”

 

Savani also revealed the company is now looking to expand its material, providing relevant training content for experienced professionals as well as beginners in the field of cybersecurity, which was previously the primary focus. This includes moving into “more intermediate to advanced topic areas for things like DevSecOps, red teaming and blue teaming.”

 

Long-Term Vision

 

Savani emphasized that while the training content is designed to be fun and engaging, it must have practical real-world benefits for the users. The ultimate vision is “to take a student with a little technical experience all the way to an advanced consultant who understands the complex concepts within defensive security.” Savani added that it is also increasingly working with businesses to train their security teams, “an area we’re looking to grow.”

 

In addition to the quality of the TryHackMe service, Savani acknowledged that the company’s core focus on reducing barriers to entry in cybersecurity was a crucial factor in being crowned Most Innovative Cyber SME at Infosecurity Europe 2022. Lack of diversity and accessible pathways are a major blockage to addressing the cyber skills gap, and TryHackMe is making a conscious effort to provide an opportunity to train in cybersecurity, regardless of background and ability to pay. The firm currently has a pricing scheme of £8-10 ($9.50-12) a month. “No one should be paying lots of money just to discover whether cybersecurity is a feasible career for them,” he added.

 

Looking ahead, the long-term vision for TryHackMe is to continue its mission to provide affordable and engaging training for those looking to develop a career in cybersecurity. This involves constant reflection and evolution, taking on user feedback to continuously improve the platform.

 

Solving the cyber skills shortage is a long-term challenge for the industry and requires innovative ideas and approaches. Often, startups have the most ‘out-of-the-box’ solutions, and TryHackMe has demonstrated this trait over its first few years of operation. TryHackMe’s triumph in this year’s contest, alongside other recent victors, shows that this issue is being taken increasingly seriously in the cybersecurity sector.