Technology
Chinese hackers counted on no one clicking ‘update’ in decade-long spree
Uh, maybe stop asking your computer to remind you tomorrow.
The Department of Justice unsealed an indictment Tuesday alleging two hackers worked in collaboration with the Chinese Ministry of State Security to steal everything from video game source code to weapons designs from hundreds of companies around the globe. And, if the indictment is to be believed, the hackers were able to do much of this by exploiting people’s natural laziness about updating their software.
Notably, the indictment claims, the two hackers — Li Xiaoyu, 34, and Dong Jiazhi, 33 — had a decade-long spree that succeeded, in large part, because people and companies often don’t immediately download and install software patches as soon as they become available.
“[To] gain initial access to victim networks, the defendants primarily exploited publicly known software vulnerabilities in popular web server software, web application development suites, and software collaboration programs,” reads a . “In some cases, those vulnerabilities were newly announced, meaning that many users would not have installed patches to correct the vulnerability.”
The two stand accused of mixing profit-driven exploits in with more traditional state-sponsored hacks. In addition to supposedly attempting to extort at least one company for around $15,000 worth of cryptocurrency, they allegedly stole personally identifiable information (PII) from educational companies as well as info on military communications systems and counter-chemical weapons technology. They also, the indictment alleges, helped the Ministry of State Security break into email accounts belonging to peaceful dissidents, human rights groups, religious figures, and a former Tiananmen Square protester.
Oh yeah, and the press release notes the two also “probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments.”
SEE ALSO: Why you should absolutely worry about the anti-privacy EARN IT Act
The trade secrets supposedly stolen by Xiaoyu and Jiazhi, former college classmates, are said to be worth hundreds of millions of dollars. The two are charged with conspiracy to commit computer fraud, conspiracy to commit theft of trade secrets, conspiracy to commit wire fraud, unauthorized access of a computer, and seven counts of aggravated identity theft.
While it’s unlikely the two will ever face jail time in the U.S., maybe now you’ll actually update your software the next time your computer prompts you.
-
Entertainment7 days ago
This nova is on the verge of exploding. You could see it any day now.
-
Business7 days ago
India’s election overshadowed by the rise of online misinformation
-
Business6 days ago
This camera trades pictures for AI poetry
-
Business5 days ago
TikTok Shop expands its secondhand luxury fashion offering to the UK
-
Business6 days ago
Boston Dynamics unveils a new robot, controversy over MKBHD, and layoffs at Tesla
-
Business5 days ago
Mood.camera is an iOS app that feels like using a retro analog camera
-
Entertainment7 days ago
Earth will look wildly different in millions of years. Take a look.
-
Business4 days ago
UnitedHealth says Change hackers stole health data on ‘substantial proportion of people in America’