Security News

DoJ charges Chinese hackers with targeting COVID-19 research centers

Avast Security News Team, 24 July 2020

Plus, more newsbytes of the week, including a Facebook fact-checking fiasco and the surge of stalkerware

This week, the U.S. Department of Justice (DoJ) indicted two Chinese nationals on charges that include the theft of American trade secrets and a recent targeting of COVID-19 research centers. The DoJ claims that the suspects acted sometimes for their own financial gain, and sometimes to benefit the Chinese Ministry of State Security. Their hacking campaign lasted more than ten years, the indictment alleges, targeting industries such as high tech manufacturing, industrial engineering, business software, solar energy, pharmaceuticals, and defense. Recent targets include companies developing COVID-19 vaccines, testing technology, and treatments, the indictment further claims. 

While the Chinese hackers are residents of China, it is unlikely that either man, both in their 30’s, will face trial. “This case demonstrates the FBI’s dedication to pursuing these criminals no matter who is sanctioning their activities,” said Special Agent in Charge Raymond Duda of the FBI’s Seattle Division. If arraigned in the U.S., each defendant will face 11 counts of criminal acts, including computer fraud, wire fraud, and the theft of trade secrets. 

Avast Security Evangelist Luis Corrons commented, “When a country decides to go on the offensive in cyberspace, they have three options. One is to create their own teams. Two is to become a safe haven for cybercriminals in exchange for their services when needed. But it seems China went for option three, which is basically combining one and two. It is known that they’ve been running cyberattacks from certain branches of their military, and as this example shows, they are also outsourcing, using cybercriminals to carry out their instructions.” Read the DoJ’s bulletin for the full story. 

Family Tree Maker exposes data of 60,000 users

Researchers discovered an exposed ElasticSearch server containing 25 GB of data linked to users of Family Tree Maker software. Email addresses, IP addresses, location data, technical details, user IDs, and support messages for 60,000 users were among the leaked details found in the database, the combination of which could serve multiple attacks – the users’ personal data could be used to launch phishing campaigns, the technical support messages could be used by Family Tree Maker competitors to target unhappy customers, and the technical details could be used to leverage further cyberattacks on the system. The researchers informed Family Tree Maker of the problem, and the database was secured shortly thereafter. More on this at InfoSecurity.

Facebook fact-checks...unless it’s considered opinion

U.S. Senator Elizabeth Warren is leading a group of senators to demand Facebook explain its fact-checking policy, which the lawmakers criticize as inconsistent. The social media company uses third-party fact checking services and has vowed to crack down on disinformation following the 2016 U.S. presidential election. Problems quickly arose when one of Facebook’s fact-checkers flagged bogus climate change data. The climate-change denial organization that posted the misinformation complained to Facebook that the fact-check was biased. Ultimately, Facebook removed the fact check from the post, choosing to view the faulty info as posing an opining versus stating a fact. Critics wonder how useful the social giant’s fact-checking will be to the general public if disinformation is allowed to be posted under the guise of opinion. Read more at Ars Technica

This week’s stat


17 million


That’s the number of CouchSurfing user records that appeared on a hacking forum after the platform suffered an apparent data breach.

UK government admits COVID-19 tracing app is unlawful

Open Rights Group (ORG), a UK-based watchdog organization, accused Parliament of putting an unlawful and privacy-breaching coronavirus tracing app into wide use, and the government responded by agreeing that ORG was correct. Sky News reported that some contractors working for the National Health Services (NHS) “Test and Trace” app have been threatened to be fired following reports that they had shared patients’ confidential data on social media. The app was launched in May and, in its response to ORG’s letter, the government admitted it did not conduct a data privacy impact assessment on the app in its rush to get it out to market and in use. 

Stalkerware use surges

Since lockdown measures began, researchers have noticed a sudden increase in the use of stalkerware, sneaky programs that track someone’s digital and/or physical movements without their knowledge. As an aid to victims everywhere, researchers are providing helpful anti-stalkerware advice. Wired published an article this week with information on how one can detect if stalkerware were placed on their device or computer. Avast has also posted some tips on the Avast blog for mitigating against the threat of stalkerware, including information on safe havens for victims of domestic violence and abuse. 

This week’s ‘must-read’ on The Avast Blog

In response to the recent security law passed by the Chinese government, Avast has temporarily moved the servers for our VPN business out of Hong Kong. Traffic will be rerouted via nearby locations, such as Taiwan and Singapore.