Technology
Chinese hackers counted on no one clicking ‘update’ in decade-long spree
Uh, maybe stop asking your computer to remind you tomorrow.
The Department of Justice unsealed an indictment Tuesday alleging two hackers worked in collaboration with the Chinese Ministry of State Security to steal everything from video game source code to weapons designs from hundreds of companies around the globe. And, if the indictment is to be believed, the hackers were able to do much of this by exploiting people’s natural laziness about updating their software.
Notably, the indictment claims, the two hackers — Li Xiaoyu, 34, and Dong Jiazhi, 33 — had a decade-long spree that succeeded, in large part, because people and companies often don’t immediately download and install software patches as soon as they become available.
“[To] gain initial access to victim networks, the defendants primarily exploited publicly known software vulnerabilities in popular web server software, web application development suites, and software collaboration programs,” reads a . “In some cases, those vulnerabilities were newly announced, meaning that many users would not have installed patches to correct the vulnerability.”
The two stand accused of mixing profit-driven exploits in with more traditional state-sponsored hacks. In addition to supposedly attempting to extort at least one company for around $15,000 worth of cryptocurrency, they allegedly stole personally identifiable information (PII) from educational companies as well as info on military communications systems and counter-chemical weapons technology. They also, the indictment alleges, helped the Ministry of State Security break into email accounts belonging to peaceful dissidents, human rights groups, religious figures, and a former Tiananmen Square protester.
Oh yeah, and the press release notes the two also “probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments.”
SEE ALSO: Why you should absolutely worry about the anti-privacy EARN IT Act
The trade secrets supposedly stolen by Xiaoyu and Jiazhi, former college classmates, are said to be worth hundreds of millions of dollars. The two are charged with conspiracy to commit computer fraud, conspiracy to commit theft of trade secrets, conspiracy to commit wire fraud, unauthorized access of a computer, and seven counts of aggravated identity theft.
While it’s unlikely the two will ever face jail time in the U.S., maybe now you’ll actually update your software the next time your computer prompts you.
-
Entertainment6 days ago
WordPress.org’s login page demands you pledge loyalty to pineapple pizza
-
Entertainment7 days ago
Rules for blocking or going no contact after a breakup
-
Entertainment6 days ago
‘Mufasa: The Lion King’ review: Can Barry Jenkins break the Disney machine?
-
Entertainment5 days ago
OpenAI’s plan to make ChatGPT the ‘everything app’ has never been more clear
-
Entertainment4 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment5 days ago
How to watch NFL Christmas Gameday and Beyoncé halftime
-
Entertainment4 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment3 days ago
‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent