Professional Chinese government hackers are believed to have compromised dozens of U.S government agencies, financial institutions, defense services, and other important sectors, according to FireEye, a cybersecurity agency working with the federal government.
The hacking incidents are ongoing, as FireEye says, and the latest in a series of disrupting intrusions of government agencies and private businesses. The investigation is still in its early phase but has already shown evidence that the malicious actors breached valuable defense agencies, according to FireEye.
In recent years, there has been growing awareness to strengthen government software systems. With most public infrastructure being digitized, the need to provide adequate and robust cybersecurity infrastructure is being felt. Hackers and cybercriminals are increasingly trying to gain access to public and government systems in their bid to shut them down, cause mayhem or demand ransom.
That was not the case with a recent finding of another Chinese attempt targeting Microsoft Exchange email servers – one that likely affected more than 100,000 private sector agencies.
The U. S Department of Defense declares that no other cyberthreat had compromised the current campaign, however, the investigation continues, according to the government officials who spoke on the terms of anonymity as of the matter’s sensitivity.
It seems like the group involved in the incident was “very progressive” in its attempt to avoid detection, according to experts. They targeted the campaign by focusing on victims with valuable information for the Chinese government.
Charles Carmakal, chief technology officer of Mediant said, the group’s attempt to leak sensitive information from high-value victims looked like a “classic China-based espionage.” “It was an attempt at intellectual property, project data of which we will never know about.”
They worked by breaching Pulse Secure, a business program often used to let employees remotely connect to their office. The agency announced how users could verify if they are affected by a new software update that goes out this month.
The recent attempt is the thirds separate and severe cyber espionage campaign against the state made public in recent months, emphasizing an already tense cybersecurity force. In January, the U.S officials suspected Russia of hacking several government companies through SolarWinds, a Texas-based agency mainly used by American government agencies and businesses.
But that’s not all. In March, Microsoft blamed the Republic of China for commencing a free-for-all where scores of various cybercriminals breached agencies worldwide through the Microsoft Exchange email program.
Can VPN Services Track Our Browsing Data?
They can, and they might. We’re using VPNs to protect our privacy from malicious actors, data thieves, and internet service providers. But what we don’t know about these services is that they can also collect browsing data in order to sell it to other parties.
VPNs’ main selling point is to protect our privacy – they prevent an attack for malicious intenders, hinder internet service providers from spying on our online traffic, and mask our information to sites that may collect personal data. While most of these claims generally echo true, there is one party that users should be cautious about: the VPN services themselves.
While you may rest assured that your traffic will pass through a secure third party, namely the VPN service’s server – they may also log all the internet traffic that passes through their systems. That gives VPN companies a full picture of your online browsing behavior. Of course, not all reputable VPNs spy on their customers, but it can happen, and there are several instances of this happening.
Sensitive Information Still at Stake
One of the most high-profile incidents of a virtual private network on its users took place in 2018, with an argument surrounding the Facebook-owned Onavo Protect application. The social platform released a VPN that claimed to encrypt and protect user traffic. In turn, it seemed like the virtual private network was gathering sensitive data from uses, like apps they opened and sites they browsed on their devices. Obviously, Facebook did not share that Onavo Protect would forward such data to Facebook users unaware of the fine print may not have noticed.
The interesting part is that Facebook would then fuel this information into the platform’s research program, which facilitated Facebook’s advertising sales and business development. That’s how Facebook gained insights into how people browsed competitive apps like Snapchat.
What’s more, dozens of VPN services were found to be snooping on their users. A piece from TechShielder shows that multiple VPN services located in China collect user information without their knowledge. These VPN apps had millions of downloads and did not clearly state who they were owned by.
The moral here is that we should be particularly cautious of virtual private networks that are free and do not require a paid version or have an explicit business model.
Users should be attentive to the service reputation and other important business credentials. The best way to avoid such incidents is to seek VPNs with no-logging policies. Such policies are an assurance that these services will not spy on your internet traffic at all. Reputable VPN providers come with explicit no-logging policies both on their platforms and insider their apps. These policies prove that the company can be held liable if anything happened to your data. Before signing up for VPN, make sure you diligently check their site and read some reliable reviews first.
Protecting Online Privacy Does Not End with Owning a VPN
Some internet users may want to use a VPN, but it’s not necessary for everyone. But an antivirus might do the work – they might not seem as common as they were a few years back, but they still exist. Like it or not, malicious software on your device can cause all kinds of issues, from annoying pop-ups to secret bitcoin mining to scanning for personal data. If you’re at risk for tapping dangerous links, or if you share a device with multiple individuals in a household, it’s worthwhile to install antivirus software, particularly if you’re a Windows user.
You may also think yourself clever for never posting your medical problems or tweeting all your religious beliefs, for instance, but the chances are good that sites you visit on a daily basis share all the marketers need to pinpoint your behavior. To slow such malicious stalkers, even more, you can install a browser extension and prevent malware data from taming your browser.