Experts have long been ringing alarm bells about computer systems at risk of foreign interference. Hacker communities, especially those based in Russia and China, make a practice of targeting organizations, businesses, and individuals. This all came to a head in the form of alleged Russian interference in the American election, and the release of hacked DNC emails.
But even if you aren’t currently running for president, you should still be cautious. As our lives and finances are increasingly connected online, it’s important to be prepared and vigilant about your cybersecurity. There are many different types of scams these days, and each hacking community has its own method. Fraudsters based in Russia are using Twitter to run cryptocurrency scams. Chinese hackers broke into networks of eight of the world’s biggest tech service providers to steal commercial secrets. And both Russian and Chinese hackers make money by selling data dumps and infecting devices with malware.
Below, we’ll outline the history of Russian and Chinese hacking, and what you can do to keep yourself safe online.
A Brief History of Russian and Chinese Hacking
Russian scammers were slow to start, but their skills now outstrip almost any other nation’s hacking community.
Citizens of Eastern Europe countries got regular access to the internet and technology a bit later than the Western world. But once internet access became ubiquitous, the well-educated and underpaid realized they had the technical skill to make money outside of the regulated market. This is evidenced by the explosion of scams, frauds, and malware launched by Russians in the early 2000s. Various crime rings collectively pocketed over $200 million from US and UK financial institutions using the sophisticated and highly effective Zeus banking trojan. The newest trojan variant, Terdot, has been around since 2016. According to Bogan Botezatu, a senior e-threat analyst, it “aims for more than wallets. It is able to intercept all communications originating from the infected machine, decrypting them in real time. As a cyber espionage tool, it is extremely difficult to identify and stop.”
So Russia now possesses highly advanced cyber capabilities. They target an array of Western businesses, government agencies, and regular citizens. Russia especially relies on spear-phishing attacks to gain access to networks. Additionally, Russian forums on the dark web have large sections dedicated to “carder” markets, where hackers buy and sell everything from identity details, credit card information, data dumps, and more.
China’s first hacker groups emerged in the late 1990s, triggered by anti-Chinese riots in Indonesia. Hacker groups like the Green Army, China Eagle Union, and Hongke Union sprung up first and began causing chaos. In May 2001, the Hongke Union famously DDoSed the White House website. Most recently, this May, reports emerged that Chinese intelligence agents had acquired NSA hacking tools and used them to attack American allies and private companies in Europe and Asia. The US has filed charges against Chinese citizens accused of IP theft from American companies.
Chinese hackers particularly rely on phishing. Most of these attacks begin with an innocent-looking email that includes an attachment. Once the attachment is opened, hackers can gain access to computer networks and hunt for information or plant malware. They’ve also conducted supply chain attacks, inserting Chinese microchips into servers before US tech companies receive them. Chinese attacks have been on the rise especially since mid-2018.
How to Stay Safe
Given the increasing frequency of such attacks, there’s a good chance you’ll be targeted at some point. But, assuming you’re a regular citizen and not a holder of state secrets, your best defense is simply to make infiltration difficult– there are enough targets out there that a hacker will eventually give up and move on to the next one. Here are a few tips for thwarting attacks.
1. Make use of security tools
Begin with the search tool Have I Been Pwned, a great resource. You can enter your email address to see if any of your accounts have been caught up in a recent data breach. You also definitely want to have some kind of anti-malware program. There are plenty of free ones out there, but you might find it worth the money to purchase one.
2. Manage your passwords
One of the simplest ways to beef up your security is also one of the most effective. Choose a unique, complicated passphrase for each of your accounts. We suggest a passphrase, rather than a password, because a string of words is more difficult for a hacker to guess. Use a password manager to keep track of them. Consider turning on biometric access (like fingerprinting or face recognition) for extra security.
3. Use a VPN
A VPN— virtual private network– will protect you from DDoS attacks and keep your sensitive data safe. A VPN encrypts your traffic, diverting it through one of the service’s own routers before connecting you to the free web. That means your true location and IP address are hidden.
4. Don’t Fall for Phishing Scams
Phishing for passwords is one of the most common ways hackers target their victims. Anyone can fall for phishing– the famously leaked DNC emails were obtained by phishing Hilary Clinton’s campaign manager, John Podesta.
The best defense is to pay close attention. Verify that emails you receive are from the real addresses of your friends and colleagues. Never respond to an email that appears to be a company asking for your password. Be wary of emails from people you don’t know which contain links. There are also anti-phishing programs available.
Overall, with a VPN, anti-malware, a strong passphrase, and some common sense, you can make yourself more secure online.