The FBI and Department of Homeland Security are warning COVID-19 research organizations that hackers from China may be targeting them.
In a May 13 announcement, the FBI and the DHS Cybersecurity and Infrastructure Security Agency warned research organizations to take “necessary steps” to protect their information technology systems.
The FBI is investigating attempts by hackers affiliated with the Chinese government to steal COVID-19 research, the announcement said. The agencies didn’t provide additional details about the hacking attempts.
These hackers “have been observed attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research,” the FBI and CISA said. “The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.”
The FBI recommended that research organizations should assume that press attention focused on their efforts will lead to increased attention from hackers. Organizations should make sure to patch all their systems, and they should actively scan all web applications for unauthorized access and other anomalous activities. Research organizations should also identify and suspend the access of users exhibiting “unusual” activity.
The warning came as no surprise to U.S. critics of China and cybersecurity experts.
“Does [China] lie, cheat, and steal?” said Sen. Ben Sasse, a Nebraska Republican and a member of the Senate Intelligence Committee. “Do bears crap in the woods?”
Chinese President Xi Jinping “will pull no punches to beat the United States and the free world to a vaccine,” Sasse added, “not because he cares about saving lives — he clearly doesn’t — but because he cares about saving his own hide. The Chinese Communist Party’s domestic legitimacy and international clout depend on selling propaganda that makes China the hero in this pandemic story.”
Sasse also accused China of hiding the numbers of residents infected by COVID-19, “fueling conspiracy theories, and disappearing whistleblowers.”
Chinese hackers have been targeting medical research from the U.S. for a “very long time,” added James Carder, chief security officer and vice president of cybersecurity vendor LogRhythm Labs. “The U.S. does the research and development work, then hackers steal it to replicate for potential use and for a profit,” he said.
But the hacking of proprietary vaccine research and other medical research raises bigger questions, he added. “As vaccines help the greater good and keep humans safe from illnesses, we should evaluate if it matters that the information is stolen,” Carder said.
Carder suggested that one response to such hacking attempts could be multination research partnerships, including the U.S. and China. “This pandemic is global and impacts us both, so we should leverage as much expertise and research as possible,” he said. “There is a high likelihood that their hackers would be successful when stealing information related to vaccine research, as their track record shows. It would be wise to partner together and provide the information upfront.”
China is likely not the only nation targeting U.S. COVID-19 research, added Axel Wirth, chief security strategist at MedCrypt, a medical device cybersecurity company. Recent reports suggested Iran is also targeting research, he said.
“Based on past experience, I would not expect that this type of activity is limited to just these two countries,” he said. “In addition, I would assume that there is activity in the underground economy related to the sale of COVID treatment-related intellectual property.”
Wirth called on research organizations to evaluate their cyberdefenses. “Unfortunately, with the current rush of improving health system capacity and to accelerate vaccine development, oftentimes security fundamentals get overlooked,” he said. “Any incident that would impact system availability is critical in the current situation, and we cannot afford to reduce our security efforts there.”
Experts in politics and law enforcement will need to decide the appropriate response if Chinese hackers are stealing U.S. research, he said. “Unfortunately, COVID-19 is not only a public health crisis.”
