Trust But Verify

The senior employees at Alcoa World Alumina, the nation’s largest producer of aluminum, working out of the six-story aluminum and glass structure on Pittsburgh’s North Shore were quite certain that the emails that had arrived on their computers on February, 20, 2008, were from a member of their own Board of Directors. Attached was a file that looked like the agenda for Alcoa’s annual shareholder meeting, which they proceeded to open.

In reality, however, the email came from Sun Kailiang, an officer of Unit 61398 of the Third Department of the Chinese People’s Liberation Army (PLA), and, unbeknownst to Alcoa employees, opening the attachment caused malicious software to be installed on their computers.  China is some seven thousand miles away from Pittsburgh, but the email made it possible for as of yet unidentified individuals — apparently confederates of  Kailiang, to steal at least 2,907 emails, including internal messages among Alcoa’s senior managers discussing a recent partnership with a Chinese company.

Allegheny Technologies Incorporated (ATI) is one of the largest and most diversified specialty materials and components producers in the world. Like Alcoa, its headquarters are also based in Pittsburgh, Pennsylvania. In April 2012, ATI was engaged an international trade dispute with a Chinese company — the World Trade Organization would ultimately rule in favor of ATI — when their company computers were hacked by Wen Xinyu, a Chinese army officer in the same unit as Kailang.

Xinyu obtained the usernames and passwords for at least 7,000 ATI employees, facilitating access to their computers and making it possible to monitor internal activity and steal information.

These two incidents are among a long list detailed in the indictments of Kailang, Xinyu, and three other Chinese officials announced by the U.S. Department of Justice on Monday. It is unlikely that these hackers will ever see the inside of an American courtroom, as no one really expects China to turn them over to the U.S. authorities. But the Obama administration is hoping that at the very least, these unprecedented charges will send a clear message to the Chinese government that it will use every tool at its disposal to fight economic espionage and cyber theft.

These efforts are commendable and ought to be ramped up. But it’s important to remember that it isn’t only major U.S. companies that are the targets of hackers, on a daily, sometimes hourly, basis; small businesses and private individuals are at the receiving end of innocent-looking emails that contain malicious software or devastating viruses.

Most of these emails get intercepted by anti-spam filters, but a surprising number of emails get through the filters and are opened by their unsuspecting victims. In addition to viruses, frauds via email or social media sites abound.

For instance, after gaining access to an individual’s computer, hackers proceed to send out emails to all that person’s personal contacts, claiming that he or she is traveling abroad and has been the victim of a robbery.  Giving identifying details that appear to verify its accuracy, it pleads for friends and relatives to lend them some money to get home.

By the time the supposed “victim” becomes aware that he has been hacked, well-intentioned acquaintances have been duped into wiring substantial sums of money to the thieves behind this plot. Variations of this hoax come from hackers posing as lottery officials, a general in an African country, prominent U.S.-based banks, and even the FBI. It is imperative for individuals to be on the alert at all times and to watch out for red flags. Verify the sender’s e-mail address and take extra precautions before opening attachments, and never send money or provide personal information based on an email.

Hoaxes are hardly limited to emails. Blogs and social media outlets such as Twitter are ideal breeding grounds for a wide variety of fraudulent activities, sometimes with disastrous results. False tweets or hacked accounts have sent stocks plummeting, and wrecked the reputations of the innocent.

In one case, placed between relatively accurate news accounts on a Twitter account purporting to be from a well established kehillah, there appeared a shocking story. According to the story, an individual, a kohen, was refused an aliyah one weekday Monday, because he didn’t dress like the other members of the kehillah.  Word of this tweet soon spread, and the leaders of the kehillah were besieged by protests from outraged members, who stressed that such conduct was the polar opposite of their group stood for.

Indeed the story was most disturbing, but as it turned out it was totally fictitious. As those who participated in that early morning minyan related, the story was the figment of the imagination of the person who ran the unauthorized twitter account, who was cleverly using the social media group to besmirch the kehillah.

Evildoers and rabble-rousers have long used forgery and fraud to further their despicable goals, and modern technology has brought this phenomenon to record lows. It is up to us not to allow ourselves to fall into their trap.