Front Burner - State-sponsored hackers target vaccine research
Episode Date: June 4, 2020While scientists worldwide are trying to develop a vaccine for COVID-19, reports show an uptick in state-sponsored medical hacking. Countries like China and Iran appear to be actively hacking vaccine ...research. Today on Front Burner: We talk to cybersecurity expert Priscilla Moriuchi about the fears that are driving these hacking efforts, and how they could derail vaccine research.
Transcript
Discussion (0)
In the Dragon's Den, a simple pitch can lead to a life-changing connection.
Watch new episodes of Dragon's Den free on CBC Gem.
Brought to you in part by National Angel Capital Organization,
empowering Canada's entrepreneurs through angel investment and industry connections.
This is a CBC Podcast.
Hi, I'm Piya Chattopadhyay.
We need vaccines, effective treatments and fast and reliable tests.
We need them soon.
We need to produce it and to deploy it in every single corner of the world.
Scientists around the world continue to work at breakneck speed,
trying to develop a vaccine for COVID-19.
And while many countries are collaborating on this front... We try with our collective global effort to tackle coronavirus.
As Africa, we are pleased to be part of the global effort.
It's a common endeavor, and you can count on Italy.
Multiple reports show that some countries are actively trying to steal vaccine research.
Most recently,
Iran-linked cyber spies were caught trying to steal information from U.S. drug company giant
Gilead.
Here in Canada, CSIS has warned university researchers and pharmaceutical
companies that their work is a valuable target for state-sponsored actors. So today, how does
all this work and what fears are driving it? This is FrontBurner.
Priscilla Moriucci is the Director of Strategic Threat Development at U.S. cyber security firm Recorded Future. She's a former analyst with the U.S. National Security Agency, the NSA,
and she's with me now. Hi, Priscilla. Good morning. Obviously, who is behind this all is a key
question, and we'll get to that in just a bit. But I want to start by just really getting a sense from you how concerned you are that a potential vaccine or research that is contributing towards the development of a potential vaccine could be stolen.
This type of research is targeted quite frequently.
is targeted quite frequently. So from a cybersecurity perspective, we see nations and criminals targeting and victimizing technology companies, pharmaceutical companies, biotechnology
companies, you know, on a regular basis, right? But what is making it different sort of in this
time of COVID-19 and the pandemic are a few things. One is that the entire world is focused
very particularly on this disease, right? And the entire world is also subject to the harm from that.
And there are a number of geopolitical considerations going on right now, you know,
mainly the United States and China, sort of competition or rivalry or whatever we want to call it.
The Trump administration has decided to deflect attention from its mishandling of the coronavirus
to saying it was all China's fault.
We opened the trade talk to make it a better deal for them.
China's been taking advantage of the United States
for many, many years.
You know, and there are other countries
that are also, you know, being heavily impacted
by this virus like Iran, right, or Russia,
who also are heavy users of cyber operations
and, you know, that have also stolen,
you know, what we would call kind of intellectual property,
right, or the actual, you know, that have also stolen, you know, what we would call kind of intellectual property, right? Or the actual, you know, formulas or procedures, right, for vaccines and stuff in
the past. Just before we get to talking about specific actors or countries that are involved
in this, what are some of the hacks that you've seen so far when it comes to compromising COVID-19 vaccine research? So we have insight into one particular attempt, right? We think that
it's likely part of a larger campaign, but this one attempt that we saw was the targeting by Iran,
a group linked to the IRGC, the Islamic Revolutionary Guard Corps, of a pharmaceutical company that was developing
a potential treatment for COVID-19. And in this case, what we saw was Iran, right, cyber operators
targeting executives of this company, Gilead, at home, right, using their personal, you know,
emails. You know, we believe an attempt to gain access to the company's networks, right, using their personal, you know, emails, you know, we believe an attempt to gain
access to the company's networks, right, and the company's information. What we've seen are
nation states targeting pharmaceutical companies, biotechnology, right, attempting to get access to
this information. And so you said it was Gilead, that's the Goliath of US drug makers whose
antiviral drug has shown some
promise thus far for treating COVID-19. This example isn't going after a small player,
it's going after a big player. Right. And this is just one we've seen. And we believe that this
attempt was not successful. But in this particular time, there are so many organizations,
right? Super large ones, like you mentioned, you know, smaller organizations, companies, right? Universities, you know, large multilateral
organizations that are all working on different parts of this response, right? And from the
perspective of a hacker, whether you're a nation or a cyber criminal, there are lots of potential
benefits, right? Potential weaknesses in all of those areas and in that
kind of chain of information that is shared. And so you mentioned Iran. Who are the other
big actors, big players in this hunt for vaccine research through nefarious means?
So China is the other nation that's been widely identified as, you know, attacking and trying to steal
information from particularly Western pharmaceutical and biotechnology companies.
What can you say? So what else is new with China? What else is new? Tell me.
So now you're telling me they're hacking. So I just say this, Steve, what else is new?
China is probably the most widely recognized and I guess I'll call them well-known country that has targeted companies, right, that to gain insight into aspects that, you know,
the Chinese state, right, may not have a solution for, right. And they're not always looking for,
you know, the crown technological jewels, right, or the crown vaccine jewels. In many cases,
they have many parts of that puzzle, and they're looking for very solutions to very specific
problems that
they can then hand over to their state-sponsored companies or researchers, right? And this goes
everywhere, you know, sort of runs the whole gamut from kind of military technology to,
you know, biotechnology and pharmaceuticals.
So if I think about, if we think about the relationship between the US and China as it stands today, and for the last number of months, if not years, there are always accusations that
are lobbied back and forth. It's a difficult relationship. And these accusations are, you
know, are quite widespread, especially when it comes to spying and stealing information. So
is there, quote, unquote, proof that China is actively hacking American institutions for vaccine
research when it comes to COVID-19? I guess it depends what your threshold is for, you know,
kind of unimpeachable proof, right? From the perspective of a researcher an investigator right who looks at
cyber operations in the entire life cycle so from the computer right of the hacker to the computer
of the victim and where the information goes have i have we you know in sort of the private
information security sector seen proof of China targeting pharmaceutical companies
and stealing information?
Yes, we've certainly seen that in the past.
But what's difficult is to get to the actual bits
of information that were stolen and why.
You know, for in most cases,
companies, organizations, governments
are not open to telling the entire world exactly what was stolen.
We only know so much about what the U.S. government knows about the activity of Iran and China because of sensitive intelligence.
Right. And why? Right. For a number of reasons.
That doesn't mean that there's not proof. And so when these nation states, be it Iran or China, or I'm throwing Russia into the mix and maybe I shouldn't, but when they assign their hackers, you know, it's hard to imagine.
You don't say to someone, hey, go hack the U.S. Research Institute that's doing this.
How does that conversation even play out?
Yeah, sure. So it's different for nations and criminals, right? So for nations,
all of these groups, all of these organizations are tied to military or intelligence or security
organizations, right? So the people, the hackers conducting the operations, right, are government
employees, or they're members of the military, or they're contractors that work for the government.
And they're bureaucracies, right, just like any other kind of large organization.
And they have a system for inputting what they would call intelligence requirements, right?
So the manager of a unit, for example, if we'll talk about the Chinese, so some unit within the Chinese military will have
this kind of list of intelligence requirements. Some of them will be very short-term, like maybe
monitor Hong Kong protesters, for example. Other ones will be longer-term, right, sort of more
strategic projects, right? We need information on, you know, how Canada will react, you know, at the next G7 summit when we do this.
Right. So they have this whole laundry list of intelligence departments that they then prioritize.
Right. And that they then use their own resources.
So it's not just the therapies and the vaccines and the research, but is the information about the humans, the directions, the policies that can be a foundation for other intelligence approaches later on.
So say, you know, that an intelligence requirement was delivered to this manager in early March.
And that was right. Find as much information as you can about potential COVID vaccine.
So that manager would then go to their employees and they would together brainstorm.
OK, where do we have leads on, for example? So they would conduct what we call reconnaissance. So just research on the internet, finding companies or organizations that are involved in the COVID response effort or in vaccines, right through press releases and publications.
releases and publications, but then they can go through information that they already have if they find a company they're interested in, right? So, for example, you know, there are hundreds of
millions of username and password combinations available, some for free, you know, many for very
cheap, right, that can be used, right? And because people frequently reuse their passwords,
right that can be used right and because people frequently reuse their passwords right they can be utilized right so they say okay do we have say a credential combination for any
you know for users or can we for example scan their internet facing uh infrastructure and
devices right are there vulnerabilities that are evident right so it's it's this whole like kind
of process where you you prepare you do the
reconnaissance to understand like where are the vulnerabilities what can we conceivably get access
to what's the time frame for this request right um and then you kind of put it all together and
it becomes you know this this operation um you know each one of these actors um well they might
have overlapping um interests between them but i imagine they might have overlapping interests between them, but I
imagine they also have unique interests in them. So I just kind of want to go through a couple of
them. Like, China has denied that it is involved in any attempt to steal virus-related data.
Countries always deny that they're doing anything that might be seen as untoward. And it says that
China is a staunch upholder of cybersecurity and a victim of cyber attacks.
What is China's motive here?
So they understand that the world kind of feels
or maybe some of the world holds them responsible.
And for China, it's incredibly important for them to be seen
as leading the world in response to this disease.
The opportunity for them, which rarely comes, to be seen as leading the world in response to this disease. The opportunity for
them, which rarely comes, to be honest, to be able to contrast their behavior with that of the West
in a binary manner, right? To say, look, we are both encountering the exact same situation here,
right? A brand new disease that is sweeping through our populations. This is how we, China,
have addressed it, right? We've already resolved our pandemic. And then look at you guys in the West, right?
You're still fighting this, right? You can't get it together. You aren't doing many of the things
that we have done, right, that have been successful. So not only have we addressed our own outbreak,
right, we are now helping the rest of the world deal with theirs. And sort of the third icing on
the cake would be, and we've also discovered this vaccine that we're going to share with
everybody. It would be incredibly important to China to be the one to develop the vaccine first.
In the Dragon's Den, a simple pitch can lead to a life-changing connection.
Watch new episodes of Dragon's Den free on CBC Gem.
Brought to you in part by National Angel Capital Organization,
empowering Canada's entrepreneurs through angel investment and industry connections.
And so what about Iran?
Because again, a country that has a difficult relationship with the United States,
and I should say Canada, has its own difficult relationships
currently with both Iran and China.
What's at stake for Iran here as they appear to be actively hacking vaccine research?
Sure. For Iran, I think it's slightly different in that
because of the relationship they have with the United States and Canada and much of the West.
A total of 138 passengers on that flight were connecting to Canada.
...to make certain the crash is thoroughly investigated,
but without a diplomatic presence in Iran...
We are announcing additional sanctions against the Iranian regime.
The sanctions regime, right,
they're relative isolation from many international organizations.
They do not have that unabashed
assurance that if a vaccine was discovered that they would get speedy access to that vaccine or
treatment, right? So for them, you know, I believe it's one of this need to assure themselves that
they will be able to access a vaccine or a treatment, you know, in an expeditious manner if one is discovered,
or that they will be able to, that they're sort of stealing this information, right,
to enable their own sector to develop, right, a vaccine or treatment kind of outside of this sort of Western-dominated biotechnology research sector.
So for Iran, it's much less like being seen to lead the
world in vaccine treatment, although I'm sure that their leadership wouldn't mind that either,
but much more along the lines of self-preservation, right? And being able to treat their population
and knowing, right, that if something is developed, they would have equal access to it,
which I think that they don't know that right now.
I have to say, Priscilla, all this is very interesting and fascinating.
But there is a part of me that's sitting here saying,
look, we know that there's collaboration going on with scientists around the world.
They're trying to work together to develop a potential vaccine.
We're facing a common threat, which we can only defeat with a common approach.
We'd like to issue like royalty-free license
and to manufacturers all over the world.
It's non-exclusive.
The need for global health cooperation
has never been more urgent.
And as a regular citizen,
quite frankly, I don't care perhaps
who makes this vaccine,
as long as there is a safe, effective vaccine
and I have access to it. So why is there so much concern around this type of hacking?
So I think you highlighted two of the greatest concerns, right? One, safe and effective,
and two, that you as a Canadian wouldn't have access to it. So one, I think we, the procedures, right, for developing vaccines or drugs or treatment
protocols differ by country. From the development perspective, working with partners, right, and
working across international lines and getting to that vaccine is very important. But what's more
important for that is that it to be safe vaccine. You know, for the most part, right, we need that assurance, right, in the United States and in Canada before that vaccine gets widely developed.
And second is the point of access.
There are just so many points of uncertainty in global politics these days.
uncertainty in global politics these days many um uh resources right and people and organizations being used as levers right for power that we wouldn't really have imagined before you know
whoever finds a vaccine is going to have a lot of power the political imperative to be able to
find a solution by any means is incredibly important and And it's not, I don't think we can say with certainty that, say,
if China or Iran were the ones to discover a vaccine,
that we in the United States or in Canada would have equal and early access to that.
Priscilla, thank you very much for your time and explaining this to me.
I appreciate it.
Thank you so much for having me and stay safe.
You too.
And just before I let you go today, a few things to get you caught up on.
Protests across the United States and around the world continue after the killing of George Floyd.
the United States and around the world continue after the killing of George Floyd. And now all former living U.S. presidents have weighed in on the civil unrest facing that country. Here's what
they had to say. In a statement, Jimmy Carter said, quote, people of power, privilege and moral
conscience must stand up and say no more to a racially discriminatory police and justice system, immoral economic disparities between whites and blacks,
and government actions that undermine our unified democracy.
Bill Clinton called on people to ask themselves a set of hard questions.
He said he would start with, quote,
if George Floyd had been white, handcuffed and lying on the ground, would he be alive today?
George W. Bush also released a statement that in part reads, quote,
And the most recent former president, Barack Obama, held a town hall today,
And the most recent former president, Barack Obama, held a town hall today,
urging young Black people to, quote, feel hopeful even as you may feel angry.
I've heard some people say that you have a pandemic, then you have these protests.
This reminds people of the 60s and the chaos and the discord and distrust throughout the country.
I have to tell you, although I was very young when you had riots and protests and assassinations and discord back in the 60s, I know enough about that history to say there is something
different.
I know enough about that history to say there is something different.
You look at those protests, and that was a far more representative cross-section of America out on the streets, peacefully protesting, and who felt moved to do something because
of the injustices that they had seen.
That didn't exist back in the 1960s, that kind of broad coalition.
That's all for today.
Thank you for listening.