eye-3-yellow-3d-2-new-logo philly_kyw_new philly_94wip_new 35h_cbssportsrad_philly philly_wpht_new

Local

Drexel U. Cybersecurity Expert Says Chinese Hackers Used Some Simple Tricks

View Comments
(US attorney general Eric Holder takes questions from the media during an announcement on indictments against Chinese military hackers.  David Hickton, US attorney for Western Pennsylvania is at left; assistant attorney general for national security John Carlin at right.  Photo by Alex Wong/ Getty Images)

(US attorney general Eric Holder takes questions from the media during an announcement on indictments against Chinese military hackers. David Hickton, US attorney for Western Pennsylvania is at left; assistant attorney general for national security John Carlin at right. Photo by Alex Wong/ Getty Images)

Tim Jimenez Tim Jimenez
Tim Jimenez is a general assignment reporter at KYW Newsradio...
Read More

Get Breaking News First

Receive News, Politics, and Entertainment Headlines Each Morning.
Sign Up

By Tim Jimenez

PHILADELPHIA (CBS) — In the first case of its kind, a US grand jury is charging five Chinese computer hackers with economic espionage and theft of trade secrets (see related story).

Today, a local cybersecurity expert provided some insight about how such a cyber spying can happen.

Drexel University assistant professor Robert D’Ovidio says some of the techniques of those hackers were fairly simple, including what’s called spear phishing.

“They’re going after the end user to get them, to trick them, into giving over access credentials,” D’Ovidio told KYW Newsradio today, “and that’s how they’re gaining access to networks.”

One example happened with US Steel.  Federal officials say one of the hackers sent spear-phising e-mails to employees there — legitimate looking e-mails — asking for critical information to access the company’s network.

D’Ovidio says hackers just need one bite to get into the system and do their damage.

“They know pricing information, they know marketing plans,” D’Ovidio says, “and all of that stuff can be very vital when you’re responding to an RFP or to a request to provide a proposal to a company for a particular job or product.”

He says the big deal here is that it’s one thing if a country is using its resources in interests of national security, but a different story when they go after the trade secrets and other information from private companies, which means an economic impact, including job losses.

D’Ovidio says companies need to get all employees on the same page with online safety.

“Do not fall victim to these simple e-mail requests of verifying user names and passwords,” he warned.

 

View Comments
Follow

Get every new post delivered to your Inbox.

Join 32,478 other followers