Cyber Week in Review: April 29, 2016

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Bad endpoint security to blame for Bangladeshi central bank heist? News reports surfaced in February that cybercriminals were successful in stealing $81 million from Bangladesh’s central bank. This week, British defense company BAE systems published research suggesting that the heist was made possible thanks to bespoke malware that targeted the Bangladeshi central bank’s connection to the SWIFT network, the international system that allows banks to transfer money around the world. The malware gave the crooks an inside look at the bank’s system and allowed the hackers to shift funds from Bangladesh bank’s reserve account in the United States to accounts in the Philippines. A representative of the SWIFT network stressed that the heist was not the result of vulnerabilities in the SWIFT network, but in the poor configuration of Bangladesh’s central bank network. BAE speculates that criminals are upping their game, using the kinds of sophisticated attacks and reconnaissance once only seen by state actors.

2. Russia and China—cyber BFFs. Representatives of the Chinese and Russian governments met for the first bilateral “Cyberspace Development and Security Forum” in Moscow this week. The conference featured speeches by Lu Wei, director of the Cyberspace Administration of China (CAC), the country’s top regulator; Fang Binxing, head of the Cybersecurity Association of China and one of the main architects of China’s Great Firewall; Igor Shchegolev, one of Russian President Vladimir Putin’s top aides on Internet issues; and Konstantin Malofeev, the head of an NGO that helps the Russian government remove objectionable content from the Internet. At the meeting, Shchegolev reportedly said that to protect national interests, Russia “can’t rely on transnational IT firms,” echoing Chinese President Xi Jinping, who stated in a speech last week that “the fact that core technology is controlled by others is our greatest hidden danger.” Chinese companies are also reportedly complying with a Russian requirement that they store data on Russian citizens within Russia, something many Western firms have been hesitant to do. Meanwhile, the Wall Street Journal reported this week that CAC recently proposed that the Chinese government take a financial stake in major domestic technology companies and be given a seat on the companies’ governing boards.

3. U.S. Steel accuses China of hacking. U.S. Steel has accused the Chinese government for hacking its networks in 2011 and stealing plans for developing new lightweight steel technology. The company filed a complaint with the International Trade Commission (ITC), an independent agency that enforces U.S. trade policy, which now has thirty days to decide whether it will open an investigation. The U.S. Steel ITC complaint is separate from the one that led to the 2014 indictment of the five Chinese military hackers. A spokesman for China’s commerce ministry called on the ITC to reject the complaint, repeating an oft-used line that accusations of intellectual property are "completely without factual basis."