Trending
1M is the estimated number of Freedom of Information Act requests submitted in fiscal 2018, up from 818,000 the previous year
 Report: Chinese hacker group targets tech supply chain
Lawmakers
object to federal
pay freeze
Nearly 200 lawmakers are pushing back against President Donald Trump’s plan to freeze pay for civilian employees.
Twenty-three members from both sides of the aisle wrote a letter urging Trump to reconsider his proposal to eliminate pay raises in fiscal 2019. “While we applaud your efforts to be fiscally responsible, these scheduled pay raises are overdue for our hardworking federal employees and provide incentives to recruit and retain a strong federal workforce,” they wrote.
Congress has the authority to override Trump’s proposal, and the Senate already cleared a 1.9 percent pay raise for civilian employees next year by a 96-2 vote.
In a separate letter, 159 Democrats wrote to House leaders asking them to reject the proposed pay freeze and enact the 1.9 percent raise approved by the Senate.
“The Trump administration must end these irrational and draconian cuts to the pay and benefits of federal employees and retirees, just as it must stop attacking the rights of employees to collectively bargain, resolve workplace disputes and challenge unfair treatment,” they wrote.
J. David Cox, national president of the American Federation of Government Employees, praised lawmakers’ efforts, saying: “Federal employees have endured years of financial uncertainty and strain due to pay and hiring freezes, pension cuts, unpaid furloughs and government shutdowns. They both need and deserve a raise, and I thank every lawmaker and every citizen who is calling for it.”
In the past two years, a group called Intrusion Truth has been releasing detailed information about China- linked hacking groups. Their latest findings purport to show that two Chinese nationals and a contracting firm associated with an advanced persistent threat group named Stone Panda are actively working for or with the Chinese government.
exposing the operations of another Chinese APT group, Gothic Panda, has largely been proven to be accurate.
Although researchers have long suspected that Stone Panda had ties to China’s government, evidence linking members of the hacking group to a specific Chinese Ministry of State Security field office could allow the U.S. to enact criminal, diplomatic or economic sanctions against Beijing.
In addition, Meyers said the findings provide another example of how China has ramped up its cyber-based economic espionage in recent years despite a 2015 bilateral agreement between the U.S. and China to curb such activities. He said it also indicates the extent to which China is relying on third-party security companies to carry out that espionage.
After Intrusion Truth posted its findings online, CrowdStrike analysts said several of the named individuals began deleting their social media accounts and other aspects of their online footprints. Meyers said the group will likely go underground or dormant, at least temporarily, while members rebuild their operational security and anonymity.
The Trump administration has generally relied on a two-pronged strategy for imposing consequences on foreign-backed hacking groups by publicly assigning blame for high-profile cyberattacks and then following up with criminal, economic and/or diplomatic sanctions against the host country as well as the people and entities involved.
“When individuals become exposed or indicted in this way, it pretty much limits their ability to travel outside of China,” Meyers said. “It makes the world a smaller place for them and acts as something that certainly disincentivizes others from getting into this line of work if they have more worldly aspirations.”
— Derek B. Johnson
 14
November/December 2018 FCW.COM
In particular, Intrusion Truth presented photographic evidence, satellite imagery and even Uber receipts to show that two individuals associated with Stone Panda regularly traveled to a Ministry of State Security compound in Tianjin, China. Intrusion Truth also provided evidence purporting to show how Stone Panda recruits hackers on behalf of the Chinese government.
CrowdStrike, a U.S.-based cybersecurity and threat intelligence firm, said it has corroborated several key pieces of information and believes the findings are potentially damaging.
“The exposure of Stone Panda as [a Ministry of State Security] contractor would be another blow to China’s current cyber operations given Stone Panda’s prolific targeting of a variety of sectors and may prompt an additional U.S. investigation at a tenuous time for Sino-U.S. relations during an ongoing trade war,” the firm’s analysts wrote in August.
Adam Meyers, vice president of intelligence at CrowdStrike, told FCW that Intrusion Truth’s previous work
— Chase Gunter
NDEDE/SHUTTERSTOCK