The agency circulated a “restricted” warning to U.K. business people warning that the Chinese are seeking to leverage sex and gifts to exploit businesses.

According to the report, titled “The Threat from Chinese Espionage,” Chinese intelligence agents are disseminating IT goods like USB memory drives that are corrupted. Once the corrupted drive is plugged into a computer, it allows hackers based in China to exploit backdoors into the system.

Similar to other communist nations (such as the GDR and USSR), China is using illicit sexual relationships leveraging honey traps, women who sleep with businessmen and then attempt to blackmail them over the relationship. Photos are generally taken and the target is threatened with exposure if they refuse to cooperate and provide information.

Gen. Habiger draws 10 significant conclusions in his paper, including:

1) Our nation’s vital public and private IT systems are so vulnerable they invite attack.

2) America is routinely the victim of nation-state driven cyber intrusions that can be seen as low-grade cyber-border conflicts.

3) Some of these attacks have crossed a critical line: They have compromised critical systems supporting our troops engaged in combat.

4) Our failure to proactively address these threats risks a digital Pearl Harbor or 9-11.

5) Deterrence by retribution and preemption, our nation’s core national security strategies, are of limited value against cyber war and cyber terror threats—“these rotary-phone-era strategies are not well suited for today’s digital world.”

6) A new approach based upon deterrence by denial is needed.

7) Achieving effective cyber deterrence by denial, or defense in-depth, will require nothing short of a total paradigm shift from both government and the private sector.

Across both the public and private sector we must deploy inherently secure technologies, tested and certified secure against sophisticated attacks.

9) The private sector must look beyond the balance sheet and focus on our national interests—and if need be the government must force this change.

10) We must educate the American people about the importance of cybersecurity and drive behavioral change.

Habiger is the former commander in chief of U.S Strategic Command and served as the former DOE “security czar.”

The paper can be viewed here

While cyber criminals have developed software to steal banking information and passwords, the most common spyware on the Internet is generic software that captures everything typed into a computer. Instead of just stealing money from compromised banking account logins, criminals are able to sell email accounts and social networking credentials.

The login credentials for social networking sites and email accounts are sold to cyber criminals who use them to distribute spam and other malware.

ExecutiveGov recently interviewed Carey on his use of Web 2.0 technologies and some cybersecurity initiatives in the Navy.

Carey discussed the Navy’s Cyber Security Education Mission, saying, “it’s really important to realize that when you sit down at the computer a condition of employment, if you will, is that in today’s age, you are a cyber warrior.  The minute you plug in your common access card and you log into the network, you are either an asset, strength or you are a vulnerability because you are not doing the things you should be doing.”

He therefore places educating Navy personnel as one of his top duties to ensure the Navy’s networks are more secure.

“We create the two layers – the users and the people that run the network to run in a homogeneous like manner to assure information arrives when it’s needed and when it’s needed in the right format,” Carey said.

Carey also discussed the centrality of balancing security and accessibility and viewing the two concepts as being complimentary instead of mutually exclusive.

“Generally, we do one or the other, we actually buy off on the fact that increased security must mean some ding on accessibility or some ding on convenience.  I think that sometimes is true but it doesn’t always have to be true.  You have to actually weigh them both,” he said. “The security layer has to be in place and the accessibility has to be in place.  It forces us to look at security differently – maybe to the data element level shining light on things like identity management and those technologies far brighter than we had been in the past because that’s the key to the balance.”

The interview can be viewed here

The victim proceeded to demand that the bank repay the rest of the money, claiming that the theft occurred because the bank failed to implement appropriate security measures. The bank immediately filed suit with the local Texas court asking that it certify that the bank’s security measures were “commercially reasonable.”

The bank claims that the wire transfers were conducted using valid banking credentials. However, the victim claims that the bank failed to utilize fraud detection methods and strong authentication procedures which could have stopped the heist.

The plea agreement stated “Defendant used that software to, without authorization, access the COS websites at such a high rate that it impaired the integrity and availability of the COS websites and the computer system where they were hosted.” He will formally entire a guilty plea next week.

In November, Dmitriy Guzner was sentenced to 1 year in federal prison after admitting his culpability in the attempts to disrupt the Scientology website.

The attacks attempted to target ‘bid data’ which contains the location, quantity and value of oil discoveries. Some of the data that was accessed was downloaded to an IS address based in China.

Security personnel with one of the oil companies claimed that the breach of one of their documents was the result of a ‘China virus.’ The software used in the attacks appears to be custom made, rendering it virtually impervious to detection by standard anti-virus software.

Civil Rights and Livelihood Watch was also targeted in a cyber attack as well as two news agencies and the Independent Chinese Pen Center. The websites are all either run by dissident activists or post content written by them. The Chinese Human Rights Defenders, who issued a statement regarding the cyber attacks, has been victimized in the past.

Dr. Udo Helmbrecht, Executive Director of ENISA, said spam is “unnecessary, time consuming and costly burden for Europe…email providers should be better at monitoring spam and identifying the source. Policy-makers and regulatory authorities should clarify the conflicts between spam-filtering, privacy, and obligation to deliver.”

Additionally, close to three quarters of respondents surveyed said that spam accounts for a significant portion of their time. However, the majority do not view fighting spam as necessary but merely a tool to attract customers.

Foreign ministry spokesman Ma Zhaoxu, citing the recent hack of Chinese search giant Bandu, said “China is the biggest victim of hacking attacks.” Ma claims that Chinese companies are consistently under cyber attack.

The claims come in the wake of the attacks against Google, who has threatened to pull out of the Chinese market, claiming that the hackers were based in China, a charge that Ma says is baseless.

The Chinese have a well developed cyber capability and have stood up ‘cyber militia’ units. The Chinese government regularly utilizes these resources to conduct espionage against foreign targets.