FBI alerts farmers to growing threats
Growers in Iowa began keeping a closer eye on their fields in 2013 after federal authorities accused several Chinese nationals of digging into the ground and stealing patented seeds from farms there.
One of the men who pleaded guilty was an employee of a Chinese agricultural company who targeted farms using the parent seeds needed to replicate GMO corn — seeds created by U.S. firms such as Monsanto, Dupont Pioneer and LG Seeds.
It’s an example of the kind of security breach that’s becoming increasingly common in the agricultural industry and something farmers should be aware of, two FBI agents said during an online symposium held by F3 Tech, a program within the Eastern Shore Entrepreneurship Center in Easton, Md., on April 14. From computer hacking to inside theft, farms are just as vulnerable as high-profile corporations to thieves and cyber criminals, they said.
“When something seems different, seems off, seems out of character, that’s something that everyone needs to pay attention to,” said David Ring, chief of the FBI’s cyber division, during F3 Tech’s CyberAg Symposium.
Ring and Thomas Breeden, a supervisory special agent in the FBI’s Baltimore office, offered the symposium audience, gathered via videoconference, tips on how to avoid potential intrusions into their computer networks and their business. Much of the seminar dealt with the surprisingly simple way that hackers steal from businesses or obtain access to a company’s network, often through a scam called “business-email compromise.” They send e-mails masquerading as a senior colleague or a company’s trusted vendor, asking them to make payments to a new account — theirs.
“There’s no malware,” said Breeden, who has an agricultural background. “But they’re tricking you. … It’s not elaborate… but if they can pretend to be that vendor you’re already working with, that’s all they need, and that money goes out the door.”
Last year, 20,000 examples of business-email compromise were reported to authorities for an adjusted loss of $1.8 billion, Ring said.
“‘Common’ is the type of word I’d use to describe it,” he said. “Often times those mid- and small-sized companies tend to (offer) opportunities for (thieves).”
Farmers who receive emails masquerading as colleagues or customers should report them to the FBI, he said. It gives the bureau an opportunity to intercept the hacker. Ransomware, where hackers access a business’s computer network, lock it up and demand a ransom to set it free, is also common.
“The food and agriculture industry is certainly a significant target,” Ring said. “If you attack an industry that’s critical to the safety and livelihood of a society, they’re more likely to pay the ransom.”
Never pay the ransom, he said. It only encourages additional ransomware attacks, but if you do pay it, contact the FBI so they can start moving toward prosecutions. Sometimes the FBI can interrupt those payments before they leave the country or, occasionally, even after they’ve reached foreign accounts.
“There’s a lot of doom and gloom, but the FBI has been very successful at disrupting ransomware actors,” Breeden said.
Avoid weak passwords, which are a common target, he said. Use long passwords with multiple numbers, letters and special characters.
“It might not solve all your problems, but it might make a hacker go somewhere else, and that’s a win,” he said.
It’s smart to maintain a secure and independent backup network so you don’t lose everything if you’re attacked and refuse to pay the ransom, he said. Paying it also isn’t a guarantee.
“I wouldn’t take the hacker for their word,” he said.
The coronavirus pandemic may have also created more opportunity for these sorts of attacks now that people are meeting less face to face.
Anyone needing to report a cyber crime can do so with the FBI’s Internet Crime Complaint Center at www.ic3.gov.
“If you’re in the business long enough, you are probably going to experience some kind of cyber attack,” said Kyle Waggoner, information services director at Perdue Farms. “Everyone needs to be prepared for these scenarios.”