Posts Tagged ‘Chinese hackers’

India’s Ministry of Defence website hacked, Chinese characters spark cyberattack speculation

April 6, 2018

However, the hit didn’t come with the usual owning of responsibility by a group of hackers.

 By Zee Media Bureau | Updated: Apr 06, 2018, 17:36 PM IST

The website of the Ministry of Defence was hacked on Friday evening. The website displayed an error message and carried what seemed to be some Chinese characters on top, sparking speculation of a cyberattack from the northern neighbour.

Defence Minister Nirmala Sitharaman confirmed that the site had been hacked, and said steps would be taken to prevent such an instance in the future.

“Action is initiated after the hacking of MoD website ( ). The website shall be restored shortly. Needless to say, every possible step required to prevent any such eventuality in the future will be taken,” she said in a tweet.

Nirmala Sitharaman

Action is initiated after the hacking of MoD website ( ). The website shall be restored shortly. Needless to say, every possible step required to prevent any such eventuality in the future will be taken. @DefenceMinIndia @PIB_India @PIBHindi

7:46 AM – Apr 6, 2018
524 people are talking about this
Twitter Ads info and privacy

However, the usual markers of a hit by a group of hackers was missing. Hacked government websites usually end up displaying some embarassing political message, along with the hackers’ group claiming responsibility. The MoD website hack featured none of these.
Efforts to visit the MoD website around 3:30 pm showed a message that read, “The website encountered an unexpected error. Please try again later.” The purportedly Chinese characters seem to mean ‘home’, and this ties in with the fact that it functioned as a button that linked back to the MoD website homepage itself.

This has sparked speculation on social media sites that the website was hacked by Chinese hackers. Cyberattacks by hackers backed by the Chinese government are considered fairly common by the international community. However, the Chinese government usually denies any links to hackers.

Ministry of Defence, Defence Ministry, Defence ministry website,, Defence ministry website hacked, Defence ministry website hack, Cyberattack, cybersecurity, Hackwebsite hacked, Hacking, Chinese hackers


China’s state-sponsored cyberattacks increase in sophistication and severity

April 5, 2018

Related image

UNDER ATTACK: The government’s digital domains suffered 10 level 3 incidents last year, which might have compromised personal data stored on the affected systems

By Lee Hsin-fang and Jonathan Chin
Taiepei Times (Taiwan)

The threat from state-sponsored cyberattacks on the nation’s digital infrastructure, including those directed by Beijing-affiliated groups, has increased in sophistication and severity over the past year, the Department of Cyber Security said yesterday.

Last year, Chinese hackers mounted 288 successful cyberattacks on the government’s systems, or 80 percent of the total of 360 successful attacks that the department discovered, department Director Chien Hung-wei (簡宏偉) said.

Each month, the government’s systems are subjected to anywhere between 20 million and 40 million attacks, in addition to billions of probing actions made by hackers looking for weaknesses, he said.

These actions are initiated by hackers from around the world, though groups based in China are believed to be involved in many of them, Chien said.

The overwhelming majority of cyberattacks are level 1 or level 2 events that result in unauthorized changes to Web pages or other minor damage, he said.

However, the government’s digital domains suffered 10 level 3 incidents, which might have compromised personal data stored on the affected systems, he said.

While there were no successful level 4 attacks — the highest threat level — against the nation’s infrastructure, Chinese hackers had improved the success rate of their attacks, he said.

“The increasing precision of Chinese attacks is a matter of concern for this department,” Chien said.

Hackers route their attacks through servers in the US, Russia, EU member states and other nations, which makes pinpointing an attack’s point of origin difficult, he said.

However, the department is able to identify specific patterns, traits and other modes of operation that are associated with China-sponsored hackers, including the presence of certain characters or styles of coding used in hacking tools, he said.

Hackers from China, North Korea and Russia have been highly active, and Taiwan often serves as a testing ground for new hack tools or techniques before their deployment against targets in other nations, he said.

As a result, foreign governments have expressed an interest in gaining access to the information the department has collected on cyberattacks directed against Taiwan, he said.

The department is overseeing the government’s efforts to develop a system of defense to shield its core computer systems, infrastructure and sensitive data from cyberattacks, Chien said.

The defensive system would involve building up defenses at each of the government’s Web portals and each of the office domains connected to them, he said.

Furthermore, government offices need to communicate with each other and share information about cyberattacks to coordinate their security efforts and discern emerging threats, he said.

An academic, on the day of being nominated a Cabinet official, had received an e-mail with an embedded virus that was designed to penetrate the government’s internal networks, said an official, who asked not to be named.

Chinese Hackers Hit U.S. Firms Linked to South China Sea Dispute

March 17, 2018


 Image may contain: ocean, sky, outdoor and water
China has militarized the South China Sea — even though they have no legal claim. This is Mischief Reef, now an extensive Chinese military base — one of seven Chinese military bases near the Philippines


By David Tweed

 Updated on 
  • Victims are in maritime industries with South China Sea ties
  • Hackers ‘most likely’ operating on behalf of a government

Chinese hackers have launched a wave of attacks on mainly U.S. engineering and defense companies linked to the disputed South China Sea, the cybersecurity firm FireEye Inc. said.

The suspected Chinese cyber-espionage group dubbed TEMP.Periscope appeared to be seeking information that would benefit the Chinese government, said FireEye, a U.S.-based provider network protection systems. The hackers have focused on U.S. maritime entities that were either linked to — or have clients operating in — the South China Sea, said Fred Plan, senior analyst at FireEye in Los Angeles.

 No automatic alt text available.

“They are going after data that can be used strategically, so it is line with state espionage,” said Plan, whose firm has tracked the group since 2013. “A private entity probably wouldn’t benefit from the sort of data that is being stolen.”

The TEMP.Periscope hackers were seeking information in areas like radar range or how precisely a system in development could detect activity at sea, Plan said. The surge in attacks picked up pace last month and was ongoing.

Increased Attacks

While FireEye traced the group’s attacks to China, the firm hasn’t confirmed any link to Chinese government entities or facilities. FireEye declined to name any targets. Although most were based in the U.S., organizations in Europe and at least one in Hong Kong were also affected, the firm said.

Ministry of Foreign Affairs spokesman Lu Kang told a briefing Friday in Beijing that China opposed all kinds of cyber attacks. “We will continue to implement the important consensus on cybersecurity reached in 2015,” he said.

Plan said suspected Chinese cyber-attacks on U.S. targets has picked up in recent months, after both sides agreed not to attack civilian entities. The 2015 deal to tamp down economic espionage was hammered out between then-U.S. President Barack Obama and President Xi Jinping.

The U.S. indicted five Chinese military officials in 2014 on charges that they stole trade secrets from companies including Westinghouse Electric Co. and United States Steel Corp. after hacks were detected by Mandiant, a unit of FireEye. China denies the charges and argues the country is a victim rather than an instigator of cybersecurity attacks.

Strategic Data

Data sought in the latest incidents could be used, for instance, to determine how closely a vessel could sail to a geographical feature, Plan said. “It is definitely the case that they can use this information for strategic decision-making,” he said.

The U.S. Navy sometimes conducts so-called freedom of navigation operations to challenge Chinese claims to more than 80 percent of the South China Sea — one of the world’s busiest trading routes. China has reclaimed some 3,200 acres (1,290 hectares) of land in the waters and built ports, runways and other military infrastructure on seven artificial features it has created.

China has been involved in other attacks related to the South China Sea. In 2015, during a week-long hearing on a territorial dispute in the water, Chinese malware attacked the website of the Permanent Court of Arbitration in the Hague, taking it offline.

The latest attacks were carried out using a variety of techniques including “spear-phishing,” in which emails with links and attachments containing malware are used to open back doors into computer networks. In some examples, the emails were made to look as if they originated from a “big international maritime company,” Plan said.

FireEye said in a separate report that government offices, media and academic institutions have been attacked, along with engineering and defense companies. Plan declined to comment when asked whether the U.S. Navy was among the targets.

“Given the type of organizations that have been targeted — the organizations and government offices — it is most likely the case that TEMP.Periscope is operating on behalf of a government office,” Plan said.

— With assistance by Dandan Li, Peter Martin, and Andy Sharp



We’ve heard 白痴國家 (Means “Idiot Nation”)




No automatic alt text available.

China has long had its eye on James Shoal and may move toward the island unless Malaysia or Indonesia protest…


No automatic alt text available.

China says it has sovereignty over all the South China Sea north of its “nine dash line.” On July 12, 2016, the Permanent Court of Arbitration  in The Hague said this claim by China was not valid. But China and the Philippine government then chose to ignore international law.

German intelligence warns of increased Chinese cyberspying

December 10, 2017

The Associated Press

BERLIN (AP) — The head of Germany’s domestic intelligence agency warned Sunday that China is using social networks to try to cultivate sources of information among lawmakers and officials, while Chinese hackers are increasingly attacking European companies through trusted suppliers.

Hans-Georg Maassen said his agency, known by its German acronym BfV, believes more than 10,000 Germans have been targeted by Chinese intelligence agents posing as consultants, headhunters or researchers, primarily on the social networking site LinkedIn.

“This is a broad-based attempt to infiltrate in particular parliaments, ministries and government agencies,” Maassen said.

The BfV established a task force early this year which examined the use of fake profiles on social networks over a nine-month period. The agency provided journalists with what it said where eight of the most prolific fake profiles on LinkedIn used by Chinese spies.

Using names such as Lily Wu, Laeticia Chen or Alex Li, the profiles sport an impressive resume, hundreds of contacts and attractive pictures of young professionals.

The agency also named six organizations it said are used by Chinese spies to cloak their approaches, including one called the Association France Euro-Chine and another named Global View Strategic Consulting.

Messages seeking comment from the organizations weren’t immediately returned.

Maassen warned that Chinese cybergroups are also using so-called “supply-chain attacks” to get around companies’ online defenses. Such attacks target IT workers and others who work for a trusted service providers in order to send malicious software into the networks of organizations the attackers are interested in.

“The infections are difficult to detect, since network connections between service providers and their customers aren’t suspicious,” the BfV said. “This gives the attacker an even better disguise than before.”


Frank Jordans contributed to this report.

China’s Secret Weapon in South Korea Missile Fight: Hackers

April 21, 2017

China denies it is retaliating over the Thaad missile system, but a U.S. cybersecurity firm says they are

This 2015 handout photo from the U.S. Department of Defense shows a terminal High Altitude Area Defense interceptor being test launched on Wake Island in the Pacific Ocean.

This 2015 handout photo from the U.S. Department of Defense shows a terminal High Altitude Area Defense interceptor being test launched on Wake Island in the Pacific Ocean. PHOTO: AFP PHOTO / DOD / BEN LISTERMAN

April 21, 2017 5:20 a.m. ET

Chinese state-backed hackers have recently targeted South Korean entities involved in deploying a U.S. missile-defense system, says an American cybersecurity firm, despite Beijing’s denial of retaliation against Seoul over the issue.

In recent weeks, two cyberespionage groups that the firm linked to Beijing’s military and intelligence agencies have launched a variety of attacks against South Korea’s government, military, defense companies and a big conglomerate, John Hultquist, director of cyberespionage analysis at FireEye Inc., said in an interview.

No automatic alt text available.

The California-based firm, which counts South Korean agencies as clients, including one that oversees internet security, wouldn’t name the targets.

While FireEye and other cybersecurity experts say Chinese hackers have long targeted South Korea, they note a rise in the number and intensity of attacks in the weeks since South Korea said it would deploy Terminal High-Altitude Area Defense, or Thaad, a sophisticated missile-defense system aimed at defending South Korea from a North Korean missile threat.

China opposes Thaad, saying its radar system can reach deep into its own territory and compromise its security. South Korea and the U.S. say Thaad is purely defensive. The first components of the system arrived in South Korea last month and have been a key issue in the current presidential campaign there.

One of the two hacker groups, which FireEye dubbed Tonto Team, is tied to China’s military and based out of the northeastern Chinese city of Shenyang, where North Korean hackers are also known to be active, said Mr. Hultquist, a former senior U.S. intelligence analyst. FireEye believes the other, known as APT10, may be linked to other Chinese military or intelligence units.

China’s Ministry of Defense said this week Beijing has consistently opposed hacking, and that the People’s Liberation Army “has never supported any hacking activity.” China has said it is itself a major hacking victim but has declined to offer specifics.

Mr. Hultquist said the two hacking groups gained access to their targets’ systems by using web-based intrusions, and by inducing people to click on weaponized email attachments or compromised websites. He declined to offer more specific details.


Recent cyberattacks attributed to Chinese state-backed groups.

  • Since February Spear-phishing* and watering hole** attacks were conducted against South Korean government, military and commercial targets connected to a U.S. missile defense system.
  • February, March Attendees of a board meeting at the National Foreign Trade Council were targeted with malware through the U.S. lobby group’s website.
  • Since 2016 Mining, technology, engineering and other companies in Japan, Europe and North America were intruded on through third-party IT service providers.
  • 2014-2015 Hackers penetrated a network of U.S. Office of Personnel Management to steal records connected to millions of government employees and contractors.
  • 2011-2012 South Korean targets, including government, media, military and think tanks were targeted with spear-phishing attacks.
  • *Sending fraudulent emails made to look as if they come from a trusted party in order to trick a target into downloading malicious software.
  • **A strategy in which the attacker guesses or observes which websites a targeted group often uses and infects them with malware to infect the group’s network..
  • Sources: FireEye, Trend Micro, Fidelis, PricewaterhouseCoopers and BAE Systems, WSJ reporting

Mr. Hultquist added that an error in one of the group’s operational security provided FireEye’s analysts with new information about the group’s origins.

South Korea’s Ministry of Foreign Affairs said last month that its website was targeted in a denial-of-service attack—one in which a flood of hacker-directed computers cripple a website—that originated in China.

A spokesman said that “prompt defensive measures” ensured that the attacks weren’t effective, adding that it was maintaining an “emergency service system” to repel Chinese hackers.

The ministry this week declined to comment further, or to say which cybersecurity firm it had employed or whether he thought the attacks were related to Thaad.

Another cybersecurity company, Russia’s Kaspersky Lab ZAO, said it observed a new wave of attacks on South Korean targets using malicious software that appeared to have been developed by Chinese speakers starting in February.

The attackers used so-called spear-phishing emails armed with malware hidden in documents related to national security, aerospace and other topics of strategic interest, said Park Seong-su, a senior global researcher for Kaspersky. The company typically declines to attribute cyberattacks and said it couldn’t say if the recent ones were related to Thaad.

The two hacking groups with alleged ties to Beijing have been joined by other so-called hacktivists—patriotic Chinese hackers acting independently of the government and using names like the “Panda Intelligence Bureau” and the “Denounce Lotte Group,” Mr. Hultquist said.

South Korea’s Lotte Group has become a particular focus of Chinese ire after the conglomerate approved a land swap this year that allowed the government to deploy a Thaad battery on a company golf course.

Last month, just after the land swap was approved, a Lotte duty-free shopping website was crippled by a denial-of-service attack, said a company spokeswoman, who added that its Chinese website had been disrupted with a virus in February. She declined to comment on its source.

China’s Ministry of Foreign Affairs didn’t respond to questions about the website attacks. The ministry has previously addressed Lotte’s recent troubles in China by saying that the country welcomes foreign companies as long as they abide by Chinese law.

The U.S. has also accused Chinese state-backed hacking groups of breaking into government and commercial networks, though cybersecurity firms say such activity has dropped since the two nations struck a cybersecurity deal in 2015.

The two Chinese hacking groups named by FireEye are suspected of previous cyberattacks.

FireEye linked Tonto Team to an earlier state-backed Chinese hacking campaign, identified by Tokyo-based cybersecurity firm Trend Micro Inc. in 2012, which focused on South Korea’s government, media and military. Trend Micro declined to comment.

Two cybersecurity reports this month accused APT10 of launching a spate of recent attacks around the globe, including on a prominent U.S. trade lobbying group. One of those reports, jointly published by PricewaterhouseCoopers LLP and British weapons maker BAE Systems, said the Chinese hacker collective has recently grown more sophisticated, using custom-designed malware and accessing its targets’ systems by first hacking into trusted third-party IT service providers.

Because of the new scrutiny from that report, FireEye said in a recent blog post that APT10 was likely to lay low, though in the longer run, it added, “we believe they will return to their large-scale operations, potentially employing new tactics, techniques and procedures.”

Write to Jonathan Cheng at and Josh Chin at



Russia’s Cyber Strategy is Nothing New

December 31, 2016

A 2013 article by Russian Gen. Valery Gerasimov emphasized importance of cyberwarfare

Petro Poroshenko, president of Ukraine, which has born the brunt of Russia’s cyberattacks.
Petro Poroshenko, president of Ukraine, which has born the brunt of Russia’s cyberattacks. PHOTO: REUTERS

MOSCOW—Russia’s military laid out what is now seen as a blueprint for cyberwarfare with a 2013 article in a professional journal by Gen. Valery Gerasimov, the chief of Russia’s General Staff.

Cyberspace, wrote Gen. Gerasimov, “opens wide asymmetrical possibilities for reducing the fighting potential of the enemy.”

At the time, Russia’s military was absorbing the lessons of the Arab Spring, when social media played a key role in mobilizing leaderless protests that upended the political order across North Africa and the Middle East.

Image may contain: one or more people, crowd and outdoor

Egyptian protesters tear down a U.S. flag at the U.S. Embassy in Cairo, September 11, 2012. Photo by Mohammed Abu Zaid, AP

“In North Africa, we witnessed the use of technologies for influencing state structures and the population with the help of information networks,” the article stated. “It is necessary to perfect activities in the information space, including the defense of our own objects.”

Now that doctrine is likely to come under more scrutiny following new U.S. sanctions that target Russia’s military intelligence agency, the Main Intelligence Directorate, or GRU, as well as the country’s Federal Security Service, the successor to the Soviet-era KGB.

The Obama administration accused Russia’s intelligence agencies of “tampering, altering or causing the misappropriation of information” with the goal of interfering with the 2016 presidential election. And the U.S. Treasury Department named a number of companies it alleged were linked to the hack, shedding new light on the links between the Russian military and security services and the country’s IT sector.

In the 2013 article, Gen. Gerasimov elaborated on the Russian military’s desire to hone its hacking skills as an extension of conventional warfare and political conflict. Experts say that since then, Russia has used cyberattacks as part of its arsenal against neighboring countries and as a political weapon, Western officials and security researchers said.

In Washington’s defense and national security circles, Russia’s use of masked invasions on the ground and difficult-to-attribute attacks in cyberspace have become examples of what is now known as the “Gerasimov doctrine,” in reference to the 2013 article.

At the Pentagon, the effort to ward off such a threat from Russia became a matter of high priority for Secretary of Defense Ash Carter and the nation’s top military generals.

In an August appearance at the Washington-based Center for Strategic and International Studies, Gen. Robert Neller, Commandant of the Marine Corps and member of the Joint Chiefs of Staff, said he had read Gen. Gerasimov’s article three times.

“He talks about what he calls fighting a war without fighting a war—use of information, social media, disinformation, deception,” Gen. Neller said.

The Pentagon has focused on shoring up U.S. defenses against such attacks, but many of the efforts have focused on countering cyber operations on the physical battlefield and safeguarding critical infrastructure on the home front.

U.S. officials see Russia’s alleged cyberattacks on election-related entities during the 2016 campaign as the boldest iteration of the Russian strategy that has been used around the globe.

Russia’s use of hacking first came into the spotlight in 2007 after Estonia removed a Soviet-era memorial to World War II from the center of its capital. Cyberattacks, which Western officials blamed on Russia, disabled websites of government ministries, political parties, banks and newspapers.

Government websites in the former Soviet republic of Georgia came under attack, along with media, communications and transportation companies, before and during a war with Russia in 2008.

People walk in Red Square, with St. Basil's Cathedral seen in the background, in Moscow.
People walk in Red Square, with St. Basil’s Cathedral seen in the background, in Moscow.PHOTO: MAXIM ZMEYEV/REUTERS

Ukraine, which has been fighting Russian-backed separatists in its east since 2014, has born the brunt of Russia’s cyberattacks, according to Western and Ukrainian officials and security experts.

Cyberattacks hit ministries and the presidential administration; hacked government documents were leaked online; election infrastructure was attacked.

More recently, attacks have briefly knocked out power supplies and disrupted the banking system. Ukrainian officials and cyber experts linked the attacks to Russia.

At a meeting with top security officials Thursday, Ukrainian President Petro Poroshenko said security services had detected 6,500 attempted cyberattacks on government agencies and state information resources in the past two months. He said investigations of several incidents had shown that Russia was directly or indirectly involved and had “unleashed a cyberwar against our country.”

“Ukraine is the perfect sandpit for this as it is complex enough to test it out but it’s not NATO and can’t really fight back,” said Mark Galeotti, senior researcher at the Institute of International Relations Prague.

Mr. Galeotti noted the difference between the wide-ranging attacks on Ukraine, which accompanied military interventions, and the targeted attack on the U.S., a political move aimed at casting American democracy in a bad light.

“Russia is ahead of the curve in political warfare, and we are scrambling to come to terms with it,” said Mr. Galeotti.

U.S. officials have warned that Russia may use hacking to seek to influence elections in Europe next year.

The role of Russia’s military, however, is less clear. Cyber operations in Ukraine and Georgia were aimed at shaping an active conflict. The Russian government has denied that it was involved in the hacking of the U.S. political process, but experts and U.S. officials say hacking—by nature difficulty to attribute decisively—gives the Russian government deniability.

Such deniability and deception, they add, has been a hallmark of Russian military operations, including the annexation of Crimea in 2014. There, Russia denied official connection to the well-armed and well-trained military professionals who took over key government installations on the Black Sea peninsula before acknowledging the “little green men” were actually Russian special-operations troops.

The Russian companies newly sanctioned by the U.S. also suggest an elusive link.

ANO PO KSI is a little-known microelectronics company in a village near Moscow. Founded in 1990, it builds special scanners for voting ballot papers, and is involved in digital mapping and microchip-based technology as well as developing digital aerial cameras for various purposes. The company declined to comment on being included on the list of sanctioned Russian companies.

Special Technological Center, or STC, is a St. Petersburg-based company that produces measurement and monitoring equipment, remotely piloted aircraft and related hardware components. It produces a drone called the Orlan-1, used for surveillance, reconnaissance and artillery spotting by the Russian military.

ZOR is a small cybersecurity company; according to Forbes Russia, it is run by Alisa Shevchenko, a self-taught cybersecurity expert. Ms. Shevchenko couldn’t be immediately reached for comment; on a Twitter account purportedly belonging to her, she said her company was no longer active and that an “anonymous clerk at US Treasury googled the internet for ’cyber’ while intel analysts were on their Christmas vacation.”

It wasn’t immediately possible to verify whether Ms. Shevchenko’s Twitter account was authentic.

Karen Kazaryan, chief analyst at the Russian Association for Electronic Communications, a trade body representing the IT industry, said the connections between the Russian government and the military and security establishment were extremely difficult to prove.

“For the second day in a row we’ve been trying to understand what these companies are,” he said. “Nobody knows anything about them. There’s a closed community of engineers, state servants and security experts, including cybersecurity experts on social media and no one has been able to find any heads or tails looking into them.”


Image may contain: 2 people, people standing and suit

Image may contain: 1 person

President Obama listens to Russia’s President Vladimir Putin on Sunday , November 20, 2016, in Lima, Peru. Credit AFP, Getty Images

Image may contain: 2 people, closeup

Israeli Prime Minister Benjamin Netanyahu listens as U.S. President Barack Obama speaks during their meeting in the Oval Office of the White House, Oct. 1, 2014. Photo: Reuter/Kevin Lamarque

Image may contain: 2 people


Image may contain: 4 people

United States Ambassador to the United Nations Samantha Power, left, Secretary of State John Kerry, second from right, and National Advisor Susan Rice, right, listen while US President Barack Obama speaks during the 68th session of the General Assembly at United Nations headquarters. (photo credit: AP/Seth Wenig)

Image may contain: 1 person, screen

U.S. Secretary of State John Kerry decided to lecture Israel this week….

Image may contain: 1 person, suit

Ben Rhodes




Rigged Debates: Wikileaks Emails Confirm Media in Clinton’s Pocket


 (August 16, 2016)

Image may contain: 2 people

Putin and Obama. Photo credit ALEXEI DRUZHININ, AFP, Getty Images. — An intelligence expert told Peace and Freedom, “Putin has become the world master at playing Obama.”

Village Roadshow and Hollywood studios have successfully got a court order forcing ISPs to block torrenting and free ...
 (Obama failed to defend the american election)


In June 2015, the United States Office of Personnel Management (OPM) announced that it had been the target of a data breach targeting the records of as many as four million people.  Later, FBI Director James Comey put the number at 18 million.  The data breach, which had started in March 2014, and may have started earlier, was noticed by the OPM in April 2015.  It has been described by federal officials as among the largest breaches of government data in the history of the United States. Information targeted in the breach included personally identifiable information such as Social Security numbers,[4] as well as names, dates and places of birth, and addresses.  The hack went deeper than initially believed and likely involved theft of detailed security-clearance-related background information. One victim wrote that the OPM is the agency that asks your neighbors what they know about you that could be used to blackmail you.

On July 9, 2015, the estimate of the number of stolen records had increased to 21.5 million. This included records of people who had undergone background checks, but who were not necessarily current or former government employees. Soon after, Katherine Archuleta, the director of OPM, and former National Political Director for Barack Obama‘s 2012 reelection campaign, resigned.

A July 2014 story in The New York Times quoted unnamed senior American officials saying that Chinese hackers had broken into OPM. The officials said that the hackers seemed to be targeting files on workers who had applied for security clearances, and had gained access to several databases, but had been stopped before they obtained the security clearance information. In an interview later that month, Katherine Archuleta, the director of OPM, said that the most important thing was that no personal identification information had been compromised. [That turned out to be not entirely true.]

No automatic alt text available.

Why China’s New Cybersecurity Law Is Bad News for Business

December 6, 2016

By Commentary

DECEMBER 1, 2016, 1:00 AM EST


U.S. companies have already begun to lobby against it.

China’s new cybersecurity law, expected to take effect next June, could hurt any foreign firm looking to do business in the world’s second-largest economy. Though the law is intended to fight non-Chinese and Chinese hackers, it also requires that foreign companies provide China’s government with potentially sensitive information about network equipment and software. Given the weaknesses of China’s enforcement of laws around intellectual property, it’s easy to see how trade secrets can fall into the hands of Chinese competitors at the expense of the best interests of foreign firms.

Businesses most at risk will be those with special hardware and systems for network management, which could well include ATMs. Because new-generation ATMs have a much higher level of connectivity, they’re more vulnerable to hacking, which is why they require sophisticated encryption devices and software to secure transactions. This cybersecurity law thus provides the government with the legal tool to obtain all such anti-hacking proprietary security hardware and software, which could then be passed on to relevant Chinese firms. And having access to the hardware and software means firms would have access to individuals’ personal banking information, as well.

The new law is also counterproductive because the scope of information that foreign companies will be required to provide to Chinese officials is worryingly broad. Complying with this requirement will force U.S. firms to make expensive investments to build duplicate facilities within China. This is in total contradiction with the free flow of data, expected to swell in 2020 after the introduction of 5G.

U.S. companies will have to weigh this risk against the opportunity to do business in China, which has developed a reputation for ‘copying’ without getting insider access. For international companies, there is no easy way forward, as the choice is black or white. Either foreign companies will comply, knowing China has a way to peek into what was previously private, or they will choose to stand by principles of privacy at the risk of being excluded from the Chinese market. Despite the challenging dilemma, companies are likely to comply and give in to China’s demands. The market is too huge and far too ripe for future growth to be ignored, especially when compared to more stagnant outlooks in Europe and the U.S.

In addition to creating barriers for international business in China, this kind of legislative move could stall innovation. It could well be considered to be part of what is called “indigenous innovation” in China, which consists of favoring Chinese firms by establishing non-tariff barriers—such as specific standards or regulations on products—in order to prevent non-Chinese firms the access to China’s large and dynamic market. And the impact would be wide-ranging, from consumer electronics to products, such as equipment to produce renewable energy, including windmills and solar panels.

Innovation involves a complex process, but it requires a society to be as open as possible and to allow vibrant exchanges between people. While cybersecurity is important, this law will wrap around the free market as it grips security. Within China, entrepreneurs are, by and large, not bothered by their government’s management of the Internet, called the “great firewall.” However, this new law is a new step to tighten the government’s grip on Internet. Furthermore, far from favoring China’s champions in this very dynamic area, such as Huawei, Lenovo, or Tencent, this law will handicap them in the long term. Maybe the hope is that these companies themselves will fight to alter the law and mitigate the negative implications for China’s Internet landscape.

U.S. companies have already begun to strongly lobby against the law, as well as China’s position that the Internet must be managed by authorities. But despite the efforts of any company, American, Chinese, or other, the cybersecurity law is just a piece of a larger ongoing political puzzle that companies will have to deal with. In the end, agility will be key for companies to succeed in the tense political environment.

Georges Haour is a professor of technology and innovation management at IMD business school and co-author of the new book, Created in China: How China is Becoming a Global Innovator (Bloomsbury, London, 2016).



(CNN)About a year ago, China and the United States formally agreed not to conduct or knowingly support the cyber theft of each other’s intellectual property.

So, how is that agreement working out?
Not great, said Adm. Mike Rogers, head of US Cyber Command.
“Cyber operations from China are still targeting and exploiting US government, defense industry, academic and private computer networks,” Rogers said last April during testimony before a US Senate committee.
Cyber theft of US trade secrets can easily ruin American businesses and result in higher prices for consumers. Even more worrisome, stolen American military secrets could put US servicemen and women at risk during combat.
“Russia and China are growing more assertive and sophisticated in their cyber operations,” White House spokesman Josh Earnest told reporters last July.
China’s cyber tactics may be getting “more assertive,” but the number of China-based hacking instances against the US government and American companies has declined in the past two years, according to US cyber security firm FireEye.
Despite all the fingers pointed in its direction, Beijing has long denied any responsibility for hacks and attacks — instead blaming internal “criminals” and rogues.
In 2004, an FBI probe nabbed an American engineer named Chi Mak who was convicted of trying to send digital information about secret US Navy technology to the Chinese government. The investigation is detailed in CNN’s Original Series “Declassified.”

Declassified Ep. 7 Chi Mak 2 _00001419

How the US searched a Chinese spy’s home without leaving a trace 01:16

How cyber spies operate

Sometimes cyber-spy targets might surprise you. A June New York Times report described how Chinese hackers took over a “dusty old computer” at a small welding company in Belleville, Wisconsin, to stage global assaults.
“We were totally freaked out,” co-owner Lori Cate told The Times. “We had no idea we could be used as an infiltration unit for Chinese attacks.”
CBS News reported on how China-based spies use malware and spear phishing to allow hackers to watch you at your desk without your knowledge. Spear phishing is harmful email disguised to look like it’s from a familiar business or someone you know.
The bad guys want you to open the email, click on an attachment and boom — your computer is now working for the spies.
Countries like China are turning “to proxies (to) do their bidding in order to provide plausible deniability,” said Frank J. Cilluffo the director of the Center for Cyber & Homeland Security, during testimony last February before a US House committee.
Hacker groups known by names like Deep Panda, C0d0so0 (aka Codoso) have been blamed for raiding computer systems at law firms, banks and Forbes.
One group which has been “attributed to China” has been dubbed “Mofang,” reports Wired.
“Mofang has targeted government agencies in the US, military agencies in India and Myanmar, critical infrastructure in Singapore, research and development departments of automotive companies in Germany, and the weapons industry in India,” Wired reported in June.
Not only could stolen data be used to copy new American products and secret military technology, Cilluffo warned it could be used as a weapon “to blackmail and recruit Americans” — potentially to be forced to act as Chinese agents.
Sometimes the espionage is about defending against an enemy.
“Beijing also selectively uses cyber attacks against targets it believes threaten Chinese domestic stability or regime legitimacy,” said James Clapper, US director of national intelligence, during congressional testimony last February.

What cyber spies want


“China’s aggressive collection efforts appear to be intended to amass data and secrets (military, commercial/proprietary, etc.) that will support and further the country’s economic growth, scientific and technological capacities, military power, etc. — all with an eye to securing strategic advantage,” Cilluffo said.
Sometimes the spying may be about getting the inside track.
Cyber spying malware has been linked to China in arbitration over islands in the South China Sea claimed by the Philippines but occupied by China, according to a report in The Hill.
An antivirus firm called F-Secure found malware linked to China on computers in the Philippines’ justice department, a law firm representing a party in the dispute and members of the Asia Pacific Economic Cooperation Summit, The Hill reported.
Sometimes it’s simply about copying hardware.
Countries can save untold money and time by stealing information that will help them duplicate rival products and weapons, instead of developing them legitimately. Last March, a 50-year-old Chinese citizen named Su Bin pleaded guilty to conspiring to hack into the computer networks of top US military contractors to pilfer sensitive information to send to China.

Last March a man admitted trying to steal data for China about Boeing's C-17 military transport.

He worked with two unidentified people for more than five years to target military data, including information about Boeing’s C-17 transport plane and certain fighter jets, the Justice Department said.
Clapper: Cyber intrusions blur war and peace
Director of National Intelligence James Clapper listens on Capitol Hill in Washington, Tuesday, Feb. 9, 2016, while testifying before a Senate Armed Services Committee hearing on worldwide threats. (AP Photo/Evan Vucci)
Overall, China has been successful in using cyber espionage against the US government, its allies and American companies, said Clapper.
He predicts China will continue to challenge the US at “lower levels of competition,” including “cyber intrusions, proxies and other indirect applications of military power — that intentionally blur the distinction between peace and wartime operations.”
In other words, get used to looking over your shoulder, because it’s likely that the threat of cyber espionage blamed on China will be with us for a long, long time.

Chinese Curb Cyberattacks on U.S. Interests, Report Finds

WASHINGTON — Nine months after President Obama and President Xi Jinping of China agreed to a broad crackdown on cyberespionage aimed at curbing the theft of intellectual property, the first detailed study of Chinese hacking has found a sharp drop-off in almost daily raids on Silicon Valley firms, military contractors and other commercial targets.

But the study, conducted by the iSight intelligence unit of FireEye, a company that manages large network breaches, also concluded that the drop-off began a year before Mr. Obama and Mr. Xi announced their accord in the White House Rose Garden. In a conclusion that is largely echoed by American intelligence officials, the study said the change is part of Mr. Xi’s broad effort to bring the Chinese military, which is considered one of the main sponsors of the attacks, further under his control.

As a result, the same political forces that may be alleviating the theft of data from American companies are also responsible for Mr. Xi’s stunningly swift crackdown on the Chinese media, bloggers and others who could challenge the Communist Party.

Source (read it all):

China proudly debuts its new stealth jet it built ‘by hacking into US computers and stealing plans’

November 2, 2016


China's newest warplane, the J-20 stealth fighter, made its first public flight at an airshow in the southern city of Zhuhai. It bears an uncanny resemblance to US military's F-22 Raptor

China’s newest warplane, the J-20 stealth fighter, made its first public flight at an airshow in the southern city of Zhuhai. It bears an uncanny resemblance to US military’s F-22 Raptor

  • Two of the stealth planes carried out a flyby demonstration at an air show
  • Analysts said the brief and cautious J-20 routine answered few questions
  • Previous reports claimed the design was similar to US fighter planes  
  • Earlier this year Chinese national, Su Bin, 51, was sent to prison for his part in stealing US military plans, include plans for the F-35 and F-22 fighter jets
  • But experts say it is too early to tell if the J-20 matches the capabilities of American fighter planes

China’s controversial stealth jet has made its first flyby, giving the public and media a glimpse of the aircraft believed to be a copy of America’s F-22 and built using hacked US military blueprints.

Taking to the skies at the airshow in the southern city of Zhuhai, in Guangdong province, the J-20 stealth fighter passed by onlookers in a thunderous demonstration.

The aircraft is believed to have been built in part from plans of US war planes, obtained by Chinese hackers jailed earlier this year – a claim which Beijing has firmly denied.

Military analysts have said it is still too early to tell if the jet matches the capabilities of the US F-22 Raptor.

Scroll down for video

Copy-cat? Pictured above is America's F-22 which shares a similar design to the J-20. China is set to overtake the US as the world's top aviation market in the next decade

Copy-cat? Pictured above is America’s F-22 which shares a similar design to the J-20. China is set to overtake the US as the world’s top aviation market in the next decade

After arriving as a pair at low-level, one of the J-20s quickly disappeared over the horizon, leaving the other to perform a series of turns, revealing its delta wing shape against bright sub-tropical haze.

But analysts said the brief and relatively cautious J-20 routine – the pilots did not open weapon bay doors, or perform low-speed passes – answered few questions.

‘I think we learned very little. We learned it is very loud. But we can’t tell what type of engine it has, or very much about the mobility’, said Greg Waldron, Asia Managing Editor of FlightGlobal. ‘Most importantly, we didn’t learn much about its radar cross-section’.

A key question whether the new Chinese fighter can match the radar-evading properties of the Lockheed Martin F-22 Raptor air-to-air combat jet, or the latest strike jet in the U.S. arsenal, Lockheed’s F-35.

But the mere display of such a newly developed aircraft was a revealing signal, others said.

‘It’s a change of tactics for the Chinese to publicly show off weapons that aren’t in full squadron service yet,” said Sam Roggeveen, a senior fellow at the Sydney-based Lowy Institute, ‘and demonstrates a lot of confidence in the capability, and also a lot of pride’.

But the fighter jet’s development has been controversial, embroiled in claims of espionage.

Chinese national Su Bin  admitted in a plea agreement with US authorities to conspiring with two unnamed military officers in China to try to acquire plans for F-22 and F-35 fighter jets and Boeing's C-17 military transport aircraft. He was sentenced to just under four years. Pictured at the Chinese airshow is the new J-20

Chinese national Su Bin admitted in a plea agreement with US authorities to conspiring with two unnamed military officers in China to try to acquire plans for F-22 and F-35 fighter jets and Boeing’s C-17 military transport aircraft. He was sentenced to just under four years. Pictured at the Chinese airshow is the new J-20

Spot the difference: America's F-22 (pictured)  shares many identical features

Spot the difference: America’s F-22 (pictured)  shares many identical features


Today’s flypast marks the first public flight for China’s new war plane.

The fighter jet is swift, stealthy, and armed with long-range missiles.

Its design is similar to US fighter jets, stoking concerns that the Chinese military used ‘stolen’ plans obtained by hackers to develop the stealth plane and further drive its military ambitions.

Experts have said that the plane represents a leap forward in China’s ability to project power in Asia, and will compete with US military technology.

China is set to overtake the US as the world’s top aviation market in the next decade.

Earlier this year, a Chinese national, 51-year-old Su Bin, was sent to prison for his part in stealing US military plans and sending documents to Beijing.

The documents were reported to include plans for the F-35 and F-22 fighter jets, which would have enabled the Chinese military to rapidly catch up with US capabilities.

Airshow China, in the southern city of Zhuhai, has offered Beijing an opportunity to demonstrate its ambitions in civil aerospace and to underline its defence ambitions.

China is set to overtake the US as the world’s top aviation market in the next decade.

Unofficial shots of a J-20 prototype fueled discussion over the region’s power balance when first glimpsed by plane spotters in 2010.

Experts say China has been refining designs in hopes of narrowing a military gap with Washington.

Cao Qingfeng, an aircraft engineer watching the flypast, said the ‘stunning’ display was a show of China’s strengthening aircraft industry and manufacturing – and Western officials agreed.

‘This shows they now have confidence to put it out in public,’ said a Western industry official who has monitored the biennial show from its inception 20 years ago.

‘This is the airplane for China in the way that the J-31 is not; this is the one they develop for themselves,’ he added.

Despite the impressive show of aerial military might, some foreign observers have questioned its stealth capabilities.


Top speed: 1,305 mph

Range: 2,113 mi

Length: 67′

Wingspan: 42′ 0″

Weight: 43,000 lbs

Engine Type: Xian WS-15 turbofan engines

Cost: $110m

Manufacturer: Chengdu Aircraft Industry Group


Top speed: 1,498 mph

Range: 1,839 mi

Length: 62′

Wingspan: 44′ 0″

Weight: 43,430 lbs

Engine type: Pratt & Whitney F119

Cost: $130m

Manufacturers: Boeing Defense, Space & Security, Lockheed Martin Aeronautics

Two of the J-20 jets flew over dignitaries, industry executives and spectators and gathered at the show's opening ceremony during a 60-second flypast (pictured) 

Two of the J-20 jets flew over dignitaries, industry executives and spectators and gathered at the show’s opening ceremony during a 60-second flypast (pictured)

In this image made from video, the J-20 stealth fighter pulls a sharp incline to a a crowd of spectators and dignitaries at the Zhuhai airshow

In this image made from video, the J-20 stealth fighter pulls a sharp incline to a a crowd of spectators and dignitaries at the Zhuhai airshow

The demonstration flight of the two J-20 stealth jets generated a deafening roar, setting off alarms of parked cars at the site

The demonstration flight of the two J-20 stealth jets generated a deafening roar, setting off alarms of parked cars at the site


In July this year, a Chinese national was sentenced in Los Angeles to three years and 10 months in prison for hacking US defense contractors to steal trade secrets on Beijing’s behalf.

Su Bin, 51, who went by the names Stephen Su and Stephen Subin, was also ordered by a federal judge to pay a $10,000 fine.

Su in March had admitted in a plea agreement with US authorities to conspiring with two unnamed military officers in China to try to acquire plans for F-22 and F-35 fighter jets and Boeing’s C-17 military transport aircraft.

According to court documents, the trio managed to steal sensitive data by hacking into the computer networks of major defense contractors and sent the information to China.

Washington and Beijing have repeatedly clashed over what the US describes as rampant cyberspying by the Chinese government on US industry.

White House concerned about China on cybersecurity

Other aircraft scheduled to be on display alongside the latest Chinese weapon systems, radar and drones include the Xian Y-20 strategic airlifter, and what organisers say is the largest amphibious plane now in production, the AG600.

The flying boat is officially promoted as a fire-fighting or search and rescue plane. But analysts note the AG600 – first unveiled 10 days after a Hague tribunal ruled against China’s claim to parts of the South China Sea in July – is well suited to resupplying military outposts in the disputed area.

Notably absent from the airshow schedule is the Comac C919 passenger jet, designed to compete with Europe’s Airbus Group and Boeing Co of the United States, the rivals who dominate the global supply of airliners.

The 150-seater C919 is scheduled to stage an often-delayed maiden flight this year, but industry sources say this will now slip to 2017 – three years behind original plans.

Airbus and Boeing continue to expand in China with recent plant announcements. Boeing is expected to announce a new supplier partnership at the show.

The air show showcased China's aerial strength. Along with the latest J-20 stealth jet will be the seven-strong J-10 fighter jets of China's Bayi Aerobatic Team (pictured)

The air show showcased China’s aerial strength. Along with the latest J-20 stealth jet will be the seven-strong J-10 fighter jets of China’s Bayi Aerobatic Team (pictured)

The airshow, in Zhuhai, south China's Guangdong Province, will provide a platform for Beijing to flex its long-range military muscle to the public and watching nations around the world. Pictured are the J-10 jets of the Bayi Aerobatic Team at Zhuhai airport

The airshow, in Zhuhai, south China’s Guangdong Province, will provide a platform for Beijing to flex its long-range military muscle to the public and watching nations around the world. Pictured are the J-10 jets of the Bayi Aerobatic Team at Zhuhai airport

China’s only international aerospace exhibition, held biennially in the southern city of Zhuhai, this year boasts its largest-ever display of military hardware and aircraft, with 11 exhibition halls, 430,000 square metres of indoor and outdoor viewing area, and 151 aircraft from 700 exhibitors from 42 countries and regions.

China is aggressively moving to develop its domestic weapons industry, from drones and anti-aircraft systems to homegrown jet engines and hypersonic planes.

Beijing has previously been accused of copying designs from Russian fighters, and analysts say its J-31 stealth fighter is very similar to the US-developed F-35.

China’s military focus on stealth technology remains a key issue for Beijing.

Earlier this month, leaked images emerged of the military’s enormous stealth warship, currently under construction at the Jiangnan Changxing shipyards.

Known as a Type 005 destroyer, the vessel is believed to be armed with electromagnetic railguns capable of shooting down missiles and firing on land targets.

It was also reported in September that a Chinese firm claimed to have developed radar technology capable of detecting stealth jets (stock image used)

It was also reported in September that a Chinese firm claimed to have developed radar technology capable of detecting stealth jets (stock image used)

The leaked images revealed the battle ship’s progress, with signs of portals on the stern for sensors and weapons and up to 128 vertical launch system cells for missiles.

It was also reported in September that a Chinese firm claimed to have developed radar technology capable of detecting stealth jets.

Called the quantum radar, the technology was reportedly created by Intelligent Perception Technology, a branch of defence and electronics firm CETC.

They firm claims it is capable of detecting a target at a range of 60 miles and was successfully tested last month.

China has pushed for dominance in the South China Sea, following a number of contentious claims over who owns territory in the region.

The two major island chains in the region, the Spratlys and the Paracels, have become central to the international argument, causing tensions to rise.

Vietnam, Taiwan, Malaysia, Brunei and the Philippines all have claims on the region, but China has surged ahead with expansive military operations, including the building of its own islands in disputed spots to stake its claim and bolster a military presence.


Asia's most powerful warship has been shrouded in mystery since construction began last year at the Jiangnan Changxing shipyards. Called Type 005 destroyer, this vessel is said to be armed with electromagnetic railguns that can shoot down missiles and attack land targets (pictured is an artist impression of Type 005)

Asia’s most powerful warship has been shrouded in mystery since construction began last year at the Jiangnan Changxing shipyards. Called Type 005 destroyer, this vessel is said to be armed with electromagnetic railguns that can shoot down missiles and attack land targets (pictured is an artist impression of Type 005)

Leaked images show the Type 005 destroyer should launch late 2017 or early 2018.

It has a full displacement of over 14,000 tons.

And the images show the bow and stern are finished.

Now, leaked images give a glimpse of the battle ship's progress, which reveals four portals on the stern for sensors and weapons and up to 128 vertical launch system cells for missiles (pictured is an artist impression of Type 005)

Now, leaked images give a glimpse of the battle ship’s progress, which reveals four portals on the stern for sensors and weapons and up to 128 vertical launch system cells for missiles (pictured is an artist impression of Type 005)

The bow area appears to be extremely hydrodynamic hull, endure high speeds, have stealth capabilities and is fitted with an enclosed deck.

And the stern is where the creators packed all of the technology.

This area has at least four sections that hold sensors and weapons like towed array sonar, variable depth sonar, towed torpedo decoys and active torpedo defenses.

Because the ship is 175 meters long and is built with large displacement, the Type 005 will be capable of carry numerous helicopters at once and other technologies such as drones and underwater vehicles.

Read more:
Follow us: @MailOnline on Twitter | DailyMail on Facebook


Read more:
Follow us: @MailOnline on Twitter | DailyMail on Facebook

Hillary Clinton’s Email Mess Could Still Be a “Teachable Moment” — “Hillary Clinton can serve a good purpose only if she become the sacrificial goat — and everyone in the government learns a lesson that this is unacceptable and will ruin you.”

April 19, 2016

By Bill Blum

  Hillary Clinton. Gage Skidmore / Flickr (CC-BY-SA)


Although the subject of Hillary Clinton’s emails did not come up during Thursday’s presidential debate, the heated controversy over the Democratic front-runner’s use of a private Internet server during her four-year stint as secretary of state is far from over.

Indeed, if recent reports published largely (though not exclusively) by right-wing news media have any credibility, the controversy is about to re-erupt with redoubled fury. Some on the right are even predicting that Clinton will soon be indicted.

The reason for the right’s breathless anticipation of Clinton’s demise is that the mysterious, eccentric and paranoid Romanian computer hacker who broke the email story back in 2013 was extradited to the United States last month pursuant to federal felony charges filed against him in 2014. The theory is that prosecutors will squeeze the hacker for incriminating evidence against Clinton. A trial date in the hacker’s case has been set for September, smack dab in the middle of the general election campaign, in federal district court in Alexandria, Va.

The hacker is one Marcel Lehel Lazar, who traffics under the nom de plume of “Guccifer”—a portmanteau or linguistic hybrid that by his own description combines the “style” of Gucci and the “light” of Lucifer. Guccifer believes the international economy is controlledby a cabal of the “Council of the Illuminati” and well-placed “radical” Jews. His self-appointed mission as a cybersleuth is to expose the Illuminati’s machinations to create a “new world order” in each of its nefarious aspects.

If all that sounds more than a tad loopy, rest assured that it is. But as zany as Guccifer’s weltanschauung may be, he’s also a devastatingly talented cyberstalker, and that’s bad news for Clinton and her backers.

So exactly who is Guccifer, and how did he come to play a central role in Clinton’s email crisis?

Now in his mid-40s, Guccifer lived with his wife and daughter in the village of Sambateni, Romania, until his conviction and ultimate imprisonment in his native land on hacking charges in 2014. An autodidact whose formal education ended with high school, he struggled with long-term unemployment, scrambling for occasional work as a taxi driver and a paint salesman, according to his statements in an exclusive interview published by the website in March 2015.

Initially, as illustrated by both Pando and an earlier story written by New York Times reporter Andrew Higgins, Guccifer appears to have been motivated primarily by pedestrian desires for fame and an urge for self-promotion. His immediate goal was to expose and embarrass others who had achieved the notoriety he craved, but never to extort money.

He reportedly first took to hacking in 2010, equipped only with an old home computer and a cellphone. He has told Pando and the Times that his methods were, in essence, old school and low tech. Instead of using sophisticated algorithms, he would read articles and biographies about his targets and then painstakingly guess their email passwords until he gained access to their electronically stored information.

Starting small, his earliest victims were Romanian entertainers and soccer stars. But local authorities soon caught on to him, and a year later he was arrested. After pleading guilty to cybercrimes, he was given a suspended jail sentence on the condition that he go straight.

But he didn’t. As explained in the Pando exclusive, once released from custody, Guccifer trained his hacking sights on ever-bigger public figures. This time, using a proxy server based in Russia to hide his tracks, he not only began breaking into the email accounts of Romanian politicians, but he gained access to the emails and websites of such international celebrities as actor/comedian Steve Martin, “Downton Abbey” writer Julian Fellowes and journalist Carl Bernstein; business leaders like MetLife CEO Steven Kandarian; and a trove of former American government officials, such as ex-Nixon aide John Dean and Reagan-era White House chief of staff Ken Duberstein.

Guccifer’s exploits were exposed in the United States in February 2013, when The Smoking Gun website—one of a handful of Internet outlets, along with Gawker and Russia Today, that he frequently contacted to gloat about his triumphs and supply with documentation—reported that he had posted photos and correspondence from the email accounts of family members of former President George W. Bush. Among the released items were self-portraits of Bush taking a bath and standing in the shower.

Guccifer’s handiwork might have been considered little more than a series of annoying pranks had he not also turned his attention to former Secretary of State Colin Powell and longtime Clinton aide and confidant Sidney Blumenthal.

In March 2013, he managed to hack into Powell’s Facebook account, defacing it with phony status updates that insulted Bush and declaring that Powell, Bush and the Rockefellers would burn in hell. He also succeeded in compromising Powell’s AOL account, obtaining financial information and email exchanges with former government personnel.

But it was the breach of Blumenthal’s AOL email account, also in March 2013, that netted the biggest headlines for Guccifer and that now poses the greatest dangers to Clinton’s presidential ambitions.

The Smoking Gun revealed the Blumenthal hack on March 15, 2013, reporting that Guccifer had obtained emails Blumenthal had sent to Clinton during her tenure at the State Department. Some of the missives included attachments containing confidential intelligence memos Blumenthal had written on Libya and Benghazi, Syria and Bashir Assad, the Muslim Brotherhood and Egypt, Algeria and other foreign-policy topics and issues.

Five days after the Smoking Gun disclosure, Russia Today published the Blumenthal memos in their entirety.

At the time Blumenthal wrote and forwarded the memos, he was working as a full-time employee for the Clinton Foundation, pulling down a monthly salary of $10,000, according to Politico chief investigative reporter Ken Vogel. Anyone wishing to sort through and study them can do so by accessing the comprehensive searchable archive of emails sent to and from Clinton’s private server that has been published by WikiLeaks.

Although the Blumenthal memos appear to have been unsolicited by Clinton, there can be no question that she appreciated and valued them in her role as the nation’s top diplomat. For example, a day after receiving a Blumenthal memo on Egypt and the Muslim Brotherhood in August 2012, she forwarded it to State Department Director of Policy Planning Jake Sullivan, with the notation: “Best info yet. Let’s discuss before you forward [to others] this morning.”

Guccifer continued to stalk former U.S. policymakers well into 2013, breaching the personal email ledgers of one-time National Intelligence Council Chairman Christopher Kojm and ex-Defense Intelligence Agency official Roy Apseloff, among others.Blumenthal

Romanian authorities rearrested Guccifer in January 2014 for spying on national officials, including the head of the country’s intelligence service. He was convicted and sent to a maximum security prison.

In June 2014, a federal grand jury in Virginia returned a nine-count indictment against Guccifer, charging him with wire fraud, unauthorized access of a protected computer, aggravated identity theft, cyberstalking and obstruction of justice for accessing the email accounts of Powell and Blumenthal (who are referred to anonymously in the charging document as victims 3 and 5, respectively), as well as other violations. Soon thereafter, the U.S. initiated discussions with Romania aimed at securing his extradition—an effort that finally paid off late last month.

Remarkably, although Clinton installed her private email server in January 2009, a week before she was confirmed as secretary of state, the fact that she exclusively used private email in violation of State Department guidelines to conduct official business was not widely known until The New York Times ran a story about her server on March 2, 2015. Since then, speculation has been rampant that Clinton may have run afoul of several federal criminal statutes, not only for maintaining the server rather than using official government channels of communication, but for deleting over 30,000 emails that she and her staff unilaterally deemed purely personal before turning over 31,000 emails to the State Department.

The Justice Department has been investigating the email controversy at least since last July, and in February, the FBI publicly confirmed that it, too, had joined the probe. Earlier this month, FBI Director James Comey announced that the investigation was continuing and that it would be completed “well and promptly.”

It also has been widely reported that Clinton and several of her aides will be interviewed in the near future as part of the FBI/Justice Department probe. Clinton aide Bryan Pagliano, who helped set up the server, has been granted immunity by the Justice Department after refusing to testify before the Senate Judiciary Committee. The pressure and suspense, thus, are building.

Those calling for Clinton to be prosecuted tend to focus on two provisions of federal law—sections 1924 and 793 of Title 18 of the United States Code—dealing, respectively, with the unauthorized removal and retention of classified material, and the improper gathering, transmission or loss of information relating to the national defense. In anApril 11 interview on the Fox Business Network, former Attorney General Michael Mukasey all but accused Clinton of committing a felony.

Others, who contend that prosecution is unlikely, including Clinton herself, focus on the fact that previous secretaries of state, such as Powell, also used private email to conduct official business. More importantly, Clinton and her defenders argue that no crimes were committed because the emails contained no information that was classified at the time they were sent or received.

In a detailed analysis published last week by Politico, White House correspondent Josh Gerstein staked out something of a middle ground in the roiling debate. After reviewing dozens of recent federal investigations involving alleged mishandling of classified records—including the 2015 prosecution of Gen. David Petraeus for providing top-secret material to a woman who was his biographer and mistress—Gerstein concluded there will be no indictment against Clinton unless prosecutors are convinced she acted with the intent to violate classification rules. In addition, Gerstein wrote, prosecutors will consider whether Clinton committed other aggravating acts beyond rule infractions, such as lying under oath or endangering national security.

Whether Guccifer, now that he is stateside and awaiting his day in the dock, can provide the missing elements and incentives needed for prosecuting Clinton is, as former Defense Secretary Donald Rumsfeld might put it, a gigantic and lingering “known unknown.” In his Pando interview, Guccifer said he anticipated collaborating with American intelligence agencies “when the day is right.” He also boasted that he had “a lot more [unreleased] material saved in the cloud.”

That material, if in fact it exists, may not prove sufficient to force Clinton to swap her trademark pantsuits for a set of prison jumpers. But the flood of disclosures Guccifer has already unleashed will continue to dog Clinton until Election Day, calling her values, character, judgment and fitness for office into constant question.

A U.S. government cyber expert told Peace and Freedom, “The Obama administration would get its highest award for transparency from hackers and cyber spies. Hillary Clinton can serve a good purpose only if  she become the sacrificial goat — and everyone in the government learns a lesson that this is unacceptable and will ruin you.  Then we clean this problem up once and for all.””



All the cyberattacks on the U.S. government (that we know of)

Aug 18, 2015

Another day, another cyberattack.

Hackers accessed tax returns belonging to more than 300,000 people — more than twice officials’ initial estimate — when they breached an Internal Revenue Service program in May, stealing taxpayers’ personal information and generating nearly $50 million in fraudulent refunds, the agency said this week.
But the IRS hack is just one of more than a dozen cyberattacks on U.S. agencies in recent years, though the exact number and scope of attacks can be hard to gauge because officials are often reluctant to disclose or discuss them, let alone point fingers at suspected perpetrators. SY Lee, a spokesman for the U.S. Department of Homeland Security, told Mashable the agency did not “have a list” of cyberattacks on U.S. agencies.

IRS Commissioner John Koskinen

“I think there’s probably some reluctance to admit the depth of the problem,” said Wayne Jackson, CEO of Sonatype. “They are way more vulnerable than they would like for us to know.”

Overall, though, federal agencies have suffered at least a dozen major data breaches or network intrusions since 2007 — many reportedly at the hands of Russian and Chinese hackers, who have successfully targeted a nuclear research laboratory, the Postal Service, weather and satellite networks, administrative agencies holding sensitive personal information and even the White House itself, according to news reports.

Such attacks — often suspected to be state-sanctioned — are distinct from the kinds of cyber-assaults that have targeted commercial entities, such as retailers or banks. But those, too, are useful and frequent targets for foreign agents. According to a National Security Agency document obtained by NBC News, for instance, Chinese hackers targeted more than 600 government, corporate and private, including big firms like Google and Lockheed Martin, in a five-year period ending in 2014.

While none of the reported hacks have managed to infiltrate government agencies’ classified networks, the slew of cyberattacks has allowed hackers to steal valuable personal data — including Social Security numbers, addresses, dates of birth, health records and emails — belonging to millions of Americans, including top government officials.

Experts say these are high-tech means toward an old-fashioned end: Espionage.

When Chinese hackers allegedly broke into the Office of Personnel Management’s computer system and stole data belonging to 21 million Americans who had applied for — or knew someone who had applied for — a background check, experts warned that foreign actors could use the information from background check interviews — which includes everything from their financial histories to details about their sex lives — to blackmail or coerce victims.

“They would leverage this data to get to diplomatic, political, military and economic intelligence that they typically target,” John Hultquist, senior manager for cyberespionage threat intelligence at iSight Partners, told the Washington Post in June.

When the hackers’ identities are known, diplomatic reasons might keep officials from naming names. But sometimes identifying the perpetrator — especially the skilled ones — is just too hard.

Known breaches of classified information, for example, are rare. That’s partly because truly sensitive information is often kept on networks that are never connected to the public internet, Jackson said. But sometimes, it’s because the hackers are just that good. Earlier this year, German magazine Der Spiegel reported — that Chinese hackers had stolen “many terabytes” of classified data regarding a new U.S. fighter jet. The theft, which was believed to have occurred in 2007, went unreported for seven years.

“The difficulty of getting to [classified information] would imply a sort of nation-state kind of skill,” Jackson said. “Someone with that kind of skill would be very hard to detect because they’d be sufficiently capable that you’d almost certainly never know that they were there.”



U.S. going after Iranian hackers tied to cyber attacks — Second country after China

March 23, 2016


Wed Mar 23, 2016 4:35pm EDT

The Obama administration is expected to blame Iranian hackers as soon as Thursday for a coordinated campaign of cyber attacks in 2012 and 2013 on a suburban New York City dam and several other targets, possibly including multiple U.S. banks, sources familiar with the matter have told Reuters.

In one of the largest foreign cyber attack cases since 2014 when the United States charged five Chinese military hackers, the U.S. Justice Department has prepared an indictment against about a half-dozen Iranians, said four sources, who spoke on condition of anonymity due to the sensitivity of the matter.

The charges, related to unlawful access to computers and other alleged crimes, were expected to be announced publicly by U.S. officials as soon as Thursday morning at a news conference in Washington, the sources said.


The indictment was expected to directly link the hacking campaign to the Iranian government, one source said.

Though the breach of back-office computer systems at the Bowman Avenue Dam in Rye Brook, New York has been reported, it was only part of a hacking campaign that was broader than previously known, as the indictment will show, the sources said.

In the intrusion of the dam computers, the hackers did not gain operational control of the floodgates, and investigators believe they were attempting to test their capabilities.

The dam breach coincided roughly with attacks on U.S. financial institutions. Cyber security experts have said these, too, were perpetrated by Iranian hackers against Capital One, PNC Financial Services and SunTrust Bank. Prosecutors were considering including those breaches in the indictment, sources said.

The hackers who were expected to be named in the indictment all reside in Iran, one source said.

The Justice Department declined to comment.

The indictment would be the Obama administration’s latest step to confront foreign cyber attacks on the United States. President Barack Obama accused and publicly condemned North Korea over a 2014 hack on Sony Pictures and vowed to “respond proportionally.” No details were made public of any retaliation.

James Lewis, a cyber security expert with the Center for Strategic and International Studies think tank, said, “We need to make clear that there will be consequences for cyber-attacks and that the Wild West days are coming to an end.”

Two weeks ago, it was widely reported that U.S. prosecutors were preparing an indictment against Iranian hackers related solely to the dam attack.

The broader indictment would come at a time of reduced tensions between the United States and Iran after a landmark 2015 nuclear deal. At the same time, the Obama administration has shown a willingness to confront Tehran for bad behavior.

Charging the Iranian hackers would be the highest-profile move of its type by the Obama administration since the Justice Department in 2014 accused five members of China’s People’s Liberation Army with hacking several Pennsylvania-based companies in an alleged effort to steal trade secrets.


U.S. national security professionals and cyber-security experts have grown increasingly worried about attacks on infrastructure including dams, power plants and factories.

That concern has grown since a December cyber attack in the Ukraine caused a blackout that temporarily left 225,000 customers without power.

Speaking at a cyber security conference earlier this month, National Security Agency chief Michael Rogers said it was a matter of “when, not if” another country launched a successful and destructive cyber attack on U.S. critical infrastructure like the one seen in Ukraine.

Some experts have said the United States is less well-equipped to respond to a major infrastructure attack because systems are more connected and reliant on the Internet.

The United States and Israel covertly sabotaged Iran’s nuclear program in 2009 and 2010 with the now-famous Stuxnet computer virus, which destroyed Iranian centrifuges that were enriching uranium.

(Reporting by Dustin Volz in Washington and Nate Raymond in New York; additional reporting by Mark Hosenball in Washington and Jim Finkle in Boston; Editing by Kevin Drawbaugh and Jonathan Oatis)


Part of the building of 'Unit 61398', a secretive Chinese military unit, is seen in the outskirts of Shanghai February 19, 2013. The unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking. REUTERS/Carlos Barria (CHINA - Tags: POLITICS SCIENCE TECHNOLOGY MILITARY) - RTR3DZ82

Part of the building of ‘Unit 61398′, a secretive Chinese military unit, is seen in the outskirts of Shanghai February 19, 2013. The unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking. REUTERS/Carlos Barria

'UglyGorilla,' an alias of Chinese army official Wang Dong, allegedly controlled the computers of U.S. victims after a gang of cyber-hackers gained access by sending users fake 'spearphishing' emails that contained links to malware

‘UglyGorilla,’ an alias of Chinese army official Wang Dong, allegedly controlled the computers of U.S. victims after a gang of cyber-hackers gained access by sending users fake ‘spearphishing’ emails that contained links to malware

epa04214253 An undated handout photograph made available by the US Federal Bureau of Investiigation (FBI) shows Sun Kailiang. Reports state on 19 May 2014 that  Sun Kailiang along with four other Chinese Army Officers are being sought by the FBI after they have been charged with hacking into US companies in the first cyber-espionage case of its kind.  EPA/FBI / HANDOUT BEST QUALITY AVAILABLE HANDOUT EDITORIAL USE ONLY
'KandyGoo' (R) tested malicious email messages and managed domain accounts used by the Chinese

‘Jack Sun’ (Top), a Chinese Army captain, ‘was observed both sending malicious emails and controlling victim computers,’  while ‘KandyGoo’ (Bottom) tested malicious email messages and managed domain accounts used by the Chinese

epa04214251 An undated handout photograph made available by the US Federal Bureau of Investiigation (FBI) shows Wen Xinyu. Reports state on 19 May 2014 that  Wen Xinyu along with four other Chinese Army Officers are being sought by the FBI after they have been charged with hacking into US companies in the first cyber-espionage case of its kind.  EPA/FBI / HANDOUT BEST QUALITY AVAILABLE HANDOUT EDITORIAL USE ONLY
epa04214250 An undated handout photograph made available by the US Federal Bureau of Investiigation (FBI) shows Huang Zhenyu. Reports state on 19 May 2014 that Huang Zhenyu along with four other Chinese Army Officers are being sought by the FBI after they have been charged with hacking into US companies in the first cyber-espionage case of its kind.  EPA/FBI / HANDOUT BEST QUALITY AVAILABLE HANDOUT EDITORIAL USE ONLY

‘WinXYHappy’ may sound like an unoriginal Twitter handle, but it was the alias of an alleged Chinese army hacker (Top) who controlled Americans’ computer accounts while computer programmer ‘hzy_lhx’ (Bottom) and others managed online domains after the People’s Liberation Army got control of them

Read more:

Follow us: @MailOnline on Twitter | DailyMail on Facebook