Posts Tagged ‘Chinese hackers’

China’s Secret Weapon in South Korea Missile Fight: Hackers

April 21, 2017

China denies it is retaliating over the Thaad missile system, but a U.S. cybersecurity firm says they are

This 2015 handout photo from the U.S. Department of Defense shows a terminal High Altitude Area Defense interceptor being test launched on Wake Island in the Pacific Ocean.

This 2015 handout photo from the U.S. Department of Defense shows a terminal High Altitude Area Defense interceptor being test launched on Wake Island in the Pacific Ocean. PHOTO: AFP PHOTO / DOD / BEN LISTERMAN
.

April 21, 2017 5:20 a.m. ET

Chinese state-backed hackers have recently targeted South Korean entities involved in deploying a U.S. missile-defense system, says an American cybersecurity firm, despite Beijing’s denial of retaliation against Seoul over the issue.

In recent weeks, two cyberespionage groups that the firm linked to Beijing’s military and intelligence agencies have launched a variety of attacks against South Korea’s government, military, defense companies and a big conglomerate, John Hultquist, director of cyberespionage analysis at FireEye Inc., said in an interview.

No automatic alt text available.

The California-based firm, which counts South Korean agencies as clients, including one that oversees internet security, wouldn’t name the targets.

While FireEye and other cybersecurity experts say Chinese hackers have long targeted South Korea, they note a rise in the number and intensity of attacks in the weeks since South Korea said it would deploy Terminal High-Altitude Area Defense, or Thaad, a sophisticated missile-defense system aimed at defending South Korea from a North Korean missile threat.

China opposes Thaad, saying its radar system can reach deep into its own territory and compromise its security. South Korea and the U.S. say Thaad is purely defensive. The first components of the system arrived in South Korea last month and have been a key issue in the current presidential campaign there.

One of the two hacker groups, which FireEye dubbed Tonto Team, is tied to China’s military and based out of the northeastern Chinese city of Shenyang, where North Korean hackers are also known to be active, said Mr. Hultquist, a former senior U.S. intelligence analyst. FireEye believes the other, known as APT10, may be linked to other Chinese military or intelligence units.

China’s Ministry of Defense said this week Beijing has consistently opposed hacking, and that the People’s Liberation Army “has never supported any hacking activity.” China has said it is itself a major hacking victim but has declined to offer specifics.

Mr. Hultquist said the two hacking groups gained access to their targets’ systems by using web-based intrusions, and by inducing people to click on weaponized email attachments or compromised websites. He declined to offer more specific details.

HACK ATTACKS

Recent cyberattacks attributed to Chinese state-backed groups.

  • Since February Spear-phishing* and watering hole** attacks were conducted against South Korean government, military and commercial targets connected to a U.S. missile defense system.
  • February, March Attendees of a board meeting at the National Foreign Trade Council were targeted with malware through the U.S. lobby group’s website.
  • Since 2016 Mining, technology, engineering and other companies in Japan, Europe and North America were intruded on through third-party IT service providers.
  • 2014-2015 Hackers penetrated a network of U.S. Office of Personnel Management to steal records connected to millions of government employees and contractors.
  • 2011-2012 South Korean targets, including government, media, military and think tanks were targeted with spear-phishing attacks.
  • *Sending fraudulent emails made to look as if they come from a trusted party in order to trick a target into downloading malicious software.
  • **A strategy in which the attacker guesses or observes which websites a targeted group often uses and infects them with malware to infect the group’s network..
  • Sources: FireEye, Trend Micro, Fidelis, PricewaterhouseCoopers and BAE Systems, WSJ reporting

Mr. Hultquist added that an error in one of the group’s operational security provided FireEye’s analysts with new information about the group’s origins.

South Korea’s Ministry of Foreign Affairs said last month that its website was targeted in a denial-of-service attack—one in which a flood of hacker-directed computers cripple a website—that originated in China.

A spokesman said that “prompt defensive measures” ensured that the attacks weren’t effective, adding that it was maintaining an “emergency service system” to repel Chinese hackers.

The ministry this week declined to comment further, or to say which cybersecurity firm it had employed or whether he thought the attacks were related to Thaad.

Another cybersecurity company, Russia’s Kaspersky Lab ZAO, said it observed a new wave of attacks on South Korean targets using malicious software that appeared to have been developed by Chinese speakers starting in February.

The attackers used so-called spear-phishing emails armed with malware hidden in documents related to national security, aerospace and other topics of strategic interest, said Park Seong-su, a senior global researcher for Kaspersky. The company typically declines to attribute cyberattacks and said it couldn’t say if the recent ones were related to Thaad.

The two hacking groups with alleged ties to Beijing have been joined by other so-called hacktivists—patriotic Chinese hackers acting independently of the government and using names like the “Panda Intelligence Bureau” and the “Denounce Lotte Group,” Mr. Hultquist said.

South Korea’s Lotte Group has become a particular focus of Chinese ire after the conglomerate approved a land swap this year that allowed the government to deploy a Thaad battery on a company golf course.

Last month, just after the land swap was approved, a Lotte duty-free shopping website was crippled by a denial-of-service attack, said a company spokeswoman, who added that its Chinese website had been disrupted with a virus in February. She declined to comment on its source.

China’s Ministry of Foreign Affairs didn’t respond to questions about the website attacks. The ministry has previously addressed Lotte’s recent troubles in China by saying that the country welcomes foreign companies as long as they abide by Chinese law.

The U.S. has also accused Chinese state-backed hacking groups of breaking into government and commercial networks, though cybersecurity firms say such activity has dropped since the two nations struck a cybersecurity deal in 2015.

The two Chinese hacking groups named by FireEye are suspected of previous cyberattacks.

FireEye linked Tonto Team to an earlier state-backed Chinese hacking campaign, identified by Tokyo-based cybersecurity firm Trend Micro Inc. in 2012, which focused on South Korea’s government, media and military. Trend Micro declined to comment.

Two cybersecurity reports this month accused APT10 of launching a spate of recent attacks around the globe, including on a prominent U.S. trade lobbying group. One of those reports, jointly published by PricewaterhouseCoopers LLP and British weapons maker BAE Systems, said the Chinese hacker collective has recently grown more sophisticated, using custom-designed malware and accessing its targets’ systems by first hacking into trusted third-party IT service providers.

Because of the new scrutiny from that report, FireEye said in a recent blog post that APT10 was likely to lay low, though in the longer run, it added, “we believe they will return to their large-scale operations, potentially employing new tactics, techniques and procedures.”

Write to Jonathan Cheng at jonathan.cheng@wsj.com and Josh Chin at josh.chin@wsj.com

 

.

Advertisements

Russia’s Cyber Strategy is Nothing New

December 31, 2016

A 2013 article by Russian Gen. Valery Gerasimov emphasized importance of cyberwarfare

Petro Poroshenko, president of Ukraine, which has born the brunt of Russia’s cyberattacks.
Petro Poroshenko, president of Ukraine, which has born the brunt of Russia’s cyberattacks. PHOTO: REUTERS

MOSCOW—Russia’s military laid out what is now seen as a blueprint for cyberwarfare with a 2013 article in a professional journal by Gen. Valery Gerasimov, the chief of Russia’s General Staff.

Cyberspace, wrote Gen. Gerasimov, “opens wide asymmetrical possibilities for reducing the fighting potential of the enemy.”

At the time, Russia’s military was absorbing the lessons of the Arab Spring, when social media played a key role in mobilizing leaderless protests that upended the political order across North Africa and the Middle East.

Image may contain: one or more people, crowd and outdoor

Egyptian protesters tear down a U.S. flag at the U.S. Embassy in Cairo, September 11, 2012. Photo by Mohammed Abu Zaid, AP

“In North Africa, we witnessed the use of technologies for influencing state structures and the population with the help of information networks,” the article stated. “It is necessary to perfect activities in the information space, including the defense of our own objects.”

Now that doctrine is likely to come under more scrutiny following new U.S. sanctions that target Russia’s military intelligence agency, the Main Intelligence Directorate, or GRU, as well as the country’s Federal Security Service, the successor to the Soviet-era KGB.

The Obama administration accused Russia’s intelligence agencies of “tampering, altering or causing the misappropriation of information” with the goal of interfering with the 2016 presidential election. And the U.S. Treasury Department named a number of companies it alleged were linked to the hack, shedding new light on the links between the Russian military and security services and the country’s IT sector.

In the 2013 article, Gen. Gerasimov elaborated on the Russian military’s desire to hone its hacking skills as an extension of conventional warfare and political conflict. Experts say that since then, Russia has used cyberattacks as part of its arsenal against neighboring countries and as a political weapon, Western officials and security researchers said.

In Washington’s defense and national security circles, Russia’s use of masked invasions on the ground and difficult-to-attribute attacks in cyberspace have become examples of what is now known as the “Gerasimov doctrine,” in reference to the 2013 article.

At the Pentagon, the effort to ward off such a threat from Russia became a matter of high priority for Secretary of Defense Ash Carter and the nation’s top military generals.

In an August appearance at the Washington-based Center for Strategic and International Studies, Gen. Robert Neller, Commandant of the Marine Corps and member of the Joint Chiefs of Staff, said he had read Gen. Gerasimov’s article three times.

“He talks about what he calls fighting a war without fighting a war—use of information, social media, disinformation, deception,” Gen. Neller said.

The Pentagon has focused on shoring up U.S. defenses against such attacks, but many of the efforts have focused on countering cyber operations on the physical battlefield and safeguarding critical infrastructure on the home front.

U.S. officials see Russia’s alleged cyberattacks on election-related entities during the 2016 campaign as the boldest iteration of the Russian strategy that has been used around the globe.

Russia’s use of hacking first came into the spotlight in 2007 after Estonia removed a Soviet-era memorial to World War II from the center of its capital. Cyberattacks, which Western officials blamed on Russia, disabled websites of government ministries, political parties, banks and newspapers.

Government websites in the former Soviet republic of Georgia came under attack, along with media, communications and transportation companies, before and during a war with Russia in 2008.

People walk in Red Square, with St. Basil's Cathedral seen in the background, in Moscow.
People walk in Red Square, with St. Basil’s Cathedral seen in the background, in Moscow.PHOTO: MAXIM ZMEYEV/REUTERS

Ukraine, which has been fighting Russian-backed separatists in its east since 2014, has born the brunt of Russia’s cyberattacks, according to Western and Ukrainian officials and security experts.

Cyberattacks hit ministries and the presidential administration; hacked government documents were leaked online; election infrastructure was attacked.

More recently, attacks have briefly knocked out power supplies and disrupted the banking system. Ukrainian officials and cyber experts linked the attacks to Russia.

At a meeting with top security officials Thursday, Ukrainian President Petro Poroshenko said security services had detected 6,500 attempted cyberattacks on government agencies and state information resources in the past two months. He said investigations of several incidents had shown that Russia was directly or indirectly involved and had “unleashed a cyberwar against our country.”

“Ukraine is the perfect sandpit for this as it is complex enough to test it out but it’s not NATO and can’t really fight back,” said Mark Galeotti, senior researcher at the Institute of International Relations Prague.

Mr. Galeotti noted the difference between the wide-ranging attacks on Ukraine, which accompanied military interventions, and the targeted attack on the U.S., a political move aimed at casting American democracy in a bad light.

“Russia is ahead of the curve in political warfare, and we are scrambling to come to terms with it,” said Mr. Galeotti.

U.S. officials have warned that Russia may use hacking to seek to influence elections in Europe next year.

The role of Russia’s military, however, is less clear. Cyber operations in Ukraine and Georgia were aimed at shaping an active conflict. The Russian government has denied that it was involved in the hacking of the U.S. political process, but experts and U.S. officials say hacking—by nature difficulty to attribute decisively—gives the Russian government deniability.

Such deniability and deception, they add, has been a hallmark of Russian military operations, including the annexation of Crimea in 2014. There, Russia denied official connection to the well-armed and well-trained military professionals who took over key government installations on the Black Sea peninsula before acknowledging the “little green men” were actually Russian special-operations troops.

The Russian companies newly sanctioned by the U.S. also suggest an elusive link.

ANO PO KSI is a little-known microelectronics company in a village near Moscow. Founded in 1990, it builds special scanners for voting ballot papers, and is involved in digital mapping and microchip-based technology as well as developing digital aerial cameras for various purposes. The company declined to comment on being included on the list of sanctioned Russian companies.

Special Technological Center, or STC, is a St. Petersburg-based company that produces measurement and monitoring equipment, remotely piloted aircraft and related hardware components. It produces a drone called the Orlan-1, used for surveillance, reconnaissance and artillery spotting by the Russian military.

ZOR is a small cybersecurity company; according to Forbes Russia, it is run by Alisa Shevchenko, a self-taught cybersecurity expert. Ms. Shevchenko couldn’t be immediately reached for comment; on a Twitter account purportedly belonging to her, she said her company was no longer active and that an “anonymous clerk at US Treasury googled the internet for ’cyber’ while intel analysts were on their Christmas vacation.”

It wasn’t immediately possible to verify whether Ms. Shevchenko’s Twitter account was authentic.

Karen Kazaryan, chief analyst at the Russian Association for Electronic Communications, a trade body representing the IT industry, said the connections between the Russian government and the military and security establishment were extremely difficult to prove.

“For the second day in a row we’ve been trying to understand what these companies are,” he said. “Nobody knows anything about them. There’s a closed community of engineers, state servants and security experts, including cybersecurity experts on social media and no one has been able to find any heads or tails looking into them.”

http://www.wsj.com/articles/behind-russias-cyber-strategy-1483140188

Related:

Image may contain: 2 people, people standing and suit

Image may contain: 1 person

President Obama listens to Russia’s President Vladimir Putin on Sunday , November 20, 2016, in Lima, Peru. Credit AFP, Getty Images

Image may contain: 2 people, closeup

Israeli Prime Minister Benjamin Netanyahu listens as U.S. President Barack Obama speaks during their meeting in the Oval Office of the White House, Oct. 1, 2014. Photo: Reuter/Kevin Lamarque

Image may contain: 2 people

*

Image may contain: 4 people

United States Ambassador to the United Nations Samantha Power, left, Secretary of State John Kerry, second from right, and National Advisor Susan Rice, right, listen while US President Barack Obama speaks during the 68th session of the General Assembly at United Nations headquarters. (photo credit: AP/Seth Wenig)

Image may contain: 1 person, screen

U.S. Secretary of State John Kerry decided to lecture Israel this week….

Image may contain: 1 person, suit

Ben Rhodes

.
.
.
.
.
.
.
.

 

 

Rigged Debates: Wikileaks Emails Confirm Media in Clinton’s Pocket

 

 (August 16, 2016)

Image may contain: 2 people

Putin and Obama. Photo credit ALEXEI DRUZHININ, AFP, Getty Images. — An intelligence expert told Peace and Freedom, “Putin has become the world master at playing Obama.”

.
.
Village Roadshow and Hollywood studios have successfully got a court order forcing ISPs to block torrenting and free ...
.
 (Obama failed to defend the american election)
.
.
.
.
.

Wikipedia:

In June 2015, the United States Office of Personnel Management (OPM) announced that it had been the target of a data breach targeting the records of as many as four million people.  Later, FBI Director James Comey put the number at 18 million.  The data breach, which had started in March 2014, and may have started earlier, was noticed by the OPM in April 2015.  It has been described by federal officials as among the largest breaches of government data in the history of the United States. Information targeted in the breach included personally identifiable information such as Social Security numbers,[4] as well as names, dates and places of birth, and addresses.  The hack went deeper than initially believed and likely involved theft of detailed security-clearance-related background information. One victim wrote that the OPM is the agency that asks your neighbors what they know about you that could be used to blackmail you.

On July 9, 2015, the estimate of the number of stolen records had increased to 21.5 million. This included records of people who had undergone background checks, but who were not necessarily current or former government employees. Soon after, Katherine Archuleta, the director of OPM, and former National Political Director for Barack Obama‘s 2012 reelection campaign, resigned.

A July 2014 story in The New York Times quoted unnamed senior American officials saying that Chinese hackers had broken into OPM. The officials said that the hackers seemed to be targeting files on workers who had applied for security clearances, and had gained access to several databases, but had been stopped before they obtained the security clearance information. In an interview later that month, Katherine Archuleta, the director of OPM, said that the most important thing was that no personal identification information had been compromised. [That turned out to be not entirely true.]

https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach

No automatic alt text available.

Why China’s New Cybersecurity Law Is Bad News for Business

December 6, 2016

By Commentary

DECEMBER 1, 2016, 1:00 AM EST

Fortune

U.S. companies have already begun to lobby against it.

China’s new cybersecurity law, expected to take effect next June, could hurt any foreign firm looking to do business in the world’s second-largest economy. Though the law is intended to fight non-Chinese and Chinese hackers, it also requires that foreign companies provide China’s government with potentially sensitive information about network equipment and software. Given the weaknesses of China’s enforcement of laws around intellectual property, it’s easy to see how trade secrets can fall into the hands of Chinese competitors at the expense of the best interests of foreign firms.

Businesses most at risk will be those with special hardware and systems for network management, which could well include ATMs. Because new-generation ATMs have a much higher level of connectivity, they’re more vulnerable to hacking, which is why they require sophisticated encryption devices and software to secure transactions. This cybersecurity law thus provides the government with the legal tool to obtain all such anti-hacking proprietary security hardware and software, which could then be passed on to relevant Chinese firms. And having access to the hardware and software means firms would have access to individuals’ personal banking information, as well.

The new law is also counterproductive because the scope of information that foreign companies will be required to provide to Chinese officials is worryingly broad. Complying with this requirement will force U.S. firms to make expensive investments to build duplicate facilities within China. This is in total contradiction with the free flow of data, expected to swell in 2020 after the introduction of 5G.

U.S. companies will have to weigh this risk against the opportunity to do business in China, which has developed a reputation for ‘copying’ without getting insider access. For international companies, there is no easy way forward, as the choice is black or white. Either foreign companies will comply, knowing China has a way to peek into what was previously private, or they will choose to stand by principles of privacy at the risk of being excluded from the Chinese market. Despite the challenging dilemma, companies are likely to comply and give in to China’s demands. The market is too huge and far too ripe for future growth to be ignored, especially when compared to more stagnant outlooks in Europe and the U.S.

In addition to creating barriers for international business in China, this kind of legislative move could stall innovation. It could well be considered to be part of what is called “indigenous innovation” in China, which consists of favoring Chinese firms by establishing non-tariff barriers—such as specific standards or regulations on products—in order to prevent non-Chinese firms the access to China’s large and dynamic market. And the impact would be wide-ranging, from consumer electronics to products, such as equipment to produce renewable energy, including windmills and solar panels.

Innovation involves a complex process, but it requires a society to be as open as possible and to allow vibrant exchanges between people. While cybersecurity is important, this law will wrap around the free market as it grips security. Within China, entrepreneurs are, by and large, not bothered by their government’s management of the Internet, called the “great firewall.” However, this new law is a new step to tighten the government’s grip on Internet. Furthermore, far from favoring China’s champions in this very dynamic area, such as Huawei, Lenovo, or Tencent, this law will handicap them in the long term. Maybe the hope is that these companies themselves will fight to alter the law and mitigate the negative implications for China’s Internet landscape.

U.S. companies have already begun to strongly lobby against the law, as well as China’s position that the Internet must be managed by authorities. But despite the efforts of any company, American, Chinese, or other, the cybersecurity law is just a piece of a larger ongoing political puzzle that companies will have to deal with. In the end, agility will be key for companies to succeed in the tense political environment.

Georges Haour is a professor of technology and innovation management at IMD business school and co-author of the new book, Created in China: How China is Becoming a Global Innovator (Bloomsbury, London, 2016).

Source: http://fortune.com/2016/12/01/china-cybersecurity-law-business/

***************************

(CNN)About a year ago, China and the United States formally agreed not to conduct or knowingly support the cyber theft of each other’s intellectual property.

So, how is that agreement working out?
.
Not great, said Adm. Mike Rogers, head of US Cyber Command.
.
“Cyber operations from China are still targeting and exploiting US government, defense industry, academic and private computer networks,” Rogers said last April during testimony before a US Senate committee.
.
Cyber theft of US trade secrets can easily ruin American businesses and result in higher prices for consumers. Even more worrisome, stolen American military secrets could put US servicemen and women at risk during combat.
.
.
“Russia and China are growing more assertive and sophisticated in their cyber operations,” White House spokesman Josh Earnest told reporters last July.
.
China’s cyber tactics may be getting “more assertive,” but the number of China-based hacking instances against the US government and American companies has declined in the past two years, according to US cyber security firm FireEye.
.
Despite all the fingers pointed in its direction, Beijing has long denied any responsibility for hacks and attacks — instead blaming internal “criminals” and rogues.
.
.
In 2004, an FBI probe nabbed an American engineer named Chi Mak who was convicted of trying to send digital information about secret US Navy technology to the Chinese government. The investigation is detailed in CNN’s Original Series “Declassified.”
.

Declassified Ep. 7 Chi Mak 2 _00001419

How the US searched a Chinese spy’s home without leaving a trace 01:16

How cyber spies operate

Sometimes cyber-spy targets might surprise you. A June New York Times report described how Chinese hackers took over a “dusty old computer” at a small welding company in Belleville, Wisconsin, to stage global assaults.
.
“We were totally freaked out,” co-owner Lori Cate told The Times. “We had no idea we could be used as an infiltration unit for Chinese attacks.”
.
CBS News reported on how China-based spies use malware and spear phishing to allow hackers to watch you at your desk without your knowledge. Spear phishing is harmful email disguised to look like it’s from a familiar business or someone you know.
.
The bad guys want you to open the email, click on an attachment and boom — your computer is now working for the spies.
.
.
.
Countries like China are turning “to proxies (to) do their bidding in order to provide plausible deniability,” said Frank J. Cilluffo the director of the Center for Cyber & Homeland Security, during testimony last February before a US House committee.
.
Hacker groups known by names like Deep Panda, C0d0so0 (aka Codoso) have been blamed for raiding computer systems at law firms, banks and Forbes.
.
One group which has been “attributed to China” has been dubbed “Mofang,” reports Wired.
.
“Mofang has targeted government agencies in the US, military agencies in India and Myanmar, critical infrastructure in Singapore, research and development departments of automotive companies in Germany, and the weapons industry in India,” Wired reported in June.
.
Not only could stolen data be used to copy new American products and secret military technology, Cilluffo warned it could be used as a weapon “to blackmail and recruit Americans” — potentially to be forced to act as Chinese agents.
.
Sometimes the espionage is about defending against an enemy.
.
“Beijing also selectively uses cyber attacks against targets it believes threaten Chinese domestic stability or regime legitimacy,” said James Clapper, US director of national intelligence, during congressional testimony last February.
.

What cyber spies want

.

“China’s aggressive collection efforts appear to be intended to amass data and secrets (military, commercial/proprietary, etc.) that will support and further the country’s economic growth, scientific and technological capacities, military power, etc. — all with an eye to securing strategic advantage,” Cilluffo said.
Sometimes the spying may be about getting the inside track.
.
Cyber spying malware has been linked to China in arbitration over islands in the South China Sea claimed by the Philippines but occupied by China, according to a report in The Hill.
.
An antivirus firm called F-Secure found malware linked to China on computers in the Philippines’ justice department, a law firm representing a party in the dispute and members of the Asia Pacific Economic Cooperation Summit, The Hill reported.
.
Sometimes it’s simply about copying hardware.
.
Countries can save untold money and time by stealing information that will help them duplicate rival products and weapons, instead of developing them legitimately. Last March, a 50-year-old Chinese citizen named Su Bin pleaded guilty to conspiring to hack into the computer networks of top US military contractors to pilfer sensitive information to send to China.
.

Last March a man admitted trying to steal data for China about Boeing's C-17 military transport.

He worked with two unidentified people for more than five years to target military data, including information about Boeing’s C-17 transport plane and certain fighter jets, the Justice Department said.
.
.
Clapper: Cyber intrusions blur war and peace
.
Director of National Intelligence James Clapper listens on Capitol Hill in Washington, Tuesday, Feb. 9, 2016, while testifying before a Senate Armed Services Committee hearing on worldwide threats. (AP Photo/Evan Vucci)
.
Overall, China has been successful in using cyber espionage against the US government, its allies and American companies, said Clapper.
.
He predicts China will continue to challenge the US at “lower levels of competition,” including “cyber intrusions, proxies and other indirect applications of military power — that intentionally blur the distinction between peace and wartime operations.”
.
In other words, get used to looking over your shoulder, because it’s likely that the threat of cyber espionage blamed on China will be with us for a long, long time.

http://www.cnn.com/2016/08/23/us/declassified-china-cyber-espionage/

Chinese Curb Cyberattacks on U.S. Interests, Report Finds

WASHINGTON — Nine months after President Obama and President Xi Jinping of China agreed to a broad crackdown on cyberespionage aimed at curbing the theft of intellectual property, the first detailed study of Chinese hacking has found a sharp drop-off in almost daily raids on Silicon Valley firms, military contractors and other commercial targets.

But the study, conducted by the iSight intelligence unit of FireEye, a company that manages large network breaches, also concluded that the drop-off began a year before Mr. Obama and Mr. Xi announced their accord in the White House Rose Garden. In a conclusion that is largely echoed by American intelligence officials, the study said the change is part of Mr. Xi’s broad effort to bring the Chinese military, which is considered one of the main sponsors of the attacks, further under his control.

As a result, the same political forces that may be alleviating the theft of data from American companies are also responsible for Mr. Xi’s stunningly swift crackdown on the Chinese media, bloggers and others who could challenge the Communist Party.

Source (read it all): http://www.nytimes.com/2016/06/21/us/politics/china-us-cyber-spying.html

China proudly debuts its new stealth jet it built ‘by hacking into US computers and stealing plans’

November 2, 2016

.

China's newest warplane, the J-20 stealth fighter, made its first public flight at an airshow in the southern city of Zhuhai. It bears an uncanny resemblance to US military's F-22 Raptor

China’s newest warplane, the J-20 stealth fighter, made its first public flight at an airshow in the southern city of Zhuhai. It bears an uncanny resemblance to US military’s F-22 Raptor

  • Two of the stealth planes carried out a flyby demonstration at an air show
  • Analysts said the brief and cautious J-20 routine answered few questions
  • Previous reports claimed the design was similar to US fighter planes  
  • Earlier this year Chinese national, Su Bin, 51, was sent to prison for his part in stealing US military plans, include plans for the F-35 and F-22 fighter jets
  • But experts say it is too early to tell if the J-20 matches the capabilities of American fighter planes

China’s controversial stealth jet has made its first flyby, giving the public and media a glimpse of the aircraft believed to be a copy of America’s F-22 and built using hacked US military blueprints.

Taking to the skies at the airshow in the southern city of Zhuhai, in Guangdong province, the J-20 stealth fighter passed by onlookers in a thunderous demonstration.

The aircraft is believed to have been built in part from plans of US war planes, obtained by Chinese hackers jailed earlier this year – a claim which Beijing has firmly denied.

Military analysts have said it is still too early to tell if the jet matches the capabilities of the US F-22 Raptor.

Scroll down for video

Copy-cat? Pictured above is America's F-22 which shares a similar design to the J-20. China is set to overtake the US as the world's top aviation market in the next decade

Copy-cat? Pictured above is America’s F-22 which shares a similar design to the J-20. China is set to overtake the US as the world’s top aviation market in the next decade

After arriving as a pair at low-level, one of the J-20s quickly disappeared over the horizon, leaving the other to perform a series of turns, revealing its delta wing shape against bright sub-tropical haze.

But analysts said the brief and relatively cautious J-20 routine – the pilots did not open weapon bay doors, or perform low-speed passes – answered few questions.

‘I think we learned very little. We learned it is very loud. But we can’t tell what type of engine it has, or very much about the mobility’, said Greg Waldron, Asia Managing Editor of FlightGlobal. ‘Most importantly, we didn’t learn much about its radar cross-section’.

A key question whether the new Chinese fighter can match the radar-evading properties of the Lockheed Martin F-22 Raptor air-to-air combat jet, or the latest strike jet in the U.S. arsenal, Lockheed’s F-35.

But the mere display of such a newly developed aircraft was a revealing signal, others said.

‘It’s a change of tactics for the Chinese to publicly show off weapons that aren’t in full squadron service yet,” said Sam Roggeveen, a senior fellow at the Sydney-based Lowy Institute, ‘and demonstrates a lot of confidence in the capability, and also a lot of pride’.

But the fighter jet’s development has been controversial, embroiled in claims of espionage.

Chinese national Su Bin  admitted in a plea agreement with US authorities to conspiring with two unnamed military officers in China to try to acquire plans for F-22 and F-35 fighter jets and Boeing's C-17 military transport aircraft. He was sentenced to just under four years. Pictured at the Chinese airshow is the new J-20

Chinese national Su Bin admitted in a plea agreement with US authorities to conspiring with two unnamed military officers in China to try to acquire plans for F-22 and F-35 fighter jets and Boeing’s C-17 military transport aircraft. He was sentenced to just under four years. Pictured at the Chinese airshow is the new J-20

Spot the difference: America's F-22 (pictured)  shares many identical features

Spot the difference: America’s F-22 (pictured)  shares many identical features

FIRST LOOK AT THE J-20 STEALTH FIGHTER

Today’s flypast marks the first public flight for China’s new war plane.

The fighter jet is swift, stealthy, and armed with long-range missiles.

Its design is similar to US fighter jets, stoking concerns that the Chinese military used ‘stolen’ plans obtained by hackers to develop the stealth plane and further drive its military ambitions.

Experts have said that the plane represents a leap forward in China’s ability to project power in Asia, and will compete with US military technology.

China is set to overtake the US as the world’s top aviation market in the next decade.

Earlier this year, a Chinese national, 51-year-old Su Bin, was sent to prison for his part in stealing US military plans and sending documents to Beijing.

The documents were reported to include plans for the F-35 and F-22 fighter jets, which would have enabled the Chinese military to rapidly catch up with US capabilities.

Airshow China, in the southern city of Zhuhai, has offered Beijing an opportunity to demonstrate its ambitions in civil aerospace and to underline its defence ambitions.

China is set to overtake the US as the world’s top aviation market in the next decade.

Unofficial shots of a J-20 prototype fueled discussion over the region’s power balance when first glimpsed by plane spotters in 2010.

Experts say China has been refining designs in hopes of narrowing a military gap with Washington.

Cao Qingfeng, an aircraft engineer watching the flypast, said the ‘stunning’ display was a show of China’s strengthening aircraft industry and manufacturing – and Western officials agreed.

‘This shows they now have confidence to put it out in public,’ said a Western industry official who has monitored the biennial show from its inception 20 years ago.

‘This is the airplane for China in the way that the J-31 is not; this is the one they develop for themselves,’ he added.

Despite the impressive show of aerial military might, some foreign observers have questioned its stealth capabilities.

CHINA’S J-20

Top speed: 1,305 mph

Range: 2,113 mi

Length: 67′

Wingspan: 42′ 0″

Weight: 43,000 lbs

Engine Type: Xian WS-15 turbofan engines

Cost: $110m

Manufacturer: Chengdu Aircraft Industry Group

AMERICA’S F-22

Top speed: 1,498 mph

Range: 1,839 mi

Length: 62′

Wingspan: 44′ 0″

Weight: 43,430 lbs

Engine type: Pratt & Whitney F119

Cost: $130m

Manufacturers: Boeing Defense, Space & Security, Lockheed Martin Aeronautics

Two of the J-20 jets flew over dignitaries, industry executives and spectators and gathered at the show's opening ceremony during a 60-second flypast (pictured) 

Two of the J-20 jets flew over dignitaries, industry executives and spectators and gathered at the show’s opening ceremony during a 60-second flypast (pictured)

In this image made from video, the J-20 stealth fighter pulls a sharp incline to a a crowd of spectators and dignitaries at the Zhuhai airshow

In this image made from video, the J-20 stealth fighter pulls a sharp incline to a a crowd of spectators and dignitaries at the Zhuhai airshow

The demonstration flight of the two J-20 stealth jets generated a deafening roar, setting off alarms of parked cars at the site

The demonstration flight of the two J-20 stealth jets generated a deafening roar, setting off alarms of parked cars at the site

CHINESE HACKERS TARGET US MILITARY

In July this year, a Chinese national was sentenced in Los Angeles to three years and 10 months in prison for hacking US defense contractors to steal trade secrets on Beijing’s behalf.

Su Bin, 51, who went by the names Stephen Su and Stephen Subin, was also ordered by a federal judge to pay a $10,000 fine.

Su in March had admitted in a plea agreement with US authorities to conspiring with two unnamed military officers in China to try to acquire plans for F-22 and F-35 fighter jets and Boeing’s C-17 military transport aircraft.

According to court documents, the trio managed to steal sensitive data by hacking into the computer networks of major defense contractors and sent the information to China.

Washington and Beijing have repeatedly clashed over what the US describes as rampant cyberspying by the Chinese government on US industry.

White House concerned about China on cybersecurity

Other aircraft scheduled to be on display alongside the latest Chinese weapon systems, radar and drones include the Xian Y-20 strategic airlifter, and what organisers say is the largest amphibious plane now in production, the AG600.

The flying boat is officially promoted as a fire-fighting or search and rescue plane. But analysts note the AG600 – first unveiled 10 days after a Hague tribunal ruled against China’s claim to parts of the South China Sea in July – is well suited to resupplying military outposts in the disputed area.

Notably absent from the airshow schedule is the Comac C919 passenger jet, designed to compete with Europe’s Airbus Group and Boeing Co of the United States, the rivals who dominate the global supply of airliners.

The 150-seater C919 is scheduled to stage an often-delayed maiden flight this year, but industry sources say this will now slip to 2017 – three years behind original plans.

Airbus and Boeing continue to expand in China with recent plant announcements. Boeing is expected to announce a new supplier partnership at the show.

The air show showcased China's aerial strength. Along with the latest J-20 stealth jet will be the seven-strong J-10 fighter jets of China's Bayi Aerobatic Team (pictured)

The air show showcased China’s aerial strength. Along with the latest J-20 stealth jet will be the seven-strong J-10 fighter jets of China’s Bayi Aerobatic Team (pictured)

The airshow, in Zhuhai, south China's Guangdong Province, will provide a platform for Beijing to flex its long-range military muscle to the public and watching nations around the world. Pictured are the J-10 jets of the Bayi Aerobatic Team at Zhuhai airport

The airshow, in Zhuhai, south China’s Guangdong Province, will provide a platform for Beijing to flex its long-range military muscle to the public and watching nations around the world. Pictured are the J-10 jets of the Bayi Aerobatic Team at Zhuhai airport

China’s only international aerospace exhibition, held biennially in the southern city of Zhuhai, this year boasts its largest-ever display of military hardware and aircraft, with 11 exhibition halls, 430,000 square metres of indoor and outdoor viewing area, and 151 aircraft from 700 exhibitors from 42 countries and regions.

China is aggressively moving to develop its domestic weapons industry, from drones and anti-aircraft systems to homegrown jet engines and hypersonic planes.

Beijing has previously been accused of copying designs from Russian fighters, and analysts say its J-31 stealth fighter is very similar to the US-developed F-35.

China’s military focus on stealth technology remains a key issue for Beijing.

Earlier this month, leaked images emerged of the military’s enormous stealth warship, currently under construction at the Jiangnan Changxing shipyards.

Known as a Type 005 destroyer, the vessel is believed to be armed with electromagnetic railguns capable of shooting down missiles and firing on land targets.

It was also reported in September that a Chinese firm claimed to have developed radar technology capable of detecting stealth jets (stock image used)

It was also reported in September that a Chinese firm claimed to have developed radar technology capable of detecting stealth jets (stock image used)

The leaked images revealed the battle ship’s progress, with signs of portals on the stern for sensors and weapons and up to 128 vertical launch system cells for missiles.

It was also reported in September that a Chinese firm claimed to have developed radar technology capable of detecting stealth jets.

Called the quantum radar, the technology was reportedly created by Intelligent Perception Technology, a branch of defence and electronics firm CETC.

They firm claims it is capable of detecting a target at a range of 60 miles and was successfully tested last month.

China has pushed for dominance in the South China Sea, following a number of contentious claims over who owns territory in the region.

The two major island chains in the region, the Spratlys and the Paracels, have become central to the international argument, causing tensions to rise.

Vietnam, Taiwan, Malaysia, Brunei and the Philippines all have claims on the region, but China has surged ahead with expansive military operations, including the building of its own islands in disputed spots to stake its claim and bolster a military presence.

CHINA’S WARSHIP TO BE A ‘GAME CHANGER’

Asia's most powerful warship has been shrouded in mystery since construction began last year at the Jiangnan Changxing shipyards. Called Type 005 destroyer, this vessel is said to be armed with electromagnetic railguns that can shoot down missiles and attack land targets (pictured is an artist impression of Type 005)

Asia’s most powerful warship has been shrouded in mystery since construction began last year at the Jiangnan Changxing shipyards. Called Type 005 destroyer, this vessel is said to be armed with electromagnetic railguns that can shoot down missiles and attack land targets (pictured is an artist impression of Type 005)

Leaked images show the Type 005 destroyer should launch late 2017 or early 2018.

It has a full displacement of over 14,000 tons.

And the images show the bow and stern are finished.

Now, leaked images give a glimpse of the battle ship's progress, which reveals four portals on the stern for sensors and weapons and up to 128 vertical launch system cells for missiles (pictured is an artist impression of Type 005)

Now, leaked images give a glimpse of the battle ship’s progress, which reveals four portals on the stern for sensors and weapons and up to 128 vertical launch system cells for missiles (pictured is an artist impression of Type 005)

The bow area appears to be extremely hydrodynamic hull, endure high speeds, have stealth capabilities and is fitted with an enclosed deck.

And the stern is where the creators packed all of the technology.

This area has at least four sections that hold sensors and weapons like towed array sonar, variable depth sonar, towed torpedo decoys and active torpedo defenses.

Because the ship is 175 meters long and is built with large displacement, the Type 005 will be capable of carry numerous helicopters at once and other technologies such as drones and underwater vehicles.

Read more: http://www.dailymail.co.uk/sciencetech/article-3893126/Chinese-J-20-stealth-jet-based-military-plans-stolen-hackers-makes-public-debut.html#ixzz4OpKaUFGG
Follow us: @MailOnline on Twitter | DailyMail on Facebook

Related:

Read more: http://www.dailymail.co.uk/sciencetech/article-3893126/Chinese-J-20-stealth-jet-based-military-plans-stolen-hackers-makes-public-debut.html#ixzz4OpKAdKZt
Follow us: @MailOnline on Twitter | DailyMail on Facebook

Hillary Clinton’s Email Mess Could Still Be a “Teachable Moment” — “Hillary Clinton can serve a good purpose only if she become the sacrificial goat — and everyone in the government learns a lesson that this is unacceptable and will ruin you.”

April 19, 2016

By Bill Blum

  Hillary Clinton. Gage Skidmore / Flickr (CC-BY-SA)

.

Although the subject of Hillary Clinton’s emails did not come up during Thursday’s presidential debate, the heated controversy over the Democratic front-runner’s use of a private Internet server during her four-year stint as secretary of state is far from over.

Indeed, if recent reports published largely (though not exclusively) by right-wing news media have any credibility, the controversy is about to re-erupt with redoubled fury. Some on the right are even predicting that Clinton will soon be indicted.

The reason for the right’s breathless anticipation of Clinton’s demise is that the mysterious, eccentric and paranoid Romanian computer hacker who broke the email story back in 2013 was extradited to the United States last month pursuant to federal felony charges filed against him in 2014. The theory is that prosecutors will squeeze the hacker for incriminating evidence against Clinton. A trial date in the hacker’s case has been set for September, smack dab in the middle of the general election campaign, in federal district court in Alexandria, Va.

The hacker is one Marcel Lehel Lazar, who traffics under the nom de plume of “Guccifer”—a portmanteau or linguistic hybrid that by his own description combines the “style” of Gucci and the “light” of Lucifer. Guccifer believes the international economy is controlledby a cabal of the “Council of the Illuminati” and well-placed “radical” Jews. His self-appointed mission as a cybersleuth is to expose the Illuminati’s machinations to create a “new world order” in each of its nefarious aspects.

If all that sounds more than a tad loopy, rest assured that it is. But as zany as Guccifer’s weltanschauung may be, he’s also a devastatingly talented cyberstalker, and that’s bad news for Clinton and her backers.

So exactly who is Guccifer, and how did he come to play a central role in Clinton’s email crisis?

Now in his mid-40s, Guccifer lived with his wife and daughter in the village of Sambateni, Romania, until his conviction and ultimate imprisonment in his native land on hacking charges in 2014. An autodidact whose formal education ended with high school, he struggled with long-term unemployment, scrambling for occasional work as a taxi driver and a paint salesman, according to his statements in an exclusive interview published by the website Pando.com in March 2015.

Initially, as illustrated by both Pando and an earlier story written by New York Times reporter Andrew Higgins, Guccifer appears to have been motivated primarily by pedestrian desires for fame and an urge for self-promotion. His immediate goal was to expose and embarrass others who had achieved the notoriety he craved, but never to extort money.

He reportedly first took to hacking in 2010, equipped only with an old home computer and a cellphone. He has told Pando and the Times that his methods were, in essence, old school and low tech. Instead of using sophisticated algorithms, he would read articles and biographies about his targets and then painstakingly guess their email passwords until he gained access to their electronically stored information.

Starting small, his earliest victims were Romanian entertainers and soccer stars. But local authorities soon caught on to him, and a year later he was arrested. After pleading guilty to cybercrimes, he was given a suspended jail sentence on the condition that he go straight.

But he didn’t. As explained in the Pando exclusive, once released from custody, Guccifer trained his hacking sights on ever-bigger public figures. This time, using a proxy server based in Russia to hide his tracks, he not only began breaking into the email accounts of Romanian politicians, but he gained access to the emails and websites of such international celebrities as actor/comedian Steve Martin, “Downton Abbey” writer Julian Fellowes and journalist Carl Bernstein; business leaders like MetLife CEO Steven Kandarian; and a trove of former American government officials, such as ex-Nixon aide John Dean and Reagan-era White House chief of staff Ken Duberstein.

Guccifer’s exploits were exposed in the United States in February 2013, when The Smoking Gun website—one of a handful of Internet outlets, along with Gawker and Russia Today, that he frequently contacted to gloat about his triumphs and supply with documentation—reported that he had posted photos and correspondence from the email accounts of family members of former President George W. Bush. Among the released items were self-portraits of Bush taking a bath and standing in the shower.

Guccifer’s handiwork might have been considered little more than a series of annoying pranks had he not also turned his attention to former Secretary of State Colin Powell and longtime Clinton aide and confidant Sidney Blumenthal.

In March 2013, he managed to hack into Powell’s Facebook account, defacing it with phony status updates that insulted Bush and declaring that Powell, Bush and the Rockefellers would burn in hell. He also succeeded in compromising Powell’s AOL account, obtaining financial information and email exchanges with former government personnel.

But it was the breach of Blumenthal’s AOL email account, also in March 2013, that netted the biggest headlines for Guccifer and that now poses the greatest dangers to Clinton’s presidential ambitions.

The Smoking Gun revealed the Blumenthal hack on March 15, 2013, reporting that Guccifer had obtained emails Blumenthal had sent to Clinton during her tenure at the State Department. Some of the missives included attachments containing confidential intelligence memos Blumenthal had written on Libya and Benghazi, Syria and Bashir Assad, the Muslim Brotherhood and Egypt, Algeria and other foreign-policy topics and issues.

Five days after the Smoking Gun disclosure, Russia Today published the Blumenthal memos in their entirety.

At the time Blumenthal wrote and forwarded the memos, he was working as a full-time employee for the Clinton Foundation, pulling down a monthly salary of $10,000, according to Politico chief investigative reporter Ken Vogel. Anyone wishing to sort through and study them can do so by accessing the comprehensive searchable archive of emails sent to and from Clinton’s private server that has been published by WikiLeaks.

Although the Blumenthal memos appear to have been unsolicited by Clinton, there can be no question that she appreciated and valued them in her role as the nation’s top diplomat. For example, a day after receiving a Blumenthal memo on Egypt and the Muslim Brotherhood in August 2012, she forwarded it to State Department Director of Policy Planning Jake Sullivan, with the notation: “Best info yet. Let’s discuss before you forward [to others] this morning.”

Guccifer continued to stalk former U.S. policymakers well into 2013, breaching the personal email ledgers of one-time National Intelligence Council Chairman Christopher Kojm and ex-Defense Intelligence Agency official Roy Apseloff, among others.Blumenthal

Romanian authorities rearrested Guccifer in January 2014 for spying on national officials, including the head of the country’s intelligence service. He was convicted and sent to a maximum security prison.

In June 2014, a federal grand jury in Virginia returned a nine-count indictment against Guccifer, charging him with wire fraud, unauthorized access of a protected computer, aggravated identity theft, cyberstalking and obstruction of justice for accessing the email accounts of Powell and Blumenthal (who are referred to anonymously in the charging document as victims 3 and 5, respectively), as well as other violations. Soon thereafter, the U.S. initiated discussions with Romania aimed at securing his extradition—an effort that finally paid off late last month.

Remarkably, although Clinton installed her private email server in January 2009, a week before she was confirmed as secretary of state, the fact that she exclusively used private email in violation of State Department guidelines to conduct official business was not widely known until The New York Times ran a story about her server on March 2, 2015. Since then, speculation has been rampant that Clinton may have run afoul of several federal criminal statutes, not only for maintaining the server rather than using official government channels of communication, but for deleting over 30,000 emails that she and her staff unilaterally deemed purely personal before turning over 31,000 emails to the State Department.

The Justice Department has been investigating the email controversy at least since last July, and in February, the FBI publicly confirmed that it, too, had joined the probe. Earlier this month, FBI Director James Comey announced that the investigation was continuing and that it would be completed “well and promptly.”

It also has been widely reported that Clinton and several of her aides will be interviewed in the near future as part of the FBI/Justice Department probe. Clinton aide Bryan Pagliano, who helped set up the server, has been granted immunity by the Justice Department after refusing to testify before the Senate Judiciary Committee. The pressure and suspense, thus, are building.

Those calling for Clinton to be prosecuted tend to focus on two provisions of federal law—sections 1924 and 793 of Title 18 of the United States Code—dealing, respectively, with the unauthorized removal and retention of classified material, and the improper gathering, transmission or loss of information relating to the national defense. In anApril 11 interview on the Fox Business Network, former Attorney General Michael Mukasey all but accused Clinton of committing a felony.

Others, who contend that prosecution is unlikely, including Clinton herself, focus on the fact that previous secretaries of state, such as Powell, also used private email to conduct official business. More importantly, Clinton and her defenders argue that no crimes were committed because the emails contained no information that was classified at the time they were sent or received.

In a detailed analysis published last week by Politico, White House correspondent Josh Gerstein staked out something of a middle ground in the roiling debate. After reviewing dozens of recent federal investigations involving alleged mishandling of classified records—including the 2015 prosecution of Gen. David Petraeus for providing top-secret material to a woman who was his biographer and mistress—Gerstein concluded there will be no indictment against Clinton unless prosecutors are convinced she acted with the intent to violate classification rules. In addition, Gerstein wrote, prosecutors will consider whether Clinton committed other aggravating acts beyond rule infractions, such as lying under oath or endangering national security.

Whether Guccifer, now that he is stateside and awaiting his day in the dock, can provide the missing elements and incentives needed for prosecuting Clinton is, as former Defense Secretary Donald Rumsfeld might put it, a gigantic and lingering “known unknown.” In his Pando interview, Guccifer said he anticipated collaborating with American intelligence agencies “when the day is right.” He also boasted that he had “a lot more [unreleased] material saved in the cloud.”

That material, if in fact it exists, may not prove sufficient to force Clinton to swap her trademark pantsuits for a set of prison jumpers. But the flood of disclosures Guccifer has already unleashed will continue to dog Clinton until Election Day, calling her values, character, judgment and fitness for office into constant question.

http://www.truthdig.com/report/item/an_odd_cloud_rolls_toward_hillary_clintons_campaign_20160417

A U.S. government cyber expert told Peace and Freedom, “The Obama administration would get its highest award for transparency from hackers and cyber spies. Hillary Clinton can serve a good purpose only if  she become the sacrificial goat — and everyone in the government learns a lesson that this is unacceptable and will ruin you.  Then we clean this problem up once and for all.””

Related:

*************************

All the cyberattacks on the U.S. government (that we know of)

BY SERGIO HERNANDEZ
Aug 18, 2015

.
Another day, another cyberattack.

Hackers accessed tax returns belonging to more than 300,000 people — more than twice officials’ initial estimate — when they breached an Internal Revenue Service program in May, stealing taxpayers’ personal information and generating nearly $50 million in fraudulent refunds, the agency said this week.
But the IRS hack is just one of more than a dozen cyberattacks on U.S. agencies in recent years, though the exact number and scope of attacks can be hard to gauge because officials are often reluctant to disclose or discuss them, let alone point fingers at suspected perpetrators. SY Lee, a spokesman for the U.S. Department of Homeland Security, told Mashable the agency did not “have a list” of cyberattacks on U.S. agencies.

IRS Commissioner John Koskinen

“I think there’s probably some reluctance to admit the depth of the problem,” said Wayne Jackson, CEO of Sonatype. “They are way more vulnerable than they would like for us to know.”

Overall, though, federal agencies have suffered at least a dozen major data breaches or network intrusions since 2007 — many reportedly at the hands of Russian and Chinese hackers, who have successfully targeted a nuclear research laboratory, the Postal Service, weather and satellite networks, administrative agencies holding sensitive personal information and even the White House itself, according to news reports.

Such attacks — often suspected to be state-sanctioned — are distinct from the kinds of cyber-assaults that have targeted commercial entities, such as retailers or banks. But those, too, are useful and frequent targets for foreign agents. According to a National Security Agency document obtained by NBC News, for instance, Chinese hackers targeted more than 600 government, corporate and private, including big firms like Google and Lockheed Martin, in a five-year period ending in 2014.

While none of the reported hacks have managed to infiltrate government agencies’ classified networks, the slew of cyberattacks has allowed hackers to steal valuable personal data — including Social Security numbers, addresses, dates of birth, health records and emails — belonging to millions of Americans, including top government officials.

Experts say these are high-tech means toward an old-fashioned end: Espionage.

When Chinese hackers allegedly broke into the Office of Personnel Management’s computer system and stole data belonging to 21 million Americans who had applied for — or knew someone who had applied for — a background check, experts warned that foreign actors could use the information from background check interviews — which includes everything from their financial histories to details about their sex lives — to blackmail or coerce victims.

“They would leverage this data to get to diplomatic, political, military and economic intelligence that they typically target,” John Hultquist, senior manager for cyberespionage threat intelligence at iSight Partners, told the Washington Post in June.

When the hackers’ identities are known, diplomatic reasons might keep officials from naming names. But sometimes identifying the perpetrator — especially the skilled ones — is just too hard.

Known breaches of classified information, for example, are rare. That’s partly because truly sensitive information is often kept on networks that are never connected to the public internet, Jackson said. But sometimes, it’s because the hackers are just that good. Earlier this year, German magazine Der Spiegel reported — that Chinese hackers had stolen “many terabytes” of classified data regarding a new U.S. fighter jet. The theft, which was believed to have occurred in 2007, went unreported for seven years.

“The difficulty of getting to [classified information] would imply a sort of nation-state kind of skill,” Jackson said. “Someone with that kind of skill would be very hard to detect because they’d be sufficiently capable that you’d almost certainly never know that they were there.”

http://mashable.com/2015/08/18/usg-cyberattacks/#_KsRggITnaqN

.

 

U.S. going after Iranian hackers tied to cyber attacks — Second country after China

March 23, 2016

Reuters

Wed Mar 23, 2016 4:35pm EDT

The Obama administration is expected to blame Iranian hackers as soon as Thursday for a coordinated campaign of cyber attacks in 2012 and 2013 on a suburban New York City dam and several other targets, possibly including multiple U.S. banks, sources familiar with the matter have told Reuters.

In one of the largest foreign cyber attack cases since 2014 when the United States charged five Chinese military hackers, the U.S. Justice Department has prepared an indictment against about a half-dozen Iranians, said four sources, who spoke on condition of anonymity due to the sensitivity of the matter.

The charges, related to unlawful access to computers and other alleged crimes, were expected to be announced publicly by U.S. officials as soon as Thursday morning at a news conference in Washington, the sources said.

 

The indictment was expected to directly link the hacking campaign to the Iranian government, one source said.

Though the breach of back-office computer systems at the Bowman Avenue Dam in Rye Brook, New York has been reported, it was only part of a hacking campaign that was broader than previously known, as the indictment will show, the sources said.

In the intrusion of the dam computers, the hackers did not gain operational control of the floodgates, and investigators believe they were attempting to test their capabilities.

The dam breach coincided roughly with attacks on U.S. financial institutions. Cyber security experts have said these, too, were perpetrated by Iranian hackers against Capital One, PNC Financial Services and SunTrust Bank. Prosecutors were considering including those breaches in the indictment, sources said.

The hackers who were expected to be named in the indictment all reside in Iran, one source said.

The Justice Department declined to comment.

The indictment would be the Obama administration’s latest step to confront foreign cyber attacks on the United States. President Barack Obama accused and publicly condemned North Korea over a 2014 hack on Sony Pictures and vowed to “respond proportionally.” No details were made public of any retaliation.

James Lewis, a cyber security expert with the Center for Strategic and International Studies think tank, said, “We need to make clear that there will be consequences for cyber-attacks and that the Wild West days are coming to an end.”

Two weeks ago, it was widely reported that U.S. prosecutors were preparing an indictment against Iranian hackers related solely to the dam attack.

The broader indictment would come at a time of reduced tensions between the United States and Iran after a landmark 2015 nuclear deal. At the same time, the Obama administration has shown a willingness to confront Tehran for bad behavior.

Charging the Iranian hackers would be the highest-profile move of its type by the Obama administration since the Justice Department in 2014 accused five members of China’s People’s Liberation Army with hacking several Pennsylvania-based companies in an alleged effort to steal trade secrets.

‘WHEN, NOT IF’

U.S. national security professionals and cyber-security experts have grown increasingly worried about attacks on infrastructure including dams, power plants and factories.

That concern has grown since a December cyber attack in the Ukraine caused a blackout that temporarily left 225,000 customers without power.

Speaking at a cyber security conference earlier this month, National Security Agency chief Michael Rogers said it was a matter of “when, not if” another country launched a successful and destructive cyber attack on U.S. critical infrastructure like the one seen in Ukraine.

Some experts have said the United States is less well-equipped to respond to a major infrastructure attack because systems are more connected and reliant on the Internet.

The United States and Israel covertly sabotaged Iran’s nuclear program in 2009 and 2010 with the now-famous Stuxnet computer virus, which destroyed Iranian centrifuges that were enriching uranium.

(Reporting by Dustin Volz in Washington and Nate Raymond in New York; additional reporting by Mark Hosenball in Washington and Jim Finkle in Boston; Editing by Kevin Drawbaugh and Jonathan Oatis)

Related:

Part of the building of 'Unit 61398', a secretive Chinese military unit, is seen in the outskirts of Shanghai February 19, 2013. The unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking. REUTERS/Carlos Barria (CHINA - Tags: POLITICS SCIENCE TECHNOLOGY MILITARY) - RTR3DZ82

Part of the building of ‘Unit 61398′, a secretive Chinese military unit, is seen in the outskirts of Shanghai February 19, 2013. The unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking. REUTERS/Carlos Barria

'UglyGorilla,' an alias of Chinese army official Wang Dong, allegedly controlled the computers of U.S. victims after a gang of cyber-hackers gained access by sending users fake 'spearphishing' emails that contained links to malware

‘UglyGorilla,’ an alias of Chinese army official Wang Dong, allegedly controlled the computers of U.S. victims after a gang of cyber-hackers gained access by sending users fake ‘spearphishing’ emails that contained links to malware

epa04214253 An undated handout photograph made available by the US Federal Bureau of Investiigation (FBI) shows Sun Kailiang. Reports state on 19 May 2014 that  Sun Kailiang along with four other Chinese Army Officers are being sought by the FBI after they have been charged with hacking into US companies in the first cyber-espionage case of its kind.  EPA/FBI / HANDOUT BEST QUALITY AVAILABLE HANDOUT EDITORIAL USE ONLY
.
'KandyGoo' (R) tested malicious email messages and managed domain accounts used by the Chinese

‘Jack Sun’ (Top), a Chinese Army captain, ‘was observed both sending malicious emails and controlling victim computers,’  while ‘KandyGoo’ (Bottom) tested malicious email messages and managed domain accounts used by the Chinese

epa04214251 An undated handout photograph made available by the US Federal Bureau of Investiigation (FBI) shows Wen Xinyu. Reports state on 19 May 2014 that  Wen Xinyu along with four other Chinese Army Officers are being sought by the FBI after they have been charged with hacking into US companies in the first cyber-espionage case of its kind.  EPA/FBI / HANDOUT BEST QUALITY AVAILABLE HANDOUT EDITORIAL USE ONLY
.
epa04214250 An undated handout photograph made available by the US Federal Bureau of Investiigation (FBI) shows Huang Zhenyu. Reports state on 19 May 2014 that Huang Zhenyu along with four other Chinese Army Officers are being sought by the FBI after they have been charged with hacking into US companies in the first cyber-espionage case of its kind.  EPA/FBI / HANDOUT BEST QUALITY AVAILABLE HANDOUT EDITORIAL USE ONLY

‘WinXYHappy’ may sound like an unoriginal Twitter handle, but it was the alias of an alleged Chinese army hacker (Top) who controlled Americans’ computer accounts while computer programmer ‘hzy_lhx’ (Bottom) and others managed online domains after the People’s Liberation Army got control of them

Read more: http://www.dailymail.co.uk/news/article-2633886/China-escalates-tensions-summons-U-S-envoy-U-S-brings-criminal-charges-against-Chinese-Army-officials-hacking-American-companies.html#ixzz32GoSW4NW
.

Follow us: @MailOnline on Twitter | DailyMail on Facebook

Taiwan Opposition Hacked as China’s Cyberspies Step Up Attacks

December 21, 2015

By  and Bloomberg

Chinese hackers have attacked Taiwanese targets including local news organizations and the opposition Democratic Progressive Party in a bid to get information about policies and speeches ahead of presidential and legislative elections next month.

An attack on the unnamed media outlets came in the form of phishing e-mails with the subject line “DPP’s Contact Information Update,” according to research by security company FireEye Inc., which identified a Chinese state-backed group called APT16 as carrying out attacks. Hackers also infiltrated e-mails of party staff, changing security protocols and writing messages spoofing the account holders in what may have been an attempt to deliver malicious code, according to one of the victims.

Taiwan goes to the polls Jan. 16 and opinion surveys show the DPP is likely to win a legislative majority, with its leader Tsai Ing-wen securing the presidency after eight years of nationalist Kuomintang rule. China, which considers Taiwan to be one of its provinces, is wary of the DPP’s views on Taiwan independence and advocacy of more caution in its relationship with the mainland.

 

As well as not wanting the DPP in power, China may want to understand the party better so as to undermine them with access to non-public information, FireEye Principal Threat Intelligence Analyst Jordan Berry said by phone. “There’s a lot of people in China who want and need information for their own intelligence purposes.”

Other Targets

China’s Ministry of Foreign Affairs didn’t reply to a faxed request for comment.

FireEye, based in California, provides malware and network-threat protection systems. After its Mandiant division alleged in February 2013 that China’s military may be behind a group that hacked at least 141 companies worldwide since 2006, the U.S. issued indictments against five military officials who were purported to be members of that group.

Another target in Taiwan appears to be former U.S. diplomat to Taiwan William Stanton who said he’s received multiple warnings from Google Inc. that his Gmail account may be targeted by government hackers.

“If you were directed to this page from a warning displayed above your Gmail inbox, we believe that state-sponsored attackers may be attempting to compromise your account or computer,” the warning read without identifying the country. “It’s likely that you received emails containing malicious attachments, links to malicious software downloads, or links to fake websites that are designed to steal your passwords or other personal information.”

Increased Frequency

Stanton, who was director of the American Institute in Taiwan from 2009 to 2012 in a position akin to ambassador, told Bloomberg News he believes he’s being targeted because of his former role as well as his current position as Director of Taiwan’s National Tsing Hua University Center for Asia Policy.

While the DPP has been under attack for months, the frequency has picked up in the past few weeks, said Ketty Chen, deputy director of international affairs at the DPP, whose own account was compromised.

Chen was among as many as 50 DPP staff targeted by hackers and was alerted when she noticed inconsistencies in the writing style of a colleague in internal correspondence.

Suspicious E-mails

“There were fake e-mails that looked like they came from her,” Chen said. “When I read it, the style was not how she would talk so I called to ask if she really sent it, and she hadn’t.”

Chen received e-mails purporting to come from Tsai’s speechwriter and another from a member of the DPP’s cross-strait policy team. In each case the e-mail asked the recipient to open an attachment purporting to be a draft document. Hackers typically send e-mails to targets hoping they’ll open attachments loaded with malware that infiltrate their computers, providing links to those of colleagues’ computers and contacts.

With concerns over security of their work accounts, some DPP staff switched to Gmail, Chen said. Chen’s Gmail account was compromised when hackers turned off the two-step identification verification process by deleting her mobile number, and adding a forwarding address so that all incoming e-mails went to an external Gmail account.

The allegations come weeks after state-run Xinhua News Agency reported that an investigation into an alleged theft of data from the U.S. Office of Personnel Management had shown the attack was carried out by criminals, rather than being state-sponsored as previously suspected by the U.S. government. Cyberspace must not become a “battlefield” between states, President Xi Jinping said at an Internet conference Wednesday in Wuzhen, and he called for greater cooperation on punishing cyber-attacks and fighting terrorism.

China and US find common ground over cybersecurity disputes

December 2, 2015

Talks between public security chief and US counterpart yield ‘positive outcome’, Beijing says

By Andrea Chen
South China Morning News

Chinese Minister of Public Security Guo Shengkun is greeted by Attorney General Loretta Lynch and Homeland Security Secretary Jeh Johnson in Washington. Photo: AP

China and the US have agreed to a framework on managing their cybersecurity disputes at the highest-level talks on the issue since the leaders of the two nations sat down in September, Beijing said on Wednesday.

The discussions in Washington had yielded “positive outcomes”, the Ministry of Public Security said, including an understanding that quick communication after perceived attacks was critical.

Ministry chief Guo Shengkun met Homeland Security Secretary Jeh Johnson and US Attorney General Loretta Lynch on Tuesday, according to a brief official statement from the Chinese side.

“[China and the US] should manage the disputes in a constructive fashion,” Guo was quoted by Xinhua as saying. “We should offer timely and effective response to each other’s concerns, taking the dialogue mechanism as our major channel for communication regarding the cybersecurity issues.”

The US has not released details about the talks, which were expected to continue on Wednesday if not longer.

Representatives identified “a number of cases” for future cybersecurity cooperation, Xinhua reported.

Among them are the theft of data from the US Office of Personnel Management, which officials have privately linked to Chinese hackers.

At least 5.6 million people’s fingerprints were stolen as part of the attack, Reuters reported earlier.

Xinhua said the incident “turned out to be a criminal case rather than a state-sponsored cyberattack”.

American officials told The Financial Times the discussions were “candid”.

It marked the first bilateral cybersecurity dialogue at a top level since President Xi Jinping’s high-profile visit to the United States three months ago.

Xi and his US counterpart Barack Obama agreed during their summit to establish a dialogue mechanism to review the timeliness and quality of responses to requests for information about cybercrimes.

The two countries had regular cybersecurity talks at a lower level for until Beijing suspended them last year after the US charged five PLA officers with hacking American companies.

The officials also agreed on Tuesday to carry through on an agreement made in September to set up a dedicated hotline and further strengthen cooperation in fighting against terrorist activities online.

The next round of top-level talks are scheduled for June in Beijing.

http://www.scmp.com/news/china/diplomacy-defence/article/1885959/china-and-us-find-common-ground-over-cybersecurity

See also:

China Calls Hacking of U.S. Workers’ Data a Crime, Not a State Act
http://www.nytimes.com/2015/12/03/world/asia/china-hacking-us-opm.html?_r=0

South China Sea: Cyber Attacks Now Part of The Prolonged Struggle (Smaller Nations Suspect China is Behind It All)

October 16, 2015

By David Tweed
Bloomberg

In the midst of a weeklong hearing on a South China Sea territorial dispute, the website of the Permanent Court of Arbitration in The Hague went offline.

The incident happened in July as the Philippines challenged China’s claim to more than 80 percent of the South China Sea, an assertion that Manila says encroaches on its exclusive economic zone. Based on an analysis of the software and infrastructure used, the site was infected with malware by someone in China, according to ThreatConnect Inc., a U.S. security company. China didn’t take part in the Hague hearing.

Alongside the increased presence of coastguard and military ships and planes, cyber espionage is emerging as a new front in the wrangling over the South China Sea, an artery for global trade that straddles the Indian and Pacific oceans. Over the past 18 months China has rapidly built on reefs in the area, butting up against smaller claimants such as Vietnam and the Philippines.

China regularly uses its coast-guard and even fishing vessels to warn away the boats of other countries. The disputes have pulled in the U.S., which patrols the waters in the name of navigational freedom — most recently it has reportedly been considering sailing warships into the 12 nautical mile exclusion zone around the islands China is building.

“Whenever you see island-dispute issues flare up you also see cyber activities spike as well,” said Tobias Feakin, director of the International Cyber Policy Centre at the Australian Strategic Policy Institute in Canberra. “If it is being used in coordination with the prodding that the Chinese do in a physical way, it surely shows you see a strategic advantage in the use of that power.”

Dated Networks

The smaller economies of Southeast Asia are vulnerable to hacks, given a lack of spending on cyber defense by some countries that rely on remittances from thousands of their citizens working overseas to propel growth, and a reluctance to report breaches of government security. The one protection may be how dated or incomplete networks are, with a reliance in far-flung areas on paper files.

 

Southeast Asian governments and companies are 45 percent more likely to be targeted than the average for the rest of the world, security provider FireEye Inc. said in a recent report. While President Xi Jinping agreed last month with President Barack Obama to broad principles to stop the theft of corporate secrets, the yet-to-be-developed rules will only cover the U.S. and China and won’t extend to traditional intelligence collection.

“The Chinese aren’t going to shut down their cyber-espionage operations,” said Dmitri Alperovitch, co-founder and chief technology officer of security company CrowdStrike Inc. “So they are most likely going to double down on traditional intelligence collection.”

In The Hague, the Philippines was seeking to enlist international law to deter China’s expansion in the South China Sea. Hackers embedded the PCA’s web page on the case with code that infected visitors to the page, according to ThreatConnect. That left diplomats, lawyers and journalists interested in the case at risk of information theft, plus their wider organizations.

‘Big Net’

“It’s like catching fish with a net,” said Threat Connect Chief Intelligence Officer Rich Barger. “I dip a big net into the ocean, I collect fish over the course of a few hours, and then I have the option of pulling out a few targeted fish that I wanted to have. ”

The PCA website was unavailable for a short period in July due to technical problems, Gaelle Chevalier, a case manager at the PCA, said via e-mail, adding “we have no information about the cause of the problems.” Philippine President Benigno Aquino’s deputy spokesperson Abigail Valte, who was at The Hague, said she heard about the attack. “We were surprised.”

There are other signs of cyber attacks on countries at times of tension with China. When China dragged an exploration oil rig into contested waters last year, it led to deadly anti-China protests in Vietnam and clashes at sea between coast guard boats. There was a spike in cyber attacks on Vietnamese government targets, according to CrowdStrike.

China’s Coast Guard guards its oil rig near Vietnam in May 2014.

Peaceful Purposes

Neither the Chinese foreign ministry nor the defense ministry responded to faxed questions about alleged Chinese involvement in the breach of the PCA or Vietnamese government websites. Officials regularly claim China is a victim of cyber security breaches and have repeatedly denied being the source of hacks of the U.S. and other countries. The foreign ministry contends its island-building program in the South China Sea is legitimate because the reefs are its sovereign territory, and that the construction is for peaceful purposes.

Vietnam has seen a rise in cyber attacks on government sites with more than 3,000 defacement attacks and over 5,000 malware attacks in the first half of the year, according to the information security authority in the Ministry of Information and Communications. Hackers were found to have used Internet protocol addresses based in countries including China, the U.S. and Russia, it said in an e-mailed response to questions.

Vital Events

“Whenever there has been a vital political, economic or social event, such as when the South China Sea disputes get heightened and complicated, attacks on government agency websites, especially those with a domain of .gov.vn, were seen to rise in volume, scope and mode,” the authority said.

CrowdStrike’s claims jibe with those of FireEye, whose Mandiant division alleged in February 2013 that China’s military may be behind a group that hacked at least 141 companies worldwide since 2006. After the report was published, the U.S. issued indictments against five military officials who were alleged members of that group, known as Advanced Persistent Threat 1.

In April, FireEye identified a group named APT 30 it said had spent a decade targeting governments, the military and corporations in Southeast Asia. It said software code and language were among indicators the software used in attacks was developed in China.

Also worrying was the ability of the group to successfully breach its targets despite barely having to upgrade its tools, tactics, and infrastructure over the years, according to Bryce Boland, FireEye’s Singapore-based Asia-Pacific chief technology officer.

“APT30 has been operating for 10 years and they didn’t even need to change the servers they were using,” said Boland. “They didn’t need to lift a finger to obfuscate where they were coming from.”

ThreatConnect has identified a group of hackers called Naikon APT which it says is backed by the People’s Liberation Army. Known as unit 78020, the group conducts cyber-espionage against Southeast Asian targets, ThreatConnect and Defense Group Inc. wrote in a report published last month.

While China is viewed as the most active of the region’s cyber-espionage actors, other countries are developing capabilities, according to CrowdStrike’s Alperovitch. “But the Chinese have been in this game for 15 years so they are head and shoulders above everyone else.”

http://www.bloomberg.com/news/articles/2015-10-15/chinese-cyber-spies-fish-for-enemies-in-south-china-sea-dispute

Related: