Posts Tagged ‘National Security Agency’

Two years after Snowden, NSA revelations still hurting US tech firms in China

July 3, 2015

By James Griffiths
South China Morning Post

Edward Snowden began leaking information two years ago that could cost US firms tens of billions of dollars in lost business overseas. Photo: AFP

Revelations of digital surveillance by American spy agencies could end up costing US firms billions of dollars in lost business and lawmakers in Washington are falling short in their duty to address the issue, a US think tank has said.

Tech firms, in particular, have underperformed in foreign markets following the leaks by former National Security Agency contractor Edward Snowden, according to a paper published by the Information Technology and Innovation Foundation.

“Our original thought was once policy makers realised this was having an impact on business interests, they would take more aggressive action to address the concerns,” Daniel Castro, ITIF vice president, told the South China Morning Post. He helped author the report.

The ITIF predicted in 2013 that “even a modest drop” in the foreign market share for cloud computing could cost the US economy up to US$35 billion by 2016.

That now looks like a conservative estimate as the revelations of cyber-snooping have negatively affected “the whole US tech industry,” the report said.

READ MORE: UK and US spy agencies targeted Russian and Chinese anti-virus firms: Snowden leaks

Cloud computing firms and data centres have been some of the worst hit, with foreign companies choosing to avoid storing their data in the US following revelations about the NSA’s digital surveillance programmes.

A 2014 survey of British and Canadian businesses by Vancouver-based Peer 1 Hosting found that 25 per cent of respondents planned to pull data out of the US due to fears relating to data privacy.

In February, Beijing dropped a number of major American tech firms from its official state procurement list, including network equipment maker Cisco Systems, Apple, and security firm McAfee.

Brazilian President Dilma Rousseff recently met with her US counterpart Barack Obama after a long period of estrangement triggered by US spying claims. Photo: AP

“The Snowden incident, it’s become a real concern, especially for top leaders,” Tu Xinquan, associate director of the China Institute of WTO Studies in Beijing, told Reuters in April.

“In some sense, the American government has some responsibility for that. [China’s] concerns have some legitimacy.”

The White House and US International Trade Administration declined to comment on the matter, when contacted by the Post.

IBM, Microsoft and Hewlett-Packard have all reported diminished sales in China as a result of the NSA revelations, which first emerged in the summer of 2013.

The NSA was found to have tapped into the servers of major internet players like Facebook, Google and Yahoo to track online communication, among other forms of digital surveillance.

Chinese firms have also suffered due to security concerns, particularly in the US.

In 2012, a Congressional committee said that smartphone makers Huawei and ZTE were a national security threat because of their alleged ties with the Chinese government.

READ MORE: Ex-CIA chief Hayden claims Huawei spies for Chinese state

In April, US officials blocked technology exports to Chinese facilities associated with the Tianhe-2 supercomputer project, a blow to Intel and other hardware suppliers.

Even political parties in Germany have begun lampooning the US in response to its covert digital surveillance of key search engines and anti-virus software. Photo: AFP

“Both countries are looking into restrictions because of security, that’s not a good idea for either of them,” said Castro.

The ITIF paper recommends establishing international legal standards for government access to data, and developing what it terms a “Geneva Convention on the Status of Data”.

“We need to take certification out of the national level and move it to the international level. We don’t want each country to set security standards,” Castro said.

He warned that China’s pursuance of “protectionist” policies in the name of security could backfire if other countries follow suit and adopt standards that favour domestic over foreign firms for key infrastructure projects.

“China doesn’t want every other country to say ‘We have security concerns about you and refuse to buy your products,’” he added.

Castro pointed to China’s new security legislation, passed by the country’s top legislature on Wednesday, to shore up his argument that Beijing is “still going down that path”.

The sweeping law defines the scope of national security in far-reaching terms, ranging from finance, economy, politics, the military and cybersecurity to culture, ideology and religion.

One clause deals with establishing systems “for the protection of cyber and information security”.

Washington must respond if China keeps pursuing such protectionist policies but this will be problematic until concerns about NSA spying have been addressed, Castro said.

“At the end of the day, it is very hard to say with a straight face that you should buy US tech products, if the [US] government is not willing to stand up and say ‘We will not use this as a way to conduct surveillance in your countries.’”

U.S., China Pledge Cyber “Code of Conduct”

June 28, 2015

The Wall Street Journal’s Felicia Schwartz reports some signs of cooperation between China and the United States on the long fraught issue of cybersecurity. This week’s bilateral Strategic and Economic Dialogue took place against the backdrop of a stream of revelations about the extent of allegedly Chinese intrusions into U.S. government computer systems.

U.S. officials said the talks behind closed doors were “frank,” but public comments Wednesday at the conclusion of the meetings were largely conciliatory. U.S. officials complained about China’s behavior in the South China Sea and cyberspace, while emphasizing steps to narrow differences and find areas of common ground.

[…] “Our dialogue over the last 2½ days included a very frank discussion of some issues on which we have not always seen eye to eye,” Mr. Kerry said. “The U.S. is deeply concerned about cyber incursions that have raised security questions and, frankly, harmed American businesses.”

[…] Mr. Kerry said China had agreed to work with the U.S. to complete a code of conduct on cyber activities. “We believe very strongly that the U.S. and China should be working together to develop and implement a shared understanding of appropriate state behavior in cyberspace,” Mr. Kerry said. [Source]

The Council on Foreign Relations’ Adam Segal noted that no mention of the code is found in the State Department’s 127-point list of “specific outcomes and areas for further cooperation.” Nevertheless, he wrote, the pledge holds some promise:

While it was to be expected that official remarks at the conclusion of the meeting would be conciliatory—both sides want President Xi Jinping’s visit to the United States in September to go well—Washington and Beijing made parallel calls for cooperation on cybersecurity that could lay the groundwork for future discussions. At the opening of the dialogue, State Councilor Yang Jiechi stated that China wanted to develop with the United States and other countries an “international code of conduct for cyber information sharing.” though no details were offered on what that exactly means. […]

[…] Of course, the calls for cooperation may be nothing more than niceties, designed to reduce tensions in the run up to the September visit. From China’s perspective, it has always been open to greater cooperation. When accused of hacking, Chinese officials typically deny the claim, question the motives of the accuser, and then ritualistically invoke the need for international cooperation. But the call for cyber information sharing is new, and Washington should push Beijing to clarify what it means by information and how it would like to see sharing work. Good diplomacy can spin opportunities out of the introduction of new ideas. [Source]

When the hacking of the U.S. government’s Office of Personnel Management was first announced early this month, the number of employees affected was said to be around 4 million. With the subsequent discovery of another breach, estimates now reach as high as 18 million, including White House and congressional staff. Contrary to initial reports, the intruders had access to highly sensitive security clearance data for as long as a year. Such information would include “workers’ sexual partners, drug and alcohol abuse, debts, gambling compulsions, marital troubles, and any criminal activity,” which at the blunt end of the spectrum might leave them vulnerable to blackmail. More subtly, the data could be used to identify and then recruit potential intelligence sources through bribery or flattery, while providing a clear map of security clearance procedures and their possible weaknesses. Cross-referencing with data from other hacks might allow identification of staff who had failed to disclose information.

China denies any part in the attacks. But Michael Hayden, a former head of the National Security Agency and Central Intelligence Agency, has described the OPM’s data as “a legitimate foreign intelligence target,” adding that “this is not ‘shame on China.’ This is ‘shame on us’ for not protecting that kind of information.”

The OPM’s director offered a different interpretation during sustained congressional grilling over security failures at the agency. From Lisa Rein at The Washington Post:

“We have legacy systems that are very old,” Katherine Archuleta, director of the Office of Personnel Management, told Senate lawmakers at a hearing on the intrusion. “It’s an enterprise-wide problem. I don’t believe anyone is personally responsible.”

She then told Sen. Jerry Moran (R-Kan.), who pressed her repeatedly to take responsibility for failing to shore up the agency’s computer security, that the attackers are the ones to blame.

[…] Archuleta said she is “working very hard on correcting decades of inattention” to weak computer security at her agency, and credited her efforts to add new security defenses for discovering the breach in the first place. But the OPM’s inspector general described a history of failures by the agency to take basic security steps.

[…] Michael Esser, assistant inspector general for audit, testified that numerous recommendations to modernize aging systems and improve the security of modern ones have not been followed. He noted that a number of the systems that were breached in the hack disclosed in June were actually not “legacy systems,” but modern ones. [Source]

The agency’s initial efforts to notify affected employees also attracted criticism for encouraging behavior that could facilitate further attacks. Lax security at the OPM and beyond is described in detail in recent posts byArs Technica’s Sean Gallagher, who noted that some OPM contractors hired Chinese nationals. At least one of these, said to have had “direct access to every row of data in every database,” was actually based in China.

Security failings at the OPM are hardly unique, The New York Times’ David E. Sanger, Nicole Perlroth and Michael D. Shear reported last weekend:

The administration is urgently working to determine what other agencies are storing similarly sensitive information with weak protections. Officials would not identify their top concerns, but an audit issued early last year, before the Chinese attacks, harshly criticized lax security at the Internal Revenue Service, the Nuclear Regulatory Commission, the Energy Department, the Securities and Exchange Commission — and the Department of Homeland Security, which has responsibility for securing the nation’s critical networks.

At the Nuclear Regulatory Commission, which regulates nuclear facilities, information about crucial components was left on unsecured network drives, and the agency lost track of laptops with critical data.

Computers at the I.R.S. allowed employees to use weak passwords like “password.” One report detailed 7,329 “potential vulnerabilities” because software patches had not been installed. Auditors at the Department of Education, which stores information from millions of student loan applicants, were able to connect “rogue” computers and hardware to the network without being noticed. And at the Securities and Exchange Commission, part of the network had no firewall or intrusion protection for months. [Source]

CIA-linked data mining firm Recorded Future reported this week that it found login details for employees of 47 different government agencies posted online, and that 12 of these organizations failed to use two-factor authentication as an additional layer of security. Meanwhile, traces of malware that struck the OPM have been discovered on computers at the National Archives. ACLU technologist Christopher Soghoian commented:

I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.

[…] In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game. In other words, it’s all offense and no defense.

In this kind of environment, we simply have to assume that even our classified networks have been penetrated. Remember that Snowden was able to wander through the NSA’s networks with impunity, and that the agency had so few controls in place that the only way they can guess what has been taken is to extrapolate based on what has been published. Does anyone believe that Snowden was the first to take advantage of that lax security? I don’t.

[…] I am reminded of a comment made to me in confidence by a US intelligence official. I asked him what he was most worried about, and he replied: “I know how deep we are in our enemies’ networks without them having any idea that we’re there. I’m worried that our networks are penetrated just as deeply.” [Source]

While most have focused on the need for better defenses, some argue for counterattacks. Prospective Republican presidential candidate Mike Huckabee, for example, wrote that:

The response and retaliation to this behavior is simple-America should hack the Chinese government. We should hack the cell phones of some prominent Communist party leaders, hack the bank accounts of intelligence officials, publicly humiliate Chinese families for political corruption, or wipe-out a few critical Chinese computer systems. [Source]

UCLA’s Kristen Eichensehr, examining the OPM breach in light of the Department of Defense’s newly released Law of War Manual, wrote last week at Just Security that such bellicose rhetoric is unrealistic:

Debates are raging over just how damaging the two OPM hacks are. In the first of what are sure to be many congressional hearings on the breaches, Rep. Carolyn Maloney (D-NY) asserted that she “consider[s] this attack … a far more serious one to the national security” of the United States than the 9/11 attacks. Others have called the hacks the long-warned-about cyber 9/11 or cyber Pearl Harbor. But other commentators have pushed back. Robert Knake of CFR noted that he is “a bit blasé” about the hack because “if the Chinese government is indeed behind it, it’s not by any stretch the most dastardly thing they have done in cyberspace.” [Knake listed five worse cases attributed to China in a blog post at CFR.] Prof. Henry Farrell on the Washington Post‘s Monkey Cage blog similarly explained that “hacking into information on U.S. government employees, however sensitive, is not a Pearl Harbor attack,” but rather “an (extremely worrying) exercise in espionage.”

[…] Despite the debate over exactly how bad the OPM hacks are for national security, there is no doubt that they are a blow, the magnitude of which will become clearer over time. Where any US claim to the legal or moral high ground would be shaky at best, we should assume that spies are going to spy and act accordingly. This means that the government must better secure its sensitive information going forward and take steps to protect the individuals already put at risk. Beyond such responses, allusions to 9/11 and Pearl Harbor are misplaced and tend to frame these hacks in terms countenanced neither by realism in international relations nor by the rules of international law. [Source]

In any case, it remains unproven that China is the real culprit. The OPM hacks are thought to be the work of “Deep Panda,” an outfit associated with China’s Ministry of Public Security. But when Director of National Intelligence James Clapper said this week that China is “the leading suspect,” it was the strongest such statement to date by a serving U.S. official on the record. Michael Rogers, NSA director and commander of U.S. Cyber Command, has emphasized the enduring uncertainty about attribution of the attacks. From Patrick Tucker at Defense One:

Rogers spoke in response to a question about how the National Security Agency was going about attributing the breach to the Chinese government. “You’ve put an assumption in your question,” he said. “I’m not going to get into the specifics of attribution. It’s a process that’s ongoing.”

[…] The cybersecurity group FireEye says it’s “highly confident” that Chinese hackers did it, based on the kind of cables and telecommunications equipment involved, the type of data stolen, and the specific backdoors that the thieves used. “These backdoors, they’re commonly used by Chinese threat actors,” Michael Oppenheim, the intelligence operations manager at FireEye, told Defense One.

Oppenheim stopped short of formally accusing the Chinese government but added, “We believe that this aligns with Chinese interests.”

Oppenheim said that he was sympathetic to Rogers’s reluctance to formally attribute the breach to the Chinese government. “For someone in his position, you want to be 100-percent sure,” he said. [Source]

Another recent hacking case showed attackers leaving false tracks meant to implicate China. Russian security company Kaspersky revealed this month that it had discovered malware dubbed “Duqu 2” within its own systems. The firm’s technical paper on the intrusion refrained from explicit attribution (PDF), but noted:

[… T]he attackers have tried to include several false flags throughout the code, designed to send researchers in the wrong direction. For instance, one of the drivers contains the string “ugly.gorilla”, which obviously refers to Wang Dong, a Chinese hacker believed to be associated with the APT1/Comment Crew. The usage of the Camellia cypher in the MSI VFSes, previously seen in APT1-associated Poison Ivy samples is another false flag planted by the attackers to make researchers believe they are dealing with APT1 related malware. […]

Nevertheless, such false flags are relatively easy to spot, especially when the attacker is extremely careful not to make any other mistakes. [Source (PDF)]

The attackers also used a digital certificate apparently stolen from Taiwan-based Foxconn, possibly for similar reasons. From Kim Zetter at Wired:

The Taiwanese firm makes hardware for most of the major tech players, including Apple, Dell, Google, and Microsoft, manufacturing the likes of iPhones, iPads and PlayStation 4s. Taiwanese companies have been fruitful for this hacking group, who many believe to be Israeli: This marks at least the fourth time they have used a digital certificate taken from a Taiwan-based firm to get their malware successfully onto systems.

It’s unclear why the attackers focus on digital certificates from Taiwanese companies, but it may be to plant a false flag and misdirect investigators into thinking China is behind the malware attacks, says Costin Raiu, director of Kaspersky’s Global Research and Analysis Team.

The strategy of stealing and corrupting otherwise-legitimate certificates is particularly galling to the security community because it undermines one of the crucial means for authenticating legitimate software. [Source]

Kaspersky found that Duqu 2 had been used to infiltrate hotels hosting Iran nuclear talks, allowing access to security cameras, microphones, Wi-Fi networks, phone communications, and hotel records. Coincidentally, reports last week indicated that the U.S. State Department will no longer use the Waldorf Astoria as a New York base for its staff following its acquisition by the Beijing-based Anbang Insurance Group last year.

The intrusions may go much deeper. As the OPM story developed, The Sunday Times reported anonymous British officials’ claims that documents leaked by former NSA contractor Edward Snowden had fallen into Russian and Chinese hands. The article was immediately and widely mauled, particularly after its author told CNN that none of its specifics could be verified and that “we just publish what we believe to be the position of the British government at the moment.” At Wired, security technologist Bruce Schneier wrote that Snowden’s actions were probably beside the point anyway.


Michael Hayden Says U.S. Is Easy Prey for Hackers

June 24, 2015

Former CIA and NSA chief says ‘shame on us’ for not protecting critical information better

Photo credit CBS/Reuters
Michael Hayden says the impact of Edward Snowden’s leaks on data-collection efforts was minimal.

Few are as qualified to speak, or as outspoken, as retired Gen. Michael Hayden on the topic of cyberespionage. Gen. Hayden, after a career in the U.S. Air Force, became the only person to have served as director of both the National Security Agency and the Central Intelligence Agency. Today he is a principal at the Chertoff Group, a global advisory firm focused on security and risk management.

The Wall Street Journal’s editor in chief, Gerard Baker, spoke with Gen. Hayden about his views on Chinese hacking, the security risk to companies globally, and a U.S. political climate in which the general says Americans haven’t decided how they want the government to respond to cyberthreats.

Edited excerpts of their conversation follow.

How serious?

MR. BAKER: How serious a breach of security was the recent hacking of the Office of Personnel Management? [Hackers stole millions of personnel records from the agency functioning as the federal government’s human-resources department.]

GEN. HAYDEN: The current story is this was done by the Ministry of State Security—very roughly the [Chinese] equivalent of the CIA. Those records are a legitimate foreign intelligence target. If I, as director of the CIA or NSA, would have had the opportunity to grab the equivalent in the Chinese system, I would not have thought twice, I would not have asked permission.

So this is not shame on China. This is shame on us for not protecting that kind of information.

This is a tremendously big deal. And my deepest emotion is embarrassment.

MR. BAKER: How does it happen? We always hope America has greater sophistication.

GEN. HAYDEN: There are three layers: the government system, the political system and popular culture. So, the governmental system: Raw incompetence is the best explanation I can offer you. That’s at the executive-branch level. At the political level, we began last week in Washington with reining in the renegade National Security Agency for actually having phone bills—yours and mine—up at Fort Meade. Wednesday, we have the Boston Police Department shooting someone who is committed to behead people. And Thursday, we learned that OPM had lost four, make it 14, million sets of records.

At the level of popular culture, we Americans have not yet decided what it is we want or what it is we will permit our government to do in this cyber domain. And until we make those decisions, these kinds of events are more likely.

MR. BAKER: If the federal government can be infiltrated in this way, what hope can you offer to companies?

GEN. HAYDEN: American military doctrine says this cyber thing is a domain. There are no rivers or hills up here. It’s all flat. All advantage goes to the attacker. That’s one reality.

MICHAEL HAYDEN | ‘We only steal stuff to keep you free and to keep you safe. We do not steal stuff to make you rich.’
MICHAEL HAYDEN | ‘We only steal stuff to keep you free and to keep you safe. We do not steal stuff to make you rich.’ PHOTO: PAUL MORSE/DOW JONES

Then, all of us just fell in love with the ease and convenience and scale, so we decided to take things we used to keep if not in a safe, at least in our desk drawer, and put it up here, where it’s by definition more vulnerable.

No. 3, we still have a bunch of scrimmages down here in physical space about what it is you will let your government do to keep you safe. We have no consensus whatsoever up here in the cyber domain.

What’s the impact for you? The impact is the next sound you hear will not be a digital bugle signaling the arrival of the digital cavalry to come save the day. The government ain’t coming. You’re not quite on your own, but you are more on your own up here [in cyberspace] than you in your lifetime have ever experienced being on your own down here.

Asymmetrical threat

MR. BAKER: One thing the U.S. government won’t do: China and other countries use their intelligence agencies to obtain commercially valuable information to benefit their companies or state-owned enterprises.

GEN. HAYDEN: We only steal stuff to keep you free and to keep you safe. We do not steal stuff to make you rich. I know of four other countries that can say those last two sentences. Everyone else steals for commercial advantage.

I’ve met with PLA 3 [the People’s Liberation Army, Third Department], the Chinese cyberstealing thing. I never had this conversation with PLA 3, but I can picture it as: “You know, we’re both professionals. You steal stuff, I steal stuff, but you know, fundamentally, you’re just stealing the wrong stuff.…You can’t get your game to the next level by just stealing our stuff. You’re going to have to innovate. And as soon as you start to innovate, you’re going to be as interested as we are in people not stealing your innovation.”

MR. BAKER: Do you think that Chinese companies, especially in the technology fields, are routinely operating essentially on behalf of the Chinese government and using whatever means they can in the U.S. market to obtain intelligence information?

GEN. HAYDEN: All enterprises and major players need to pay attention to the needs of the government of the country of which they are a part. At one level, it would be unconscionable for a company like Huawei not to be responsive to Chinese national-security needs.

MR. BAKER: That doesn’t seem to apply to Apple, does it?

GEN. HAYDEN: Apple and Google want to create encryption for which they could not provide you the key. Their business model will not survive if the American government has a special relationship with them that requires them to surrender this kind of information.

As Baidu and Huawei become international companies, they won’t survive either if they’re seen to be tools of the Chinese government.

MR. BAKER: Does the U.S.A. Freedom Act, phasing out bulk collection of phone records by the NSA, make Americans safer than they were before or—

GEN. HAYDEN: They are definitely not safer. They are more comfortable, but they are definitely not safer. It remains to be seen if they are less safe.

Includes video:

Cyberattacks an “enormous” threat to U.S. national and economic security, former CIA director says

June 15, 2015


(Newsmax) – Cyberattacks are an “enormous” threat to U.S. national and economic security, said retired Army general and former Central Intelligence Agency director David Petraeus.

“When you look at the massive theft of personal data, the massive theft of intellectual property, the damage done to business by denial of service attacks,” Petraeus, an executive at private-equity firm KKR & Co., said on the “Wall Street Week” television program. “This is a big, big challenge to our country.”

The U.S. Office of Personnel Management disclosed on June 4 that computer hackers had stolen employment data on 4 million government employees. U.S. investigators estimate that the theft may include information on as many as 14 million people.

Special Headline: Guess Who’s About To Go Bankrupt in America [Learn More]

U.S. officials are concerned that the hackers accessed databases that included background checks for national security clearances, including forms providing personal histories, foreign travel, arrests, drug and alcohol use and other details that could be used foreign intelligence operatives for blackmail or recruitment.

Petraeus is the chairman of the KKR Global Institute, an internal think-tank, which analyzes geopolitical, macroeconomic, trade and technology trends to better inform investment decisions.

China Threat

The former four-star general, who led forces in Iraq and Afghanistan, said he fears that cyberattacks will be a more serious problem five years from now.

“There’s no question that the industrial-strength threat emanates from China,” he said, adding that Syria and Russia also pose dangers. Operating systems in the U.S. electrical grid and water systems are vulnerable, he said. The federal government needs to spend more to strengthen the cybersecurity of U.S. infrastructure, he said.

Turning to energy, Petraeus said that a nuclear deal with Iran that leads to the lifting of sanctions could add another 1 million to 1.5 million barrels of oil a day to the global market within nine to 15 months. Aggregate supply will continue to outpace aggregate demand, leading to lower prices.

In April, Petraeus was sentenced by a federal magistrate judge to two years probation and ordered to pay a $100,000 for giving classified material to Paula Broadwell, his biographer with whom he had an extramarital affair.

“Wall Street Week” is produced by SkyBridge Media, an affiliate of SkyBridge Capital, the fund-of-funds business founded by Anthony Scaramucci. SkyBridge, which sometimes has other business relationships with the shows participants, advertisers and sponsors, pays Fox stations in key markets to broadcast the show and also streams it online every Sunday at 11 a.m. in New York.

SPECIAL: We must stop America’s Fraud President NOW! Force the hand of Congress to oust him. Pull out all the stops. Give it everything you’ve got. Send an IMPEACH OBAMA fax, an IMPEACH OBAMA petition, and a PINK SLIP WARNING to every member of Congress—all 535 members of the House and Senate—for a donation of just $50 or more.

–With assistance from Chris Strohm and Michael Riley in Washington.

To contact the reporter on this story: Martin Z. Braun in New York at To contact the editors responsible for this story: Dave Liedtka at Kenneth Pringle

– See more at:





 (China has a pattern of silencing or censoring critics)

‘Edward Snowden has blood on his hands': MI6 is forced to pull spies out of hostile countries

June 14, 2015


  • Classified files could lead to identification of British and American spies
  • Spy chiefs in Russia and China have cracked one million top-secret files
  • Home Office official has accused Snowden of having ‘blood on his hands’
  • Security services have ‘had difficulties tracking terrorists’ since the leaks 

MI6 has pulled its spies out of ‘hostile countries’ and America’s intelligence agencies are on high alert after Russia and China cracked encrypted files leaked by fugitive whistleblower Edward Snowden.

The top-secret documents contain information that could lead to the identification of British and American spies, according to senior officials in Downing Street, the Home Office and the security services.

A senior Home Office official accused Snowden – the former National Security Agency (NSA) contractor responsible for the biggest confidential information leak in US history – of having ‘blood on his hands’ after they gained access to over one million files.

Leaked: MI6 has pulled its spies out of 'hostile countries' after Russia and China cracked encrypted files leaked by whistleblower Edward Snowden (pictured) which could identify its agents

Aides in British Prime Minister David Cameron's office have confirmed the top-secret material is now in the hands of spy chiefs in Moscow (President Vladimir Putin, left) and Beijing (President Xi Jinping, right)

Security services have reported increasing difficulties in tracking terrorists and dangerous criminals via email, chat rooms and social media since he exposed Western intelligence-gathering methods, the Sunday Times reports.

Now aides in British Prime Minister David Cameron’s office have confirmed the top-secret material is now in the hands of spy chiefs in Moscow and Beijing.

A senior Downing Street source told the Sunday Times: ‘It is the case that Russians and Chinese have information.

‘It has meant agents have had to be moved and that knowledge of how we operate has stopped us getting vital information.’

A British intelligence source added: ‘Snowden has done incalculable damage. In some cases the agencies have been forced to intervene and lift their agents from operations to prevent them from being identified and killed.

John Oliver grills Ed Snowden over leaked NSA documents


nowden said he was protecting 'privacy and basic liberties' by leaking over one million confidential files and claimed America's NSA and British-based GCHQ (pictured) were spying on innocent people

nowden said he was protecting ‘privacy and basic liberties’ by leaking over one million confidential files and claimed America’s NSA and British-based GCHQ (pictured) were spying on innocent people

A senior Home Office official accused Snowden, a former contractor at the National Security Agency (NSA), of having 'blood on his hands' after Russia and China gained access to over one million files

A senior Home Office official accused Snowden, a former contractor at the National Security Agency (NSA), of having ‘blood on his hands’ after Russia and China gained access to over one million files

Security services have reported increasing difficulties in tracking since Snowden (pictured) exposed Western intelligence-gathering methods

Security services have reported increasing difficulties in tracking since Snowden (pictured) exposed Western intelligence-gathering methods

‘We know Russia and China have access to Snowden’s material and will be going through it for years to come, searching for clues to identify potential targets.’

Former GCHQ director Sir David Omand believes the leak represents a ‘huge strategic setback’ which is ‘harming to Britain, America and their NATO allies’.

Snowden has done incalculable damage. In some cases the agencies have been forced to intervene and lift their agents from operations to prevent them from being identified and killed
British intelligence source

He said the leak could spark a ‘global intelligence arms race’, adding: ‘I have no doubt whatever that programmes are being launched and money is being spent to try and catch up.

‘That’s probably true not just of China and Russia but a number of other nations who have seen some of this material to be published.

‘I am not at all surprised that people are being pulled back and operations where people are exposed are having to be shut down, at least for the moment.’

An official at British Prime Minister David Cameron’s office has played down the threat posed to agents by saying there is ‘no evidence of anyone being harmed’.

Snowden fled the United States for Moscow in 2013 after he released 1.7 million secret documents from Western intelligence agencies to the media – and has remained under the protection of President Vladimir Putin’s regime ever since.

Snowden said he was protecting ‘privacy and basic liberties’ and claimed America’s NSA and British-based GCHQ were carrying out massive surveillance programmes which target millions of innocent people.

Anonymous artists erect Snowden statue in New York park


Edward Snowden is hailed as a hero by some but a British intelligence source has accused him of doing 'incalculable damage'

Edward Snowden is hailed as a hero by some but a British intelligence source has accused him of doing ‘incalculable damage’

David Miranda (left) the boyfriend of the Guardian journalist Glenn Greenwald, was seized at Heathrow in 2013 in possession of 58,000 'highly classified' intelligence documents after visiting Snowden in Moscow

David Miranda (left) the boyfriend of the Guardian journalist Glenn Greenwald, was seized at Heathrow in 2013 in possession of 58,000 ‘highly classified’ intelligence documents after visiting Snowden in Moscow

Another intelligence source in the United States said the damage done by Snowden was ‘far greater than what has been admitted’.

It is unclear whether Snowden voluntarily handed over the secret documents to remain in Hong Kong and Moscow, or whether the countries stole his data.

But a senior Home Office source said: ‘Why do you think Snowden ended up in Russia?

‘Putin didn’t give him asylum for nothing. His documents were encrypted but they weren’t completely secure and we have now seen our agents and assets being targeted.’

David Miranda, the boyfriend of the Guardian journalist Glenn Greenwald, was seized at Heathrow in 2013 in possession of 58,000 ‘highly classified’ intelligence documents after visiting Snowden in Moscow.

During the ensuing court hearing Oliver Robbins, then deputy national security adviser in the Cabinet Office, said that the release of the information ‘would do serious damage to UK national security, and ultimately put lives at risk’.

Eventually the High Court ruled there was ‘compelling evidence’ that stopping Miranda was ‘imperative in the interests of national security’ and publishing the documents would endanger lives.

Read more:
Follow us: @MailOnline on Twitter | DailyMail on Facebook



Britain Pulls Spies Out of Russia, China — “Our agents and assets being targeted” as a Result of Snowden, Cyber Hacking, Leaks

June 14, 2015

LONDON (Reuters) – Britain has pulled out agents from live operations in “hostile countries” after Russia and China cracked top-secret information contained in files leaked by former U.S. National Security Agency contractor Edward Snowden, the Sunday Times reported.

Security service MI6, which operates overseas and is tasked with defending British interests, has removed agents from certain countries, the newspaper said, citing unnamed officials at the office of British Prime Minister David Cameron, the Home Office (interior ministry) and security services.

Snowden downloaded more than 1.7 million secret files from security agencies in the United States and Britain in 2013, and leaked details about mass surveillance of phone and internet communications.

The United States wants Snowden to stand trial after he leaked classified documents, fled the country and was eventually granted asylum in Moscow in 2013.

He went to Russia via Hong Kong, and although he claimed in 2013 that the encrypted files remained secure, Britain believed both Russia and China had cracked documents which contain details that could allow British and American spies to be identified, the newspaper said, citing officials.

Former U.S. National Security Agency contractor Edward Snowden appears live via video during a student organized world affairs conference at the Upper Canada College private high school in Toronto, February 2, 2015. REUTERS/Mark Blinch/Files

British Foreign Secretary Philip Hammond said Snowden had done a huge amount of damage to the West’s ability to protect its citizens.

“As to the specific allegations this morning, we never comment on operational intelligence matters so I’m not going to talk about what we have or haven’t done in order to mitigate the effect of the Snowden revelations, but nobody should be in any doubt that Edward Snowden has caused immense damage,” he told Sky News.

An official at Cameron’s office was quoted, however, as saying that there was “no evidence of anyone being harmed.” A spokeswoman at Cameron’s office declined to comment when contacted by Reuters.

A Home Office source told the newspaper that Russian President Vladimir Putin did not grant Snowden asylum for nothing.

“His documents were encrypted but they weren’t completely secure and we have now seen our agents and assets being targeted,” the source said.

A British intelligence source said Snowden had done “incalculable damage”.

“In some cases the agencies have been forced to intervene and lift their agents from operations to stop them being identified and killed,” the source was quoted as saying.

British security agencies declined to comment.

The Russian and Chinese governments were not immediately available for comment.


The revelations about the impact of Snowden on intelligence operations comes days after Britain’s terrorism law watchdog said the rules governing the security services’ abilities to spy on the public needed to be overhauled.

Conservative lawmaker and former minister Andrew Mitchell said the timing of the report was “no accident”.

“There is a big debate going on,” he told BBC radio. “We are going to have legislation bought back to parliament (…) about the way in which individual liberty and privacy is invaded in the interest of collective national security.

“That’s a debate we certainly need to have.”

Cameron has promised a swathe of new security measures, including more powers to monitor Briton’s communications and online activity in what critics have dubbed a “snoopers’ charter”.

Britain’s terrorism laws reviewer David Anderson said on Thursday the current system was “undemocratic, unnecessary and – in the long run – intolerable”.

He called for new safeguards, including judges not ministers approving warrants for intrusive surveillance, and said there needed to be a compelling case for any extensions of powers.

(Reporting By Costas Pitas and Paul Sandle; additional reporting by Mark Hosenball and Polina Devitt; editing by Chizu Nomiyama and Rosalind Russell)

Chinese hack compromised security-clearance database

June 13, 2015

By Ellen Nakashima
The Washington Post

The Chinese breach of the Office of Personnel Management network was wider than first acknowledged, and officials said Friday that a database holding sensitive security clearance information on millions of federal employees and contractors also was compromised.

In an announcement, OPM said that investigators concluded this week with “a high degree of confidence” that the agency’s systems containing information related to the background investigations of “current, former and prospective” federal employees, and others for whom a background check was conducted, were breached.

OPM is assessing how many people were affected, spokesman Samuel Schumach said. “Once we have conclusive information about the breach, we will announce a notification plan for individuals whose information is determined to have been compromised,” he said.

The announcement of the hack of the security-clearance database comes a week after OPM disclosed that another personnel system had been compromised. The discovery of the first breach led investigators to find the second — all part of one campaign by the Chinese, U.S. officials say, evidently to obtain information valuable to counter­espionage.

“This is potentially devastating from a counter­intelligence point of view,” said Joel Brenner, a former top counter­intelligence official for the U.S. government, speaking about the latest revelation. “These forums contain decades of personal information about people with clearances . . . which makes them easier to recruit for foreign espionage on behalf of a foreign country.”

Last week, OPM announced that a database containing the personal information of about 4 million current and former federal employees was hacked. Privately, U.S. officials said the Chinese government was behind the breach. The administration has not publicly pointed a finger at Beijing.

The breach of that data system affected 4.1 million individuals — all 2.1 million current federal civilian employees and 2 million retired or former employees. Information on officials as senior as Cabinet secretaries may have been breached. The president’s and vice president’s data were not, officials said.
China has dismissed the hacking allegations, with a Foreign Ministry spokesman last week calling them “irresponsible and unscientific.”

The separate background-check database contains sensitive information — called SF-86 data — that includes applicants’ financial histories and investment records, children’s and relatives’ names, foreign trips taken and contacts with foreign nationals, past residences, and names of neighbors and close friends.

That database was also breached last year by the Chinese in a separate incident, and the new intrusion underscores how persistent and determined Beijing is in going after data valuable to counter­espionage.

“The adversary is obviously very interested in that data,” said a U.S. official, who, like several others who were interviewed, spoke on the condition of anonymity because of the ongoing investigation.

Four million people affected by U.S. cyber hack(0:38)
Chinese hackers breached the computer system of the Office of Personnel Management in December, compromising the personal information of four million former and current employees. (Reuters)
The discovery of the second compromise was not exactly a surprise. “It’s like cancer,” a second U.S. official said. “Once you start operating on the cancer, you find it has spread to other areas of the body.”

Employees of intelligence agencies, such as the CIA, generally do not have the records of their clearance checks held by OPM, although some do, officials said.

“That’s the open question — whether it’s going to hit CIA folks,” the second official said. “It would be a huge deal. They could start unmasking identities.”

Matthew Olsen, a former National Security Agency general counsel and former head of the National Counter­terrorism Center, said the breach is “truly significant.” The data can be used in many different ways to target people, “whether it’s blackmail, to recruit, to punish individuals in China who are connected to people in the United States.”

In the past year or two, the Chinese government has begun building massive databases of Americans’ personal information obtained through cyber­espionage. Besides the series of OPM intrusions, a federal government contractor that conducted background investigations for OPM and the Department of Homeland Security was hacked last year by the Chinese. And Beijing has been linked to penetrations of several health insurance companies that hold personal data on tens of millions of Americans.


“Who can be surprised?” Brenner said. “They’re making a concerted effort to gather vast quantities of information about Americans. This is perfectly clear. That they have all this clearance information is a disaster.”

President Obama, as with previous high-profile breaches, has been briefed on the investigation. What steps, if any, the administration can or should take in response is a difficult discussion, current and former officials said.

“There are a whole array of things we need to do across the board, from raising our defenses to making sure that this stuff isn’t actually on the criminal underground to understanding the full scope” of the breach, the first official said. “We haven’t gotten there yet.”

What complicates this case is that unlike many other Chinese breaches­ of U.S. networks, the OPM hacks do not involve theft of commercial secrets. Last year, the United States indicted five Chinese military officials on charges of commercial cyber­espionage. With traditional espionage, the options are fewer.

“You’re not going to start a shooting war over this,” a former intelligence official said. “We need to improve our ­defenses. We also want to go on the offense.”

Offensive actions might include directing a U.S. agency to locate the servers holding the stolen data and deleting or altering the data, the former official said.

The administration timed its announcement last week of the initial OPM breach to comply with its own policy, as reflected in proposed legislation, to notify individuals of a breach within 30 days of concluding that there is a “reasonable basis to believe” that personal information has been compromised, the first U.S. official said.

Although the breach was discovered in April, it was not until early May that investigators determined that employees’ personal data probably was taken. That led to the announcement last week even though, the official said, the investigation was not complete.

During a briefing for congressional staff last week, Ann Barron-DiCamillo, a senior DHS official, tried to explain the delay in alerting employees to the breach. “It takes time to do the forensics and to understand what’s happened, and even to understand what data, if any, has been exposed,” she said, according to notes taken by a congressional aide.
The breach, she said, took place in December. “It took awhile to pinpoint what actually went out the door because it happened six months ago,” she said.

Adam Goldman and Lisa Rein contributed to this report.

Ellen Nakashima is a national security reporter for The Washington Post. She focuses on issues relating to intelligence, technology and civil liberties.





 (China has a pattern of silencing or censoring critics)

U.S. Government Reveals “Second Data Breach” By Chinese Hackers — Obama Considers Sanctions

June 13, 2015

WASHINGTON (AP) — Deeply personal information submitted by U.S. intelligence and military personnel for security clearances – mental illnesses, drug and alcohol use, past arrests, bankruptcies and more – is in the hands of hackers linked to China, officials say.

In describing a cyberbreach of federal records dramatically worse than first acknowledged, authorities point to Standard Form 86, which applicants are required to complete. Applicants also must list contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant’s Social Security number and that of his or her cohabitant are required.

In a statement, the White House said that on June 8, investigators concluded there was “a high degree of confidence that … systems containing information related to the background investigations of current, former and prospective federal government employees, and those for whom a federal background investigation was conducted, may have been exfiltrated.”

“This tells the Chinese the identities of almost everybody who has got a United States security clearance,” said Joel Brenner, a former top U.S. counterintelligence official. “That makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That’s a gold mine. It helps you approach and recruit spies.”

The Office of Personnel Management, which was the target of the hack, did not respond to requests for comment. OPM spokesman Samuel Schumach and Jackie Koszczuk, the director of communications, have consistently said there was no evidence that security clearance information had been compromised.

The White House statement said the hack into the security clearance database was separate from the breach of federal personnel data announced last week – a breach that is itself appearing far worse than first believed. It could not be learned whether the security database breach happened when an OPM contractor was hacked in 2013, an attack that was discovered last year. Members of Congress received classified briefings about that breach in September, but there was no public mention of security clearance information being exposed.

Nearly all of the millions of security clearance holders, including some CIA, National Security Agency and military special operations personnel, are potentially exposed in the security clearance breach, the officials said. More than 4 million people had been investigated for a security clearance as of October 2014, according to government records.

Regarding the hack of standard personnel records announced last week, two people briefed on the investigation disclosed Friday that as many as 14 million current and former civilian U.S. government employees have had their information exposed to hackers, a far higher figure than the 4 million the Obama administration initially disclosed.

American officials have said that cybertheft originated in China and that they suspect espionage by the Chinese government, which has denied any involvement.

The newer estimate puts the number of compromised records between 9 million and 14 million going back to the 1980s, said one congressional official and one former U.S. official, who spoke to The Associated Press on condition of anonymity because information disclosed in the confidential briefings includes classified details of the investigation.

There are about 2.6 million executive branch civilians, so the majority of the records exposed relate to former employees. Contractor information also has been stolen, officials said. The data in the hack revealed last week include the records of most federal civilian employees, though not members of Congress and their staffs, members of the military or staff of the intelligence agencies.

On Thursday, a major union said it believes the hackers stole Social Security numbers, military records and veterans’ status information, addresses, birth dates, job and pay histories; health insurance, life insurance and pension information; and age, gender and race data.

The personnel records would provide a foreign government an extraordinary roadmap to blackmail, impersonate or otherwise exploit federal employees in an effort to gain access to U.S. secrets -or entry into government computer networks.

Outside experts were pointing to the breaches as a blistering indictment of the U.S. government’s ability to secure its own data two years after a National Security Agency contractor, Edward Snowden, was able to steal tens of thousands of the agency’s most sensitive documents.

After the Snowden revelations about government surveillance, it became more difficult for the federal government to hire talented younger people into sensitive jobs, particularly at intelligence agencies, said Evan Lesser, managing director of, a website that matches security-clearance holders to available slots.

“Now, if you get a job with the government, your own personal information may not be secure,” he said. “This is going to multiply the government’s hiring problems many times.”

The Social Security numbers were not encrypted, the American Federation of Government Employees said, calling that “an abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce.”

“Unencrypted information of this kind this is disgraceful – it really is disgraceful,” Brenner said. “We’ve had wakeup calls now for 20 years or more, and we keep hitting the snooze button.”

The OPM’s Schumach would not address how the data was protected or specifics of the information that might have been compromised, but said, “Today’s adversaries are sophisticated enough that encryption alone does not guarantee protection.” OPM is nonetheless increasing its use of encryption, he said.

The Obama administration had acknowledged that up to 4.2 million current and former employees whose information resides in the Office of Personnel Management server are affected by the December cyberbreach, but it had been vague about exactly what was taken.

J. David Cox, president of the American Federation of Government Employees, said in a letter Thursday to OPM director Katherine Archuleta that based on incomplete information OPM provided to the union, “the hackers are now in possession of all personnel data for every federal employee, every federal retiree and up to 1 million former federal employees.”

Another federal employee group, the National Active and Retired Federal Employees Association, said Friday that “at this point, we believe AFGE’s assessment of the breach is overstated.” It called on the OPM to provide more information.

Former Rep. Mike Rogers, one-time chairman of the House Intelligence Committee, said last week that he believes China will use the recently stolen information for “the mother of all spear-phishing attacks.”

Spear-phishing is a technique under which hackers send emails designed to appear legitimate so that users open them and load spyware onto their networks.

Associated Press writer Lolita C. Baldor contributed to this report.


WASHINGTON — The White House on Friday revealed that hackers had breached a second computer system at the Office of Personnel Management, and said that President Obama was considering financial sanctions against the attackers who gained access to the files of millions of federal workers.


But on Friday, officials said they believed that a separate computer system at the agency was breached by the same hackers, putting at risk not only data about the federal employees, but also information about friends, family members and associates that could number millions more. Officials said that the second system contained files related to intelligence officials working for the F.B.I., defense contractors and other government agencies.


A senior government official, speaking on the condition of anonymity, said that investigators became aware of the second intrusion while assessing the damage from the first breach. The official said the information apparently taken in the second breach appeared not to be limited to federal employees.

The database contains copies of what is known as Standard Form 86, a questionnaire filled out by applicants for national security positions. The 127-page form can include medical data, including information on treatment or hospitalization for “an emotional or mental health condition.”

In addition, the form asks for detailed information on close relatives and “people who know you well.” The form has spaces for each contact’s home or work address, email address, phone number and other information.

The personnel office has said that the number of federal employees and applicants affected could rise beyond the four million already reported. If the relatives and close contacts are included, the total number of people affected could be several times as high, officials said.

At the White House, officials said that Mr. Obama was weighing the use of an executive order he signed in April that allows the Treasury secretary to impose sanctions on individuals or groups that engage in malicious cyberattacks, or people who benefit from them.

Read the rest:

China’s Night Dragon cyber army has infiltrated every corner of Britain

June 8, 2015

  • Whistleblower Shawn Carpenter uncovered Chinese cyber-espionage ring
  • Special units of the People’s Liberation Army stole secrets from the West
  • Code-named Titan Rain, it is the biggest cyber espionage hack in history
  • Elite group of hackers plundered secrets from 141 companies in the West

Back in May 2004, Shawn Carpenter, a computer intrusion expert at Sandia National Laboratories – which work on the USA’s nuclear weapons programme – began investigating a cyber security breach.

He had seen similar attacks on defence giant Lockheed Martin, which controls Sandia. Whoever was behind them was good – grabbing what they wanted in moments and always leaving a backdoor open so they could return.

Carpenter used a technique called ‘back-hacking’ to pursue the attackers online, all the way through Hong Kong, Taiwan and South Korea where they stashed their stolen files to their source – Guangdong in southern China.

Scroll down for video  

Titan Rain - the biggest cyber espionage campaign in history - allowed China to plunder priceless military and commercial secrets from the West

Titan Rain – the biggest cyber espionage campaign in history – allowed China to plunder priceless military and commercial secrets from the West

Carpenter installed code on the hackers’ machine which sent an email every time they were active. Two weeks later, he had 23,000 messages. This was much more than one individual. It was a huge team working all hours.

Carpenter had uncovered Titan Rain – the biggest cyber espionage campaign in history, and part of a programme which allowed China to plunder priceless military and commercial secrets from the West.

Special units of the People’s Liberation Army stole secrets ranging from America’s stealth bomber blueprints and Coca-Cola’s business strategy to British Government briefings and BP geological reports.

Titan Rain’s reach was vast. Terabytes of data on the B-2 Spirit stealth bomber and the F-35 Joint Strike Fighter had been stolen from companies including BAE.

There were at least 500 significant intrusions into the US military. The blueprints for planes, space-based lasers, missile navigation and nuclear submarines had all been stolen. One American said there was not a defence contractor that had not been penetrated.

And it was not just America. An email arrived in the London inbox of a Foreign Office diplomat in October 2003 purporting to come from a Tibetan group campaigning for autonomy from China. An attachment hid a malicious Trojan horse virus that allowed access to parts of the Foreign Office network.

Special units of the People's Liberation Army stole military and commercial secrets from the West

Special units of the People’s Liberation Army stole military and commercial secrets from the West

Never revealed before, this was the first serious known intrusion into British Government systems. Officials won’t name who they think was responsible, but the email came from Beijing.

The more analysts began to look, the more they found. Britain’s cyber security watchdog at the time, the National Infrastructure Security Co-ordination Centre (NISCC), warned in June 2005 that the Government and nearly 300 critical businesses – in defence, telecoms and national security – had been hit. But the Foreign Office forbade it from mentioning China for fear of the diplomatic impact.

At the same time a vast Chinese company – which the US had kept out for fear of espionage – was entering into the heart of Britain’s technological infrastructure. Fears that it could be a secret information gateway to Beijing led to a secret centre being set up in Oxfordshire to make sure our network remains secure.

Old-school espionage involved breaking into an office to steal files, but modern spying has adapted. The first step is emailing someone at the target organisation, perhaps posing as a colleague, and tricking them into downloading an attachment that allows hackers into the system.

One specialist will search for likely targets, another remotely copies and removes files to an anonymous electronic ‘safe house’. Information is then retrieved by spies in Shanghai, Moscow, Tel Aviv or even Cheltenham, home to GCHQ.

The beauty is that this can be done from the other side of the world – and if you are lucky, no one will ever know you were there.

The most notorious group of cyber-spies was code-named APT1 – investigators found evidence of them in the systems of 141 companies in the English-speaking world.

Once inside, APT1 hackers stayed for an average of 356 days – and in one case roamed for a remarkable four years and ten months.

A new drug or aircraft engine costing millions in research can be siphoned off in a few moments.

Western experts started talking about heavily protected Chinese research institutes and the companies linked to them suddenly making huge leaps forward. US experts point out that China achieved the advanced skill of making a submarine move quietly far faster than the US or Russia.

The most notorious group of cyber-spies was code-named APT1 – investigators found evidence of them in the systems of 141 companies in the English-speaking world

The Chinese J-20 stealth aircraft arrived around a decade after Chinese hackers compromised a US research facility. And when Coca-Cola was negotiating the multi-billion-dollar purchase of a Chinese company, the APT1 group is believed to have got hold of its negotiating strategy. The bid failed.

A different campaign by a group called Night Dragon targeted BP, Shell and Exxon in search of highly valuable geological data about gas and oil prospects – gold-dust to resource-hungry China.

The language was apocalyptic: ‘The greatest transfer of wealth in history’ is how Keith Alexander, then-director of America’s National Security Agency, described cyber espionage in 2012. Others feared as much as a trillion dollars worth of damage. But by following the data trail left by APT1, investigators tracked them to a door in a down- at-heel part of Shanghai that housed Unit 61398 of the People’s Liberation Army. Inside, hundreds worked in a 130,000 sq ft building.

One blog posting by a 25-year-old hacker described a world of long hours, low pay and boredom. He wore a uniform but lived in a dorm and had little time for anything other than work or surfing the internet. ‘I want to escape,’ he wrote.

GCHQ and the NSA spied on the spies, remotely switching on the webcam of an attacker’s computer to see them at work. In 2014, the US Department of Justice took the unprecedented step of charging five members of PLA 61398 with hacking. The FBI issued ‘Cyber’s Most Wanted’ posters featuring photos of the hackers, including one who used the pseudonym UglyGorilla. In a deliberately provocative move, two were pictured in PLA uniform.

Meanwhile, Western companies rarely admit they have been breached. Such an admission would hit the share price straight away, while the actual cost in terms of intellectual property theft may not become apparent for years. By then, directors will almost certainly have moved on, their bonuses intact. But the final cost can be immense.

In 2004, a British employee of the Canadian telecoms giant Nortel became curious about a senior executive downloading documents connected with his work. When he emailed to offer help, the executive replied tersely: ‘I don’t know what you are talking about.’

Keith Alexander, the then-director of America's National Security Agency, said it was 'the greatest transfer of wealth in history'

Keith Alexander, the then-director of America’s National Security Agency, said it was ‘the greatest transfer of wealth in history’

Nortel alerted security expert Brian Shields, who found hackers had used the accounts of seven executives in Canada to send more than 1,500 documents to China over the previous six months – with evidence of theft going back to 2000. Shields was already aware of the threat – Nortel had been trying to get into the Chinese market since the 1990s when concerns became immediately apparent. One executive suspected his faxes were being monitored. Others had their luggage searched and laptops examined.

Shields was also part of the Network Security Information Exchange, bringing together governments and the private sector. Lockheed Martin, Boeing, Cisco and British Telecom met the FBI, CIA, NSA and Britain’s Centre for the Protection of National Infrastructure (CPNI) in Washington every other month.

Their discussions are classified, but there’s little doubt they were dominated by the emergence of a large-scale, sophisticated Chinese threat. Shields reported back to his superiors that the Chinese were stealing everything: research and development, pricing and sales plans, customer information. At the time, Nortel was losing contracts to a new Chinese company, Huawei, which consistently bid 30 per cent less to do the same work.

It is impossible to blame cyber espionage for Nortel’s decline and Huawei’s rise – the company has come from nowhere to being perhaps the largest telecoms equipment company in the world, doing everything from selling smartphones to laying fibre-optic cables in the ocean.

Shields does not believe Huawei itself was hacking Nortel – he thinks the Chinese state was responsible. Yet the result was the same – Nortel began to fall apart. Shields lost his job to cost-cutting, but not before drafting a 15-page letter to the chief executive: ‘I am certain the Chinese are inside Nortel’s network,’ he wrote. ‘They have free rein to take whatever they want and have for a long time… unfair Chinese competition is running this company out of existence.’

It was too late. In January 2009, Nortel – which employed 90,000 worldwide and once made up a third of the value of the Toronto Stock Exchange – filed for bankruptcy.

In Britain, spies faced a new headache within months of the rogue Tibetan email to the Foreign Office in 2003. Huawei was signing a major deal to work with BT and there was confusion in Westminster about what to do. Some warned of the dangers, but it was only after the deal was signed that concerns –reported in this newspaper – grew that China could use Huawei to spy on communications, or hit a ‘kill switch’ to turn them off completely.

On the third floor of a nondescript office in a business park in Banbury, Oxfordshire, two thick doors costing £30,000 each reveal that it is secured to ‘List X’ standard – and cleared to contain classified information.

The first door takes you into a room reminiscent of most offices. Behind an everyday reception are a few cubicles where people tap quietly on laptops. But electronic equipment must be stored in lockers, passes swiped, and a PIN entered in order to go through the second door. This inner sanctum is Top Secret: and no one from China is allowed to enter unescorted.

Canadian telecoms giant Nortel contracts to a new Chinese company, Huawei (pictured), which consistently bid 30 per cent less to do the same work

Canadian telecoms giant Nortel contracts to a new Chinese company, Huawei (pictured), which consistently bid 30 per cent less to do the same work

The Cyber Security Evaluation Centre – or The Cell – is paid for by Huawei and is the front line in a global debate over computer security which pits China against America, with Britain in the middle. Fear of espionage has kept Huawei out of America’s telecoms infrastructure. This is the place where Britain tries to ensure it has not made a mistake by letting it in.

The inner sanctum is where the telecoms kit Huawei plans to install in Britain is tested: its code analysed and hardware – mobile phone base stations and the like – taken apart, photographed and weighed in a search for modifications.

Further inside, there is a locked steel cage, monitored by CCTV, holding a single computer terminal. This is the company’s most precious asset, the source code that runs its equipment. A one-way diode means the encrypted code can flow into the computer to be examined, but not out. A two-man rule operates, so a Chinese employee of the company has one half of the password to decrypt the material, a security-cleared Briton has the other.

Pictures from the CCTV are beamed to Shenzhen, home of Huawei’s headquarters, a vast campus in a place that has gone from small border town to a metropolis of 15 million people in a generation.

Its network control centre looks like mission control at Nasa. Dozens of operators watch screens which display the flow of much of the world’s communications. Nowhere is the sense more clear that Huawei is everywhere.

‘When you walk around the Huawei campus, you are staring into China’s future,’ wrote one US diplomat. A visiting Western executive had a different thought: ‘We’re screwed.’

Huawei has always denied espionage and points out that being caught spying would be commercial suicide. The same would apply to hitting a kill switch.

Yet a document called the National Risk Register outlines what could happen to Britain if it did. A section, called ‘transition to war’, relates to the possibility of China shutting Britain down by switching off all Huawei kit (and it would not necessarily need the connivance of the company to do so). This could take down as much as half the British network for days.

Two years ago, Britain’s Intelligence and Security Committee’s report on Huawei was overshadowed by Edward Snowden’s revelations about Western spying, which has dominated the debate over cyber spying ever since.

In the past few days, however, Washington revealed that the personal records of four million government employees had been stolen. The source of the cyber espionage, they suggested, was China.

  • Intercept: The Secret History of Computers and Spies by Gordon Corera is published by Weidenfeld & Nicolson on June 25, priced £20.
  • Offer price £16 (20 per cent discount) until June 28, 2015. Order at – p&p is free on orders over £12.

Read more:
Follow us: @MailOnline on Twitter | DailyMail on Facebook

US wronging of China for cyber breaches harm mutual trust — Commentary From Pakistan’s “Daily Times”

June 7, 2015


BEIJING: Out of ulterior motives, some US media and politicians have developed a habit of scapegoating China for any alleged cyber attack on the United States. Such groundless accusations would surely harm mutual trust between the two big powers of today’s world.

A new wave of China-bashing is currently surging to a new height in the United States, including a latest accusation against China for hacking US federal computer networks to steal personnel information.


Without any proof, some US media jumped to a conclusion that the hacking was done by hackers based in China. After the breach was defined as a national security matter, the U.S. investigation  have been probing China as a “possible culprit”.

Cyber attacks, usually conducted anonymously and across borders, are hard to trace back. It is neither responsible nor scientific to always use vague terms such as “likely” or “suspected” before conducting thorough investigations.

The fact is that China is a victim of cyber attacks, and that Uncle Sam, who possesses the most advanced and powerful cyber technology, and more importantly, has self-proclaimed as world police, has been easily a big hacker at home and abroad.

The US National Security Agency (NSA) has been intercepting Internet communications from US residents without getting court-ordered warrants since 2012, according to latest disclosures published Thursday on The New York Times.

The collected information ranges from private emails to trade secrets and business dealings, according to the reports, based on leaks from Edward Snowden, the former NSA contractor.

The NSA also targeted suspected hackers before it could establish links to foreign governments, the disclosures said.

The United States always plays the trick of a thief crying “stop thief!” While it has rarely made direct response to widespread concerns over appalling revelations of its cyber spying programs, some of its people, out of ulterior motives, habitually scapegoat and demonize China, repeatedly levelling groundless allegations and accusations against China.

Such moves undermine mutual trust and respect between the two countries, a cornerstone of building a new model of major-country relationship, a consensus reached between Chinese President Xi Jinping and his US counterpart Barack Obama in June 2013.

China firmly opposes and fights all forms of hacker attacks, and is ready to carry out international cooperation on this issue in efforts to help build a peaceful, secure, open and cooperative cyber space.

The United States should discard suspicions, refrain from groundless accusations, show more trust and conduct more cooperation in this area.



Related: (The links below will show why we believe nothing from Pakistan’s media)



 (China has a pattern of silencing or censoring critics)

China’s Unit 61398 has a part of its operation inside this building


Get every new post delivered to your Inbox.

Join 1,108 other followers