Posts Tagged ‘National Security Agency’

White House should threaten Great Firewall to curb Chinese cyber attacks, experts say as Obama-Xi summit nears

August 28, 2015

By James Griffiths
South China Morning Post

As the world recalls how two atomic bombs were dropped on Japan to end the second world war in Asia 70 years ago, a digital deterrent of a similar magnitude could be Washington’s only way to stop cyber attacks from the latest Asian aggressor, China, experts say.

United States president Barack Obama is due to entertain his Chinese counterpart Xi Jinping in Washington next month on a state visit and the issue of cyber espionage will “no doubt” be addressed, Obama said recently.

READ MORE: VPN down – China goes after Astrill, other anti-censorship apps in run up to WW2 anniversary parade

The issue rose to the fore in the wake of a major attack this summer on the US Office of Personnel Management, which saw hackers make off with the personal information of over four million current and former federal workers.

Officials have pointed the finger at hackers linked to China’s People’s Liberation Army, saying the data poses a security risk as it contains military records and other sensitive information, potentially including state secrets.

“We absolutely have to do something,” said Dennis Poindexter, author of The New Cyberwar: Technology and the Redefinition of Warfare.

As such hacks become more audacious the US needs the cyber equivalent of a nuclear deterrent, added Poindexter, a former faculty member at the Defence Security Institute under the US department of defence.

Chinese female troops practice marching at a camp on the outskirts of Beijing this month in the run-up to China’s celebration of the 70th anniversary of the end of the second world war. Photo: AP

He pointed to this year’s OPM hack as an example of Chinese hackers inadvertently crossing the line of “acceptable” state espionage.

Former head of the National Security Agency and Central Intelligence Agency Michael Hayden told the Washington Post after the attack that “if I could have done it [as head of the NSA], I would have done it in a heartbeat”.

“You have to kind of salute the Chinese for what they did,” said US director of national intelligence James Clapper in June, referring to the sophistication of the hack.

Since then, Obama has reportedly told his staff to come up with a series of retaliatory actions in the event of similar attacks.

“One of the conclusions we’ve reached is that we need to be a bit more public about our responses, and one reason is deterrence,” a senior administration official involved in the debate told The New York Times, speaking anonymously.

Measures under discussion reportedly range from sanctions and criminal indictments of suspected hackers to US-led attacks on the Great Firewall, China’s online censorship apparatus.

Obama approved sanctions on North Korea following the January hack of Sony Pictures, even though Kim Jong-un’s regime remains only a suspect.

Chinese President Xi Jinping took his wife Peng Liyuan when he visited California in June 2013 for a summit with Obama. Photo: Xinhua

Adopting the same stance against China, the world’s second biggest economy, could be catastrophic for the US given the interconnectedness of global trade.

But the US has already shown it is not afraid to go after the Chinese military, with the US justice department levelling charges against five PLA officials last year.

The indictments came in the wake of a report by cybersecurity firm Mandiant that tied Shanghai-based PLA Unit 61398 to an active and highly effective hacking team it called APT1.

Mandiant has since been absorbed by cybersecurity firm FireEye. Richard Bejtlich is its chief security strategist.

Bejtlich said the aggressive move by Washington set alarm bells ringing in Beijing, and that he had personally heard PLA officers refer to the incident as a “national humiliation”.

Beijing cancelled a high-level Sino-US working group on cyber affairs following the affair, while China’s state media labelled the US a “mincing rascal” and “high-level hooligan”.

But charging high-ranking government officials would require gathering huge amounts of evidence and tying them to individual attacks – a difficult task in the murky world of cyber warfare.

Even if successful, it could prove a pyrrhic victory by exposing ongoing US intelligence operations.

“Probably the best thing we could do to offer some degree of deterrence is give [Chinese internet users] a way around the firewall,” said Poindexter.

The Great Firewall has undergone several “upgrade[s] for cyberspace sovereignty” since the beginning of the year, according to the state-runPeople’s Daily.

Xi and Obama were on friendly terms when they met again in Beijing in November 2014. Photo: AP

This week, popular virtual private network provider Astrill, which helps users jump the Great Firewall, said its services in China would be disrupted due to the upcoming Beijing parade marking the anniversary of the end of the second world war.

Two Chinese developers also removed anti-censorship apps from open-source code repository GitHub after pressure from Chinese police.

According to The New York Times, multiple officials within US intelligence agencies are advocating attacks on the Great Firewall.

This is “to demonstrate to the Chinese leadership that the one thing they value most — keeping absolute control over the country’s political dialogue — could be at risk if they do not moderate attacks on the United States”, it reported.

By publicly committing to undermine Chinese internet filtering, the US could drive home how seriously it takes cyber attacks and economic cyber espionage.

“Just by saying it, we make them very concerned,” Bejtlich said.

Other potential public deterrents could involve the US working with regional allies like Vietnam, which has centuries of bad blood with China, to form a united front.

Beijing has long been sensitive to efforts to “contain” it, such as bilateral agreements between countries with which it has territorial disputes in the South China Sea.

Ultimately, China and the US may not come to an effective agreement until a third party threatens both countries.

Bejtlich pointed to the huge economic benefit of targeting large companies in developed markets to steal trade secrets and intellectual property, a practice China has long been accused of.

US attorney-general Eric Holder announced economic cyber-espionage charges against China in May-June 2014. Photo: AFP

As China’s high-tech and internet companies become more advanced and expand into developing markets, they may find themselves targeted by state-level hacking groups from foreign shores.

The attack earlier this year on Italian cybersecurity and surveillance firm Hacking Team, after which the perpetrators dumped gigabytes of the company’s information and tools online, may accelerate this trend, Bejtlich said.

“The leaked info is a blueprint for anyone who wants to run a state-level malware group, and they’ve provided this playbook for any developing country who wants to run this kind of activity,” he said.

While statements from Obama and the White House give every indication that cybersecurity will be a key component of next month’s summit, experts were sceptical about whether any substantive agreement would be reached.

Poindexter was almost certain that “there will be some kind of joint statement about hacking”, though he said it was unlikely there would be any major de-escalation of cyber attacks.

Simon Shen, a cybersecurity expert at the Chinese University of Hong Kong, said hacking is here to say.

“I’m afraid it’s not possible for any country in the world to give it up,” he said.

Chinese cyber espionage got email on “just about everyone” in the Obama administration

August 11, 2015


For the past five years, the personal email accounts of top American security and trade officials have been compromised in a Chinese cyber espionage operation

Hillary Clinton stands accused of using her private server to conduct government business

Hillary Clinton stands accused of using her private server to conduct government business  Photo: AP

Chinese cyber-spies are reading the private email accounts of Obama administration officials and other “national security” figures, in an operation first code-named the “Dancing Panda”, it has been revealed.

A National Security Agency briefing from 2014 showed that the intrusion was first detected in April 2010, and the attacks are still ongoing, according to a senior intelligence official who spoke to NBC.

The period overlaps with Hillary Clinton’s use of her private email account while she served as secretary of state, between 2009 and 2013.

The Democratic frontrunner has been plagued by the email scandal, in which she stands accused of using her private server to conduct government business that may have included classified or sensitive information.

It emerged last week that the FBI has begun investigating the security of Mrs Clinton’s private email set up, in a bid to establish whether the account could have been compromised.

Neither the 2014 NSA briefing, nor the intelligence official has revealed the names and ranks of the people whose accounts were hacked.

But in the last five years, the email espionage operation has attacked and taken information from over 600 American official targets.

The operation was first Dancing Panda by US officials. The name was later changed to Legion Amethyst.

The Chinese also harvested the email address books of the officials, according to the NSA document, and used them to spread the malware that allowed them to conduct their spying operation.

Google was one, but not the only, provider affected by the attack the officials said.

In 2011 Google announced that some American officials using their email service had suffered successful cyber attacks.

A separate document made public Edward Snowden, the fugitive NSA leaker, also revealed that in late 2010 China had attempted to spy on the emails of four administration officials, including Mike Mullen, the then head admiral to the joint chiefs of staff.


The private email accounts of U.S. national security and trade officials have been targeted by Chinese cyber spies over the past five years, NBC News reported Monday.

Robert Windrem writes that U.S. authorities uncovered the email intrusion activity in April 2010 and initially codenamed the campaign “Dancing Panda” and then later called it “Legion Amethyst.”

A senior U.S. intelligence official said that spies were not able to hack the U.S. government officials’ email accounts due to high level of security, according to NBC.

A National Security Agency document obtained by NBC states that Chinese cyber intruders harvested email addresses from the emails of targeted government personnel, as well as sent malware to people on the their contact lists.

The report noted NSA determined that China-based hackers have launched more than 30 intrusion campaigns, including Dancing Panda, against the U.S.


Hillary Clinton’s private email server contained information from five U.S. intelligence agencies

July 31, 2015


Democratic presidential candidate Hillary Rodham Clinton listens to questions during a campaign stop ,Tuesday, July 28, 2015, in Nashua, N.H. Photo by Jim Cole, AP

WikiLeaks publishes “Target Tokyo”– 35 Top Secret NSA targets in Japan

July 31, 2015

Press Release

Today, Friday 31 July 2015, 9am CEST, WikiLeaks publishes “Target Tokyo”, 35 Top Secret NSA targets in Japan including the Japanese cabinet and Japanese companies such as Mitsubishi, together with intercepts relating to US-Japan relations, trade negotiations and sensitive climate change strategy.

The list indicates that NSA spying on Japanese conglomerates, government officials, ministries and senior advisers extends back at least as far as the first administration of Prime Minister Shinzo Abe, which lasted from September 2006 until September 2007. The telephone interception target list includes the switchboard for the Japanese Cabinet Office; the executive secretary to the Chief Cabinet Secretary Yoshihide Suga; a line described as “Government VIP Line”; numerous officials within the Japanese Central Bank, including Governor Haruhiko Kuroda; the home phone number of at least one Central Bank official; numerous numbers within the Japanese Finance Ministry; the Japanese Minister for Economy, Trade and Industry Yoichi Miyazawa; the Natural Gas Division of Mitsubishi; and the Petroleum Division of Mitsui.

Today’s publication also contains NSA reports from intercepts of senior Japanese government officials. Four of the reports are classified TOP SECRET. One of the reports is marked “REL TO USA, AUS, CAN, GBR, NZL”, meaning it has been formally authorised to be released to the United States’ “Five Eyes” intelligence partners: Australia, Canada, Great Britain and New Zealand.

The reports demonstrate the depth of US surveillance of the Japanese government, indicating that intelligence was gathered and processed from numerous Japanese government ministries and offices. The documents demonstrate intimate knowledge of internal Japanese deliberations on such issues as: agricultural imports and trade disputes; negotiating positions in the Doha Round of the World Trade Organization; Japanese technical development plans, climate change policy, nuclear and energy policy and carbon emissions schemes; correspondence with international bodies such as the International Energy Agency (IEA); strategy planning and draft talking points memoranda concerning the management of diplomatic relations with the United States and the European Union; and the content of a confidential Prime Ministerial briefing that took place at Shinzo Abe’s official residence.

Julian Assange, WikiLeaks Editor-in-Chief, said: “In these documents we see the Japanese government worrying in private about how much or how little to tell the United States, in order to prevent undermining of its climate change proposal or its diplomatic relationship. And yet we now know that the United States heard everything and read everything, and was passing around the deliberations of Japanese leadership to Australia, Canada, New Zealand and the UK. The lesson for Japan is this: do not expect a global surveillance superpower to act with honour or respect. There is only one rule: there are no rules.”

WikiLeaks Investigations Editor Sarah Harrison said: “Today’s publication shows us that the US government targeted sensitive Japanese industry and climate change policy. Would the effectiveness of Japan’s industry and climate change proposals be different today if its communications had been protected?”

Japan has been a close historical ally of the United States since the end of World War II. During a recent Presidential visit to Japan, US President Barack Obama described the East Asian country as “one of America’s closest allies in the world”. Today’s publication adds to previous WikiLeaks publications showing systematic mass spying conducted by US intelligence against the US-allied governments of Brazil “Bugging Brazil”, France “Espionnage Élysée” and Germany “The Euro Intercepts”; “All the Chancellor’s Men”.

Read the full list of NSA high priority targets for Japan published today here.

WikiLeaks’ journalism is entirely supported by the general public. If you would like to support more work like this, please visit


Target Tokyo: WikiLeaks reveals NSA spied on Japanese PM Shinzō Abe and companies like Mitsubishi


July 31, 2015

Prime Minister of Japan Shinzō Abe (left) was among 35 Top Secret NSA targets, WikiLeaks has revealed(Reuters)

The US National Security Agency (NSA) undertook systematic mass surveillance of Japanese politicians, ministries and corporations over a number of years, according to recently published documents. The revelations come from whistleblowing organisation WikiLeaks, which released a list of 35 top secret targets in Japan on Friday morning (31 July).

The most high-profile target listed in the “Target Tokyo” documents is the current Prime Minister of Japan, Shinzō Abe, while corporations named include car-manufacturing giant Mitsubishi. The documents also reveal that the US bugged Japan’s confidential G8 proposals on climate change, as well as spying on Japan’s secret World Trade Organisation (WTO) plan.

The period of spying on Abe dates from the Prime Minister’s first term in office, lasting from September 2006 until September 2007. Abe has since returned to office and the latest leaks will come as a major embarrassment for the US and in particular President Barack Obama who just months ago described Japan as “one of America’s closest allies in the world” during a meeting with Abe in Washington. They also follow similar leaks revealing intimate surveillance on other allies that include Brazil, France and Germany.

‘There are no rules’

WikiLeaks has not revealed the source of the documents, though they are likely to be from the cache of as-yet unpublished files released to journalists by former NSA contract worker Edward Snowden.

Julian Assange, co-founder and editor-in-chief of WikiLeaks, said the revelations should not come as a surprise, given the track record of the US as a global surveillance superpower.

“In these documents we see the Japanese government worrying in private how much or how little to tell the United States, in order to prevent undermining of its climate change proposal or its diplomatic relationship,” Assange said in a statement.

“And yet we now know that the United States heard everything and read everything, and was passing around the deliberations of Japanese leadership to Australia, Canada, New Zealand and the UK. The lesson for Japan is this: do not expect a global surveillance superpower to act with honour and respect. There is only one rule: there are no rules.”

WikiLeaks investigations editor Sarah Harrison speculated that climate change policy enacted by Japan, as well as the country’s industry, may well have been different had the NSA not spied on negotiations.

“Today’s publication shows us that the US government targeted sensitive Japanese industry and climate change policy,” Harrison said. “Would the effectiveness of Japan’s industry and climate change proposals be different today if its communications had been protected?”

Two years after Snowden, NSA revelations still hurting US tech firms in China

July 3, 2015

By James Griffiths
South China Morning Post

Edward Snowden began leaking information two years ago that could cost US firms tens of billions of dollars in lost business overseas. Photo: AFP

Revelations of digital surveillance by American spy agencies could end up costing US firms billions of dollars in lost business and lawmakers in Washington are falling short in their duty to address the issue, a US think tank has said.

Tech firms, in particular, have underperformed in foreign markets following the leaks by former National Security Agency contractor Edward Snowden, according to a paper published by the Information Technology and Innovation Foundation.

“Our original thought was once policy makers realised this was having an impact on business interests, they would take more aggressive action to address the concerns,” Daniel Castro, ITIF vice president, told the South China Morning Post. He helped author the report.

The ITIF predicted in 2013 that “even a modest drop” in the foreign market share for cloud computing could cost the US economy up to US$35 billion by 2016.

That now looks like a conservative estimate as the revelations of cyber-snooping have negatively affected “the whole US tech industry,” the report said.

READ MORE: UK and US spy agencies targeted Russian and Chinese anti-virus firms: Snowden leaks

Cloud computing firms and data centres have been some of the worst hit, with foreign companies choosing to avoid storing their data in the US following revelations about the NSA’s digital surveillance programmes.

A 2014 survey of British and Canadian businesses by Vancouver-based Peer 1 Hosting found that 25 per cent of respondents planned to pull data out of the US due to fears relating to data privacy.

In February, Beijing dropped a number of major American tech firms from its official state procurement list, including network equipment maker Cisco Systems, Apple, and security firm McAfee.

Brazilian President Dilma Rousseff recently met with her US counterpart Barack Obama after a long period of estrangement triggered by US spying claims. Photo: AP

“The Snowden incident, it’s become a real concern, especially for top leaders,” Tu Xinquan, associate director of the China Institute of WTO Studies in Beijing, told Reuters in April.

“In some sense, the American government has some responsibility for that. [China’s] concerns have some legitimacy.”

The White House and US International Trade Administration declined to comment on the matter, when contacted by the Post.

IBM, Microsoft and Hewlett-Packard have all reported diminished sales in China as a result of the NSA revelations, which first emerged in the summer of 2013.

The NSA was found to have tapped into the servers of major internet players like Facebook, Google and Yahoo to track online communication, among other forms of digital surveillance.

Chinese firms have also suffered due to security concerns, particularly in the US.

In 2012, a Congressional committee said that smartphone makers Huawei and ZTE were a national security threat because of their alleged ties with the Chinese government.

READ MORE: Ex-CIA chief Hayden claims Huawei spies for Chinese state

In April, US officials blocked technology exports to Chinese facilities associated with the Tianhe-2 supercomputer project, a blow to Intel and other hardware suppliers.

Even political parties in Germany have begun lampooning the US in response to its covert digital surveillance of key search engines and anti-virus software. Photo: AFP

“Both countries are looking into restrictions because of security, that’s not a good idea for either of them,” said Castro.

The ITIF paper recommends establishing international legal standards for government access to data, and developing what it terms a “Geneva Convention on the Status of Data”.

“We need to take certification out of the national level and move it to the international level. We don’t want each country to set security standards,” Castro said.

He warned that China’s pursuance of “protectionist” policies in the name of security could backfire if other countries follow suit and adopt standards that favour domestic over foreign firms for key infrastructure projects.

“China doesn’t want every other country to say ‘We have security concerns about you and refuse to buy your products,’” he added.

Castro pointed to China’s new security legislation, passed by the country’s top legislature on Wednesday, to shore up his argument that Beijing is “still going down that path”.

The sweeping law defines the scope of national security in far-reaching terms, ranging from finance, economy, politics, the military and cybersecurity to culture, ideology and religion.

One clause deals with establishing systems “for the protection of cyber and information security”.

Washington must respond if China keeps pursuing such protectionist policies but this will be problematic until concerns about NSA spying have been addressed, Castro said.

“At the end of the day, it is very hard to say with a straight face that you should buy US tech products, if the [US] government is not willing to stand up and say ‘We will not use this as a way to conduct surveillance in your countries.’”

U.S., China Pledge Cyber “Code of Conduct”

June 28, 2015

The Wall Street Journal’s Felicia Schwartz reports some signs of cooperation between China and the United States on the long fraught issue of cybersecurity. This week’s bilateral Strategic and Economic Dialogue took place against the backdrop of a stream of revelations about the extent of allegedly Chinese intrusions into U.S. government computer systems.

U.S. officials said the talks behind closed doors were “frank,” but public comments Wednesday at the conclusion of the meetings were largely conciliatory. U.S. officials complained about China’s behavior in the South China Sea and cyberspace, while emphasizing steps to narrow differences and find areas of common ground.

[…] “Our dialogue over the last 2½ days included a very frank discussion of some issues on which we have not always seen eye to eye,” Mr. Kerry said. “The U.S. is deeply concerned about cyber incursions that have raised security questions and, frankly, harmed American businesses.”

[…] Mr. Kerry said China had agreed to work with the U.S. to complete a code of conduct on cyber activities. “We believe very strongly that the U.S. and China should be working together to develop and implement a shared understanding of appropriate state behavior in cyberspace,” Mr. Kerry said. [Source]

The Council on Foreign Relations’ Adam Segal noted that no mention of the code is found in the State Department’s 127-point list of “specific outcomes and areas for further cooperation.” Nevertheless, he wrote, the pledge holds some promise:

While it was to be expected that official remarks at the conclusion of the meeting would be conciliatory—both sides want President Xi Jinping’s visit to the United States in September to go well—Washington and Beijing made parallel calls for cooperation on cybersecurity that could lay the groundwork for future discussions. At the opening of the dialogue, State Councilor Yang Jiechi stated that China wanted to develop with the United States and other countries an “international code of conduct for cyber information sharing.” though no details were offered on what that exactly means. […]

[…] Of course, the calls for cooperation may be nothing more than niceties, designed to reduce tensions in the run up to the September visit. From China’s perspective, it has always been open to greater cooperation. When accused of hacking, Chinese officials typically deny the claim, question the motives of the accuser, and then ritualistically invoke the need for international cooperation. But the call for cyber information sharing is new, and Washington should push Beijing to clarify what it means by information and how it would like to see sharing work. Good diplomacy can spin opportunities out of the introduction of new ideas. [Source]

When the hacking of the U.S. government’s Office of Personnel Management was first announced early this month, the number of employees affected was said to be around 4 million. With the subsequent discovery of another breach, estimates now reach as high as 18 million, including White House and congressional staff. Contrary to initial reports, the intruders had access to highly sensitive security clearance data for as long as a year. Such information would include “workers’ sexual partners, drug and alcohol abuse, debts, gambling compulsions, marital troubles, and any criminal activity,” which at the blunt end of the spectrum might leave them vulnerable to blackmail. More subtly, the data could be used to identify and then recruit potential intelligence sources through bribery or flattery, while providing a clear map of security clearance procedures and their possible weaknesses. Cross-referencing with data from other hacks might allow identification of staff who had failed to disclose information.

China denies any part in the attacks. But Michael Hayden, a former head of the National Security Agency and Central Intelligence Agency, has described the OPM’s data as “a legitimate foreign intelligence target,” adding that “this is not ‘shame on China.’ This is ‘shame on us’ for not protecting that kind of information.”

The OPM’s director offered a different interpretation during sustained congressional grilling over security failures at the agency. From Lisa Rein at The Washington Post:

“We have legacy systems that are very old,” Katherine Archuleta, director of the Office of Personnel Management, told Senate lawmakers at a hearing on the intrusion. “It’s an enterprise-wide problem. I don’t believe anyone is personally responsible.”

She then told Sen. Jerry Moran (R-Kan.), who pressed her repeatedly to take responsibility for failing to shore up the agency’s computer security, that the attackers are the ones to blame.

[…] Archuleta said she is “working very hard on correcting decades of inattention” to weak computer security at her agency, and credited her efforts to add new security defenses for discovering the breach in the first place. But the OPM’s inspector general described a history of failures by the agency to take basic security steps.

[…] Michael Esser, assistant inspector general for audit, testified that numerous recommendations to modernize aging systems and improve the security of modern ones have not been followed. He noted that a number of the systems that were breached in the hack disclosed in June were actually not “legacy systems,” but modern ones. [Source]

The agency’s initial efforts to notify affected employees also attracted criticism for encouraging behavior that could facilitate further attacks. Lax security at the OPM and beyond is described in detail in recent posts byArs Technica’s Sean Gallagher, who noted that some OPM contractors hired Chinese nationals. At least one of these, said to have had “direct access to every row of data in every database,” was actually based in China.

Security failings at the OPM are hardly unique, The New York Times’ David E. Sanger, Nicole Perlroth and Michael D. Shear reported last weekend:

The administration is urgently working to determine what other agencies are storing similarly sensitive information with weak protections. Officials would not identify their top concerns, but an audit issued early last year, before the Chinese attacks, harshly criticized lax security at the Internal Revenue Service, the Nuclear Regulatory Commission, the Energy Department, the Securities and Exchange Commission — and the Department of Homeland Security, which has responsibility for securing the nation’s critical networks.

At the Nuclear Regulatory Commission, which regulates nuclear facilities, information about crucial components was left on unsecured network drives, and the agency lost track of laptops with critical data.

Computers at the I.R.S. allowed employees to use weak passwords like “password.” One report detailed 7,329 “potential vulnerabilities” because software patches had not been installed. Auditors at the Department of Education, which stores information from millions of student loan applicants, were able to connect “rogue” computers and hardware to the network without being noticed. And at the Securities and Exchange Commission, part of the network had no firewall or intrusion protection for months. [Source]

CIA-linked data mining firm Recorded Future reported this week that it found login details for employees of 47 different government agencies posted online, and that 12 of these organizations failed to use two-factor authentication as an additional layer of security. Meanwhile, traces of malware that struck the OPM have been discovered on computers at the National Archives. ACLU technologist Christopher Soghoian commented:

I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.

[…] In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game. In other words, it’s all offense and no defense.

In this kind of environment, we simply have to assume that even our classified networks have been penetrated. Remember that Snowden was able to wander through the NSA’s networks with impunity, and that the agency had so few controls in place that the only way they can guess what has been taken is to extrapolate based on what has been published. Does anyone believe that Snowden was the first to take advantage of that lax security? I don’t.

[…] I am reminded of a comment made to me in confidence by a US intelligence official. I asked him what he was most worried about, and he replied: “I know how deep we are in our enemies’ networks without them having any idea that we’re there. I’m worried that our networks are penetrated just as deeply.” [Source]

While most have focused on the need for better defenses, some argue for counterattacks. Prospective Republican presidential candidate Mike Huckabee, for example, wrote that:

The response and retaliation to this behavior is simple-America should hack the Chinese government. We should hack the cell phones of some prominent Communist party leaders, hack the bank accounts of intelligence officials, publicly humiliate Chinese families for political corruption, or wipe-out a few critical Chinese computer systems. [Source]

UCLA’s Kristen Eichensehr, examining the OPM breach in light of the Department of Defense’s newly released Law of War Manual, wrote last week at Just Security that such bellicose rhetoric is unrealistic:

Debates are raging over just how damaging the two OPM hacks are. In the first of what are sure to be many congressional hearings on the breaches, Rep. Carolyn Maloney (D-NY) asserted that she “consider[s] this attack … a far more serious one to the national security” of the United States than the 9/11 attacks. Others have called the hacks the long-warned-about cyber 9/11 or cyber Pearl Harbor. But other commentators have pushed back. Robert Knake of CFR noted that he is “a bit blasé” about the hack because “if the Chinese government is indeed behind it, it’s not by any stretch the most dastardly thing they have done in cyberspace.” [Knake listed five worse cases attributed to China in a blog post at CFR.] Prof. Henry Farrell on the Washington Post‘s Monkey Cage blog similarly explained that “hacking into information on U.S. government employees, however sensitive, is not a Pearl Harbor attack,” but rather “an (extremely worrying) exercise in espionage.”

[…] Despite the debate over exactly how bad the OPM hacks are for national security, there is no doubt that they are a blow, the magnitude of which will become clearer over time. Where any US claim to the legal or moral high ground would be shaky at best, we should assume that spies are going to spy and act accordingly. This means that the government must better secure its sensitive information going forward and take steps to protect the individuals already put at risk. Beyond such responses, allusions to 9/11 and Pearl Harbor are misplaced and tend to frame these hacks in terms countenanced neither by realism in international relations nor by the rules of international law. [Source]

In any case, it remains unproven that China is the real culprit. The OPM hacks are thought to be the work of “Deep Panda,” an outfit associated with China’s Ministry of Public Security. But when Director of National Intelligence James Clapper said this week that China is “the leading suspect,” it was the strongest such statement to date by a serving U.S. official on the record. Michael Rogers, NSA director and commander of U.S. Cyber Command, has emphasized the enduring uncertainty about attribution of the attacks. From Patrick Tucker at Defense One:

Rogers spoke in response to a question about how the National Security Agency was going about attributing the breach to the Chinese government. “You’ve put an assumption in your question,” he said. “I’m not going to get into the specifics of attribution. It’s a process that’s ongoing.”

[…] The cybersecurity group FireEye says it’s “highly confident” that Chinese hackers did it, based on the kind of cables and telecommunications equipment involved, the type of data stolen, and the specific backdoors that the thieves used. “These backdoors, they’re commonly used by Chinese threat actors,” Michael Oppenheim, the intelligence operations manager at FireEye, told Defense One.

Oppenheim stopped short of formally accusing the Chinese government but added, “We believe that this aligns with Chinese interests.”

Oppenheim said that he was sympathetic to Rogers’s reluctance to formally attribute the breach to the Chinese government. “For someone in his position, you want to be 100-percent sure,” he said. [Source]

Another recent hacking case showed attackers leaving false tracks meant to implicate China. Russian security company Kaspersky revealed this month that it had discovered malware dubbed “Duqu 2” within its own systems. The firm’s technical paper on the intrusion refrained from explicit attribution (PDF), but noted:

[… T]he attackers have tried to include several false flags throughout the code, designed to send researchers in the wrong direction. For instance, one of the drivers contains the string “ugly.gorilla”, which obviously refers to Wang Dong, a Chinese hacker believed to be associated with the APT1/Comment Crew. The usage of the Camellia cypher in the MSI VFSes, previously seen in APT1-associated Poison Ivy samples is another false flag planted by the attackers to make researchers believe they are dealing with APT1 related malware. […]

Nevertheless, such false flags are relatively easy to spot, especially when the attacker is extremely careful not to make any other mistakes. [Source (PDF)]

The attackers also used a digital certificate apparently stolen from Taiwan-based Foxconn, possibly for similar reasons. From Kim Zetter at Wired:

The Taiwanese firm makes hardware for most of the major tech players, including Apple, Dell, Google, and Microsoft, manufacturing the likes of iPhones, iPads and PlayStation 4s. Taiwanese companies have been fruitful for this hacking group, who many believe to be Israeli: This marks at least the fourth time they have used a digital certificate taken from a Taiwan-based firm to get their malware successfully onto systems.

It’s unclear why the attackers focus on digital certificates from Taiwanese companies, but it may be to plant a false flag and misdirect investigators into thinking China is behind the malware attacks, says Costin Raiu, director of Kaspersky’s Global Research and Analysis Team.

The strategy of stealing and corrupting otherwise-legitimate certificates is particularly galling to the security community because it undermines one of the crucial means for authenticating legitimate software. [Source]

Kaspersky found that Duqu 2 had been used to infiltrate hotels hosting Iran nuclear talks, allowing access to security cameras, microphones, Wi-Fi networks, phone communications, and hotel records. Coincidentally, reports last week indicated that the U.S. State Department will no longer use the Waldorf Astoria as a New York base for its staff following its acquisition by the Beijing-based Anbang Insurance Group last year.

The intrusions may go much deeper. As the OPM story developed, The Sunday Times reported anonymous British officials’ claims that documents leaked by former NSA contractor Edward Snowden had fallen into Russian and Chinese hands. The article was immediately and widely mauled, particularly after its author told CNN that none of its specifics could be verified and that “we just publish what we believe to be the position of the British government at the moment.” At Wired, security technologist Bruce Schneier wrote that Snowden’s actions were probably beside the point anyway.


Michael Hayden Says U.S. Is Easy Prey for Hackers

June 24, 2015

Former CIA and NSA chief says ‘shame on us’ for not protecting critical information better

Photo credit CBS/Reuters
Michael Hayden says the impact of Edward Snowden’s leaks on data-collection efforts was minimal.

Few are as qualified to speak, or as outspoken, as retired Gen. Michael Hayden on the topic of cyberespionage. Gen. Hayden, after a career in the U.S. Air Force, became the only person to have served as director of both the National Security Agency and the Central Intelligence Agency. Today he is a principal at the Chertoff Group, a global advisory firm focused on security and risk management.

The Wall Street Journal’s editor in chief, Gerard Baker, spoke with Gen. Hayden about his views on Chinese hacking, the security risk to companies globally, and a U.S. political climate in which the general says Americans haven’t decided how they want the government to respond to cyberthreats.

Edited excerpts of their conversation follow.

How serious?

MR. BAKER: How serious a breach of security was the recent hacking of the Office of Personnel Management? [Hackers stole millions of personnel records from the agency functioning as the federal government’s human-resources department.]

GEN. HAYDEN: The current story is this was done by the Ministry of State Security—very roughly the [Chinese] equivalent of the CIA. Those records are a legitimate foreign intelligence target. If I, as director of the CIA or NSA, would have had the opportunity to grab the equivalent in the Chinese system, I would not have thought twice, I would not have asked permission.

So this is not shame on China. This is shame on us for not protecting that kind of information.

This is a tremendously big deal. And my deepest emotion is embarrassment.

MR. BAKER: How does it happen? We always hope America has greater sophistication.

GEN. HAYDEN: There are three layers: the government system, the political system and popular culture. So, the governmental system: Raw incompetence is the best explanation I can offer you. That’s at the executive-branch level. At the political level, we began last week in Washington with reining in the renegade National Security Agency for actually having phone bills—yours and mine—up at Fort Meade. Wednesday, we have the Boston Police Department shooting someone who is committed to behead people. And Thursday, we learned that OPM had lost four, make it 14, million sets of records.

At the level of popular culture, we Americans have not yet decided what it is we want or what it is we will permit our government to do in this cyber domain. And until we make those decisions, these kinds of events are more likely.

MR. BAKER: If the federal government can be infiltrated in this way, what hope can you offer to companies?

GEN. HAYDEN: American military doctrine says this cyber thing is a domain. There are no rivers or hills up here. It’s all flat. All advantage goes to the attacker. That’s one reality.

MICHAEL HAYDEN | ‘We only steal stuff to keep you free and to keep you safe. We do not steal stuff to make you rich.’
MICHAEL HAYDEN | ‘We only steal stuff to keep you free and to keep you safe. We do not steal stuff to make you rich.’ PHOTO: PAUL MORSE/DOW JONES

Then, all of us just fell in love with the ease and convenience and scale, so we decided to take things we used to keep if not in a safe, at least in our desk drawer, and put it up here, where it’s by definition more vulnerable.

No. 3, we still have a bunch of scrimmages down here in physical space about what it is you will let your government do to keep you safe. We have no consensus whatsoever up here in the cyber domain.

What’s the impact for you? The impact is the next sound you hear will not be a digital bugle signaling the arrival of the digital cavalry to come save the day. The government ain’t coming. You’re not quite on your own, but you are more on your own up here [in cyberspace] than you in your lifetime have ever experienced being on your own down here.

Asymmetrical threat

MR. BAKER: One thing the U.S. government won’t do: China and other countries use their intelligence agencies to obtain commercially valuable information to benefit their companies or state-owned enterprises.

GEN. HAYDEN: We only steal stuff to keep you free and to keep you safe. We do not steal stuff to make you rich. I know of four other countries that can say those last two sentences. Everyone else steals for commercial advantage.

I’ve met with PLA 3 [the People’s Liberation Army, Third Department], the Chinese cyberstealing thing. I never had this conversation with PLA 3, but I can picture it as: “You know, we’re both professionals. You steal stuff, I steal stuff, but you know, fundamentally, you’re just stealing the wrong stuff.…You can’t get your game to the next level by just stealing our stuff. You’re going to have to innovate. And as soon as you start to innovate, you’re going to be as interested as we are in people not stealing your innovation.”

MR. BAKER: Do you think that Chinese companies, especially in the technology fields, are routinely operating essentially on behalf of the Chinese government and using whatever means they can in the U.S. market to obtain intelligence information?

GEN. HAYDEN: All enterprises and major players need to pay attention to the needs of the government of the country of which they are a part. At one level, it would be unconscionable for a company like Huawei not to be responsive to Chinese national-security needs.

MR. BAKER: That doesn’t seem to apply to Apple, does it?

GEN. HAYDEN: Apple and Google want to create encryption for which they could not provide you the key. Their business model will not survive if the American government has a special relationship with them that requires them to surrender this kind of information.

As Baidu and Huawei become international companies, they won’t survive either if they’re seen to be tools of the Chinese government.

MR. BAKER: Does the U.S.A. Freedom Act, phasing out bulk collection of phone records by the NSA, make Americans safer than they were before or—

GEN. HAYDEN: They are definitely not safer. They are more comfortable, but they are definitely not safer. It remains to be seen if they are less safe.

Includes video:

Cyberattacks an “enormous” threat to U.S. national and economic security, former CIA director says

June 15, 2015


(Newsmax) – Cyberattacks are an “enormous” threat to U.S. national and economic security, said retired Army general and former Central Intelligence Agency director David Petraeus.

“When you look at the massive theft of personal data, the massive theft of intellectual property, the damage done to business by denial of service attacks,” Petraeus, an executive at private-equity firm KKR & Co., said on the “Wall Street Week” television program. “This is a big, big challenge to our country.”

The U.S. Office of Personnel Management disclosed on June 4 that computer hackers had stolen employment data on 4 million government employees. U.S. investigators estimate that the theft may include information on as many as 14 million people.

Special Headline: Guess Who’s About To Go Bankrupt in America [Learn More]

U.S. officials are concerned that the hackers accessed databases that included background checks for national security clearances, including forms providing personal histories, foreign travel, arrests, drug and alcohol use and other details that could be used foreign intelligence operatives for blackmail or recruitment.

Petraeus is the chairman of the KKR Global Institute, an internal think-tank, which analyzes geopolitical, macroeconomic, trade and technology trends to better inform investment decisions.

China Threat

The former four-star general, who led forces in Iraq and Afghanistan, said he fears that cyberattacks will be a more serious problem five years from now.

“There’s no question that the industrial-strength threat emanates from China,” he said, adding that Syria and Russia also pose dangers. Operating systems in the U.S. electrical grid and water systems are vulnerable, he said. The federal government needs to spend more to strengthen the cybersecurity of U.S. infrastructure, he said.

Turning to energy, Petraeus said that a nuclear deal with Iran that leads to the lifting of sanctions could add another 1 million to 1.5 million barrels of oil a day to the global market within nine to 15 months. Aggregate supply will continue to outpace aggregate demand, leading to lower prices.

In April, Petraeus was sentenced by a federal magistrate judge to two years probation and ordered to pay a $100,000 for giving classified material to Paula Broadwell, his biographer with whom he had an extramarital affair.

“Wall Street Week” is produced by SkyBridge Media, an affiliate of SkyBridge Capital, the fund-of-funds business founded by Anthony Scaramucci. SkyBridge, which sometimes has other business relationships with the shows participants, advertisers and sponsors, pays Fox stations in key markets to broadcast the show and also streams it online every Sunday at 11 a.m. in New York.

SPECIAL: We must stop America’s Fraud President NOW! Force the hand of Congress to oust him. Pull out all the stops. Give it everything you’ve got. Send an IMPEACH OBAMA fax, an IMPEACH OBAMA petition, and a PINK SLIP WARNING to every member of Congress—all 535 members of the House and Senate—for a donation of just $50 or more.

–With assistance from Chris Strohm and Michael Riley in Washington.

To contact the reporter on this story: Martin Z. Braun in New York at To contact the editors responsible for this story: Dave Liedtka at Kenneth Pringle

– See more at:





 (China has a pattern of silencing or censoring critics)

‘Edward Snowden has blood on his hands’: MI6 is forced to pull spies out of hostile countries

June 14, 2015


  • Classified files could lead to identification of British and American spies
  • Spy chiefs in Russia and China have cracked one million top-secret files
  • Home Office official has accused Snowden of having ‘blood on his hands’
  • Security services have ‘had difficulties tracking terrorists’ since the leaks 

MI6 has pulled its spies out of ‘hostile countries’ and America’s intelligence agencies are on high alert after Russia and China cracked encrypted files leaked by fugitive whistleblower Edward Snowden.

The top-secret documents contain information that could lead to the identification of British and American spies, according to senior officials in Downing Street, the Home Office and the security services.

A senior Home Office official accused Snowden – the former National Security Agency (NSA) contractor responsible for the biggest confidential information leak in US history – of having ‘blood on his hands’ after they gained access to over one million files.

Leaked: MI6 has pulled its spies out of 'hostile countries' after Russia and China cracked encrypted files leaked by whistleblower Edward Snowden (pictured) which could identify its agents

Aides in British Prime Minister David Cameron's office have confirmed the top-secret material is now in the hands of spy chiefs in Moscow (President Vladimir Putin, left) and Beijing (President Xi Jinping, right)

Security services have reported increasing difficulties in tracking terrorists and dangerous criminals via email, chat rooms and social media since he exposed Western intelligence-gathering methods, the Sunday Times reports.

Now aides in British Prime Minister David Cameron’s office have confirmed the top-secret material is now in the hands of spy chiefs in Moscow and Beijing.

A senior Downing Street source told the Sunday Times: ‘It is the case that Russians and Chinese have information.

‘It has meant agents have had to be moved and that knowledge of how we operate has stopped us getting vital information.’

A British intelligence source added: ‘Snowden has done incalculable damage. In some cases the agencies have been forced to intervene and lift their agents from operations to prevent them from being identified and killed.

John Oliver grills Ed Snowden over leaked NSA documents


nowden said he was protecting 'privacy and basic liberties' by leaking over one million confidential files and claimed America's NSA and British-based GCHQ (pictured) were spying on innocent people

nowden said he was protecting ‘privacy and basic liberties’ by leaking over one million confidential files and claimed America’s NSA and British-based GCHQ (pictured) were spying on innocent people

A senior Home Office official accused Snowden, a former contractor at the National Security Agency (NSA), of having 'blood on his hands' after Russia and China gained access to over one million files

A senior Home Office official accused Snowden, a former contractor at the National Security Agency (NSA), of having ‘blood on his hands’ after Russia and China gained access to over one million files

Security services have reported increasing difficulties in tracking since Snowden (pictured) exposed Western intelligence-gathering methods

Security services have reported increasing difficulties in tracking since Snowden (pictured) exposed Western intelligence-gathering methods

‘We know Russia and China have access to Snowden’s material and will be going through it for years to come, searching for clues to identify potential targets.’

Former GCHQ director Sir David Omand believes the leak represents a ‘huge strategic setback’ which is ‘harming to Britain, America and their NATO allies’.

Snowden has done incalculable damage. In some cases the agencies have been forced to intervene and lift their agents from operations to prevent them from being identified and killed
British intelligence source

He said the leak could spark a ‘global intelligence arms race’, adding: ‘I have no doubt whatever that programmes are being launched and money is being spent to try and catch up.

‘That’s probably true not just of China and Russia but a number of other nations who have seen some of this material to be published.

‘I am not at all surprised that people are being pulled back and operations where people are exposed are having to be shut down, at least for the moment.’

An official at British Prime Minister David Cameron’s office has played down the threat posed to agents by saying there is ‘no evidence of anyone being harmed’.

Snowden fled the United States for Moscow in 2013 after he released 1.7 million secret documents from Western intelligence agencies to the media – and has remained under the protection of President Vladimir Putin’s regime ever since.

Snowden said he was protecting ‘privacy and basic liberties’ and claimed America’s NSA and British-based GCHQ were carrying out massive surveillance programmes which target millions of innocent people.

Anonymous artists erect Snowden statue in New York park


Edward Snowden is hailed as a hero by some but a British intelligence source has accused him of doing 'incalculable damage'

Edward Snowden is hailed as a hero by some but a British intelligence source has accused him of doing ‘incalculable damage’

David Miranda (left) the boyfriend of the Guardian journalist Glenn Greenwald, was seized at Heathrow in 2013 in possession of 58,000 'highly classified' intelligence documents after visiting Snowden in Moscow

David Miranda (left) the boyfriend of the Guardian journalist Glenn Greenwald, was seized at Heathrow in 2013 in possession of 58,000 ‘highly classified’ intelligence documents after visiting Snowden in Moscow

Another intelligence source in the United States said the damage done by Snowden was ‘far greater than what has been admitted’.

It is unclear whether Snowden voluntarily handed over the secret documents to remain in Hong Kong and Moscow, or whether the countries stole his data.

But a senior Home Office source said: ‘Why do you think Snowden ended up in Russia?

‘Putin didn’t give him asylum for nothing. His documents were encrypted but they weren’t completely secure and we have now seen our agents and assets being targeted.’

David Miranda, the boyfriend of the Guardian journalist Glenn Greenwald, was seized at Heathrow in 2013 in possession of 58,000 ‘highly classified’ intelligence documents after visiting Snowden in Moscow.

During the ensuing court hearing Oliver Robbins, then deputy national security adviser in the Cabinet Office, said that the release of the information ‘would do serious damage to UK national security, and ultimately put lives at risk’.

Eventually the High Court ruled there was ‘compelling evidence’ that stopping Miranda was ‘imperative in the interests of national security’ and publishing the documents would endanger lives.

Read more:
Follow us: @MailOnline on Twitter | DailyMail on Facebook



Britain Pulls Spies Out of Russia, China — “Our agents and assets being targeted” as a Result of Snowden, Cyber Hacking, Leaks

June 14, 2015

LONDON (Reuters) – Britain has pulled out agents from live operations in “hostile countries” after Russia and China cracked top-secret information contained in files leaked by former U.S. National Security Agency contractor Edward Snowden, the Sunday Times reported.

Security service MI6, which operates overseas and is tasked with defending British interests, has removed agents from certain countries, the newspaper said, citing unnamed officials at the office of British Prime Minister David Cameron, the Home Office (interior ministry) and security services.

Snowden downloaded more than 1.7 million secret files from security agencies in the United States and Britain in 2013, and leaked details about mass surveillance of phone and internet communications.

The United States wants Snowden to stand trial after he leaked classified documents, fled the country and was eventually granted asylum in Moscow in 2013.

He went to Russia via Hong Kong, and although he claimed in 2013 that the encrypted files remained secure, Britain believed both Russia and China had cracked documents which contain details that could allow British and American spies to be identified, the newspaper said, citing officials.

Former U.S. National Security Agency contractor Edward Snowden appears live via video during a student organized world affairs conference at the Upper Canada College private high school in Toronto, February 2, 2015. REUTERS/Mark Blinch/Files

British Foreign Secretary Philip Hammond said Snowden had done a huge amount of damage to the West’s ability to protect its citizens.

“As to the specific allegations this morning, we never comment on operational intelligence matters so I’m not going to talk about what we have or haven’t done in order to mitigate the effect of the Snowden revelations, but nobody should be in any doubt that Edward Snowden has caused immense damage,” he told Sky News.

An official at Cameron’s office was quoted, however, as saying that there was “no evidence of anyone being harmed.” A spokeswoman at Cameron’s office declined to comment when contacted by Reuters.

A Home Office source told the newspaper that Russian President Vladimir Putin did not grant Snowden asylum for nothing.

“His documents were encrypted but they weren’t completely secure and we have now seen our agents and assets being targeted,” the source said.

A British intelligence source said Snowden had done “incalculable damage”.

“In some cases the agencies have been forced to intervene and lift their agents from operations to stop them being identified and killed,” the source was quoted as saying.

British security agencies declined to comment.

The Russian and Chinese governments were not immediately available for comment.


The revelations about the impact of Snowden on intelligence operations comes days after Britain’s terrorism law watchdog said the rules governing the security services’ abilities to spy on the public needed to be overhauled.

Conservative lawmaker and former minister Andrew Mitchell said the timing of the report was “no accident”.

“There is a big debate going on,” he told BBC radio. “We are going to have legislation bought back to parliament (…) about the way in which individual liberty and privacy is invaded in the interest of collective national security.

“That’s a debate we certainly need to have.”

Cameron has promised a swathe of new security measures, including more powers to monitor Briton’s communications and online activity in what critics have dubbed a “snoopers’ charter”.

Britain’s terrorism laws reviewer David Anderson said on Thursday the current system was “undemocratic, unnecessary and – in the long run – intolerable”.

He called for new safeguards, including judges not ministers approving warrants for intrusive surveillance, and said there needed to be a compelling case for any extensions of powers.

(Reporting By Costas Pitas and Paul Sandle; additional reporting by Mark Hosenball and Polina Devitt; editing by Chizu Nomiyama and Rosalind Russell)


Get every new post delivered to your Inbox.

Join 1,126 other followers