Posts Tagged ‘National Security Agency’

NYT: Cyberthreat Posed by China, Russia and Iran Confounds White House

September 15, 2015


President Barack Obama will raise concerns about cyber security with Chinese President Xi Jinping when they meet in Washington later this month amid rising U.S. worries about Chinese hacking of American government and commercial targets, the White House said on Monday.

White House spokesman Josh Earnest said he did not have any updates on the timing of potential sanctions against China related to cyber attacks. U.S. officials held meetings last week with Meng Jianzhu, secretary of the Central Political and Legal Affairs Commission of the Chinese Communist Party, to discuss cyber concerns.

Read More: China is ‘Leading Suspect’ in OPM Hacks, Says Intelligence Chief James Clapper

“I think we’ve been pretty blunt in describing the concerns that we have withChina’s behavior in cyberspace. We have been blunt in our assessment that has significant consequences for our economy and for our national security,” said Earnest, speaking aboard Air Force One as Obama was flying to Iowa.

The official’s visit, ahead of Xi’s trip, showed the Chinese government understood the United States was serious about its concerns, Earnest said.

The Obama administration is considering targeted sanctions against Chinese individuals and companies for cyber attacks against U.S. commercial targets, several U.S. officials have said. Chinese hackers have also been implicated in the massive hacking of the U.S. government’s personnel office disclosed this year.

Read More: China Read Emails of Top U.S. Officials


President Obama speaks to US military members

President Obama speaking to military people at Fort Meade on Friday, September 11, 2015. AFP photo

Cyberthreat Posed by China and Iran Confounds White House

The New York Times

WASHINGTON — A question from a member of the Pentagon’s new cyberwarfare unit the other day prompted President Obama to voice his frustration about America’s seeming inability to deter a growing wave of computer attacks, and to vow to confront the increasingly aggressive adversaries who are perpetrating them.

“Offense is moving a lot faster than defense,” Mr. Obama told troops on Friday at Fort Meade, Md., home of the National Security Agency and the United States Cyber Command. “The Russians are good. The Chinese are good. The Iranians are good.” The problem, he said, was that despite improvements in tracking down the sources of attacks, “we can’t necessarily trace it directly to that state,” making it hard to strike back.

Then he issued a warning: “There comes a point at which we consider this a core national security threat.” If China and other nations cannot figure out the boundaries of what is acceptable, “we can choose to make this an area of competition, which I guarantee you we’ll win if we have to.”

Read the rest:


China tells U.S. to stop ‘groundless’ hacking accusations

September 11, 2015



China reacted angrily on Friday following a call by America’s top intelligence official for cyber security against China to be stepped up, and said the United States should stop “groundless accusations”.

Director of National Intelligence James Clapper said the United States must beef up cyber security against Chinese hackers targeting a range of U.S. interests to raise the cost to China of engaging in such activities.

Clapper’s testimony adds pressure on Beijing over its conduct in cyberspace weeks before President Xi Jinping visits the United States.

China routinely denies any involvement in hacking and says it is also a victim.

“Maintaining cyber security should be a point of cooperation rather than a source of friction between both China and the United States,” Chinese Foreign Ministry spokesman Hong Lei told a daily news briefing.

“We hope that the U.S. stops its groundless attacks against China, start dialogue based on a foundation of mutual respect, and jointly build a cyberspace that is peaceful, secure, open and cooperative.”

The Obama administration is considering targeted sanctions against Chinese individuals and companies for cyber attacks against U.S. commercial targets, several U.S. officials have said.

Chinese hackers wee also implicated in extensive hacking of the U.S. government’s personnel office disclosed this year.

 President Xi Jinping pictured with Barack Obama in the Great Hall of the People in Beijing last November. Photo: AP

China’s top diplomat took a softer line in an interview published on Friday in the state-run China Daily, saying China and the United States can cooperate and work with other countries on global cyber security rules in a spirit of respect.

“China and the United States actually can make cyber security a point of cooperation,” State Councilor Yang Jiechi said in the interview, which focused on Xi’s state visit to America.

“We hope China, the United States and other countries could work together to work out the rules for cyber security in the international arena in the spirit of mutual respect, equality and mutual benefit,” said Yang, who outranks the foreign minister.

Yang noted, as Chinese officials regularly do, that China was itself a hacking victim and said suspected cases should be investigated and handled “on a solid, factual basis”.

His comments were not a direct reaction to Clapper’s.

On another point of friction between the United States and China – territorial disputes in the South China Sea – Yang said he hoped the United States would stay on the sidelines because it was not part of the disputes.

He added, though: “It is important for both countries to stay in close touch even if they have different perceptions and views.”

(Reporting by Sui-Lee Wee; Additional reporting by John Ruwitch in Shanghai; Writing byBen Blanchard; Editing by Robert Birsel)


U.S. must tighten cyber security to counter Chinese

September 10, 2015



The United States must beef up cyber security against Chinese hackers targeting a broad range of U.S. interests to raise the cost to China of engaging in such activities, America’s top intelligence official said on Thursday.

The testimony by Director of National Intelligence James Clapper before a congressional committee added to pressure on Beijing over its conduct in cyberspace just weeks before Chinese President Xi Jinping makes a state visit to Washington.

Presenting a dire assessment of global cyber risks, Clapper said China and Russia posed the most advanced cyber threats but that Iran and North Korea could also cause serious disruptions despite having less sophisticated technology.

“Chinese cyber espionage continues to target a broad spectrum of U.S. interests, ranging from national security information to sensitive economic data and U.S. intellectual property,” he told the House of Representatives intelligence committee.

Director of National Intelligence James Clapper (R) testifies, at a House (Select) Intelligence Committee hearing on “World Wide Cyber Threats” on Capitol Hill in Washington September 10, 2015. REUTERS/Gary Cameron

The Obama administration is considering targeted sanctions against Chinese individuals and companies for cyber attacks against U.S. commercial targets, several U.S. officials have said.

Chinese hackers have also been implicated in the massive hacking of the U.S. government’s personnel office disclosed this year. Two breaches of security clearance applications exposed the personal data of more than 20 million federal employees.

Clapper did not explicitly blame China for hacking the Office of Personnel Management, but he said the breach could compromise the cover of U.S. spies abroad, though he said there had not yet been any signs of “nefarious” use of the data.

“It’s a significant counter-intelligence threat,” FBI director James Comey testified at the same hearing.

China has denied any involvement in hacking U.S. government and corporate databases and insists that it too has been a victim of cyber attacks.

After the OPM hack, there have been increasing calls on Capitol Hill and on the Republican presidential campaign trail for President Barack Obama to take a tougher line against China on cyber issues. Obama is due to meet Xi in late September.

Clapper called for tighter U.S. cyber security measures and

said improved U.S. cyber security would complicate Chinese cyber espionage “by addressing the less sophisticated threats and raising the cost and risk if China persists.”

Clapper said the risk of a “catastrophic attack” was remote now, but he added: “we foresee an ongoing series of low-to-moderate-level cyber attacks from a variety of sources over time, which will impose cumulative costs on U.S. economic competitiveness and national security.”

Clapper warned that while most major cyber attacks today involve theft of data, in the future hackers could change or manipulate information in databases to compromise their integrity.

Admiral Mike Rogers, director of the National Security Agency, told the committee that since a high-profile

hack last year of Sony Pictures, which U.S. officials said was carried out by North Korea’s response to a film lampooning its leader Kim Jong Un, no evidence had surfaced of further North Korean cyber attacks on U.S. companies.

But he said there had been North Korean cyber attacks on other countries, though he did not name them.

(Writing by Matt Spetalnick; Editing by Bill Trott and James Dalgleish)


NSA Chief Says Cyberattack at Pentagon Was Sophisticated, Persistent

September 9, 2015


Cyber: Breach of Joint Staff’s unclassified network evolved from failed attack a week before

National Security Agency director Adm. Michael Rogers, shown here in May, said the recent attack on the Pentagon Joint Staff’s unclassified network used maneuvers he hadn’t seen before.  
National Security Agency director Adm. Michael Rogers, shown here in May, said the recent attack on the Pentagon Joint Staff’s unclassified network used maneuvers he hadn’t seen before. Photo: Win McNamee/Getty Images

WASHINGTON—A recent breach of the unclassified network for the Pentagon’s Joint Staff was persistent and evolved quickly from a failed attack just a week before, the head of the National Security Agency said Tuesday, offering a window into the barrage of cyberattacks that the U.S. military confronts daily.

The Joint Staff includes some of the nation’s most senior military officials. The email server for 4,200 of the Joint Staff’s accounts was taken offline several weeks ago after officials discovered a hacker had penetrated part of the network. Officials described the breach as an elaborate phishing attack, which essentially lures an unsuspecting email recipient into opening a link or attachment that is laced with malware and allows an intruder to seep into a network. It is an old but effective maneuver.

Officials are investigating whether Russian hackers were behind the breach, people familiar with the probe have told The Wall Street Journal.

Adm. Michael Rogers, who heads the NSA and the U.S. Cyber Command, said at an event hosted by the Woodrow Wilson International Center for Scholars in Washington, D.C., that security officials were quickly able to contain the breach and “develop an immediate set of workarounds” to allow officials to send secure emails. Still, he said the sophisticated design of the attack surprised even him.

”The campaign went against dozens of networks, segments of the network within the network,” Adm. Rogers said, and the attack was “able to achieve that level of penetration one time.”

The attacker tried a similar gambit the week before, Adm. Rogers said. “We totally forestalled it. Within a week I watched them totally change the structure that they used,” he said. The admiral described the new attack as a “different scheme and maneuver that I had not seen before.”

His description of the breach suggested it was aggressive, persistent and sophisticated, though he wouldn’t identify the group he believes was behind the attack.

Adm. Rogers described a digital battlefield that is active and intense, with a constant stream of cyberattacks from nations and criminal groups, as well as potential threats from the hacking capabilities of terrorist groups.

A big concern for Cyber Command is the interest that foreign countries have in breaking into the U.S. power grid, despite extensive security precautions, he said. Some of the attacks may be attempts to pave the way for more damaging assaults in the future.

“We have seen nation states spending a lot of time and a lot of effort to try to gain access to the power structure within the United States, to other critical infrastructure, and you have to ask yourself why,” Adm. Rogers said. “It’s because in my mind they are doing this with a purpose, doing this as a way to generate options and capabilities for themselves should they decide that they want to potentially do something.”

The U.S. military is working to become more transparent about its cyberdefenses and offensive planning, hoping that such information could deter cyberattacks in the future, he said. The process is ongoing, however, and foreign countries and criminal hackers for now believe there is “little price to pay” for breaching the U.S. government or U.S. companies, Adm. Rogers said.

U.S. officials haven’t yet agreed on what the overall response should be to a huge intelligence breach at the U.S. Office of Personnel Management, he said, in which background clearance information of more than 21 million Americans was stolen.

“This is an ongoing topic of debate,” Adm. Rogers said. “It’s of significance. We all realize that this is not some minor occurrence.”

Write to Damian Paletta at


White House should threaten Great Firewall to curb Chinese cyber attacks, experts say as Obama-Xi summit nears

August 28, 2015

By James Griffiths
South China Morning Post

As the world recalls how two atomic bombs were dropped on Japan to end the second world war in Asia 70 years ago, a digital deterrent of a similar magnitude could be Washington’s only way to stop cyber attacks from the latest Asian aggressor, China, experts say.

United States president Barack Obama is due to entertain his Chinese counterpart Xi Jinping in Washington next month on a state visit and the issue of cyber espionage will “no doubt” be addressed, Obama said recently.

READ MORE: VPN down – China goes after Astrill, other anti-censorship apps in run up to WW2 anniversary parade

The issue rose to the fore in the wake of a major attack this summer on the US Office of Personnel Management, which saw hackers make off with the personal information of over four million current and former federal workers.

Officials have pointed the finger at hackers linked to China’s People’s Liberation Army, saying the data poses a security risk as it contains military records and other sensitive information, potentially including state secrets.

“We absolutely have to do something,” said Dennis Poindexter, author of The New Cyberwar: Technology and the Redefinition of Warfare.

As such hacks become more audacious the US needs the cyber equivalent of a nuclear deterrent, added Poindexter, a former faculty member at the Defence Security Institute under the US department of defence.

Chinese female troops practice marching at a camp on the outskirts of Beijing this month in the run-up to China’s celebration of the 70th anniversary of the end of the second world war. Photo: AP

He pointed to this year’s OPM hack as an example of Chinese hackers inadvertently crossing the line of “acceptable” state espionage.

Former head of the National Security Agency and Central Intelligence Agency Michael Hayden told the Washington Post after the attack that “if I could have done it [as head of the NSA], I would have done it in a heartbeat”.

“You have to kind of salute the Chinese for what they did,” said US director of national intelligence James Clapper in June, referring to the sophistication of the hack.

Since then, Obama has reportedly told his staff to come up with a series of retaliatory actions in the event of similar attacks.

“One of the conclusions we’ve reached is that we need to be a bit more public about our responses, and one reason is deterrence,” a senior administration official involved in the debate told The New York Times, speaking anonymously.

Measures under discussion reportedly range from sanctions and criminal indictments of suspected hackers to US-led attacks on the Great Firewall, China’s online censorship apparatus.

Obama approved sanctions on North Korea following the January hack of Sony Pictures, even though Kim Jong-un’s regime remains only a suspect.

Chinese President Xi Jinping took his wife Peng Liyuan when he visited California in June 2013 for a summit with Obama. Photo: Xinhua

Adopting the same stance against China, the world’s second biggest economy, could be catastrophic for the US given the interconnectedness of global trade.

But the US has already shown it is not afraid to go after the Chinese military, with the US justice department levelling charges against five PLA officials last year.

The indictments came in the wake of a report by cybersecurity firm Mandiant that tied Shanghai-based PLA Unit 61398 to an active and highly effective hacking team it called APT1.

Mandiant has since been absorbed by cybersecurity firm FireEye. Richard Bejtlich is its chief security strategist.

Bejtlich said the aggressive move by Washington set alarm bells ringing in Beijing, and that he had personally heard PLA officers refer to the incident as a “national humiliation”.

Beijing cancelled a high-level Sino-US working group on cyber affairs following the affair, while China’s state media labelled the US a “mincing rascal” and “high-level hooligan”.

But charging high-ranking government officials would require gathering huge amounts of evidence and tying them to individual attacks – a difficult task in the murky world of cyber warfare.

Even if successful, it could prove a pyrrhic victory by exposing ongoing US intelligence operations.

“Probably the best thing we could do to offer some degree of deterrence is give [Chinese internet users] a way around the firewall,” said Poindexter.

The Great Firewall has undergone several “upgrade[s] for cyberspace sovereignty” since the beginning of the year, according to the state-runPeople’s Daily.

Xi and Obama were on friendly terms when they met again in Beijing in November 2014. Photo: AP

This week, popular virtual private network provider Astrill, which helps users jump the Great Firewall, said its services in China would be disrupted due to the upcoming Beijing parade marking the anniversary of the end of the second world war.

Two Chinese developers also removed anti-censorship apps from open-source code repository GitHub after pressure from Chinese police.

According to The New York Times, multiple officials within US intelligence agencies are advocating attacks on the Great Firewall.

This is “to demonstrate to the Chinese leadership that the one thing they value most — keeping absolute control over the country’s political dialogue — could be at risk if they do not moderate attacks on the United States”, it reported.

By publicly committing to undermine Chinese internet filtering, the US could drive home how seriously it takes cyber attacks and economic cyber espionage.

“Just by saying it, we make them very concerned,” Bejtlich said.

Other potential public deterrents could involve the US working with regional allies like Vietnam, which has centuries of bad blood with China, to form a united front.

Beijing has long been sensitive to efforts to “contain” it, such as bilateral agreements between countries with which it has territorial disputes in the South China Sea.

Ultimately, China and the US may not come to an effective agreement until a third party threatens both countries.

Bejtlich pointed to the huge economic benefit of targeting large companies in developed markets to steal trade secrets and intellectual property, a practice China has long been accused of.

US attorney-general Eric Holder announced economic cyber-espionage charges against China in May-June 2014. Photo: AFP

As China’s high-tech and internet companies become more advanced and expand into developing markets, they may find themselves targeted by state-level hacking groups from foreign shores.

The attack earlier this year on Italian cybersecurity and surveillance firm Hacking Team, after which the perpetrators dumped gigabytes of the company’s information and tools online, may accelerate this trend, Bejtlich said.

“The leaked info is a blueprint for anyone who wants to run a state-level malware group, and they’ve provided this playbook for any developing country who wants to run this kind of activity,” he said.

While statements from Obama and the White House give every indication that cybersecurity will be a key component of next month’s summit, experts were sceptical about whether any substantive agreement would be reached.

Poindexter was almost certain that “there will be some kind of joint statement about hacking”, though he said it was unlikely there would be any major de-escalation of cyber attacks.

Simon Shen, a cybersecurity expert at the Chinese University of Hong Kong, said hacking is here to say.

“I’m afraid it’s not possible for any country in the world to give it up,” he said.

Chinese cyber espionage got email on “just about everyone” in the Obama administration

August 11, 2015


For the past five years, the personal email accounts of top American security and trade officials have been compromised in a Chinese cyber espionage operation

Hillary Clinton stands accused of using her private server to conduct government business

Hillary Clinton stands accused of using her private server to conduct government business  Photo: AP

Chinese cyber-spies are reading the private email accounts of Obama administration officials and other “national security” figures, in an operation first code-named the “Dancing Panda”, it has been revealed.

A National Security Agency briefing from 2014 showed that the intrusion was first detected in April 2010, and the attacks are still ongoing, according to a senior intelligence official who spoke to NBC.

The period overlaps with Hillary Clinton’s use of her private email account while she served as secretary of state, between 2009 and 2013.

The Democratic frontrunner has been plagued by the email scandal, in which she stands accused of using her private server to conduct government business that may have included classified or sensitive information.

It emerged last week that the FBI has begun investigating the security of Mrs Clinton’s private email set up, in a bid to establish whether the account could have been compromised.

Neither the 2014 NSA briefing, nor the intelligence official has revealed the names and ranks of the people whose accounts were hacked.

But in the last five years, the email espionage operation has attacked and taken information from over 600 American official targets.

The operation was first Dancing Panda by US officials. The name was later changed to Legion Amethyst.

The Chinese also harvested the email address books of the officials, according to the NSA document, and used them to spread the malware that allowed them to conduct their spying operation.

Google was one, but not the only, provider affected by the attack the officials said.

In 2011 Google announced that some American officials using their email service had suffered successful cyber attacks.

A separate document made public Edward Snowden, the fugitive NSA leaker, also revealed that in late 2010 China had attempted to spy on the emails of four administration officials, including Mike Mullen, the then head admiral to the joint chiefs of staff.


The private email accounts of U.S. national security and trade officials have been targeted by Chinese cyber spies over the past five years, NBC News reported Monday.

Robert Windrem writes that U.S. authorities uncovered the email intrusion activity in April 2010 and initially codenamed the campaign “Dancing Panda” and then later called it “Legion Amethyst.”

A senior U.S. intelligence official said that spies were not able to hack the U.S. government officials’ email accounts due to high level of security, according to NBC.

A National Security Agency document obtained by NBC states that Chinese cyber intruders harvested email addresses from the emails of targeted government personnel, as well as sent malware to people on the their contact lists.

The report noted NSA determined that China-based hackers have launched more than 30 intrusion campaigns, including Dancing Panda, against the U.S.


Hillary Clinton’s private email server contained information from five U.S. intelligence agencies

July 31, 2015


Democratic presidential candidate Hillary Rodham Clinton listens to questions during a campaign stop ,Tuesday, July 28, 2015, in Nashua, N.H. Photo by Jim Cole, AP

WikiLeaks publishes “Target Tokyo”– 35 Top Secret NSA targets in Japan

July 31, 2015

Press Release

Today, Friday 31 July 2015, 9am CEST, WikiLeaks publishes “Target Tokyo”, 35 Top Secret NSA targets in Japan including the Japanese cabinet and Japanese companies such as Mitsubishi, together with intercepts relating to US-Japan relations, trade negotiations and sensitive climate change strategy.

The list indicates that NSA spying on Japanese conglomerates, government officials, ministries and senior advisers extends back at least as far as the first administration of Prime Minister Shinzo Abe, which lasted from September 2006 until September 2007. The telephone interception target list includes the switchboard for the Japanese Cabinet Office; the executive secretary to the Chief Cabinet Secretary Yoshihide Suga; a line described as “Government VIP Line”; numerous officials within the Japanese Central Bank, including Governor Haruhiko Kuroda; the home phone number of at least one Central Bank official; numerous numbers within the Japanese Finance Ministry; the Japanese Minister for Economy, Trade and Industry Yoichi Miyazawa; the Natural Gas Division of Mitsubishi; and the Petroleum Division of Mitsui.

Today’s publication also contains NSA reports from intercepts of senior Japanese government officials. Four of the reports are classified TOP SECRET. One of the reports is marked “REL TO USA, AUS, CAN, GBR, NZL”, meaning it has been formally authorised to be released to the United States’ “Five Eyes” intelligence partners: Australia, Canada, Great Britain and New Zealand.

The reports demonstrate the depth of US surveillance of the Japanese government, indicating that intelligence was gathered and processed from numerous Japanese government ministries and offices. The documents demonstrate intimate knowledge of internal Japanese deliberations on such issues as: agricultural imports and trade disputes; negotiating positions in the Doha Round of the World Trade Organization; Japanese technical development plans, climate change policy, nuclear and energy policy and carbon emissions schemes; correspondence with international bodies such as the International Energy Agency (IEA); strategy planning and draft talking points memoranda concerning the management of diplomatic relations with the United States and the European Union; and the content of a confidential Prime Ministerial briefing that took place at Shinzo Abe’s official residence.

Julian Assange, WikiLeaks Editor-in-Chief, said: “In these documents we see the Japanese government worrying in private about how much or how little to tell the United States, in order to prevent undermining of its climate change proposal or its diplomatic relationship. And yet we now know that the United States heard everything and read everything, and was passing around the deliberations of Japanese leadership to Australia, Canada, New Zealand and the UK. The lesson for Japan is this: do not expect a global surveillance superpower to act with honour or respect. There is only one rule: there are no rules.”

WikiLeaks Investigations Editor Sarah Harrison said: “Today’s publication shows us that the US government targeted sensitive Japanese industry and climate change policy. Would the effectiveness of Japan’s industry and climate change proposals be different today if its communications had been protected?”

Japan has been a close historical ally of the United States since the end of World War II. During a recent Presidential visit to Japan, US President Barack Obama described the East Asian country as “one of America’s closest allies in the world”. Today’s publication adds to previous WikiLeaks publications showing systematic mass spying conducted by US intelligence against the US-allied governments of Brazil “Bugging Brazil”, France “Espionnage Élysée” and Germany “The Euro Intercepts”; “All the Chancellor’s Men”.

Read the full list of NSA high priority targets for Japan published today here.

WikiLeaks’ journalism is entirely supported by the general public. If you would like to support more work like this, please visit


Target Tokyo: WikiLeaks reveals NSA spied on Japanese PM Shinzō Abe and companies like Mitsubishi


July 31, 2015

Prime Minister of Japan Shinzō Abe (left) was among 35 Top Secret NSA targets, WikiLeaks has revealed(Reuters)

The US National Security Agency (NSA) undertook systematic mass surveillance of Japanese politicians, ministries and corporations over a number of years, according to recently published documents. The revelations come from whistleblowing organisation WikiLeaks, which released a list of 35 top secret targets in Japan on Friday morning (31 July).

The most high-profile target listed in the “Target Tokyo” documents is the current Prime Minister of Japan, Shinzō Abe, while corporations named include car-manufacturing giant Mitsubishi. The documents also reveal that the US bugged Japan’s confidential G8 proposals on climate change, as well as spying on Japan’s secret World Trade Organisation (WTO) plan.

The period of spying on Abe dates from the Prime Minister’s first term in office, lasting from September 2006 until September 2007. Abe has since returned to office and the latest leaks will come as a major embarrassment for the US and in particular President Barack Obama who just months ago described Japan as “one of America’s closest allies in the world” during a meeting with Abe in Washington. They also follow similar leaks revealing intimate surveillance on other allies that include Brazil, France and Germany.

‘There are no rules’

WikiLeaks has not revealed the source of the documents, though they are likely to be from the cache of as-yet unpublished files released to journalists by former NSA contract worker Edward Snowden.

Julian Assange, co-founder and editor-in-chief of WikiLeaks, said the revelations should not come as a surprise, given the track record of the US as a global surveillance superpower.

“In these documents we see the Japanese government worrying in private how much or how little to tell the United States, in order to prevent undermining of its climate change proposal or its diplomatic relationship,” Assange said in a statement.

“And yet we now know that the United States heard everything and read everything, and was passing around the deliberations of Japanese leadership to Australia, Canada, New Zealand and the UK. The lesson for Japan is this: do not expect a global surveillance superpower to act with honour and respect. There is only one rule: there are no rules.”

WikiLeaks investigations editor Sarah Harrison speculated that climate change policy enacted by Japan, as well as the country’s industry, may well have been different had the NSA not spied on negotiations.

“Today’s publication shows us that the US government targeted sensitive Japanese industry and climate change policy,” Harrison said. “Would the effectiveness of Japan’s industry and climate change proposals be different today if its communications had been protected?”

Two years after Snowden, NSA revelations still hurting US tech firms in China

July 3, 2015

By James Griffiths
South China Morning Post

Edward Snowden began leaking information two years ago that could cost US firms tens of billions of dollars in lost business overseas. Photo: AFP

Revelations of digital surveillance by American spy agencies could end up costing US firms billions of dollars in lost business and lawmakers in Washington are falling short in their duty to address the issue, a US think tank has said.

Tech firms, in particular, have underperformed in foreign markets following the leaks by former National Security Agency contractor Edward Snowden, according to a paper published by the Information Technology and Innovation Foundation.

“Our original thought was once policy makers realised this was having an impact on business interests, they would take more aggressive action to address the concerns,” Daniel Castro, ITIF vice president, told the South China Morning Post. He helped author the report.

The ITIF predicted in 2013 that “even a modest drop” in the foreign market share for cloud computing could cost the US economy up to US$35 billion by 2016.

That now looks like a conservative estimate as the revelations of cyber-snooping have negatively affected “the whole US tech industry,” the report said.

READ MORE: UK and US spy agencies targeted Russian and Chinese anti-virus firms: Snowden leaks

Cloud computing firms and data centres have been some of the worst hit, with foreign companies choosing to avoid storing their data in the US following revelations about the NSA’s digital surveillance programmes.

A 2014 survey of British and Canadian businesses by Vancouver-based Peer 1 Hosting found that 25 per cent of respondents planned to pull data out of the US due to fears relating to data privacy.

In February, Beijing dropped a number of major American tech firms from its official state procurement list, including network equipment maker Cisco Systems, Apple, and security firm McAfee.

Brazilian President Dilma Rousseff recently met with her US counterpart Barack Obama after a long period of estrangement triggered by US spying claims. Photo: AP

“The Snowden incident, it’s become a real concern, especially for top leaders,” Tu Xinquan, associate director of the China Institute of WTO Studies in Beijing, told Reuters in April.

“In some sense, the American government has some responsibility for that. [China’s] concerns have some legitimacy.”

The White House and US International Trade Administration declined to comment on the matter, when contacted by the Post.

IBM, Microsoft and Hewlett-Packard have all reported diminished sales in China as a result of the NSA revelations, which first emerged in the summer of 2013.

The NSA was found to have tapped into the servers of major internet players like Facebook, Google and Yahoo to track online communication, among other forms of digital surveillance.

Chinese firms have also suffered due to security concerns, particularly in the US.

In 2012, a Congressional committee said that smartphone makers Huawei and ZTE were a national security threat because of their alleged ties with the Chinese government.

READ MORE: Ex-CIA chief Hayden claims Huawei spies for Chinese state

In April, US officials blocked technology exports to Chinese facilities associated with the Tianhe-2 supercomputer project, a blow to Intel and other hardware suppliers.

Even political parties in Germany have begun lampooning the US in response to its covert digital surveillance of key search engines and anti-virus software. Photo: AFP

“Both countries are looking into restrictions because of security, that’s not a good idea for either of them,” said Castro.

The ITIF paper recommends establishing international legal standards for government access to data, and developing what it terms a “Geneva Convention on the Status of Data”.

“We need to take certification out of the national level and move it to the international level. We don’t want each country to set security standards,” Castro said.

He warned that China’s pursuance of “protectionist” policies in the name of security could backfire if other countries follow suit and adopt standards that favour domestic over foreign firms for key infrastructure projects.

“China doesn’t want every other country to say ‘We have security concerns about you and refuse to buy your products,’” he added.

Castro pointed to China’s new security legislation, passed by the country’s top legislature on Wednesday, to shore up his argument that Beijing is “still going down that path”.

The sweeping law defines the scope of national security in far-reaching terms, ranging from finance, economy, politics, the military and cybersecurity to culture, ideology and religion.

One clause deals with establishing systems “for the protection of cyber and information security”.

Washington must respond if China keeps pursuing such protectionist policies but this will be problematic until concerns about NSA spying have been addressed, Castro said.

“At the end of the day, it is very hard to say with a straight face that you should buy US tech products, if the [US] government is not willing to stand up and say ‘We will not use this as a way to conduct surveillance in your countries.’”

U.S., China Pledge Cyber “Code of Conduct”

June 28, 2015

The Wall Street Journal’s Felicia Schwartz reports some signs of cooperation between China and the United States on the long fraught issue of cybersecurity. This week’s bilateral Strategic and Economic Dialogue took place against the backdrop of a stream of revelations about the extent of allegedly Chinese intrusions into U.S. government computer systems.

U.S. officials said the talks behind closed doors were “frank,” but public comments Wednesday at the conclusion of the meetings were largely conciliatory. U.S. officials complained about China’s behavior in the South China Sea and cyberspace, while emphasizing steps to narrow differences and find areas of common ground.

[…] “Our dialogue over the last 2½ days included a very frank discussion of some issues on which we have not always seen eye to eye,” Mr. Kerry said. “The U.S. is deeply concerned about cyber incursions that have raised security questions and, frankly, harmed American businesses.”

[…] Mr. Kerry said China had agreed to work with the U.S. to complete a code of conduct on cyber activities. “We believe very strongly that the U.S. and China should be working together to develop and implement a shared understanding of appropriate state behavior in cyberspace,” Mr. Kerry said. [Source]

The Council on Foreign Relations’ Adam Segal noted that no mention of the code is found in the State Department’s 127-point list of “specific outcomes and areas for further cooperation.” Nevertheless, he wrote, the pledge holds some promise:

While it was to be expected that official remarks at the conclusion of the meeting would be conciliatory—both sides want President Xi Jinping’s visit to the United States in September to go well—Washington and Beijing made parallel calls for cooperation on cybersecurity that could lay the groundwork for future discussions. At the opening of the dialogue, State Councilor Yang Jiechi stated that China wanted to develop with the United States and other countries an “international code of conduct for cyber information sharing.” though no details were offered on what that exactly means. […]

[…] Of course, the calls for cooperation may be nothing more than niceties, designed to reduce tensions in the run up to the September visit. From China’s perspective, it has always been open to greater cooperation. When accused of hacking, Chinese officials typically deny the claim, question the motives of the accuser, and then ritualistically invoke the need for international cooperation. But the call for cyber information sharing is new, and Washington should push Beijing to clarify what it means by information and how it would like to see sharing work. Good diplomacy can spin opportunities out of the introduction of new ideas. [Source]

When the hacking of the U.S. government’s Office of Personnel Management was first announced early this month, the number of employees affected was said to be around 4 million. With the subsequent discovery of another breach, estimates now reach as high as 18 million, including White House and congressional staff. Contrary to initial reports, the intruders had access to highly sensitive security clearance data for as long as a year. Such information would include “workers’ sexual partners, drug and alcohol abuse, debts, gambling compulsions, marital troubles, and any criminal activity,” which at the blunt end of the spectrum might leave them vulnerable to blackmail. More subtly, the data could be used to identify and then recruit potential intelligence sources through bribery or flattery, while providing a clear map of security clearance procedures and their possible weaknesses. Cross-referencing with data from other hacks might allow identification of staff who had failed to disclose information.

China denies any part in the attacks. But Michael Hayden, a former head of the National Security Agency and Central Intelligence Agency, has described the OPM’s data as “a legitimate foreign intelligence target,” adding that “this is not ‘shame on China.’ This is ‘shame on us’ for not protecting that kind of information.”

The OPM’s director offered a different interpretation during sustained congressional grilling over security failures at the agency. From Lisa Rein at The Washington Post:

“We have legacy systems that are very old,” Katherine Archuleta, director of the Office of Personnel Management, told Senate lawmakers at a hearing on the intrusion. “It’s an enterprise-wide problem. I don’t believe anyone is personally responsible.”

She then told Sen. Jerry Moran (R-Kan.), who pressed her repeatedly to take responsibility for failing to shore up the agency’s computer security, that the attackers are the ones to blame.

[…] Archuleta said she is “working very hard on correcting decades of inattention” to weak computer security at her agency, and credited her efforts to add new security defenses for discovering the breach in the first place. But the OPM’s inspector general described a history of failures by the agency to take basic security steps.

[…] Michael Esser, assistant inspector general for audit, testified that numerous recommendations to modernize aging systems and improve the security of modern ones have not been followed. He noted that a number of the systems that were breached in the hack disclosed in June were actually not “legacy systems,” but modern ones. [Source]

The agency’s initial efforts to notify affected employees also attracted criticism for encouraging behavior that could facilitate further attacks. Lax security at the OPM and beyond is described in detail in recent posts byArs Technica’s Sean Gallagher, who noted that some OPM contractors hired Chinese nationals. At least one of these, said to have had “direct access to every row of data in every database,” was actually based in China.

Security failings at the OPM are hardly unique, The New York Times’ David E. Sanger, Nicole Perlroth and Michael D. Shear reported last weekend:

The administration is urgently working to determine what other agencies are storing similarly sensitive information with weak protections. Officials would not identify their top concerns, but an audit issued early last year, before the Chinese attacks, harshly criticized lax security at the Internal Revenue Service, the Nuclear Regulatory Commission, the Energy Department, the Securities and Exchange Commission — and the Department of Homeland Security, which has responsibility for securing the nation’s critical networks.

At the Nuclear Regulatory Commission, which regulates nuclear facilities, information about crucial components was left on unsecured network drives, and the agency lost track of laptops with critical data.

Computers at the I.R.S. allowed employees to use weak passwords like “password.” One report detailed 7,329 “potential vulnerabilities” because software patches had not been installed. Auditors at the Department of Education, which stores information from millions of student loan applicants, were able to connect “rogue” computers and hardware to the network without being noticed. And at the Securities and Exchange Commission, part of the network had no firewall or intrusion protection for months. [Source]

CIA-linked data mining firm Recorded Future reported this week that it found login details for employees of 47 different government agencies posted online, and that 12 of these organizations failed to use two-factor authentication as an additional layer of security. Meanwhile, traces of malware that struck the OPM have been discovered on computers at the National Archives. ACLU technologist Christopher Soghoian commented:

I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they’ve penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.

[…] In general, it’s far easier to attack a network than it is to defend the same network. This isn’t a statement about willpower or budget; it’s how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462–456 twenty minutes into the game. In other words, it’s all offense and no defense.

In this kind of environment, we simply have to assume that even our classified networks have been penetrated. Remember that Snowden was able to wander through the NSA’s networks with impunity, and that the agency had so few controls in place that the only way they can guess what has been taken is to extrapolate based on what has been published. Does anyone believe that Snowden was the first to take advantage of that lax security? I don’t.

[…] I am reminded of a comment made to me in confidence by a US intelligence official. I asked him what he was most worried about, and he replied: “I know how deep we are in our enemies’ networks without them having any idea that we’re there. I’m worried that our networks are penetrated just as deeply.” [Source]

While most have focused on the need for better defenses, some argue for counterattacks. Prospective Republican presidential candidate Mike Huckabee, for example, wrote that:

The response and retaliation to this behavior is simple-America should hack the Chinese government. We should hack the cell phones of some prominent Communist party leaders, hack the bank accounts of intelligence officials, publicly humiliate Chinese families for political corruption, or wipe-out a few critical Chinese computer systems. [Source]

UCLA’s Kristen Eichensehr, examining the OPM breach in light of the Department of Defense’s newly released Law of War Manual, wrote last week at Just Security that such bellicose rhetoric is unrealistic:

Debates are raging over just how damaging the two OPM hacks are. In the first of what are sure to be many congressional hearings on the breaches, Rep. Carolyn Maloney (D-NY) asserted that she “consider[s] this attack … a far more serious one to the national security” of the United States than the 9/11 attacks. Others have called the hacks the long-warned-about cyber 9/11 or cyber Pearl Harbor. But other commentators have pushed back. Robert Knake of CFR noted that he is “a bit blasé” about the hack because “if the Chinese government is indeed behind it, it’s not by any stretch the most dastardly thing they have done in cyberspace.” [Knake listed five worse cases attributed to China in a blog post at CFR.] Prof. Henry Farrell on the Washington Post‘s Monkey Cage blog similarly explained that “hacking into information on U.S. government employees, however sensitive, is not a Pearl Harbor attack,” but rather “an (extremely worrying) exercise in espionage.”

[…] Despite the debate over exactly how bad the OPM hacks are for national security, there is no doubt that they are a blow, the magnitude of which will become clearer over time. Where any US claim to the legal or moral high ground would be shaky at best, we should assume that spies are going to spy and act accordingly. This means that the government must better secure its sensitive information going forward and take steps to protect the individuals already put at risk. Beyond such responses, allusions to 9/11 and Pearl Harbor are misplaced and tend to frame these hacks in terms countenanced neither by realism in international relations nor by the rules of international law. [Source]

In any case, it remains unproven that China is the real culprit. The OPM hacks are thought to be the work of “Deep Panda,” an outfit associated with China’s Ministry of Public Security. But when Director of National Intelligence James Clapper said this week that China is “the leading suspect,” it was the strongest such statement to date by a serving U.S. official on the record. Michael Rogers, NSA director and commander of U.S. Cyber Command, has emphasized the enduring uncertainty about attribution of the attacks. From Patrick Tucker at Defense One:

Rogers spoke in response to a question about how the National Security Agency was going about attributing the breach to the Chinese government. “You’ve put an assumption in your question,” he said. “I’m not going to get into the specifics of attribution. It’s a process that’s ongoing.”

[…] The cybersecurity group FireEye says it’s “highly confident” that Chinese hackers did it, based on the kind of cables and telecommunications equipment involved, the type of data stolen, and the specific backdoors that the thieves used. “These backdoors, they’re commonly used by Chinese threat actors,” Michael Oppenheim, the intelligence operations manager at FireEye, told Defense One.

Oppenheim stopped short of formally accusing the Chinese government but added, “We believe that this aligns with Chinese interests.”

Oppenheim said that he was sympathetic to Rogers’s reluctance to formally attribute the breach to the Chinese government. “For someone in his position, you want to be 100-percent sure,” he said. [Source]

Another recent hacking case showed attackers leaving false tracks meant to implicate China. Russian security company Kaspersky revealed this month that it had discovered malware dubbed “Duqu 2” within its own systems. The firm’s technical paper on the intrusion refrained from explicit attribution (PDF), but noted:

[… T]he attackers have tried to include several false flags throughout the code, designed to send researchers in the wrong direction. For instance, one of the drivers contains the string “ugly.gorilla”, which obviously refers to Wang Dong, a Chinese hacker believed to be associated with the APT1/Comment Crew. The usage of the Camellia cypher in the MSI VFSes, previously seen in APT1-associated Poison Ivy samples is another false flag planted by the attackers to make researchers believe they are dealing with APT1 related malware. […]

Nevertheless, such false flags are relatively easy to spot, especially when the attacker is extremely careful not to make any other mistakes. [Source (PDF)]

The attackers also used a digital certificate apparently stolen from Taiwan-based Foxconn, possibly for similar reasons. From Kim Zetter at Wired:

The Taiwanese firm makes hardware for most of the major tech players, including Apple, Dell, Google, and Microsoft, manufacturing the likes of iPhones, iPads and PlayStation 4s. Taiwanese companies have been fruitful for this hacking group, who many believe to be Israeli: This marks at least the fourth time they have used a digital certificate taken from a Taiwan-based firm to get their malware successfully onto systems.

It’s unclear why the attackers focus on digital certificates from Taiwanese companies, but it may be to plant a false flag and misdirect investigators into thinking China is behind the malware attacks, says Costin Raiu, director of Kaspersky’s Global Research and Analysis Team.

The strategy of stealing and corrupting otherwise-legitimate certificates is particularly galling to the security community because it undermines one of the crucial means for authenticating legitimate software. [Source]

Kaspersky found that Duqu 2 had been used to infiltrate hotels hosting Iran nuclear talks, allowing access to security cameras, microphones, Wi-Fi networks, phone communications, and hotel records. Coincidentally, reports last week indicated that the U.S. State Department will no longer use the Waldorf Astoria as a New York base for its staff following its acquisition by the Beijing-based Anbang Insurance Group last year.

The intrusions may go much deeper. As the OPM story developed, The Sunday Times reported anonymous British officials’ claims that documents leaked by former NSA contractor Edward Snowden had fallen into Russian and Chinese hands. The article was immediately and widely mauled, particularly after its author told CNN that none of its specifics could be verified and that “we just publish what we believe to be the position of the British government at the moment.” At Wired, security technologist Bruce Schneier wrote that Snowden’s actions were probably beside the point anyway.



Get every new post delivered to your Inbox.

Join 1,145 other followers