China hacking Hong Kong protesters’ smartphones, says security firm

Hong Kong protestersBy IAN ALLEN | intelNews.org
A mobile telephone security company has said the government of China is probably behind a sophisticated malware designed to compromise the smartphones of protesters in Hong Kong. Ever since the Hong Kong ‘umbrella revolution’ began to unfold, countless reports have referred to the use of smartphone applications as organizing tools by the protesters. According to one account, an application called FireChat was downloaded by more than 100,000 smartphone users in Hong Kong in less than 24 hours. FireChat is said to allow protesters to continue communicating with each other even when their individual devices are unable to connect to a mobile network. But a California-based mobile telephone security firm has warned that the Chinese government could be using such enabling applications to compromise the smartphones of pro-democracy protesters in the former British colony. Lacoon Mobile Security, which specializes in assessing and mitigating mobile security threats, said on Tuesday that it had detected several types of malware camouflaged as mobile phone applications designed to help the protesters organize. In a statement posted on its website, the security firm said that, once downloaded by a smartphone user, the malware gives an outsider access to the address book, communication logs and other private data stored on the unsuspecting user’s device. Lacoon added that what made the malware unusual was that it came in two different versions; one appears to target smartphones that run Apple’s iOS operating system, while the other is designed to compromise phones using Google’s Android software. The company noted that the types of malware that are circulating among Hong Kong protesters were some of the most sophisticated it had ever seen. They made use of a method called mRAT, which stands for multidimensional requirements analysis tool. Among other things, mRAT allows a hacker to take surreptitious pictures using the phone camera of a compromised smartphone. According to Lacoon, the design of the malware in question is so advanced that it is “undoubtedly backed by a nation state”. Read more of this post

About these ads

China charges its ambassador to Iceland with spying for Japan

Ma JisengBy JOSEPH FITSANAKIS | intelNews.org
Authorities in China have reportedly arrested the Chinese ambassador to Iceland on suspicion of spying on behalf of Japan, according to media reports. Ma Jiseng, 57, is a career diplomat who spent over eight years at the embassy of China in Japan. He was there in two separate stints, from 1991 to 1995 and from 2004 to 2008. In December of 2012, he arrived with his wife to Reykjavik, Iceland, where he assumed the post of China’s ambassador in the Nordic island nation. But, according to reports in the Icelandic media, Ma hurriedly left Reykjavik for Beijing on January 23 of this year, telling his staff that he was supposed to return in March. His wife followed him soon afterwards. Today, nearly eight months later, Ma and his wife have yet to reappear in the Icelandic capital. The plot thickened last week, when the online Chinese-language review Mingjing News published a news story claiming that Ma and his wife had been summoned back to Beijing and arrested upon arrival by Chinese authorities “for spying on behalf of Japan”. Shortly afterwards, Kai Lei, editor at the Hong Kong-based Wenweipo Chinese-language newspaper, blogged that Ma had been “arrested by [China’s] Ministry of State Security” on suspicion of “leaking international secrets to Japan”. According to the media reports, Ma was believed to have been recruited by Japanese intelligence during his second diplomatic stint in Tokyo, which lasted from 2004 to 2008. Interestingly, however, the reports about Ma’s alleged arrest began vanishing from Chinese news media websites just hours after they initially appeared. Reporters in Iceland turned to the country’s Ministry of Foreign Affairs, who said the Chinese embassy in Reykjavik claimed Ma was unable to return to Iceland “due to personal reasons”. Meanwhile, the Chinese Ministry of Foreign Affairs refuses to comment on the case. Read more of this post

News you may have missed #883

Oleg KaluginBy IAN ALLEN | intelNews.org
►►Indonesia, Australia renew intelligence ties. Australia and Indonesia have signed a pledge not to use intelligence to harm each other, signaling a resumption in cooperation, which had been suspended after last year’s spy scandal. Australian Foreign Minister Julie Bishop and her Indonesian counterpart, Marty Natalegawa, signed the “joint understanding of a code of conduct” in Nusa Dua, Bali, on Thursday.
►►Ex-KGB general says Russia has already won in Ukraine. Russia has already won “the real victory”​ in Ukraine, according to former KGB general Oleg Kalugin, who is now living in the United States. The “southeast of Ukraine, that’s part of the general battle between the Russians and Ukrainians, but it’s not as crucial as the real victory and pride of Russia —the Crimea, I mean”, he said on Thursday. Kalugin reiterated that he does not believe Russian president Vladimir Putin wants annex another region of the country. “It’s not in the interest of Putin”, Kalugin said. “His position as of today is fairly strong in the country, in his own country, so why put it at risk by moving further?”
►►China says Canadian couple were spies disguised as ordinary citizens. Kevin and Julia Garratt have been accused of stealing Chinese military and national defense research secrets. They were detained on August 4, 2014, but not formally arrested, and China has offered little information on what they are accused of doing. The couple ran a coffee shop near the border with North Korea, worked with Christian groups to bring humanitarian aid into North Korea, and worked to train North Korean Christians inside China. Their detention by China’s State Security Bureau has been seen by Canadian authorities as reprisal for the arrest of Su Bin, a Chinese immigrant to Canada suspected of masterminding the electronic theft of US fighter jet secrets.

News you may have missed #882 (cybersecurity edition)

Andrew LewmanBy IAN ALLEN | intelNews.org
►►GCHQ launches ‘Cyber Security Challenge’. Britain’s signals intelligence agency, GCHQ, has created a new online game to find new recruits and test the public’s ability to deal with hacking attacks. The new game, named Assignment: Astute Explorer, will give registered players the chance to analyze code from a fictitious aerospace company, identify vulnerabilities and then suggest fixes.
►►Chinese hackers spied on investigators of Flight MH370. Malaysian officials investigating the disappearance of flight MH370 have been targeted in a hacking attack that resulted in the theft of classified material. The attack hit around 30 PCs assigned to officials in Malaysia Airlines, the country’s Civil Aviation Department and the National Security Council. The malware was hidden in a PDF attachment posing as a news article that was distributed on 9 March, just one day after the ill-fated Malaysian Airlines Boeing 777 disappeared en route from Kuala Lumpur to Beijing.
►►Developer alleges NSA and GCHQ employees are helping Tor Project. Tor is a free software used for enabling online anonymity and resisting censorship. It directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user’s location or usage. Interestingly, its executive director, Andrew Lewman, has told the BBC that employees of the NSA and GCHQ offer his team of programmers tips “on probably [a] monthly” basis about bugs and design issues that potentially could compromise the [Tor] service”. He added that he had been told by William Binney, a former NSA official turned whistleblower, that one reason NSA workers might have leaked such information was because many were “upset that they are spying on Americans”.

Canada bans Chinese reporters over spy concerns

Stephen HarperBy JOSEPH FITSANAKIS | intelNews.org
The office of the prime minister of Canada has banned reporters working for China’s state-owned media from covering the Canadian leader’s official trip to the Arctic, due to concerns that they may be spies. For the past several summers, Canada’s Prime Minister Stephen Harper has undertaken official tours of the Canadian Arctic, in an effort to promote the country’s northern economy and attend military exercises. However, in a move that has raised eyebrows in Ottawa and Beijing, the organizers of the trip have issued a ban on a number of Chinese reporters from joining the Canadian prime minister’s entourage. The Winnipeg Sun reported on Wednesday that the unprecedented step was taken over concerns that the Chinese journalists in question may in fact be intelligence operatives in the service of China. The paper cited a quote by a spokesman from the office of the prime minister, who reportedly told the Québecor Média International news agency that “certain news outlets are no longer welcome” to travel with the prime minister. It appears that the reporters in question include primarily those working for The People’s Daily newspaper and the Xinhua news agency, both of which are owned by the government of China. Two Chinese journalists working for these outlets, Li Xue Jiang, and Zhang Dacheng, caused controversy during Harper’s trip to the Arctic in 2013. The two appeared to show more interest in photographing their fellow journalists and the interior of Canada’s prime ministerial airplane than covering Harper’s trip. Li even wrote an article for the Chinese-language edition of The People’s Daily at the time, in which he mentioned that he had come under suspicion of spying for China, saying that a secretary from the office of the Canadian prime minister had tasked an officer of the Royal Canadian Mounted Police to keep an eye on him. IntelNews readers will recall that in 2012 Canadian reporter Mark Bourrie resigned his post as parliamentary correspondent for Xinhua, accusing the Chinese news agency of running spy operations in Canada. Read more of this post

China stops using some Apple products, fearing US espionage

By JOSEPH FITSANAKIS | intelNews.orgApple offices in China
Authorities in China have removed Apple products from a government procurement list because of fears that they are susceptible to electronic espionage by the United States. Citing “government officials familiar with the matter”, Bloomberg News said on Wednesday that 10 Apple products have been removed from the list, including the iPad and iPad Mini, as well as MacBook Air and MacBook Pro products —though interestingly the inventory of removed items does not include Apple smartphone products. The procurement list is produced several times a year by China’s Ministry of Finance and the National Commission for Development and Reform. It specifies the types of products that can be purchased with public funds by all central departments of the Communist Party of China, as well as by all state and local government ministries. The surprise removal of Apple products from the list follows a report aired by Beijing’s state-owned China Central Television in July, which claimed that security weaknesses in Apple software could cause the theft of sensitive state secrets. Apple vigorously rejected the claims made in the television report. The action by the Chinese government is the latest move in a tit-for-tat cyberespionage war between Washington and Beijing, which began in 2013, when American defector Edward Snowden began leaking US intelligence secrets. In June of that year, it was revealed that the US National Security Agency (NSA) has been engaged in protracted offensive cyberespionage operations against China for nearly 15 years. Almost a year later, the US Department of Justice charged a group of Chinese military officers with stealing American trade secrets through cyberespionage. Apple is not the first American technology firm to be hit with removals of its products from the Chinese government’s procurement list. Read more of this post

News you may have missed #880

Augusto PinochetBy IAN ALLEN | intelNews.org
►►Chinese military establishes cyberintelligence research center. The Chinese People’s Liberation Army (PLA) has announced the creation of a Cyberspace Strategic Intelligence Research Center. Experts say the Center will “provide support in obtaining high-quality intelligence research findings and help China gain advantage in national information security”. Its staff reportedly specialize in such fields as strategic theory research, intelligence studies, and technology management, among others.
►►Chile court says US had role in 1973 killings of Americans. A court ruling released late Monday said the commander of the US Military Mission in Chile at the time of the 1973 military coup gave information to Chilean officials about journalist Charles Horman and student Frank Teruggi that led to their arrest and execution just days after the coup, which brought General Augusto Pinochet to power. The case remained practically ignored in Chile until 2000, when Horman’s widow, Joyce, came and filed a lawsuit against Pinochet.
►►Opinion: Cyber tools are no substitute for human intelligence. A colonel in the Israel Defense Forces critiques “the increasing use of cyber tools as a central and sometimes exclusive role in the work of many intelligence agencies throughout the world”. He argues that “the documents exposed by Edward Snowden show how willing the Americans are to invest in technological systems to collect information and gather as much intelligence as they can using cyber tools”. But he warns that “this almost exclusive reliance on the collection and analysis of intelligence using technology comes at the expense of the human element as a basic component of intelligence-gathering”.

Hidden spy software found in Chinese-made smartphones

Star N9500By JOSEPH FITSANAKIS | intelNews.org
A popular brand of Chinese-made smartphones, which are sold internationally by several major retailers, has been found to contain pre-installed monitoring software, according to a German security firm. The revelation was made on Tuesday by G Data Software, which is based in Bochum, Germany, and has a subsidiary in the United States. The firm, which was founded in 1985, said it discovered the spy software hidden deep inside the proprietary software found on the Chinese-made Star N9500. The product in question is a cheap smartphone based on the popular Samsung Galaxy S4, and can be purchased from numerous Internet retailers, including online outlets such as Amazon.com. A G Data spokesperson, Thorsten Urbanski, told reporters in Germany that his company purchased several Star N9500 telephones from an online retailer after receiving multiple messages from users of the telephone in Germany, who said the device’s operating system appeared to contain malicious software. The security firm said the Star N9500’s operating system contains hidden software applications that could allow a third party to access and steal the telephone user’s personal information. There are also secret applications that could permit a hacker to place calls from the telephone, or utilize the device’s microphone and camera without the consent of its owner. What is more, the stolen data was sent to a server based in China. G Data investigators added that their team of experts sought for “over a week” to track down the manufacturer of the Star N9500 but were unable to do so. German media reported that journalists from The Associated Press also tried to locate the manufacturer of the smartphone, by contacting several companies located in China’s southern province of Shenzhen, known as the center of the country’s telecommunications industry. Read more of this post

Analysis: Should government spies target foreign firms?

CyberespionageBy JOSEPH FITSANAKIS | intelNews.org
Last month, the government of the United States indicted five officers of the Chinese People’s Liberation Army with conspiracy to commit computer fraud, economic espionage, and theft of trade secrets, among other charges. In indicting the five PLA officers, the US Department of Justice went to great pains to ensure that it did not accuse the suspects of engaging in cyberespionage in defense of China’s national security. What sparked the indictments was that the accused hackers allegedly employed intelligence resources belonging to the Chinese state in order to give a competitive advantage to Chinese companies vying for international contracts against American firms. In the words of US Attorney General Eric Holder, the operational difference between American and Chinese cyberespionage, as revealed in the case against the five PLA officers, is that “we do not collect intelligence to provide a competitive advantage to US companies, or US commercial sectors”, whereas China engages in the practice “for no reason other than to advantage state-owned companies and other interests in China”. I recently authored a working paper that was published by the Cyberdefense and Cybersecurity Chair of France’s Ecole Spéciale Militaire de Saint-Cyr, in which I argued that the American distinction between public and private spheres of economic activity is not shared by PLA. The Chinese see both state and corporate cyberespionage targets as fair game and as an essential means of competing globally with the United States and other adversaries. In the paper, I argue that Beijing sees the demarcation between state and private economic activity as a conceptual model deliberately devised by the US to disadvantage China’s intelligence-collection ability. Read more of this post

News you may have missed #877

Oleg KaluginBy IAN ALLEN | intelNews.org
►►China to ditch US consulting firms over suspected espionage. State-owned Chinese companies will cease to work with US consulting companies like McKinsey and Boston Consulting Group over fears they are spying on behalf of the US government. Last Thursday, China announced that all foreign companies would have to undergo a new security test. Any company, product or service that fails will be banned from China. The inspection will be conducted across all sectors —communications, finance, and energy.
►►Ex-KGB general says Snowden is cooperating with Russian intelligence. Former National Security Agency contractor Edward Snowden probably never envisioned that he would someday be working for the Russian Federal Security Service, or FSB. But according to former KGB Major General Oleg Kalugin, he is now, albeit as a consultant or technical advisor. “The FSB are now his hosts, and they are taking care of him”, Kalugin claimed in an interview. “Whatever he had access to in his former days at NSA, I believe he shared all of it with the Russians, and they are very grateful”, added the former Soviet spy.
►►Snowden claims he was ‘trained as a spy’. American intelligence defector Edward Snowden says he knows how US spies operate because he was trained as one of them. In an interview with NBC News, Snowden dismissed allegations that he was just a low-level analyst with the US government before revealing highly classified details of US spying activities in 2013. “I was trained as a spy in sort of the traditional sense of the word in that I lived and worked undercover overseas, pretending to work in a job that I’m not, and even being assigned a name that was not mine”, he said in a portion of the interview that aired on Tuesday.

Western companies to suffer backlash in China-US espionage spat

China and the United StatesBy IAN ALLEN | intelNews.org
China’s response to America’s allegations of cyberespionage will probably not be directed against the United States government, but at Western technology companies, according to business insiders. On Monday, the United States Department of Justice identified five members of the Chinese People’s Liberation Army as directly responsible for a series of cyberespionage operations targeting American firms. Since then, sources in the business community have said that American companies operating in China were “caught off guard” by the Justice Department’s charges, and that they were “given no advanced notice” by US government officials. On the one hand, business insiders claim that Chinese cyberespionage against Western firms is so aggressive that many in the corporate community were broadly supportive of Washington’s move. But, on the other hand, some industry analysts have told the Reuters news agency that, although Beijing’s response to Washington’s allegations will not be “immediate or obvious”, Western technology firms should prepare to face a lot more difficulties in doing business in China. Specifically, some business observers expect the Chinese government to respond to America’s cyberespionage allegations by “precluding foreign companies from certain sectors” of its economy. Beijing might even use the controversy to justify a “turn to internal suppliers” of technological products and services, say experts. The news agency reports that American hardware and software suppliers have already seen their sales in China drop as a result of the revelations by American intelligence defector Edward Snowden. The current clash over cyberespionage between America and China is likely to have a further negative effect on American business activities all over Southeast Asia. The ongoing dispute between the two countries is likely to have an effect in Europe as well, say The Financial Times. The London-based paper reports that Washington’s recent indictment has “struck a chord in German industry”, which is also concerned about the perceived theft of intellectual property by Chinese hackers. Read more of this post

The mysterious Chinese unit behind the cyberespionage charges

Shanghai, ChinaBy JOSEPH FITSANAKIS | intelNews.org
On Monday, the United States government leveled for the first time charges against a group of identified Chinese military officers, allegedly for stealing American trade secrets through cyberespionage. The individuals named in the indictment are all members of a mysterious unit within the Chinese People’s Liberation Army (PLA) command structure, known as Unit 61398. It is estimated that the unit has targeted at least 1,000 private or public companies and organizations in the past 12 years. Western cybersecurity experts often refer to the group as “APT1”, which stands for “Advanced Persistent Threat 1”, or “Byzantine Candor”. It is believed to operate under the Second Bureau of the PLA’s General Staff Department, which is responsible for collecting foreign military intelligence. Many China military observers argue that Unit 61398 is staffed by several thousand operatives, who can be broadly categorized into two groups: one consisting of computer programmers and network operations experts, and the other consisting of English-language specialists, with the most talented members of the Unit combining both skills. Computer forensics experts have traced the Unit’s online activities to several large computer networks operating out of Shanghai’s Pudong New Area district, a heavily built neighborhood in China’s largest city, which serves as a symbol of the country’s rapid industrialization and urbanization. Among other things, Unit 61398 is generally accused of being behind Operation SHADY RAT, one of history’s most extensive known cyberespionage campaigns, which targeted nearly 100 companies, governments and international organizations, between 2006 and 2011. The operation is believed to be just one of numerous schemes devised by Unit 61398 in its effort to acquire trade secrets from nearly every country in the world during the past decade, say its detractors. American sources claim that the PLA Unit spends most of its time attacking private, rather than government-run, networks and servers. As the US Attorney General, Eric Holder, told reporters on Monday, Unit 61398 conducts hacking “for no reason other than to advantage state-owned companies and other interests in China, at the expense of businesses here in the United States”. But The Washington Post points out that the recent revelations by US intelligence defector Edward Snowden arguably make it “easier for China to dismiss” Washington’s charges, since they point to Read more of this post

New details about FBI probe that led to Chinese spy’s conviction

Dongfan "Greg" ChungBy JOSEPH FITSANAKIS | intelNews.org
Some of our longtime readers will recall the case of Dongfan “Greg” Chung, a Chinese-born American engineer for Boeing, who was convicted in 2009 of passing US space program secrets to China. The case is arguably far more important than it might have seemed at the time, as Chung was technically the first American to be jailed for economic espionage. Many at the Federal Bureau of Investigation view the Chung conviction as a landmark case for providing clear legal proof of Chinese espionage in the US. Little is known, however, about how the FBI managed to uncover Chung’s espionage activities, which are believed to have gone on for nearly three decades. In the latest issue of The New Yorker, Yudhijit Bhattachargjee reveals for the first time the fascinating background of how the Bureau got to Chung. It did so through another American engineer of Chinese origin, named Chi Mak. Unlike Chung, who was ideologically committed to Maoism and was recruited by Chinese intelligence after immigrating to the US, Mak was an accredited intelligence operative who was allegedly specifically planted in the US by the Chinese. He came to America from Hong Kong in 1979 and worked for California-based defense contractor Power Paragon. He almost immediately began stealing secrets relating to US Navy systems. The FBI first started monitoring Mak and his wife, Rebecca, in 2004, following a tip. The effort evolved in one of the Bureau’s biggest counterintelligence cases, involving elaborate physical and electronic surveillance that lasted for nearly 18 months. During that time, FBI and Naval Criminal Investigation Service agents installed surveillance cameras outside the Maks’ residence, followed the suspects around, and monitored their telephone calls. Eventually, the surveillance team managed to acquire a warrant allowing them to clandestinely enter the Maks’ home and conduct a secret search. The nondestructive entry team discovered numerous stacks of secret documents “some two or three feet high” all around the suspects’ house. Among the findings was an address book containing the names of other engineers of Chinese origin living in the state of California. That, says Bhattachargjee, was the first time the FBI came across Chung’s name. Read more of this post

China ‘hacked European government computers’ prior to G20 summit

G20 Summit participantsBy IAN ALLEN | intelNews.org
A group of hackers from China managed to compromise computer networks belonging to the foreign ministries of several European governments prior to last September’s G20 Summit, according to a private computer security firm. The Summit, which took place in St. Petersburg, Russia, on September 5 and 6 of this year, brought together the heads of state of 20 major economies, including the United States and many European Union countries. The meeting agenda was dominated by discussions concerning the response of the international community to the chemical attacks in Ghouta, Syria. According to the Reuters news agency, the hackers managed to infiltrate carefully targeted computer networks by sending emails containing infected attachments to employees of foreign ministries. The attached files bore titles such as “US_military_options_in_Syria”, which appeared designed to bear reference to the upcoming G20 Summit. The hacking revelations were made by FireEye, Inc., a California-based security firm, which says it has proof the hackers came from China. The firm says its confidence on the matters stems from “a variety of technical evidence”, such as the language used on the control server used by the hackers, as well as the types of machines that were used to test the virus before it was deployed. FireEye said its experts were able to keep tabs on the “inner workings” of the primary computer server that the hackers used to monitor the compromised computer networks. However, shortly before the Summit begun, the hackers migrated to another server, at which point the FireEye team lost contact with them. Read more of this post

Report reveals secret US-India Cold War collaboration

U-2 surveillance aircraftBy JOSEPH FITSANAKIS | intelNews.org |
During much of the Cold War, India enjoyed a close diplomatic and military relationship with the Soviet Union. But a newly declassified document reveals that the South Asian country allowed the United States to spy on the Soviets using its airspace. The revelation is contained in a 400-page history of the American U-2 reconnaissance aircraft program authored on behalf of the US Central Intelligence Agency (CIA). The formerly classified document, written in 1992 by CIA historians Gregory Pedlow and Donald Welzenbach, is titled: The Central Intelligence Agency and Overhead Reconnaissance: The U-2 and OXCART Programs, 1954-1974. It was declassified last week in response to a 2005 Freedom of Information Act request filed by Jeffrey T. Richelson, Senior Fellow at George Washington University’s National Security Archive. The Central Intelligence Agency had been involved in U-2 reconnaissance missions since 1954, when the spy program began. Known officially as Project HOMERUN, the U-2 program was a joint effort by the CIA and the National Security Agency that surreptitiously gathered signals and photographic intelligence on Soviet military sites. The program, which has been described by some historians as one of the most successful intelligence projects in US history, relied on the U-2’s ability to fly beyond 70,000 feet over the Soviet Union, thus avoiding detection or attack by Soviet forces. That assumption, however, proved to have been false. In reality, Soviet radars had been able to detect nearly every U-2 flight over Soviet territory. Eventually, on May 1, 1960, Soviet forces managed to shoot down one of the U-2 flights using a surface-to-air missile. This led to the so-called ‘U-2 incident’, during which India sided firmly with the Soviet Union, criticizing the US for violating Soviet airspace. But New Delhi’s attitude to the U-2 program appears to have changed drastically following the Sino-Indian conflict on October 1962, when Chinese forces launched a series of armed incursions into Indian territory, killing over 1,000 soldiers. Read more of this post

Follow

Get every new post delivered to your Inbox.

Join 744 other followers