News you may have missed #880

Augusto PinochetBy IAN ALLEN | intelNews.org
►►Chinese military establishes cyberintelligence research center. The Chinese People’s Liberation Army (PLA) has announced the creation of a Cyberspace Strategic Intelligence Research Center. Experts say the Center will “provide support in obtaining high-quality intelligence research findings and help China gain advantage in national information security”. Its staff reportedly specialize in such fields as strategic theory research, intelligence studies, and technology management, among others.
►►Chile court says US had role in 1973 killings of Americans. A court ruling released late Monday said the commander of the US Military Mission in Chile at the time of the 1973 military coup gave information to Chilean officials about journalist Charles Horman and student Frank Teruggi that led to their arrest and execution just days after the coup, which brought General Augusto Pinochet to power. The case remained practically ignored in Chile until 2000, when Horman’s widow, Joyce, came and filed a lawsuit against Pinochet.
►►Opinion: Cyber tools are no substitute for human intelligence. A colonel in the Israel Defense Forces critiques “the increasing use of cyber tools as a central and sometimes exclusive role in the work of many intelligence agencies throughout the world”. He argues that “the documents exposed by Edward Snowden show how willing the Americans are to invest in technological systems to collect information and gather as much intelligence as they can using cyber tools”. But he warns that “this almost exclusive reliance on the collection and analysis of intelligence using technology comes at the expense of the human element as a basic component of intelligence-gathering”.

About these ads

Hidden spy software found in Chinese-made smartphones

Star N9500By JOSEPH FITSANAKIS | intelNews.org
A popular brand of Chinese-made smartphones, which are sold internationally by several major retailers, has been found to contain pre-installed monitoring software, according to a German security firm. The revelation was made on Tuesday by G Data Software, which is based in Bochum, Germany, and has a subsidiary in the United States. The firm, which was founded in 1985, said it discovered the spy software hidden deep inside the proprietary software found on the Chinese-made Star N9500. The product in question is a cheap smartphone based on the popular Samsung Galaxy S4, and can be purchased from numerous Internet retailers, including online outlets such as Amazon.com. A G Data spokesperson, Thorsten Urbanski, told reporters in Germany that his company purchased several Star N9500 telephones from an online retailer after receiving multiple messages from users of the telephone in Germany, who said the device’s operating system appeared to contain malicious software. The security firm said the Star N9500’s operating system contains hidden software applications that could allow a third party to access and steal the telephone user’s personal information. There are also secret applications that could permit a hacker to place calls from the telephone, or utilize the device’s microphone and camera without the consent of its owner. What is more, the stolen data was sent to a server based in China. G Data investigators added that their team of experts sought for “over a week” to track down the manufacturer of the Star N9500 but were unable to do so. German media reported that journalists from The Associated Press also tried to locate the manufacturer of the smartphone, by contacting several companies located in China’s southern province of Shenzhen, known as the center of the country’s telecommunications industry. Read more of this post

Analysis: Should government spies target foreign firms?

CyberespionageBy JOSEPH FITSANAKIS | intelNews.org
Last month, the government of the United States indicted five officers of the Chinese People’s Liberation Army with conspiracy to commit computer fraud, economic espionage, and theft of trade secrets, among other charges. In indicting the five PLA officers, the US Department of Justice went to great pains to ensure that it did not accuse the suspects of engaging in cyberespionage in defense of China’s national security. What sparked the indictments was that the accused hackers allegedly employed intelligence resources belonging to the Chinese state in order to give a competitive advantage to Chinese companies vying for international contracts against American firms. In the words of US Attorney General Eric Holder, the operational difference between American and Chinese cyberespionage, as revealed in the case against the five PLA officers, is that “we do not collect intelligence to provide a competitive advantage to US companies, or US commercial sectors”, whereas China engages in the practice “for no reason other than to advantage state-owned companies and other interests in China”. I recently authored a working paper that was published by the Cyberdefense and Cybersecurity Chair of France’s Ecole Spéciale Militaire de Saint-Cyr, in which I argued that the American distinction between public and private spheres of economic activity is not shared by PLA. The Chinese see both state and corporate cyberespionage targets as fair game and as an essential means of competing globally with the United States and other adversaries. In the paper, I argue that Beijing sees the demarcation between state and private economic activity as a conceptual model deliberately devised by the US to disadvantage China’s intelligence-collection ability. Read more of this post

News you may have missed #877

Oleg KaluginBy IAN ALLEN | intelNews.org
►►China to ditch US consulting firms over suspected espionage. State-owned Chinese companies will cease to work with US consulting companies like McKinsey and Boston Consulting Group over fears they are spying on behalf of the US government. Last Thursday, China announced that all foreign companies would have to undergo a new security test. Any company, product or service that fails will be banned from China. The inspection will be conducted across all sectors —communications, finance, and energy.
►►Ex-KGB general says Snowden is cooperating with Russian intelligence. Former National Security Agency contractor Edward Snowden probably never envisioned that he would someday be working for the Russian Federal Security Service, or FSB. But according to former KGB Major General Oleg Kalugin, he is now, albeit as a consultant or technical advisor. “The FSB are now his hosts, and they are taking care of him”, Kalugin claimed in an interview. “Whatever he had access to in his former days at NSA, I believe he shared all of it with the Russians, and they are very grateful”, added the former Soviet spy.
►►Snowden claims he was ‘trained as a spy’. American intelligence defector Edward Snowden says he knows how US spies operate because he was trained as one of them. In an interview with NBC News, Snowden dismissed allegations that he was just a low-level analyst with the US government before revealing highly classified details of US spying activities in 2013. “I was trained as a spy in sort of the traditional sense of the word in that I lived and worked undercover overseas, pretending to work in a job that I’m not, and even being assigned a name that was not mine”, he said in a portion of the interview that aired on Tuesday.

Western companies to suffer backlash in China-US espionage spat

China and the United StatesBy IAN ALLEN | intelNews.org
China’s response to America’s allegations of cyberespionage will probably not be directed against the United States government, but at Western technology companies, according to business insiders. On Monday, the United States Department of Justice identified five members of the Chinese People’s Liberation Army as directly responsible for a series of cyberespionage operations targeting American firms. Since then, sources in the business community have said that American companies operating in China were “caught off guard” by the Justice Department’s charges, and that they were “given no advanced notice” by US government officials. On the one hand, business insiders claim that Chinese cyberespionage against Western firms is so aggressive that many in the corporate community were broadly supportive of Washington’s move. But, on the other hand, some industry analysts have told the Reuters news agency that, although Beijing’s response to Washington’s allegations will not be “immediate or obvious”, Western technology firms should prepare to face a lot more difficulties in doing business in China. Specifically, some business observers expect the Chinese government to respond to America’s cyberespionage allegations by “precluding foreign companies from certain sectors” of its economy. Beijing might even use the controversy to justify a “turn to internal suppliers” of technological products and services, say experts. The news agency reports that American hardware and software suppliers have already seen their sales in China drop as a result of the revelations by American intelligence defector Edward Snowden. The current clash over cyberespionage between America and China is likely to have a further negative effect on American business activities all over Southeast Asia. The ongoing dispute between the two countries is likely to have an effect in Europe as well, say The Financial Times. The London-based paper reports that Washington’s recent indictment has “struck a chord in German industry”, which is also concerned about the perceived theft of intellectual property by Chinese hackers. Read more of this post

The mysterious Chinese unit behind the cyberespionage charges

Shanghai, ChinaBy JOSEPH FITSANAKIS | intelNews.org
On Monday, the United States government leveled for the first time charges against a group of identified Chinese military officers, allegedly for stealing American trade secrets through cyberespionage. The individuals named in the indictment are all members of a mysterious unit within the Chinese People’s Liberation Army (PLA) command structure, known as Unit 61398. It is estimated that the unit has targeted at least 1,000 private or public companies and organizations in the past 12 years. Western cybersecurity experts often refer to the group as “APT1”, which stands for “Advanced Persistent Threat 1”, or “Byzantine Candor”. It is believed to operate under the Second Bureau of the PLA’s General Staff Department, which is responsible for collecting foreign military intelligence. Many China military observers argue that Unit 61398 is staffed by several thousand operatives, who can be broadly categorized into two groups: one consisting of computer programmers and network operations experts, and the other consisting of English-language specialists, with the most talented members of the Unit combining both skills. Computer forensics experts have traced the Unit’s online activities to several large computer networks operating out of Shanghai’s Pudong New Area district, a heavily built neighborhood in China’s largest city, which serves as a symbol of the country’s rapid industrialization and urbanization. Among other things, Unit 61398 is generally accused of being behind Operation SHADY RAT, one of history’s most extensive known cyberespionage campaigns, which targeted nearly 100 companies, governments and international organizations, between 2006 and 2011. The operation is believed to be just one of numerous schemes devised by Unit 61398 in its effort to acquire trade secrets from nearly every country in the world during the past decade, say its detractors. American sources claim that the PLA Unit spends most of its time attacking private, rather than government-run, networks and servers. As the US Attorney General, Eric Holder, told reporters on Monday, Unit 61398 conducts hacking “for no reason other than to advantage state-owned companies and other interests in China, at the expense of businesses here in the United States”. But The Washington Post points out that the recent revelations by US intelligence defector Edward Snowden arguably make it “easier for China to dismiss” Washington’s charges, since they point to Read more of this post

New details about FBI probe that led to Chinese spy’s conviction

Dongfan "Greg" ChungBy JOSEPH FITSANAKIS | intelNews.org
Some of our longtime readers will recall the case of Dongfan “Greg” Chung, a Chinese-born American engineer for Boeing, who was convicted in 2009 of passing US space program secrets to China. The case is arguably far more important than it might have seemed at the time, as Chung was technically the first American to be jailed for economic espionage. Many at the Federal Bureau of Investigation view the Chung conviction as a landmark case for providing clear legal proof of Chinese espionage in the US. Little is known, however, about how the FBI managed to uncover Chung’s espionage activities, which are believed to have gone on for nearly three decades. In the latest issue of The New Yorker, Yudhijit Bhattachargjee reveals for the first time the fascinating background of how the Bureau got to Chung. It did so through another American engineer of Chinese origin, named Chi Mak. Unlike Chung, who was ideologically committed to Maoism and was recruited by Chinese intelligence after immigrating to the US, Mak was an accredited intelligence operative who was allegedly specifically planted in the US by the Chinese. He came to America from Hong Kong in 1979 and worked for California-based defense contractor Power Paragon. He almost immediately began stealing secrets relating to US Navy systems. The FBI first started monitoring Mak and his wife, Rebecca, in 2004, following a tip. The effort evolved in one of the Bureau’s biggest counterintelligence cases, involving elaborate physical and electronic surveillance that lasted for nearly 18 months. During that time, FBI and Naval Criminal Investigation Service agents installed surveillance cameras outside the Maks’ residence, followed the suspects around, and monitored their telephone calls. Eventually, the surveillance team managed to acquire a warrant allowing them to clandestinely enter the Maks’ home and conduct a secret search. The nondestructive entry team discovered numerous stacks of secret documents “some two or three feet high” all around the suspects’ house. Among the findings was an address book containing the names of other engineers of Chinese origin living in the state of California. That, says Bhattachargjee, was the first time the FBI came across Chung’s name. Read more of this post

China ‘hacked European government computers’ prior to G20 summit

G20 Summit participantsBy IAN ALLEN | intelNews.org
A group of hackers from China managed to compromise computer networks belonging to the foreign ministries of several European governments prior to last September’s G20 Summit, according to a private computer security firm. The Summit, which took place in St. Petersburg, Russia, on September 5 and 6 of this year, brought together the heads of state of 20 major economies, including the United States and many European Union countries. The meeting agenda was dominated by discussions concerning the response of the international community to the chemical attacks in Ghouta, Syria. According to the Reuters news agency, the hackers managed to infiltrate carefully targeted computer networks by sending emails containing infected attachments to employees of foreign ministries. The attached files bore titles such as “US_military_options_in_Syria”, which appeared designed to bear reference to the upcoming G20 Summit. The hacking revelations were made by FireEye, Inc., a California-based security firm, which says it has proof the hackers came from China. The firm says its confidence on the matters stems from “a variety of technical evidence”, such as the language used on the control server used by the hackers, as well as the types of machines that were used to test the virus before it was deployed. FireEye said its experts were able to keep tabs on the “inner workings” of the primary computer server that the hackers used to monitor the compromised computer networks. However, shortly before the Summit begun, the hackers migrated to another server, at which point the FireEye team lost contact with them. Read more of this post

Report reveals secret US-India Cold War collaboration

U-2 surveillance aircraftBy JOSEPH FITSANAKIS | intelNews.org |
During much of the Cold War, India enjoyed a close diplomatic and military relationship with the Soviet Union. But a newly declassified document reveals that the South Asian country allowed the United States to spy on the Soviets using its airspace. The revelation is contained in a 400-page history of the American U-2 reconnaissance aircraft program authored on behalf of the US Central Intelligence Agency (CIA). The formerly classified document, written in 1992 by CIA historians Gregory Pedlow and Donald Welzenbach, is titled: The Central Intelligence Agency and Overhead Reconnaissance: The U-2 and OXCART Programs, 1954-1974. It was declassified last week in response to a 2005 Freedom of Information Act request filed by Jeffrey T. Richelson, Senior Fellow at George Washington University’s National Security Archive. The Central Intelligence Agency had been involved in U-2 reconnaissance missions since 1954, when the spy program began. Known officially as Project HOMERUN, the U-2 program was a joint effort by the CIA and the National Security Agency that surreptitiously gathered signals and photographic intelligence on Soviet military sites. The program, which has been described by some historians as one of the most successful intelligence projects in US history, relied on the U-2’s ability to fly beyond 70,000 feet over the Soviet Union, thus avoiding detection or attack by Soviet forces. That assumption, however, proved to have been false. In reality, Soviet radars had been able to detect nearly every U-2 flight over Soviet territory. Eventually, on May 1, 1960, Soviet forces managed to shoot down one of the U-2 flights using a surface-to-air missile. This led to the so-called ‘U-2 incident’, during which India sided firmly with the Soviet Union, criticizing the US for violating Soviet airspace. But New Delhi’s attitude to the U-2 program appears to have changed drastically following the Sino-Indian conflict on October 1962, when Chinese forces launched a series of armed incursions into Indian territory, killing over 1,000 soldiers. Read more of this post

UK to probe Chinese telecoms firm over security concerns

Huawei TechnologiesBy IAN ALLEN | intelNews.org |
The British government has confirmed that it will review the involvement of a Chinese telecommunications hardware manufacturer in a cybersecurity testing center in Oxfordshire, England. The facility, called Cyber Security Evaluations Centre, has been operating since 2010 in the town of Banbury, 64 miles northeast of London. Its establishment was part of a 2005 agreement between firm British Telecom and Chinese telecommunications hardware manufacturer Huawei. According to the stipulations of the agreement, British Telecom would purchase switches and other hardware equipment from the Chinese company, if the latter agreed to set up “the Cell”, as it is known, in Banbury, to test the equipment’s security features. However, last month, a report (.pdf)  by the British Parliament’s Intelligence and Security Committee (ISC) raised strong concerns about Huawei’s involvement at the Centre. The ISC report called the government’s attention to “the risks of Huawei effectively policing themselves” and stressed that Britain’s national security could potentially be compromised by Huawei’s alleged links to the Chinese military. The report based its concerns on the fact that virtually every member of staff at the Banbury testing facility is an employee of Huawei, barring its Director, who is a former deputy director of Britain’s General Communications Headquarters (GCHQ). The parliamentary report urged the government to overcome its “fear of jeopardizing trade links with Beijing” and pressure British Telecom to amend its agreement with Huawei. Instead of Huawei technicians, the ISC report suggested that the Banbury Centre should be staffed exclusively with personnel from GCHQ —Britain’s communications intelligence agency. Late last week, the UK Cabinet Office announced it was in agreement with the principal recommendations of the ISC report and said that a review of the Banbury testing facility will take place. Read more of this post

Australia fears Asia backlash over PRISM surveillance revelations

David IrvineBy JOSEPH FITSANAKIS | intelNews.org |
The government of Australia is concerned that American whistleblower Edward Snowden may leak classified information that could damage Australia’s relations with its Asian neighbors, including China and Malaysia. Early this month, Snowden, a former technical assistant for the United States Central Intelligence Agency (CIA), disclosed the existence of PRISM, a clandestine electronic surveillance program operated by the US National Security Agency (NSA). Information provided by Snowden to British newspaper The Guardian suggests that Washington routinely shares PRISM intelligence with Canada, New Zealand, the United Kingdom and Australia. These four countries, along with the United States, are signatories to the so-called UKUSA agreement, a multilateral accord for cooperation in signals intelligence (SIGINT) collection, which was established secretly in 1946. Australian media reported on Wednesday that the Australian Parliament’s Joint Committee on Intelligence and Security had been briefed by senior intelligence officials on Australia’s role in PRISM. The Sydney Morning Herald said that David Irvine, Director of the Australian Security Intelligence Organisation, and Ian McKenzie, who heads Australia’s Defence Signals Directorate, were among those who briefed the parliamentary Committee. Its members were reportedly told that the disclosures about PRISM were likely to damage Canberra’s relations with several Asian countries, in ways that are difficult to predict. One unidentified Australian intelligence official told The Herald that Snowden had “very wide access” to classified information held by the NSA, and that some of it probably includes “much detail of communications intelligence cooperation between the US and Australia”. One source went as far as to say that Snowden’s disclosures have already “damaged [...] Australia’s intelligence capabilities”. Read more of this post

Snowden flees to Russia despite US passport revocation

Edward SnowdenBy JOSEPH FITSANAKIS | intelNews.org |
An American former intelligence contractor, who leaked classified information about intelligence operations, was able to leave Hong Kong for Russia on Sunday, despite having his United States passport revoked. Earlier this month, Edward Snowden, a former technical assistant for the Central Intelligence Agency, disclosed the existence of PRISM, a clandestine electronic surveillance program operated by the US National Security Agency (NSA). Shortly before leaking information about US intelligence operations to the world’s media, Snowden traveled to Hong Kong, a territory under the control of the People’s Republic of China. Last week, Washington charged Snowden, a self-described whistleblower, under the Espionage Act, and revoked his American passport, in an attempt to prevent him from leaving Hong Kong. But reports emerged on Sunday that Snowden had boarded an Aeroflot flight from Honk Kong to Russian capital Moscow, despite the revocation of his American passport. US authorities claim that Snowden’s transfer to Moscow occurred after Washington revoked his American passport, which raises the question of how the former CIA employee was able to exit Chinese territory. Several reports suggest that Snowden was accompanied by “unidentified diplomats” as he left Hong Kong for Moscow. Previously, the US had applied considerable diplomatic pressure on China, requesting Snowden’s extradition. But Hong Kong allowed the American fugitive to board a plane to Moscow, saying it had been given “no legal basis to restrict Mr. Snowden from leaving”. Read more of this post

Secretive US cyber unit has been spying on China for 15 years

NSA headquartersBy JOSEPH FITSANAKIS | intelNews.org |
A secretive cyberattack unit within the United States National Security Agency (NSA) has been engaged in protracted offensive cyberespionage operations against China for nearly 15 years. The revelation, made this week by veteran NSA watcher Matthew M. Aid, appears to confirm recent allegations made by Chinese government officials that Beijing’s secrets come under regular attack by US government-sponsored hackers. It also agrees with claims made by several intelligence observers, including this blog, that America’s cyber-security posture is not purely defensive. According to Aid’s article, published this past Monday in Foreign Policy, China’s allegations that it has been the target of sustained cyberespionage attacks by the US “are essentially correct”. Citing “a number of highly confidential sources”, Aid alleges that the NSA maintains a substantial “hacker army”. These ‘cyberwarriors’ allegedly operate under the NSA’s Office of Tailored Access Operations, known inside NSA simply as TAO. Its personnel is said to have successfully penetrated the Chinese government’s telecommunications networks and servers since the late 1990s, generating “some of the best and most reliable intelligence information” gained by Washington. It does so through computer network exploitation (CNE) techniques, such as surreptitious hacking, password exploitation, and even by compromising Chinese network security technicians. Aid alleges that TAO works closely with the Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI), through a small “clandestine intelligence gathering unit”. The latter employs CIA and FBI operatives who perform what are known as “off-net operations”, a term that refers to physical break-ins of Chinese and other foreign diplomatic facilities, in order to compromise the security computer hardware. Read more of this post

News you may have missed #842 (world reaction to Snowden leak)

Edward SnowdenBy IAN ALLEN | intelNews.org |
►►Chinese media focus on Snowden leaks. The front pages of Chinese state media were covered Thursday with the allegations of ex-CIA employee Edward Snowden, who says the US government has been hacking computers in China for years. Speaking to media in Hong Kong, where he is currently staying, Snowden said the US has been hacking computers in Hong Kong and mainland China since 2009. He said targets include public officials, businesses and the Chinese University of Hong Kong. Those claims by Snowden were the top story on most of China’s major news portals on Thursday
►►Switzerland furious about Snowden’s charge that CIA spies on Swiss banks. One of the many lurid details in The Guardian’s remarkable interview with NSA whistleblower Edward Snowden was his account of what initially prompted him to leak: namely a CIA tour in Switzerland, where CIA officers recruited Swiss banking officials. The Snowden disclosure could not come at a worse time for the Swiss government, which is trying to convince parliament to back its emergency plan that would allow Swiss banks to turn over data on tax evaders to the US government.
►►Is Russia considering giving asylum to Snowden? Asked if the 29-year-old could claim asylum from Russia, a spokesman for President Vladimir Putin told the newspaper Kommersant: “If such a request is received, it will be considered”. Any attempt by the Kremlin to give refuge to Mr Snowden, amid calls for his prosecution under the US Espionage Act, is likely to infuriate the White House and provoke a major diplomatic standoff.

News you may have missed #841 (Snowden leak analysis)

Edward SnowdenBy IAN ALLEN | intelNews.org |
►►US officials defend spy programs as safeguards against terror. Intelligence officials sought to convince US House lawmakers in an unusual briefing that the government’s years-long collection of phone records and Internet usage is necessary for protecting Americans —and does not trample on their privacy rights. The parade of FBI and intelligence officials who briefed the entire House on Tuesday was the latest attempt to soothe outrage over NSA programs which collect billions of Americans’ phone and Internet records.
►►Some in US intelligence see Chinese behind Snowden leak. Former CIA officer Bob Baer told CNN that some US intelligence officials “are seriously looking at [the revelations made by Edward Snowden] as a potential Chinese covert action. Hong Kong is controlled by Chinese intelligence”, Baer told CNN Sunday evening. “It’s not an independent part of China at all. I’ve talked to a bunch of people in Washington today, in official positions, and they are looking at this as a potential Chinese espionage case”.
►►Leak highlights risk of outsourcing US spy work. The explosive leak uncovering America’s vast surveillance program highlights the risks Washington takes by entrusting so much of its defense and spy work to private firms, experts say. Edward Snowden, the 29-year-old man whose leak uncovered how spy agencies sift through phone records and Internet traffic, is among a legion of private contractors who make up nearly 30 percent of the workforce in intelligence agencies. From analyzing intelligence to training new spies, jobs that were once performed by government employees are now carried out by paid contractors, in a dramatic shift that began in the 1990s amid budget pressures.

Follow

Get every new post delivered to your Inbox.

Join 637 other followers