UK spy agency sued by Internet providers over malware attacks

GCHQ center in Cheltenham, EnglandBy JOSEPH FITSANAKIS | intelNews.org
A group of Internet service providers from North America, Europe, Asia and Africa have filed a lawsuit against Britain’s foremost signals intelligence agency, accusing it of hurting their business by spying on them. The legal complaint was filed against the Government Communications Headquarters (GCHQ), the British government agency tasked with communications interception, which also provides information assurance to both civilian and military components of the British state. Service providers from the United States, United Kingdom, Germany, Netherlands, South Korea and Zimbabwe are listed as plaintiffs in the complaint, which was filed on Wednesday in a court in London. The legal action against the spy agency is based on articles that surfaced in the international press last year. They alleged that GCHQ targeted Belgium’s largest telecommunications service provider Belgacom. The revelations surfaced first in September of 2013 in Flemish newspaper De Standaard. The paper claimed that Belgacom’s mainframe computers had been deliberately infected by an “unidentified virus”, which had specifically targeted telecommunications traffic carried by Belgacom’s international subsidiaries. De Standaard further claimed that the scope and technical sophistication of the operation pointed to a state-sponsored agency as the culprit. Further revelations about the Belgacom malware attacks were made in German newsmagazine Der Spiegel in November of last year, pointing to GCHQ as the agency behind the operation. The allegations originated in information provided by Edward Snowden, an American defector to Russia who used to work for GCHQ’s American equivalent, the National Security Agency. In their lawsuit, the Internet service providers allege that, regardless of whether they were themselves targeted by GCHQ in a manner similar to that of Belgacom, the British spy agency effectively compromised the integrity of their industry. It did so, they argue, by allegedly targeting employees of telecommunications service providers, by infecting telecommunications networks with malware, by Read more of this post

About these ads

Analysis: Should government spies target foreign firms?

CyberespionageBy JOSEPH FITSANAKIS | intelNews.org
Last month, the government of the United States indicted five officers of the Chinese People’s Liberation Army with conspiracy to commit computer fraud, economic espionage, and theft of trade secrets, among other charges. In indicting the five PLA officers, the US Department of Justice went to great pains to ensure that it did not accuse the suspects of engaging in cyberespionage in defense of China’s national security. What sparked the indictments was that the accused hackers allegedly employed intelligence resources belonging to the Chinese state in order to give a competitive advantage to Chinese companies vying for international contracts against American firms. In the words of US Attorney General Eric Holder, the operational difference between American and Chinese cyberespionage, as revealed in the case against the five PLA officers, is that “we do not collect intelligence to provide a competitive advantage to US companies, or US commercial sectors”, whereas China engages in the practice “for no reason other than to advantage state-owned companies and other interests in China”. I recently authored a working paper that was published by the Cyberdefense and Cybersecurity Chair of France’s Ecole Spéciale Militaire de Saint-Cyr, in which I argued that the American distinction between public and private spheres of economic activity is not shared by PLA. The Chinese see both state and corporate cyberespionage targets as fair game and as an essential means of competing globally with the United States and other adversaries. In the paper, I argue that Beijing sees the demarcation between state and private economic activity as a conceptual model deliberately devised by the US to disadvantage China’s intelligence-collection ability. Read more of this post

Western companies to suffer backlash in China-US espionage spat

China and the United StatesBy IAN ALLEN | intelNews.org
China’s response to America’s allegations of cyberespionage will probably not be directed against the United States government, but at Western technology companies, according to business insiders. On Monday, the United States Department of Justice identified five members of the Chinese People’s Liberation Army as directly responsible for a series of cyberespionage operations targeting American firms. Since then, sources in the business community have said that American companies operating in China were “caught off guard” by the Justice Department’s charges, and that they were “given no advanced notice” by US government officials. On the one hand, business insiders claim that Chinese cyberespionage against Western firms is so aggressive that many in the corporate community were broadly supportive of Washington’s move. But, on the other hand, some industry analysts have told the Reuters news agency that, although Beijing’s response to Washington’s allegations will not be “immediate or obvious”, Western technology firms should prepare to face a lot more difficulties in doing business in China. Specifically, some business observers expect the Chinese government to respond to America’s cyberespionage allegations by “precluding foreign companies from certain sectors” of its economy. Beijing might even use the controversy to justify a “turn to internal suppliers” of technological products and services, say experts. The news agency reports that American hardware and software suppliers have already seen their sales in China drop as a result of the revelations by American intelligence defector Edward Snowden. The current clash over cyberespionage between America and China is likely to have a further negative effect on American business activities all over Southeast Asia. The ongoing dispute between the two countries is likely to have an effect in Europe as well, say The Financial Times. The London-based paper reports that Washington’s recent indictment has “struck a chord in German industry”, which is also concerned about the perceived theft of intellectual property by Chinese hackers. Read more of this post

The mysterious Chinese unit behind the cyberespionage charges

Shanghai, ChinaBy JOSEPH FITSANAKIS | intelNews.org
On Monday, the United States government leveled for the first time charges against a group of identified Chinese military officers, allegedly for stealing American trade secrets through cyberespionage. The individuals named in the indictment are all members of a mysterious unit within the Chinese People’s Liberation Army (PLA) command structure, known as Unit 61398. It is estimated that the unit has targeted at least 1,000 private or public companies and organizations in the past 12 years. Western cybersecurity experts often refer to the group as “APT1”, which stands for “Advanced Persistent Threat 1”, or “Byzantine Candor”. It is believed to operate under the Second Bureau of the PLA’s General Staff Department, which is responsible for collecting foreign military intelligence. Many China military observers argue that Unit 61398 is staffed by several thousand operatives, who can be broadly categorized into two groups: one consisting of computer programmers and network operations experts, and the other consisting of English-language specialists, with the most talented members of the Unit combining both skills. Computer forensics experts have traced the Unit’s online activities to several large computer networks operating out of Shanghai’s Pudong New Area district, a heavily built neighborhood in China’s largest city, which serves as a symbol of the country’s rapid industrialization and urbanization. Among other things, Unit 61398 is generally accused of being behind Operation SHADY RAT, one of history’s most extensive known cyberespionage campaigns, which targeted nearly 100 companies, governments and international organizations, between 2006 and 2011. The operation is believed to be just one of numerous schemes devised by Unit 61398 in its effort to acquire trade secrets from nearly every country in the world during the past decade, say its detractors. American sources claim that the PLA Unit spends most of its time attacking private, rather than government-run, networks and servers. As the US Attorney General, Eric Holder, told reporters on Monday, Unit 61398 conducts hacking “for no reason other than to advantage state-owned companies and other interests in China, at the expense of businesses here in the United States”. But The Washington Post points out that the recent revelations by US intelligence defector Edward Snowden arguably make it “easier for China to dismiss” Washington’s charges, since they point to Read more of this post

German magazine reveals more information on elite NSA spy unit

NSA headquartersBy JOSEPH FITSANAKIS | intelNews.org
Last June, we reported on the existence of an elite cyberatack unit within the United States National Security Agency (NSA), which operates under the Agency’s Office of Tailored Access Operations. Veteran NSA watcher Matthew M. Aid, who made the initial revelation, said at the time that the Office, known at NSA simply as TAO, maintains a substantial “hacker army” that works in close cooperation with the Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI). Now German newsmagazine Der Spiegel says it viewed internal documents that confirm the existence of TAO as the NSA’s elite operational unit. The publication describes TAO as “something like a squad of plumbers that can be called in when normal access to a target is blocked”. It adds that TAO operatives are routinely detailed to a host of American intelligence agencies to help conduct intelligence operations ranging from traditional espionage to counterterrorism and cyberwarfare. Furthermore, TAO’s personnel, which are allegedly far younger than the average NSA officer, are experts in exploiting the technical deficiencies of the information-technology industry. They have therefore been able to compromise communications hardware and software produced by some of the world’s biggest IT companies and service providers, including Huawei, Cisco and Microsoft. The Spiegel article claims that TAO was established in 1997, several years before the Internet became a prominent engine of economic and cultural activity around the world. Its personnel, which initially consisted of a few select technical experts, was housed at the NSA headquarters in Fort George Meade, Maryland, but “in a separate wing, set apart from the rest of the agency”. Notably, Der Spiegel cites a paper produced by a former TAO unit head, which states that the program has produced “some of the most significant intelligence our country has ever seen” and urges for its continued growth. Read more of this post

Belgian state telecom targeted by ‘international espionage’

Belgacom headquartersBy JOSEPH FITSANAKIS | intelNews.org
Belgium’s largest telecommunications service provider has fallen victim to a sophisticated cyberespionage operation that was most likely carried out by a government agency of another country. According to Flemish newspaper De Standaard, the operation targeted Belgacom, which is Belgium’s state-owned telecommunications company. The paper said that the cyberhacking was uncovered in June of this year during a routine maintenance check by technicians, who detected an “unidentified virus” that had infected several dozen mainframe computers. Belgacom’s technical experts seem to think that the malware had been active for at least two years on Belgacom’s computers, and that it specifically targeted telecommunications traffic carried by Belgacom’s international subsidiaries. Among them is Belgacom International Carrier Services (BCIS), which specializes in providing wholesale carrier services to over 1,000 telecommunications service providers across Africa and the Middle East. De Standaard’s article said that the sophisticated malware had been designed so as to prevent disruption of BCIS’ voice and Internet traffic, thus remaining unnoticed. Its ultimate goal, said the paper, was “not sabotage, but rather collecting strategic communications content”. Federal prosecutors told the Reuters news agency that the technical complexity of the virus meant that it must have been designed by “an intruder with significant financial and logistic means”. The malware’s complexity, coupled with its grand scale, “points towards international state-sponsored cyber espionage”, said the Federal prosecutors. Commenting on the story, De Standaard claimed that “everything points to the [United States] National Security Agency as the culprit” of the cyberespionage. Read more of this post

Secretive US cyber unit has been spying on China for 15 years

NSA headquartersBy JOSEPH FITSANAKIS | intelNews.org |
A secretive cyberattack unit within the United States National Security Agency (NSA) has been engaged in protracted offensive cyberespionage operations against China for nearly 15 years. The revelation, made this week by veteran NSA watcher Matthew M. Aid, appears to confirm recent allegations made by Chinese government officials that Beijing’s secrets come under regular attack by US government-sponsored hackers. It also agrees with claims made by several intelligence observers, including this blog, that America’s cyber-security posture is not purely defensive. According to Aid’s article, published this past Monday in Foreign Policy, China’s allegations that it has been the target of sustained cyberespionage attacks by the US “are essentially correct”. Citing “a number of highly confidential sources”, Aid alleges that the NSA maintains a substantial “hacker army”. These ‘cyberwarriors’ allegedly operate under the NSA’s Office of Tailored Access Operations, known inside NSA simply as TAO. Its personnel is said to have successfully penetrated the Chinese government’s telecommunications networks and servers since the late 1990s, generating “some of the best and most reliable intelligence information” gained by Washington. It does so through computer network exploitation (CNE) techniques, such as surreptitious hacking, password exploitation, and even by compromising Chinese network security technicians. Aid alleges that TAO works closely with the Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI), through a small “clandestine intelligence gathering unit”. The latter employs CIA and FBI operatives who perform what are known as “off-net operations”, a term that refers to physical break-ins of Chinese and other foreign diplomatic facilities, in order to compromise the security computer hardware. Read more of this post

News you may have missed #838 (analysis edition)

Predator droneBy IAN ALLEN | intelNews.org |
►►Delisle spy case barely caused ripples between Canada and Russia. The arrest of Jeffrey Delisle, a Canadian naval officer spying for Russia, did little to discourage Canada from welcoming that country’s defense chief to a Newfoundland meeting of Arctic nations last year. The visit underscored the puzzling lengths to which the Canadian government went to carry on a business-as-usual relationship with the one-time Cold War adversary. Most other planned military contacts between the two nations last year —including participation in the anti-terrorism exercise Operation Vigilant Eagle— also remained curiously normal.
►►Don’t believe the hype on Chinese cyberespionage. Within a day of each other, The Washington Post published a shocking list of US defense programs whose designs have reportedly been stolen by Chinese cyberattacks, and ABC news said the plans for Australia’s spy headquarters were also stolen by Chinese hackers. It makes China sound like a secret-sucking cyber espionage machine, but is that really the case? The knee-jerk interpretation to this disclosure (and others) is that China is a powerhouse of cyber espionage capable of stealing whatever secrets they want and that the US is powerless to stop them. This seems very unlikely.
►►US Predator drone program quietly shifted from CIA to DoD. The White House has quietly shifted lead responsibility for its controversial armed drone program from the CIA to the Defense Department. In a landmark speech last week at National Defense University in Washington, US President Barack Obama offered some clues into the status of the program, opaquely signaling it will now primarily be conducted by the United States military.

Chinese hackers ‘stole blueprints’ of Australian spy agency’s new HQ

ASIO's new headquartersBy JOSEPH FITSANAKIS | intelNews.org |
Chinese government hackers allegedly stole the master blueprints and other highly classified technical information relating to the new headquarters of the Australian Security Intelligence Organisation (ASIO). The state-of-the-art building, which is located at the shore of Lake Burley Griffin in Australian capital Canberra, has so far cost taxpayers in excess of AUD $631 million (US $608 million). Although it remains under construction, the new headquarters is said to feature the most sophisticated security features of any government building in Canberra. But a report aired on May 28 by Australian television’s Four Corners investigative program, alleged that a Chinese government agency managed to steal the building’s blueprints. The program claimed that the highly classified blueprints were stolen when hackers mounted a sophisticated cyberattack on a private-sector contractor involved in constructing the ASIO’s new headquarters. Four Corners suggested that the cyberattack, which was “traced to a server in China”, also compromised the building’s communications diagram, server locations and physical security systems. The revelation will undoubtedly add to the stream of public criticism about the project, which has been severely plagued by budget increases and construction delays. As recently as 2010, the government was insisting that the project was “progressing on time and on budget, with completion scheduled for mid-2012”. Today, however, the building’s budget has gone over by AUD $171 million and the building is expected to open its doors no earlier than the fall of 2013, with some commentators suggesting that it could be 2014 before ASIO’s personnel are able to start moving in. Read more of this post

Sophisticated cyberespionage operation focused on high-profile targets

Rocra malware programming codeBy JOSEPH FITSANAKIS | intelNews.org |
After Stuxnet and Flame, two computer programs believed to have made cyberespionage history, another super-sophisticated malware has been uncovered, this time targeting classified computer systems of diplomatic missions, energy and nuclear groups. The existence of the malware was publicly announced by Russian-based multi-national computer security firm Kaspersky Lab, which said its researchers had identified it as part of a cyberespionage operation called Rocra, short for Red October in Russian. The company’s report, published on Monday on Securelist, a computer security portal run by Kaspersky Lab, said that the malware has been active for at least six years. During that time, it spread slowly but steadily through infected emails sent to carefully targeted and vetted computer users. The purpose of the virus, which Kaspersky Lab said rivals Flame in complexity, is to extract “geopolitical data which can be used by nation states”. Most of the nearly 300 computers that have so far been found to have been infected belong to government installations, diplomatic missions, research organizations, trade groups, as well as nuclear, energy and aerospace agencies and companies. Interestingly, the majority of these targets appear to be located in Eastern Europe and former Soviet republics in Central Asia. On infected computers located in North America and Western Europe, the Rocra virus specifically targeted Acid Cryptofiler, an encryption program originally developed by the French military, which enjoys widespread use by European Union institutions, as well by executive organs belonging to the North Atlantic Treaty Organization. Read more of this post

News you may have missed #818 (USA edition)

Osama bin LadenBy IAN ALLEN | intelNews.org |
►►The real-life female CIA officer who helped track bin Laden. The Washington Post has a good article on the real-life career of a female CIA officer who helped the Agency track al-Qaeda founder Osama bin Laden. It is disappointing, however that the article, authored by Greg Miller and Toby Warrick, is headlined “In Zero Dark Thirty she’s the hero; in real life, CIA agent’s career is more complicated”. The CIA employee in question is not an “agent”; she is an officer. In the CIA, agents are assets, people recruited and handled by CIA officers. Amazing that The Post, with its experienced journalists and editors would confuse such a basic operational distinction.
►►US spy agencies to detail cyber-attacks from abroad. The US intelligence community is nearing completion of its first detailed review of cyber-spying against American targets from abroad, including an attempt to calculate US financial losses from hacker attacks based in China. The National Intelligence Estimate, the first involving cyber-espionage, will also seek to determine how large a role the Chinese government plays in directing or coordinating digital attacks aimed at stealing US intellectual property, according to officials who spoke on the condition of anonymity to discuss a classified undertaking.
►►CIA begins LGBT recruiting. As part of the CIA’s efforts to diversify its workforce, the spy agency is reaching out to a group that once was unable to get security clearance: lesbians and gay men. CIA officials have held a networking event for the Miami gay community sponsored by the Miami-Dade Gay and Lesbian Chamber of Commerce and the CIA. “This is the first time we’ve done a networking event of this type with any of the gay and lesbian chamber of commerces in the United States,” says Michael Barber, a self-identified “straight ally” and the spy agency’s LGBT Community Outreach and Liaison program manager.

Ex-intelligence official: cyber espionage more dangerous than terrorism

Raymond BoisvertBy JOSEPH FITSANAKIS | intelNews.org |
A former senior member of Canada’s intelligence community has said that the threat of cyber espionage requires more resources that are currently being diverted to counterterrorism. Ray Boisvert, who retired last year from the post of Assistant Director of Intelligence for the Canadian Security Intelligence Service (CSIS), said in an assertive speech last week that cyber espionage is “fundamentally undermining [Canada's] future prosperity as a nation”. Speaking on Friday in Ottawa, Boisvert compared cyber espionage to the climate-change debate, which has been marked by a series of ignored warnings, due to “some willful blindness on behalf of individuals”. As a result, he said, the need to establish essential security measures to protect worldwide electronic infrastructure is being neglected, while desperately needed resources are being diverted to counterterrorism. He explained the lack of action on three levels: first, the resistance emanating from technologically challenged decision-makers in the government and private sector, who simply do not understand the technical complexities of digital telecommunications security. Second, it is rooted in the government’s reluctance to invest the funds required to shield the nation’s communications infrastructure from espionage attacks. Finally, he placed the blame on the fragmentation and shortsightedness of the private sector, which owns and operates nearly 90 percent of Canada’s critical communications infrastructure and yet is too consumed by competition to sit around the same table on matters of security. In giving examples of the seriousness of the threat of cyber espionage, Boisvert cited the attacks last year on the computer systems of Canada’s Treasury Board and Finance Department, which compromised trade secrets of several national industries. He also mentioned the attacks on Nortel Networks Inc., which he said lasted for over a decade and may have contributed to the company’s 2009 demise. Read more of this post

News you may have missed #783

Uri SaguyBy IAN ALLEN | intelNews.org |
►►Israeli ex-intel chief says warns of ‘hysteria’ over Iran. Major General Uri Saguy (a.k.a. Uri Sagi), who was head of the IDF’s Operations Directorate during the 1982 Lebanon war, and Military Intelligence chief from 1991 to 1995, has warned of an “orchestrated and purposely timed hysteria that puts the country into a state of anxiety, artificial or not”, regarding the Iranian nuclear issue. Saguy, who resigned from the IDF in 1995 due to a conflict between him and the Chief of General Staff, added that “it would be a mistake if Israel uses force, certainly now, in order to thwart the Iranian nuclear potential”. The essence of Saguy’s message, notes Ha’aretz‘s Amir Oren, is that Israel’s citizens cannot trust Defense Minister Ehud Barak or Prime Minister Benjamin Netanyahu.
►►Australian spy chief warns of economic espionage. The director-general of the Australian Security Intelligence Organisation, David Irvine, has warned that the online revolution has left Australian companies increasingly vulnerable to cyber attacks and commercial espionage. Speaking to a business audience in Canberra, Irvine said that most online attacks in the business world go undetected, despite growing awareness of the threat. Asked how much commercial cyber crime went undetected, he said: “I would be very surprised if we who are active in this area are picking up the greater proportion of it, in fact, quite the reverse”.
►►Top US military official objects to attack on Iran. As Israeli officials are telling local reporters that they’re really, really ready to attack Iran’s nuclear facilities, and they mean it this time, the top US military officer is saying what a terrible idea that would be. “I may not know about all of [Israel's] capabilities”, said General Martin Dempsey, the chairman of the Joint Chiefs of Staff. “But I think that it’s a fair characterization to say that they could delay but not destroy Iran’s nuclear capabilities”. Left unsaid: in a few years, the US and Israel would be back to the same standoff with Iran —except this time it might do so amidst a proxy terrorist war to avenge the Iranians.

News you may have missed #771

Shawn HenryBy IAN ALLEN | intelNews.org |
►►Analysis: Ex FBI official says foreign spies biggest online threat. Former FBI executive assistant director Shawn Henry has warned that the biggest threat online comes not from terrorists or hackers, but from foreign intelligence organizations looking to steal intellectual property. “The threat from computer attack is the most significant threat we face as a society, other than a weapon of mass destruction”, he said in his opening keynote at the Black Hat 2012 conference in Las Vegas. “Everything we do —R&D, intellectual property, and corporate strategies— is stored or transmitted electronically. The DNA of companies is available to bad guys”.
►►Taiwanese officials jailed for espionage. Two Taiwanese former officials have been sent to prison by the Taiwan High Court for leaking state secrets to China. Presidential Office official Wang Ren-bing was jailed for two years after being found guilty of passing confidential information about President Ma Ying-jeou’s May 2008 inauguration to Chinese intelligence operatives. Chen Pin-jen, a former aide of Chinese Nationalist Party (KMT) Legislator Liao Kuo-tung, was sentenced to eight months in prison for delivering the confidential information Wang gave him to China. The two were arrested in 2009.
►►Germany charges suspected Syrian spy. A spokeswoman for federal prosecutors in Germany said Sunday that they have filed charges against suspected Syrian spy Akram O., one of two men arrested on suspicion of having spied on Syrian opposition activists in Germany for several years. The two were arrested in February during a sting operation involving over 70 German counterintelligence operatives, who searched the suspects’ apartments. The spokeswoman said she could not give further details before an official confirmation is issued that the suspect and the defense team have received the indictment.

News you may have missed #754

Jonathan EvansBy IAN ALLEN | intelNews.org |
►►New German spy HQ to open a year late. The BND, Germany’s foreign intelligence service, was due to move from its base in Pullach, near Munich, to an enormous newly built center in Berlin, at the end of 2014. But that has now been officially put back by a year. The Berliner Morgenpost newspaper quoted BND president Gerhard Schindler saying he was “regularly losing young new staff”, due to the delay. The uncertainty has meant “they leave our authority and find themselves another employer”, he said.
►►UK spy chief warns of ‘astonishing’ levels of cyberespionage. In a rare public speech, Jonathan Evans, director general of MI5, Britain’s domestic spy service, has said that the West now faces an “astonishing” cyberespionage threat on an “industrial scale” from specific nation states. He said that cyberespionage is now conducted “with industrial-scale processes involving many thousands of people lying behind both state-sponsored cyber espionage and organized cyber crime”. Surely, however, Evans does not mean to imply that the West’s role in cyberespionage is purely defensive?
►►Aussie spy agency lacks resources to vet asylum seekers. An official audit into the Australian Security Intelligence Organisation’s ability to vet asylum seekers for potential security threats, has found that it is struggling with the “sharp increase” in boat arrivals, rudimentary computer systems and 30 per cent fewer staff than needed. The audit report examined 411 cases as a sample of the almost 180,000 security assessments ASIO completes each year.

Follow

Get every new post delivered to your Inbox.

Join 635 other followers