New report details one of history’s “largest ever” cyber espionage operations

GCHQ center in Cheltenham, EnglandA new report authored by a consortium of government and private organizations in Britain has revealed the existence of a computer hacking operation, allegedly based in China, that is said to be “one of the largest ever” such campaigns globally. The operation is believed to have compromised sensitive information from an inestimable number of private companies in Southeast Asia, Europe and the United States. The report was produced by a consortium of public and private organizations, including BAE systems and the London-based National Cyber Security Centre, an office of the United Kingdom’s signals intelligence agency, the Government Communications Headquarters. It details the outcome of Operation CLOUD HOPPER, which was launched to uncover the cyber espionage activities.

According to the report, the attacks were first launched several years ago against targets in Japan’s government and private sector. But after 2016, they spread to at least 14 other countries, including France, the United Kingdom and the United States. It is claimed that the attacks are “highly likely” to originate from China, given that the targets selected appear to be “closely aligned with strategic Chinese interests”. The authors of the report have named the hacker group APT10, but provide limited information about its possible links —or lack thereof— with the Chinese government.

The report claims that APT10 uses specially designed malware that is customized for most of their targets, thus constituting what experts describe as “spear fishing”. Past successful attacks have already resulted in an “unprecedented web of victims” who have had their information compromised, say the authors. The victims’ losses range from intellectual property to personal data. One of the report’s authors, Dr. Adrian Nish, who is head of threat intelligence at BAE Systems, told the BBC that it is currently impossible to estimate the number of organizations and agencies that have been impacted by APT10’s activities.

Author: Ian Allen | Date: 05 April 2017 | Permalink

Advertisements

FBI accuses US State Department official of contacts with Chinese spies

US Department of StateAn employee of the United States Department of State has been charged with lying to authorities about her contacts with Chinese intelligence operatives, who gave her money and gifts in return for information. Candace Claiborne, 60, joined the Department of State in 1999 as an office management specialist. She lives in Washington, DC, but has served overseas in American diplomatic facilities in Baghdad, Iraq, Khartoum, Sudan, and China, where she was stationed in Beijing and Shanghai. According to information provided by the Federal Bureau of Investigation, Claiborne had a top security clearance, which required her to report contacts with foreign nationals.

However, federal prosecutors said earlier this week that Claiborne interacted on a regular basis with Chinese intelligence personnel without informing her employer. According to court documents, her contacts with the Chinese were extensive and occurred from 2011 until earlier this year. The Chinese gave Claiborne gifts, including computers and smartphones, tuition-free studies in a Chinese technical school, and an all-expenses-paid holiday to Thailand. They also gave her a regular stipend and provided her with a furnished apartment abroad, according to prosecutors. In return, Claiborne allegedly gave the Chinese information relating to American economic policy on China, among other topics.

It appears that the FBI monitored the State Department employee for a while, after securing a Foreign Intelligence Surveillance Act court warrant. When it confronted Claiborne, she apparently denied the accusations and lied to FBI agents. She is now charged with obstruction of justice and providing false statements to the FBI. Claiborne is currently under house arrest and will remain there until April 18, when she will appear at a preliminary hearing in Washington. She is reportedly facing a maximum of 25 years in prison.

Author: Ian Allen | Date: 31 March 2017 | Permalink

Trump authorizes CIA to bring back regular use of drone strikes

DroneUnited States President Donald Trump has reportedly authorized the Central Intelligence Agency to bring back the routine use of lethal airstrikes by unmanned aerial vehicles (UAVs), which his predecessor, Barack Obama, curtailed in 2013. Washington began employing limited strikes by UAVs, otherwise known as drones, in the early 1990s, during the administration of President Bill Clinton. But it was under the Obama administration that the use of drone strikes reached an all-time high, with hundreds of such attacks documented after 2008. It is believed that Obama used this remote attack method to combat the Taliban and al-Qaeda, while at the same time keeping his promise of bringing back American troops from the Middle East and Central Asia. However, in 2013 the US president severely curtailed the controversial program, which some say damaged America’s image by inflicting civilian casualties.

But on Monday, The Wall Street Journal reported that President Trump had resuscitated the drone program and authorized the CIA to begin using Predator drones on a regular basis against identified targets in the Middle East and Central Asia. According to the newspaper, the president gave senior CIA project mangers the right to authorize drone strikes. Under the Obama administration, the president himself, or especially designated National Security Council officials, had to give the go-ahead before the CIA could carry out drone strikes around the world.

The Wall Street Journal said that President Trump made the decision on January 21, just hours after taking office, following a secret meeting with senior officials from the CIA. According to the report, the CIA requested some time to rebuild the program. But the agency has allegedly conducted at least one drone strike, which targeted Abu al-Khayr al-Masri, a known al-Qaeda senior commander in Syria, who was reputed to be a son-in-law of the late al-Qaeda leader Osama bin Laden.

Author: Ian Allen | Date: 15 March 2017 | Permalink

Russia possibly tried to kill Montenegro PM, says British foreign secretary

Boris JohsonBoris Johnson, the British foreign secretary has said in an interview that Russian spies may have orchestrated last year’s failed attempt to kill the then-prime minister of Montenegro, Milo Dukanović. Mr. Johnson, a senior figure in the Conservative Party of the United Kingdom, was a major contender for the prime minister’s position in 2016, after the administration of David Cameron collapsed under the weight of the Brexit vote result. Speaking on Sunday morning to reporter Robert Peston, of Britain’s ITV television network, Mr. Johnson said that the West should “engage” with Russia, but warned that it should also “beware” of Moscow’s “dirty tricks” in Europe and the United States.

The British foreign secretary spoke following reports that British intelligence services called an emergency meeting with representatives of the country’s major political parties, in order to warn them that Russia planned to use cyber-attacks to disrupt regional and national elections in the country. Mr. Johnson said that the government had “no evidence the Russians are actually involved in trying to undermine our democratic processes at the moment”. But he added that there was “plenty of evidence that the Russians are capable of doing that. And there is no doubt”, he went on, “that they’ve been up to all sorts of dirty tricks”. Some of those “dirty tricks”, said Mr. Johnson, targeted the former Yugoslav Republic of Montenegro, where last year there was “an attempted coup and possibly an attempted assassination”.

The British politician was referring to allegations made last October by authorities in Montenegro that “nationalists from Russia” and Serbia were behind a failed plot to kill the country’s then-Prime Minister Milo Dukanović and spark a pro-Russian coup in the country. The allegations surfaced after 20 Serbians and Montenegrins were arrested by police in Montenegro for allegedly planning a military coup against the government. The arrests took place on election day, October 16, as Montenegrins were voting across the Balkan country of 650,000 people. The plotters had allegedly hired a “long-distance sharpshooter” who was “a professional killer” for the task of killing Đukanović. After killing the Prime Minister, the plotters planned to storm the parliament and prompt a pro-Russian coup in Montenegro, according to authorities. In response to allegations that the coup had been hatched in neighboring Serbia, Serbian Prime Minister Vučić said that he would not allow Serbia to “act as the puppet of world powers”, a comment that was clearly directed at Moscow. Russia vehemently denied the allegations.

Meanwhile, Mr. Johnson is preparing to visit Moscow in a few days to meet with his Russian counterpart, Minister of Foreign Affairs Sergey Lavrov. He told ITV that he planned to deliver his “personal feeling” to Mr. Lavrov, which “is one of deep, deep sadness” about Russia’s foreign policy under President Vladimir Putin.

Author: Ian Allen | Date: 13 March 2017 | Permalink

Islamic State leader al-Baghdadi abandons Mosul, say intelligence sources

Abu Bakr al-BaghdadiThe leader of the Islamic State has abandoned the city of Mosul and is hiding in the desert zone of western Iraq, according to intelligence sources. Meanwhile Mosul, once the most populous city under the Islamic State’s control, is now reportedly being defended by a diminishing cadre of fewer than 3,000 Sunni militants, who are facing a 110,000-strong invading army.

Abu Bakr al-Baghdadi became the center of worldwide attention in July of 2014, when Islamic State troops swept rapidly through western Iraq and captured the region’s largest city, Mosul, in a spectacular coordinated attack. Soon after Mosul was captured by the Islamic State, al-Baghdadi led Friday prayers at Mosul’s Great Mosque and proclaimed himself caliph —emperor of the world’s Muslims. In the following months, the Islamic State reached the height of its power, commanding large expanses of land that stretched from the northern regions of Syria to the outskirts of Iraq’s capital Baghdad. Soon after al-Baghdadi’s public appearance in Mosul, the United States government set up a joint task force aimed at killing or capturing him. The group, which is still operational today, includes representatives from the Armed Forces, the National Security Council, and the Intelligence Community. Al-Baghdadi is believed to have stayed in Mosul, but has proven difficult to trace. He almost never uses electronic communications and is constantly on the move, sleeping at different locations every night.

Last October, US-backed Iraqi government troops, Shiite militias and Kurdish forces launched a large-scale military operation to recapture Mosul and drive out the Islamic State from the region. The assailants, whose combined forces are said to exceed 110,000 troops, reclaimed much of eastern Mosul earlier this year, and are preparing to launch a large-scale military advance on the western half of the city. While the operation to complete the recapture of Mosul is underway, American and Iraqi intelligence sources report that al-Baghdadi has not been public heard from since early November of last year. This leads many analysts to believe that the Islamic State leader has left the city and is now hiding in the vast and inhospitable desert that stretches along the Iraqi-Syrian border. Moreover, intelligence analysts claim that the Islamic State’s online activity has fallen sharply, to about half of what it was during the group’s peak in late 2014. This leads to the conclusion that the Islamic State is now increasingly focusing on essential functions aimed simply at the survival of the regime. The group has reportedly lost at least 3,000 fighters in Mosul, but an estimated 2,400 armed men have vouched to defend the city to the very end.

Author: Ian Allen | Date: 10 March 2017 | Permalink

Swedish intelligence says it identified foreign spies searching for secrets

Sweden militaryThe military intelligence service of Sweden warned last week that there were increasing incidents of espionage perpetrated against Sweden by operatives identified “beyond doubt” as agents of foreign powers. In its annual report for 2016, the Swedish Military Intelligence and Security Service (MUST) said large numbers of spies were detected around “sensitive installations” mostly of a military nature. Headed by an Army general, MUST is responsible for military intelligence and counterintelligence in Sweden. Every year it produces a report of its activities for the Swedish government and defense establishment, and also publishes a declassified version. Its latest report warns about growing attempts by foreign countries to “gather intelligence about Sweden’s defense assets and capabilities”.

On Friday, Swedish newspaper Svenska Dagbladet published an interview with senior MUST official Jan Kinnander. He told the paper that MUST was able to identify beyond doubt that certain individuals were “connected to the intelligence services of foreign states”. These persons traveled to Sweden “under false pretenses”, according to the official. A few of them were diplomats, said Kinnander, while most attempted to travel around the Scandinavian country using “conspiratorial methods”. Many were detected prowling around government installations that are linked to Sweden’s national defense while having “no reasonable cause” to be there, said Kinnander.

When asked to identify the countries that engage in espionage against Sweden, Kinnander said he could not elaborate, except to say that MUST linked the alleged spies with “several countries, including Russia”. In December of last year, MUST Director Gunnar Karlsson told Swedish media that Russia was a leading perpetrator of intelligence operations against Sweden. These operations included active measures involving propaganda, deception and other psychological activities, he said. In recent years, the Swedish authorities have arrested Polish, Lithuanian and other Eastern European nationals, allegedly because they were seen photographing Swedish military installations.

Author: Ian Allen | Date: 27 February 2017 | Permalink

Trump administration instructs CIA to halt support for anti-Assad rebels in Syria

Free Syrian ArmyThe White House has instructed the Central Intelligence Agency to halt military support to armed groups that are associated with the Free Syrian Army (FSA), a group opposed to Syrian President Bashar al-Assad. Some believe that the move indicates a change in American policy under United States President Donald Trump. But Syrian rebel commanders say they believe the move is temporary, and that military aid will be restored. For several years, the CIA has provided training and other forms of assistance to rebel groups in Syria, such as the New Syrian Force, which operate under the umbrella of the FSA. Aside from training, the assistance has included light and heavy ammunition, including antitank missiles, mines and grenades.

However, it appears that the CIA was instructed nearly a month ago by the White House to freeze all assistance to these rebel groups. Correspondents from the Reuters news agency said they confirmed the change in policy by speaking to senior rebel commanders from five armed groups operating under the FSA. These commanders told Reuters that they had not been given any official reason for the sudden termination of all CIA assistance. The change coincided with the change of guard at the White House, from Barack Obama to Donald Trump. Some in Washington, as well as some members of rebel factions in Syria, are concerned that the change in the CIA’s stance might denote a broader policy shift in the White House. During his election campaign, Mr. Trump said repeatedly that he would end America’s overt and covert support for the FSA and would focus instead on defeating the Islamic State.

But the rebel commanders themselves told Reuters that the freeze in CIA support was due to a wave of renewed attacks against them by Jabhat Fateh al-Sham, a Sunni militant group that was previously affiliated with al-Qaeda. The rebels said that the CIA was concerned that weaponry provided to the FSA would end up in the hands of jihadist militants, so it temporarily halted its support until Jabhat Fateh al-Sham could be pushed back by FSA forces. Reuters published comments by two anonymous officials who were familiar with the CIA’s operations in Syria. They told the newspaper that the freeze of the CIA’s program had “nothing to do with US President Donald Trump replacing Barack Obama in January”. Additionally, said Reuters, Mr. Trump’s policy in Syria remains unknown. Several newspapers and news agencies contacted the CIA asking for comments, but the agency declined all requests on Wednesday.

Author: Ian Allen | Date: 23 February 2017 | Permalink