German nuclear power plant found to be infected with computer viruses

April 29, 2016 by 1 Comment

Gundremmingen nuclear power plantThe computers of a nuclear power plant in southern Germany have been found to be infected with computer viruses that are designed to steal files and provide attackers with remote control of the system. The power plant, known as Gundremmingen, is located in Germany’s southern district of Günzburg, about 75 miles northwest of the city of Munich. The facility is owned and operated by RWE AG, Germany’s second-largest electricity producer, which is based in Essen, North Rhine-Westphalia. The company provides energy to over 30 million customers throughout Europe.

On Tuesday, a RWE AG spokesperson said cybersecurity experts had discovered a number of computer viruses in a part of the operating system that determines the position of nuclear rods in the power plant. The software on the system was installed in 2008 and has been designed specifically for this task, said the company. The viruses found on it include two programs known as “Conficker” and “W32.Ramnit”. Both are responsible for infecting millions of computers around the world, which run on the Microsoft Windows operating system. The malware seem to be specifically designed to target Microsoft Windows and tend to infect computer systems through the use of memory sticks. Once they infect a computer, they siphon stored files and give attackers remote access to the system when the latter is connected to the Internet. According to RWE AG, viruses were also found on nearly 20 removable data drives, including memory sticks, which were in use by employees at the power plant. However, these data drives were allegedly not connected to the plant’s main operating system.

RWE AG spokespersons insisted this week that “Conficker”, “W32.Ramnit”, and other such malware, did not pose a threat to the nuclear power plant’s computer systems, because the facility is not connected to the Internet. Consequently, it would be impossible for an attacker associated with the viruses to acquire remote access to Gundremmingen’s computer systems. The company did not clarify whether it believed that the viruses had specifically targeted at the power plant. But they insisted that cyber security measures had been strengthened following the discovery of the malware, and said that they had notified Germany’s Federal Office for Information Security (BSI), which is now looking into the incident.

Author: Ian Allen | Date: 29 April 2016 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , ,

America’s most senior intelligence official has his phone, email hacked

January 14, 2016 by 8 Comments

James ClapperA member of a hacker group that took responsibility for breaking into the personal email account of the director of the Central Intelligence Agency last year has now hacked the email of the most senior intelligence official in the United States. In October 2015, the hacker group referred to by its members as “Crackas With Attitude” —CWA for short— claimed it was behind the hacking of an AOL personal email account belonging to John Brennan, who heads the CIA. Less than a month later, the CWA assumed responsibility for breaking into an online portal used by US law enforcement to read arrest records and share sensitive information about crimes involving shootings. Shortly after the second CWA hack, the Federal Bureau of Investigation issued an alert to all government employees advising them to change their passwords and be cautious about suspicious emails and other phishing attempts.

On Monday, an alleged member of CWA contacted Motherboard, an online media outlet belonging to Vice Media, and alleged that the group had managed to hack into the personal email account of James Clapper, Director of National Intelligence (DNI). Clapper’s job is to help synchronize the operations of US intelligence agencies and to mediate between the US Intelligence Community and the Executive. According to CWA, clapper’s personal telephone and Internet service had also been compromised, as had his spouse’s personal email, which is hosted by Yahoo! services. The alleged CWA member told Motherboard that the forwarding settings of Clapper’s home telephone had been changed. As a result, calls made to the DNI were being forwarded to the headquarters of the Free Palestine Movement in California. Shortly afterwards, Free Palestine Movement executives confirmed that they had received a number of phone calls for Clapper. Last year, when they hacked the email of the director of the CIA, the CWA dedicated their action to the Free Palestine Movement.

Motherboard said that a spokesman at the Office of the DNI, Brian Hale, confirmed that Clapper’s personal email and telephone service had indeed been hacked. He told Motherboard’s Lorenzo Franceschi-Bicchierai that Office of the DNI was “aware of the matter” and had “reported it to the appropriate authorities”. The FBI was contacted as well but did not respond.

Author: Ian Allen | Date: 14 January 2016 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , ,

Security firm says it shut down extensive Iranian cyber spy program

November 10, 2015 by Leave a comment

IRGC IranA security firm with headquarters in Israel and the United States says it detected and neutralized an extensive cyber espionage program with direct ties to the government of Iran. The firm, called Check Point Software, which has offices in Tel Aviv and California, says it dubbed the cyber espionage program ROCKET KITTEN. In a media statement published on its website on Monday, Check Point claims that the hacker group maintained a high-profile target list of 1,600 individuals. The list reportedly includes members of the Saudi royal family and government, American and European officials, North Atlantic Treaty Organization officers and nuclear scientists working for the government of Israel. The list is said to include even the names of spouses of senior military officials from numerous nations.

News agency Reuters quoted Check Point Software’s research group manager Shahar Tal, who said that his team was able to compromise the ROCKET KITTEN databases and acquire the list of espionage targets maintained by the group. Most targets were from Saudi Arabia, Israel, and the United States, he said, although countries like Turkey and Venezuela were also on the list. Tal told Reuters that the hackers had compromised servers in the United Kingdom, Germany and the Netherlands, and that they were using these and other facilities in Europe to launch attacks on their unsuspecting targets. According to Check Point, the hacker group was under the command of Iran’s Islamic Revolutionary Guards Corps, a branch of the Iranian military that is ideologically committed to the defense of the 1979 Islamic Revolution.

Reuters said it contacted the US Federal Bureau of Investigation and Europol, but that both agencies refused comment, as did the Iranian Ministry of Foreign Affairs. However, an unnamed official representing the Shin Bet, Israel’s domestic security agency, said that ROCKET KITTEN “is familiar to us and is being attended to”. The official declined to provide further details. Meanwhile, Check Point said it would issue a detailed report on the subject late on Monday.

Author: Joseph Fitsanakis | Date: 10 November 2015 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , ,

US Congressional review considers impact of federal database hack

July 30, 2015 by Leave a comment

Office of Personnel Management 2A United States Congressional review into last month’s cyber theft of millions of government personnel records has concluded that its impact will go far “beyond mere theft of classified information”. Up to 21 million individual files were stolen in June, when hackers broke into the computer system of the Office of Personnel Management (OPM). Part of OPM’s job is to handle applications for security clearances for all agencies of the US federal government. Consequently, the breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans —including intelligence officers— who have filed applications for security clearances.

So far, however, there is no concrete proof in the public domain that the hack was perpetrated by agents of a foreign government for the purpose of espionage. Although there are strong suspicions in favor of the espionage theory, there are still some who believe that the cyber theft could have been the financially motivated work of a sophisticated criminal ring. But a new report produced by the Congressional Research Service, which is the research wing of the US Congress, seems to be favoring the view that “the OPM data were taken for espionage rather than for criminal purposes”. The report was completed on July 17 and circulated on a restricted basis. But it was acquired by the Secrecy News blog of the Federation of American Scientists, which published it on Tuesday.

The 10-page document points out that strictly financial reasons, such as identity theft or credit card fraud, cannot be ruled out as possible motivations of the massive data breach. But it points out that the stolen data have yet to appear in so-called “darknet” websites that are used by the criminal underworld to buy and sell such information. This is highly unusual, particularly when one considers the massive size of the data theft, which involves millions of Americans’ credit card and Social Security numbers. Experts doubt, therefore, that the OPM data “will ever appear for sale in the online black market”. This inevitably leads to the conclusion that the breach falls “in the category of intelligence-gathering, rather than commercial espionage”, according to the report.

The above conclusion could have far-reaching consequences, says the report. One such possible consequence is that high-resolution fingerprints that were contained in the OPM database could be used to blow the covers of American case officers posing as diplomats, and even deep-cover intelligence operatives working secretly abroad. Furthermore, the hackers that are in possession of the stolen files could use them to create high-quality forged documents, or even publish them in efforts to cause embarrassment to American intelligence agencies.

Author: Ian Allen | Date: 30 July 2015 | Permalink: https://intelnews.org/2015/07/30/01-1746/

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , ,

NATO missile system hacked remotely by ‘foreign source’

July 10, 2015 by 1 Comment

MIM-104 Patriot missile systemA Patriot missile system stationed in Turkey by the North Atlantic Treaty Organization (NATO) was allegedly hacked by a remote source, according to reports. German magazine Behörden Spiegel said this week that the hacked missile system is owned and operated by the German Army. It was deployed along the Turkish-Syrian border in early 2013, after Ankara requested NATO assistance in protecting its territory from a possible spillover of the civil war in neighboring Syria.

The Patriot surface-to-air missile system was initially built for the United States Army by American defense contractor Raytheon in the 1980s, but has since been sold to many of Washington’s NATO allies, including Germany. The Patriot system consists of stand-alone batteries, each composed of six launchers and two radars. The radars, which are aimed at spotting and targeting incoming missiles, communicate with the launchers via a computer system. The latter was hijacked for a brief period of time by an unidentified hacker, said Behörden Spiegel, adding that the perpetrators of the electronic attack managed to get the missile system to “perform inexplicable commands”. The magazine gave no further details.

Access to the Patriot missile system could theoretically be gained through the computer link that connects the missiles with the battery’s control system, or through the computer chip that guides the missiles once they are launched. Hacking any one of these nodes could potentially allow a perpetrator to disable the system’s interception capabilities by disorienting its radars. Alternatively, a hacker could hypothetically prompt the system to fire its missiles at an unauthorized target. According to Behörden Spiegel, the attack on the missile system could not have come about by accident; it was a concentrated effort aimed at either taking control of the missiles or compromising the battery’s operating system. Moreover, the sophisticated nature of such an attack on a well-protected military system presupposes the availability of infrastructural and monetary resources that only nation-states possess, said the magazine.

Shortly after the Behörden Spiegel article was published, the German Federal Ministry of Defense denied that Patriot missile systems under its command could be hacked. A Ministry spokesman told German newspaper Die Welt that the Ministry was not aware of any such incident having taken place in Turkey or elsewhere.

Author: Joseph Fitsanakis | Date: 10 July 2015 | Permalink: https://intelnews.org/2015/07/10/01-1732/

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , ,

US spies voiced concerns about Fed database prior to massive hack

July 1, 2015 by Leave a comment

Office of Personnel ManagementUnited States intelligence officials expressed concerns about a federal database containing details of security-clearance applications in the years prior to a massive cyber hacking incident that led to the theft of millions of personnel records. Up to 18 21 million individual files were stolen last month, when hackers broke into the computer system of the US Office of Personnel Management (OPM), which handles applications for security clearances for all agencies of the federal government. The breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans who have filed applications for security clearances –including intelligence officers.

Until a few years ago, however, Scattered Castles, the database containing security clearance applications for the US Intelligence Community, was not connected to the OPM database. But in 2010, new legislation aiming to eliminate the growing backlog in processing security-clearance applications required that Scattered Castles be merged with the OPM database. The proposed move, which aimed to create a unified system for processing security clearances made sense in terms of eliminating bureaucratic overlap and reducing duplication within the federal apparatus. But, According to the Daily Beast, US intelligence officials expressed concerns about the merging of the databases as early as 2010. The website said that security experts from the Intelligence Community expressed “concerns related to privacy, security and data ownership” emerging from the impending merge. One official told the Daily Beast that there were fears that the “names, Social Security numbers, and personal information for covert operatives would be exposed to hackers”.

However, the merge went ahead anyway, and by 2014 parts of the Scattered Castles databases were gradually becoming accessible through the OPM network. The Daily Beast cited an unnamed US official as saying that there was “no connection between Scattered Castles and the OPM hack”. But when asked whether Scattered Castles was linked to the OPM system, he referred the website to the Federal Bureau of Investigation, which is probing last month’s hack attack.

Author: Joseph Fitsanakis | Date: 1 July 2015 | Permalink: https://intelnews.org/2015/07/01/01-1726/

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , ,

Israel denies using computer virus to spy on Iran nuclear deal

June 11, 2015 by Leave a comment

Duqu 2.0The Israeli government rejected reports yesterday that its spy agencies were behind a virus found on the computers of three European hotels, which hosted American and other diplomats during secret negotiations on Iran’s nuclear program. Cybersecurity firm Kaspersky Lab said on Wednesday that it first discovered the malware, which it dubbed “Duqu 2.0”, in its own systems. The Moscow-based firm said the sophisticated and highly aggressive virus had been designed to spy on its internal research-related processes. Once they detected the malicious software in their own systems, Kaspersky technicians set out to map Duqu’s other targets. They found that the virus had infected computers in several Western countries, in the Middle East, as well as in Asia. According to Kaspersky, the malware was also used in a cyberattack in 2011 that resembled Stuxnet, the elaborate virus that was found to have sabotaged parts of Iran’s nuclear program in 2010.

However, Kaspersky said that among the more recent targets of the virus were “three luxury European hotels”, which appear to have been carefully selected among the thousands of prestigious hotels in Europe. The three appear to have only one thing in common: all had been patronized by diplomats engaged in the ongoing secret negotiations with Iran over the Islamic Republic’s nuclear program. Kaspersky was referring to the so-called P5+1 nations, namely the five permanent members of the United Nations Security Council plus Germany, who lead ‘the Geneva pact’. Israel has condemned the negotiations and has repeatedly expressed anger at reports that the Geneva pact is about to strike an agreement with Tehran over its nuclear program.

However, Israel’s deputy foreign minister flatly rejected Kaspersky’s allegations on Wednesday, calling them “pure nonsense”. Speaking on Israel Radio, Eli Ben-Dahan said Israel had “many far more effective ways” of gathering foreign intelligence and that it did not need to resort to computer hacking in order to meet its intelligence quotas. Israeli government spokespeople refused to comment on the allegations when asked late Wednesday.

Author: Joseph Fitsanakis | Date: 11 June 2015 | Permalink: https://intelnews.org/2015/06/11/01-1713/

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , ,

Russian hackers accessed Obama’s email correspondence

April 27, 2015 by Leave a comment

White HouseBy JOSEPH FITSANAKIS | intelNews.org
Computer hackers believed to be connected to the Russian government were able to access emails belonging to the president of the United States, according to American officials briefed about the ensuing investigation. The cyberattack on the White House was announced by American government officials in October of last year, soon after it was discovered by security experts. But The New York Times said on Saturday that the hacking was far more intrusive than had been publicly acknowledged and that the information breach resulting from it was “worrisome”. The paper said that the individuals behind the cyberattack were “presumed to be linked to the Russian government, if not working for it”. It also quoted one unnamed senior US official, who said that the group that perpetrated the hacking was “one of the most sophisticated actors we’ve seen”.

Little concrete information has emerged on the hacking, but it appears to have started with attempts to compromise computers at the US Department of State. As CNN reported earlier this month, the hackers essentially managed to take control of the State Department’s declassified computer network and exploit it for several months. In most American government departments, senior officials operate at least two computers in their offices. One is connected to the government’s secure network used for classified communications; the other is used to communicate unclassified information to the outside world. In theory, those two systems are supposed to be separate. However, it is common knowledge that the publicly linked computers often contain sensitive or even classified information. It is this unclassified part of the network that the alleged Russian hackers were able to access, in both the State Department and the White House.

According to The Times, by gaining access to the email accounts of senior US government officials, the hackers were able to read unclassified emails sent or received by, among others, President Barack Obama. The US president’s own unclassified account does not appear to have been breached, said the paper, nor were the hackers able to access the highly classified server that carries the president’s mobile telephone traffic. Nevertheless, the operation to remove monitoring files placed in US government servers by the hackers continues to this day, and some believe that the presence of the intruders has yet to be fully eradicated from the system. The Times contacted the US National Security Council about the issue, but was told by its spokeswoman, Bernadette Meehan, that the Council would “decline to comment”. The White House also declined to provide further information on the incident and the ensuing investigation.

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , ,

Hezbollah likely behind malware that attacked Israeli servers

April 9, 2015 by 2 Comments

Malware program codeBy JOSEPH FITSANAKIS | intelNews.org
A report by a major Israeli computer security firm claims that “a Lebanese entity”, possibly Hezbollah, was behind a cyberespionage operation that targeted companies connected to the Israeli military. In late March, Israeli computer security experts announced they had uncovered an extensive cyberespionage operation that targeted computers in Israel, and to a lesser extent in the United States, Britain, Turkey and Canada. The cyberespionage operation, dubbed VOLATILE CEDAR by Israeli computer security experts, was allegedly launched in 2012. It employed a sophisticated malicious software, also known as malware, codenamed EXPLOSIVE. One Israeli security expert, Yaniv Balmas, said the malware was not particularly sophisticated, but it was advanced enough to perform its mission undetected for over three years.

It is worth noting that, during the period of operation, the EXPLOSIVE malware kept surreptitiously updating itself with at least four different versions, which periodically supplemented the original malware code. Additionally, once the discovery of the malware was publicized in the media, security experts recorded several incoming messages sent to the installed malware asking it to self-destruct. These clues point to a level of programming and operational sophistication that exceeds those usually found in criminal cyberattacks.

According to Israeli computer security firm CheckPoint, there is little doubt that the source of the malware was in Lebanon, while a number of programming clues point to Lebanese Shiite group Hezbollah as “a major player” in the operation. In a report published this week, CheckPoint reveals that most of the Israeli targets infected with the malware belong to data-storage and communications firms that provide services to the Israel Defense Forces. According to one expert in the firm, the malware designers took great care to avoid “a frontal attack on the IDF network”, preferring instead to target private entities that are connected to the Israeli military. More specifically, the web shells used to control compromised servers after successful penetration attempts were of Iranian origin. Additionally, the initial command and control servers that handled EXPLOSIVE appear to belong to a Lebanese company.

The head of CheckPoint’s security and vulnerability research unit, Shahar Tal, told Ha’aretz newspaper: “We are not experts on international relations and do not pretend to analyze the geopolitical situation in Lebanon”. But these attacks originated from there, and were specifically designed to infiltrate “systems that are connected to the IDF”, he added.

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , ,

News you may have missed #891

April 2, 2015 by Leave a comment

Edward SnowdenBy IAN ALLEN | intelNews.org
►►Sophisticated malware found in 10 countries ‘came from Lebanon’. An Israeli-based computer security firm has discovered a computer spying campaign that it said “likely” originated with a government agency or political group in Lebanon, underscoring how far the capability for sophisticated computer espionage is spreading beyond the world’s top powers. Researchers ruled out any financial motive for the effort that targeted telecommunications and networking companies, military contractors, media organizations and other institutions in Lebanon, Israel, Turkey and seven other countries. The campaign dates back at least three years and allegedly deploys hand-crafted software with some of the hallmarks of state-sponsored computer espionage.
►►Canada’s spy watchdog struggles to keep tabs on agencies. The Security Intelligence Review Committee (SIRC), which monitors Canada’s intelligence agencies, said continued vacancies on its board, the inability to investigate spy operations with other agencies, and delays in intelligence agencies providing required information are “key risks” to its mandate. As a result, SIRC said it can review only a “small number” of intelligence operations each year.
►►Analysis: After Snowden NSA faces recruitment challenge. This year, the NSA needs to find 1,600 recruits. Hundreds of them must come from highly specialized fields like computer science and mathematics. So far the agency has been successful. But with its popularity down, and pay from wealthy Silicon Valley companies way up, Agency officials concede that recruitment is a worry.

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , , , , , , , ,

North Korean hackers operating secretly in China, says defector

January 7, 2015 by Leave a comment

Shenyang railway stationBy JOSEPH FITSANAKIS | intelNews.org
An underground network of North Korean hackers are conducting complex cyberattacks against worldwide targets from Chinese cities without the knowledge of Beijing, according to a former professor who trained them. Kim Heung-Kwang was a professor of computer science in North Korean capital Pyongyang, until his defection in 2004. He told CNN on Tuesday that part of his job was training members of North Korea’s elite cyberintelligence corps, whose task was to compromise computer systems around the world. Kim alleged that some of the hackers joined a specialized outfit called Bureau 121. It was established in complete secrecy in 1995 and ten years later it began sending its operatives abroad, especially in northern China. According to Kim, Bureau 121 set up a complex network of hackers in the Chinese city of Shenyang, in northern China’s Liaoning Province. Shenyang is the largest Chinese city near North Korea, and Bureau 121 operatives were allegedly able to effortlessly blend in the sizeable Korean community there. The former professor told CNN that the hackers “entered China separately” over time, “in smaller groups […], under different titles” such as officer workers, trade company officials, or even diplomatic personnel. They operated like typical spies, working regular jobs by day and “acting on orders from Pyongyang” by night, said Kim. They gradually set up an underground “North Korean hacker hub”, operating secretly in Shenyang for several years, relocating from place to place in order to shield their activities from computer security experts. Kim told CNN that Shenyang’s bustling, money-driven life and its good Internet facilities made it easy for Bureau 121 members to work secretly on several projects that required sophisticated telecommunications infrastructure. North Korea lacks China’s telecommunications network capabilities, said Kim, which is why Pyongyang decided in the early days of the Internet to transport its hackers to Shenyang. He added that Bureau 121 has rolled back considerably its overseas operations in recent years, due to the advancement of high-speed telecommunications networks in North Korea; but some North Korean hackers are still active in northern China, he said.

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , ,

News you may have missed #882 (cybersecurity edition)

August 22, 2014 by 1 Comment

Andrew LewmanBy IAN ALLEN | intelNews.org
►►GCHQ launches ‘Cyber Security Challenge’. Britain’s signals intelligence agency, GCHQ, has created a new online game to find new recruits and test the public’s ability to deal with hacking attacks. The new game, named Assignment: Astute Explorer, will give registered players the chance to analyze code from a fictitious aerospace company, identify vulnerabilities and then suggest fixes.
►►Chinese hackers spied on investigators of Flight MH370. Malaysian officials investigating the disappearance of flight MH370 have been targeted in a hacking attack that resulted in the theft of classified material. The attack hit around 30 PCs assigned to officials in Malaysia Airlines, the country’s Civil Aviation Department and the National Security Council. The malware was hidden in a PDF attachment posing as a news article that was distributed on 9 March, just one day after the ill-fated Malaysian Airlines Boeing 777 disappeared en route from Kuala Lumpur to Beijing.
►►Developer alleges NSA and GCHQ employees are helping Tor Project. Tor is a free software used for enabling online anonymity and resisting censorship. It directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user’s location or usage. Interestingly, its executive director, Andrew Lewman, has told the BBC that employees of the NSA and GCHQ offer his team of programmers tips “on probably [a] monthly” basis about bugs and design issues that potentially could compromise the [Tor] service”. He added that he had been told by William Binney, a former NSA official turned whistleblower, that one reason NSA workers might have leaked such information was because many were “upset that they are spying on Americans”.

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , , , , , , , , ,

Analysis: Should government spies target foreign firms?

June 12, 2014 by 3 Comments

CyberespionageBy JOSEPH FITSANAKIS | intelNews.org
Last month, the government of the United States indicted five officers of the Chinese People’s Liberation Army with conspiracy to commit computer fraud, economic espionage, and theft of trade secrets, among other charges. In indicting the five PLA officers, the US Department of Justice went to great pains to ensure that it did not accuse the suspects of engaging in cyberespionage in defense of China’s national security. What sparked the indictments was that the accused hackers allegedly employed intelligence resources belonging to the Chinese state in order to give a competitive advantage to Chinese companies vying for international contracts against American firms. In the words of US Attorney General Eric Holder, the operational difference between American and Chinese cyberespionage, as revealed in the case against the five PLA officers, is that “we do not collect intelligence to provide a competitive advantage to US companies, or US commercial sectors”, whereas China engages in the practice “for no reason other than to advantage state-owned companies and other interests in China”. I recently authored a working paper that was published by the Cyberdefense and Cybersecurity Chair of France’s Ecole Spéciale Militaire de Saint-Cyr, in which I argued that the American distinction between public and private spheres of economic activity is not shared by PLA. The Chinese see both state and corporate cyberespionage targets as fair game and as an essential means of competing globally with the United States and other adversaries. In the paper, I argue that Beijing sees the demarcation between state and private economic activity as a conceptual model deliberately devised by the US to disadvantage China’s intelligence-collection ability. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , ,

Western companies to suffer backlash in China-US espionage spat

May 22, 2014 by Leave a comment

China and the United StatesBy IAN ALLEN | intelNews.org
China’s response to America’s allegations of cyberespionage will probably not be directed against the United States government, but at Western technology companies, according to business insiders. On Monday, the United States Department of Justice identified five members of the Chinese People’s Liberation Army as directly responsible for a series of cyberespionage operations targeting American firms. Since then, sources in the business community have said that American companies operating in China were “caught off guard” by the Justice Department’s charges, and that they were “given no advanced notice” by US government officials. On the one hand, business insiders claim that Chinese cyberespionage against Western firms is so aggressive that many in the corporate community were broadly supportive of Washington’s move. But, on the other hand, some industry analysts have told the Reuters news agency that, although Beijing’s response to Washington’s allegations will not be “immediate or obvious”, Western technology firms should prepare to face a lot more difficulties in doing business in China. Specifically, some business observers expect the Chinese government to respond to America’s cyberespionage allegations by “precluding foreign companies from certain sectors” of its economy. Beijing might even use the controversy to justify a “turn to internal suppliers” of technological products and services, say experts. The news agency reports that American hardware and software suppliers have already seen their sales in China drop as a result of the revelations by American intelligence defector Edward Snowden. The current clash over cyberespionage between America and China is likely to have a further negative effect on American business activities all over Southeast Asia. The ongoing dispute between the two countries is likely to have an effect in Europe as well, say The Financial Times. The London-based paper reports that Washington’s recent indictment has “struck a chord in German industry”, which is also concerned about the perceived theft of intellectual property by Chinese hackers. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , ,

The mysterious Chinese unit behind the cyberespionage charges

May 20, 2014 by 2 Comments

Shanghai, ChinaBy JOSEPH FITSANAKIS | intelNews.org
On Monday, the United States government leveled for the first time charges against a group of identified Chinese military officers, allegedly for stealing American trade secrets through cyberespionage. The individuals named in the indictment are all members of a mysterious unit within the Chinese People’s Liberation Army (PLA) command structure, known as Unit 61398. It is estimated that the unit has targeted at least 1,000 private or public companies and organizations in the past 12 years. Western cybersecurity experts often refer to the group as “APT1”, which stands for “Advanced Persistent Threat 1”, or “Byzantine Candor”. It is believed to operate under the Second Bureau of the PLA’s General Staff Department, which is responsible for collecting foreign military intelligence. Many China military observers argue that Unit 61398 is staffed by several thousand operatives, who can be broadly categorized into two groups: one consisting of computer programmers and network operations experts, and the other consisting of English-language specialists, with the most talented members of the Unit combining both skills. Computer forensics experts have traced the Unit’s online activities to several large computer networks operating out of Shanghai’s Pudong New Area district, a heavily built neighborhood in China’s largest city, which serves as a symbol of the country’s rapid industrialization and urbanization. Among other things, Unit 61398 is generally accused of being behind Operation SHADY RAT, one of history’s most extensive known cyberespionage campaigns, which targeted nearly 100 companies, governments and international organizations, between 2006 and 2011. The operation is believed to be just one of numerous schemes devised by Unit 61398 in its effort to acquire trade secrets from nearly every country in the world during the past decade, say its detractors. American sources claim that the PLA Unit spends most of its time attacking private, rather than government-run, networks and servers. As the US Attorney General, Eric Holder, told reporters on Monday, Unit 61398 conducts hacking “for no reason other than to advantage state-owned companies and other interests in China, at the expense of businesses here in the United States”. But The Washington Post points out that the recent revelations by US intelligence defector Edward Snowden arguably make it “easier for China to dismiss” Washington’s charges, since they point to Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , , ,

Older posts

Newer posts