Analysis: China an ‘easy scapegoat’, says leading cybersecurity expert

Mikko Hypponen

Mikko Hypponen

By JOSEPH FITSANAKIS | intelNews.org |
It is fashionable nowadays to single out China as the primary source of global cyberespionage. During the past few days alone, the Japanese government said Chinese hackers had attacked computers systems in its Lower Parliament, while Britain’s General Communications Headquarters (GCHQ) pointed to Beijing as the main culprit behind an unprecedented rise in organized cyberattacks. A few days ago, the United States intelligence community publicly named for the first time China and Russia as “the most aggressive collectors” of US economic information and technology online. But is the image of China as the ultimate cyber-villain accurate? Not necessarily, according to leading cybersecurity expert Mikko Hypponen. Speaking earlier this week at the PacSec 2011 conference in Tokyo, Japan, Hypponen, who leads computer security firm F-Secure, disputed the predominant view that a single country could be the source of the majority of organized cyberattacks directed against governmental and corporate targets. It is true, said Hypponen, that cyberespionage attacks “are commonly attributed to the Chinese government”. Moreover, it does appear like “a lot” of these attacks are indeed coming from Chinese sources, he said. But the problem of attribution —accurately and conclusively determining the responsible agency behind a cyberattack— remains unresolved in our time. Even if Chinese servers are conclusively identified as sources of such attacks, it would be dangerous to assume that Chinese government operatives —and not rogue agents, or nationalist hacker gangs— are necessarily behind them. Additionally, it is entirely possible that other countries —perhaps even Western countries— could be behind such attacks, but that they consciously try to mask them in such a way as to make China appear responsible. The reason is that Beijing is “such an easy scapegoat”, said Hypponen. Read more of this post

News you may have missed #625

Ahmed Al Hawan

Ahmed Al Hawan

►►Egypt’s most famous spy dies at 74. Egypt’s most famed spy on Israel, Ahmed Al Hawan, 74, has died after a long fight with illness, local media reported on Wednesday. Al Hawan worked for the Egyptian intelligence service during the years that followed Egypt’s military defeat by Israel in 1967. He supplied the Israelis with mistaken and misleading information that was crucial in Egypt’s war with Israel in 1973.
►►Analysis: Dark days for Taiwan’s spies. When Taiwan’s government last month announced budget cuts in military intelligence, the Ministry of National Defense (MND) insisted operations against mainland China would not be affected. However, media paint a vastly different picture, suggesting Taiwan’s future leaders will be completely deaf and blind to secretive developments across the Taiwan Strait.
►►US cyberespionage report names adversaries. A US intelligence report released last week concluded China and Russia are “the most aggressive collectors” of US economic information and technology online. But the report also states that America’s “allies and partners“, including the “French and the Israelis” are also stealing the s vital industrial and commercial secrets by infiltrating computer networks.

News you may have missed #620 (cyberespionage edition)

GCHQ

GCHQ

►►Canada government ‘warned prior to cyberattack’. Canada’s spy agency, CSIS, warned the government that federal departments were under assault from rogue hackers just weeks before an attack crippled key computers. A newly released intelligence assessment, prepared last November, sounded a security alarm about malicious, targeted emails disguised as legitimate messages —the very kind that shut down networks two months later.
►►GCHQ warns cyber crime reaches ‘disturbing’ levels. Cyber attacks on the British government, the public and industry have reached “disturbing” levels, according to the director of Britain’s biggest intelligence agency. Iain Lobban, who runs the British government’s listening centre, GCHQ, has warned that the “UK’s continued economic wellbeing” is under threat.
►►Japanese parliament hit by cyber-attack. Alleged Chinese hackers were able to snoop upon emails and steal passwords from computers belonging to lawmakers at the Japanese parliament for over a month, according to Japanese daily Asahi Shimbun. The paper claims that computers and servers were infected after a Trojan virus was emailed to a Lower House member in July. The Trojan then allegedly downloaded malware from a server allegedly based in China —allowing remote hackers to secretly spy on email communications and steal usernames and passwords from Japanese lawmakers.

News you may have missed #617

Ilan Grapel

Ilan Grapel

►►Analysis: Is the CIA Still an Intelligence Agency? Early September 2011, a former intelligence official commented to The Washington Post that, “The CIA has become one hell of a killing machine”. He then attempted to retract, but his words were on record. But is that really what it should be: a hell of a killing machine?
►►US National Security Agency helps Wall Street battle hackers. The National Security Agency, a secretive arm of the US military, has begun providing Wall Street banks with intelligence on foreign hackers, a sign of growing US fears of financial sabotage. While government and private sector security sources are reluctant to discuss specific lines of investigations, they paint worst-case scenarios of hackers ensconcing themselves inside a bank’s network to disable trading systems for stocks, bonds and currencies, trigger flash crashes, initiate large transfers of funds or turn off all ATM machines.
►►Israel okays deal with Egypt to free alleged spy. Israel’s security cabinet unanimously approved an agreement Tuesday for the release of Israeli-American law student Ilan Grapel (pictured), who has been in jail in Egypt since June 12 on spying allegations that were later reduced to incitement. In exchange, Israel will release 22 Egyptian prisoners, most of them Bedouin from the Sinai jailed for smuggling drugs or weapons.

Computer virus found on CIA’s Predator drone remote-control system

Predator drone

Predator drone

By JOSEPH FITSANAKIS | intelNews.org |
The remote control cockpits of the US Central Intelligence Agency’s Predator drones have been infected by a potentially disastrous computer virus, which surreptitiously records every keystroke made by the pilots. Wired magazine’s Danger Room blog, which aired the exclusive report, said that the virus was discovered by the US Pentagon’s network security specialists less than two weeks ago. It also said that the virus has successfully resisted “multiple efforts” to remove it from the computers that guide the remote-controlled missions of the Agency’s unmanned drones. The blog cited a Pentagon computer specialist, who claims that he and his network security team “keep wiping it off and it keeps coming back”. The specialist also said that it is unclear at the present stage whether the computer virus is malicious or benign, in terms of its security implications. It also remains unknown whether the virus was introduced to the system intentionally or by accident, and how far it has spread into the system. It has been confirmed that the primary task of the virus is keylogging —recording all keystrokes made by users. But nobody at the Pentagon seems to know what happens to the keylogged data —that is, whether it remains within the Predator drone computer system, or whether it is clandestinely transmitted to individuals located outside the US military’s chain of command. The Wired report notes that there have been no reports of incidents relating to compromised information as a result of the keylogging virus. Read more of this post

News you may have missed #594

David Irvine

David Irvine

►►Egypt extends detention of alleged Israel spy. An Egyptian court has extended the detention of alleged Israeli spy Ilan Grapel by 45 days, the Egyptian Al-Ahram newspaper reported on Wednesday. Grapel was arrested in Cairo in June.
►►Australian spy chief raises cyberespionage concerns. The advent of cyberespionage is serving only to reinvigorate the craft of espionage, making such spying easier than ever, the Australian Security Intelligence Organization chief, David Irvine, has told a conference in Canberra. Espionage, which has taken a back seat to terrorism since the attacks of September 11, 2001, is alive and well, said Irvine.
►►US intel official says al-Qaeda operations could end in two years. Michael G. Vickers, the US undersecretary of defense for intelligence, said at a defense conference that if the current pace of US operations continues, “within 18 to 24 months, core al-Qaeda’s cohesion and operational capabilities could be degraded to the point that the group could fragment”. Vickers’s remark represents the first time that a senior US official has offered a time frame for achieving the collapse of the organization responsible for the 9/11 attacks.

News you may have missed #563 [updated]

Mike McConnell

Mike McConnell

►►Colombia spy official imprisoned for illegal wiretapping. Gustavo Sierra Prieto, the former analysis chief of Colombia’s soon-to-be-dismantled DAS intelligence agency, has been sentenced to eight years and four months in jail for his role in the illegal wiretapping of government opponents, judges and journalists. But the main culprit in the wiretapping scandal, former DAS Director Maria Pilar Hurtado, is still hiding in Panama.
►►Cold War documents detail CIA interest of Canada. The CIA has declassified some of its Cold-War-era reports on Canada. The documents show that the Agency’s interest in America’s northern neighbor was mostly related to the its satellite R&D, as well as its economic sector, with a particular focus on Canada’s energy and minerals sector. There is also discussion in some documents of how to best utilize Canada’s energy resources in a possible war with the Soviet Union.
►►Ex-intel official says US must engage in cyberspying. Is it just me, or is there a calculated echo chamber developing by former senior US spy officials? Read more of this post

News you may have missed #561

Francis Gary Powers

Francis G. Powers

►►US to phase out U-2 spy plane after 50 years. After more than 50 years gathering intelligence 13 miles above the ground, the United States’ U-2 spy planes will be phased out and replaced by unmanned drones by 2015, according to reports this past week. The classified U-2 program came to light in 1960, when a Soviet surface-to-air missile brought down a U-2 flown by CIA pilot Gary Powers, who parachuted to safety but was soon captured.
►►Security company unearths ‘massive’ cyberespionage operation. A widespread cyberespionage campaign stole government secrets, sensitive corporate documents, and other intellectual property for five years from more than 70 public and private organizations in 14 countries. This is according to Dmitri Alperovitch, vice president of threat research at the cyber-security firm McAfee, who uncovered the alleged plot. The operation, dubbed SHADY RAT, targeted the United Nations and the United States, among other national and international entities.
►►South Korea expands spy ring investigation. South Korean authorities have expanded the controversial investigation into the alleged Wangjaesan spy ring, to include Read more of this post

News you may have missed #556

David Irvine

David Irvine

►►Australian computer networks spied ‘massively’. Cyberespionage is being used against Australia on a “massive scale” and some foreign spies are using Australian government networks to penetrate the cyberdefenses of allies such as the United States. This according to the Director of the Australian Security Intelligence Organisation (ASIO) David Irvine. Speaking at a business forum, Mr. Irvine said that “it seems the more rocks we turn over in cyberspace, the more [cyberespionage] we find”.
►►US to give Iraq wiretapping system. The US will give the government of Iraq a wiretapping system that will allow it to monitor and store voice calls, data transmissions and text messages from up to 5,000 devices simultaneously. The system is to be installed with the acquiescence of the three current cellular communications providers in Iraq, according to the US Air Force. A similar system was set up by a US contractor three years ago in Afghanistan.
►►Judge says NSA whistleblower faced ‘tyrannical’ US government. This blog has kept an eye on the case of Thoma Drake, a former US National Security Agency employee  who was taken to court for leaking secrets about the agency to a journalist. But the judge in his case, Richard D. Bennett, refused Read more of this post

Computer hacking reveals Italian spying on Russia, India

CNAIPIC emblem

CNAIPIC emblem

By JOSEPH FITSANAKIS | intelNews.org |
Documents posted online by an anonymous hacker group point to extensive Italian espionage against Russian and Indian defense and energy deals. The hacked documents contain raw data and intelligence reports authored by officials in Italy’s National Anti-Crime Computer Center for Critical Infrastructure Protection (CNAIPIC), an electronic security outfit operating under the auspices of the Italian National Police. It appears that Italian National Police servers were recently hacked by a group of international hackers calling itself Anonymous Hackers for Antisec Operation. On July 26, the group published over eight gigabytes of hacked CNAIPIC documents on various subjects, ranging from reports on Egypt’s Ministry of Transportation to information about the Vietnam Oil and Gas Group (PetroVietnam). Among the documents are reports that seem to point to systematic intelligence-gathering operations by CNAIPIC against Russia’s government-owned energy and defense industries. Some of the information contained in the reports appears to have been stolen from the embassy of India in Moscow, probably through cyberespionage. The stolen information would suggest that CNAIPIC has had access since late 2009 to confidential correspondence between the Indian embassy and a number of Russian military aircraft industries, including Aviazapchast, Ilyushin Aircraft, and NPO Saturn. Read more of this post

News you may have missed #548 (China edition)

NIS HQ

By IAN ALLEN | intelNews.org |
►►China detains Korean spy officers. It emerged last week that Chinese authorities have kept in detention for nearly a year two South Korean NIS intelligence officers, who were caught collecting information about North Korea on Chinese soil. It appears that the Chinese did share the information with the North Koreans, because usually the North Korean news agency would have announced this when the officers were first arrested. Of course, NIS denied the Chinese report. ►►US intelligence on China declassified. George Washington University’s National Security Archive has published a series of declassified US intelligence reports on China, spanning the period from 1955 until 2010. In one report authored in 2005, US intelligence analysts speculate that Beijing might be trying to develop a capability to incapacitate Taiwan through high-power microwave and electromagnetic radiation, so as not to trigger a nuclear retaliation from the US. ►►IMF investigators see China behind computer hacking. Back in June, intelNews reported on a massive and sophisticated cyberattack on the computer systems of the International Monetary Fund, which experts claimed was “linked to a foreign government”. Read more of this post

News you may have missed #544

Google

Google

By IAN ALLEN | intelNews.org |
►►Russia a ‘leading suspect’ in cyberespionage attack on US. I wrote on Monday about the cyberespionage operation that targeted a leading US defense contractor last March, and resulted in the loss of tens of thousands of classified documents. US Deputy Defense Secretary William J. Lynn III, who disclosed the operation, said only that it was conducted by “a foreign intelligence service”. According to the last sentence of this NBC report, US officials see Russian intelligence as “one of the leading suspects” in the attack. ►►Al-Qaeda acquires Pakistani spy service manuals. Jamestown Foundation researcher Abdul Hameed Bakier reports that al-Qaeda operatives have managed to get access to espionage training manuals used by Pakistan’s Inter-Services Intelligence directorate (ISI). Copies of the documents have apparently been posted on Internet forums that are sympathetic to al-Qaeda, and bear the mark of the As-Sahab Foundation, al-Qaeda’s media wing. ►►Google-NSA collaboration documents to remain secret —for now. Even before Google shut down its operations in China, following a massive cyberattack against its servers in early 2010, the company has maintained close contact with American intelligence agencies. But after the 2010 cyberattack, some believe that Google’s relationship with the US intelligence community has become too cozy. In February of 2010, the ACLU said it was concerned about Google’s contacts with the US National Security Agency (NSA). Other groups, including the Electronic Privacy Information Center (EPIC), have filed Freedom of Information Act (FOIA) requests seeking access to the inner workings of Google’s relationship with NSA. Read more of this post

News you may have missed #542

Sir John Chilcot

Sir John Chilcot

By IAN ALLEN | intelNews.org |
►►Ex-spy says MI6 cut corners to back Blair’s Iraq war case. Britain’s ongoing Iraq Inquiry headed by Sir John Chilcot, heard last week from a former spy, identified in documents only as “SIS2”. The witness said that MI6 was “probably too eager to please” the government and was guilty of “flying a bit too close to the sun”. He was referring to the intelligence support provided by MI6 in support of the case for entering the Iraq War, made by the Labour government of Prime Minister Tony blair in 2003. He also told the committee that “the pressure to generate results, I fear, did lead to the cutting of corners”. ►►Medical group criticizes CIA’s vaccination scheme. A whimiscal tone prevails in most articles on the recent revelation that the CIA tried to collect DNA evidence on Osama bin Laden by running a phony vaccination program in Abbottabad, Pakistan. But medical groups engaged in organizing vaccination schemes are not amused. French-based international medical aid charity Médecins Sans Frontières has lashed out at the CIA because, it said, by using a medical cover for its assassination scheme, the Agency endangered those who conduct life-saving immunization work around the world. Read more of this post

News you may have missed #532

Viru Hotel

Viru Hotel

By IAN ALLEN | intelNews.org |
A new exhibition in Tallinn, called The Viru Hotel and the KGB, showcases the Soviet KGB operations in the Estonian capital’s most prestigious Soviet-era hotel. According to the curators, the 23rd floor of the hotel served as the KGB’s operational center in the city. The exhibition focuses specifically on KGB bugging technology during the last stages of the Cold War. Speaking of the Cold War, The Oak Ridger hosts an interesting interview with Francis Gary Powers Jr., son of the CIA pilot who was shot down over the USSR and later captured by the Soviets in 1960. Powers insists his father “never divulged America’s secrets” during his two-year imprisonment in Moscow. Interestingly, declassified documents from that time show that the CIA doubted Powers’ plane had been shot down by the Soviets, and believed the pilot had willingly defected to the USSR. In Canada, meanwhile, a new report to parliament by the Canadian Security Intelligence Service’s (CSIS), claims that cyber-spying is fastest growing form of espionage in the country. The report also states that, as a matter of policy, CSIS views some private-sector cyberattacks as a national security issue.

News you may have missed #530

  • Another spy ring reportedly busted in Kuwait. Kuwait has allegedly busted another spy ring, working for the intelligence services “of an Arab country [that] is currently embroiled in political turmoil”, reports Al-Jaridah daily. The paper also said that information gathered by the spy ring was sent to a liaison officer in the embassy of that country. Last April, two Iranians and a Kuwaiti national, all serving in Kuwait’s army, were sentenced to death for belonging to an Iranian spy ring.
  • How defectors come in from the cold. Interesting historical account of how defectors adjust to their new lives, from the BBC’s News Magazine. Sadly, much of the article is about –you guessed it– the Cambridge Five, which the British seem unable to get over, half a century later.
  • UK report says hackers should fight cyber spies. Britain faces losing its position at the leading edge of technology unless new ideas are developed to fight cyber attacks, including recruiting computer hackers to help fight organized cyber crime and espionage by foreign powers. This is the conclusion of a new report by the University College London’s Institute for Security and Resilience Studies.