Date: August 5, 2011
Source: Computer World
Abstract: The official newspaper of China's ruling communist party has dismissed security vendor McAfee's report that a state sponsored group was behind the massive cyberattack that penetrated 72 companies and organizations, calling the claims groundless.
The article written in the People's Daily on Friday is the closest official comment the Chinese government has issued about the reported hacking attacks, which spanned 14 countries and stole national secrets and sensitive business plans.
While McAfee's report did not name the group behind the cyber attack, security experts suspect it came from China, partly because of the organizations targeted. Some of the targeted groups included the International Olympic Committee, the World Anti-Doping Agency, the United Nations and companies in South Korea, U.S. and Taiwan.
The People's Daily article said, however, that the only evidence security experts had in suspecting China was because the targets were of interest to either Beijing or Moscow. The article also noted criticism that McAfee had released the report in order to sell more security products.
"Arbitrarily linking China and every hacking attack is irresponsible," the article said.
China has a record of being named the country of origin for several other high-profile hacking attacks. In June, Google said it had disrupted a phishing campaign coming from China that was designed to steal the e-mails of government officials, Chinese political activists and military personnel.
In February, McAfee had published another report that said a hacking attack originating from China that stole gigabytes of data from at least five oil, gas and petrochemical companies.China, however, has previously denied taking part in any kind of hacking attacks. Chinese foreign ministry officials have said the country is firmly opposed to hacking and that the country has also been a victim of cyber attacks (Computer World, 2012).
China Hacking Video Shows Glimpse Of Falun Gong Attack Tool
Date: August 24, 2011
Source: Computer World
Abstract: A hacking video has emerged, showing a glimpse of the Falun Gang attack tool, during a rather mundane documentary about hacking produced by the state-sponsored China Central Television.
The short video appears to give a peek at a state-sponsored hacking tool used to disrupt the operations of a spiritual movement that the government of China considers a threat to its authority.
The video does not
explain where the tool comes from. With a few clicks, the on-screen computer
fires up a custom-built attack program, apparently giving the user a way to
knock out any one of a range of websites affiliated with the movement, Falun
Computers affiliated with Falun Gong and Tibetan dissidents have been targeted in online attacks for years, in what many security experts considered to be an organized hacking campaign sponsored by the Chinese government.
China has consistently denied these allegations, but the fact that a Falun Gong attack tool has popped up in a state-sponsored video raises new questions.
The report, entitled "The Internet storm is coming!" focuses on the Pentagon's cyberwarfare strategy, concluding that a cyber-attack against the U.S. could be construed as an act of war against a country that is prepared to fight back. The report then looks at how the Internet can affect national security and examines U.S. efforts to counter cyber-attacks.
The attack tool shows up almost as an afterthought, in a collection of b-roll footage used to give viewers something to look at while the narration continues.
During the six-second attack-tool segment (starting at 11:04 of the video), the narrator talks about how Trojans and back doors can infiltrate computers, and mentions that there are many ways to conduct online attacks.
With a few clicks, the attacker selects a website hosted by the University of Birmingham at Alabama (UAB) from a list of Falun Gong websites. Buttons on the bottom of the screen say "attack" and "cancel."
As an attack tool, however, it isn't exactly state of the art. It goes after a website that's been offline for a decade.
The University of Alabama website was a personal site that once hosted Falun Gong material. The site was created "by a former student and was decommissioned in 2001 as it violated our acceptable use policy," according to Kevin Storr, a UAB spokesman.
News of the video
clip was first reported Sunday by the Epoch Times. China Central Television could not be reached for comment Tuesday (Computer World, 2011).
Title: Chinese Hackers Pledge To Reject Cybercrime
Date: September 19, 2011
Source: Computer World
Abstract: Two prominent Chinese hackers have released a convention calling for the rejection of cybercrime and are asking their peers to support it, as China is increasingly seen as the source of international hacking attacks and cybertheft.
The two hackers, Gong Wei and Wan Tao, released their "Hackers' Self-Discipline Convention" to the Chinese media and posted its contents on the internet. The hackers declined to offer further comment, but the document presents itself as a moral code that outlines appropriate hacking activities and eschews cybercrime.
The document states that hackers will not obtain money through stealing from the public. Hacking groups will also not spread knowledge or tools that are meant to take income. "The public's privacy, especially that of children and minors, will be protected," the document says. Any activity to buy or sell people's private information is considered inappropriate.
The pact also defines hackers as people who promote the development of the internet and computing by studying security vulnerabilities. "What hackers do is not malicious damage," the document notes. "Hackers are not used for politics."
A draft of the convention will be presented to a hackers' conference in Shanghai, being held next week, that 400 to 500 people are expected to attend. A vote will then be cast on whether to approve the convention.
Both Gong and Wan currently work in the IT security industry, but gained prominence as two of China's earliest hackers. Gong is the founder of the Green Army Corps, one of the country's first hacker groups, while Wan founded the hacking group China Eagle Union. Both groups are believed to have been involved in attacking and defacing foreign websites.
Government Denies Official Hacking
Gong and Wan first told the Chinese media about their plans to write a convention after the Chinese supreme court ruled in August that hackers could be subject to penalties based on existing laws. Gong said China lacked a healthy hacking culture, and newcomers with an interest in technology could easily fall down the wrong path.
have repeatedly denied that the government supports hacking. But the country
has come under
suspicion of state-sponsored cyber attacks. One recent
large-scale attack involved a hacking group that targeted 72
companies and organizations across 14 countries, according to
security vendor McAfee. Analysts have pointed fingers at China because of the
targets selected (Computer World, 2012).
China Denies Role In Japan Defence Contractor Cyberattack
Date: September 21, 2011
Source: Computer World
Abstract: A Chinese government official has denied any involvement in the cyberattack that compromised scores of servers belonging to Mitsubishi Heavy Industries, Japan's largest defence contractor.
According to press reports, Foreign Ministry spokesman Hong Lei dismissed suggestions that the attacks against Mitsubishi originated in China.
"The Chinese government has consistently opposed hacking attack activities. Relevant laws strictly prohibit this," Hong told reporters for Reuters, the Associated Press, and other outlets during a regular press briefing.
“Criticism that China initiated a cyberattack is not only groundless, it goes against development of international cooperation on cybersecurity," Hong said.
Chinese language scripts
Hong's comments are nearly identical to those trotted out by the Chinese government whenever security experts speculate that attacks originate from the country.
The evidence of links to Chinese hackers are admittedly tenuous, relying on past accusations by others - going back to the Aurora attacks that targeted Google and dozens of other Western corporations in late 2009 and early 2010 - a proven history of hacking activity, and claims that Chinese-language scripts have been found in some of the malware that infected Mitsubishi's servers and PCs.
On Monday a US-based spokesman for Mitsubishi confirmed that the company had uncovered a large-scale intrusion that had planted malware on 45 servers and an additional 38 individual PCs in several locations around Japan.
Servers at Mitsubishi's Kobe shipyards, where the company builds diesel-electric submarines and components for nuclear power plants at the company's Nagasaki shipyards, and at its Nagoya plant, which designs and manufactures missile guidance systems, were among those compromised, the spokesman said.
Warning from Japanese police
Mitsubishi said that
the attacks were first detected in mid-August but the company did not go public
until Japanese media revealed the intrusion. According to Japanese reports, the
government was not informed by Mitsubishi of the attack before this weekend.
The spokesman declined to comment on the origin of the attacks.
Separately, however, Japan's National Police Agency (NPA) today circulated a warning of attacks against government websites based on chatter in Chinese forums.
Messages on those forums last week had called for cyberattacks on the 80th anniversary of the September 18, 1931 "Mukden Incident," when the Japanese military staged an attack against a railroad in the Manchurian region of northern China. The incident was used as a pretext by Japan to invade and occupy Manchuria.The NPA said that several Japanese government sites were targeted last week, and that the attacks made them difficult to access at times (Computer World, 2011).
Lawmakers Point To China As Cause Of Cyberattacks
Date: October 5, 2011
Source: Computer World
Abstract: US government officials and America's European allies need to put more pressure on their Chinese counterparts to stop a "pervasive" cyber-espionage campaign and cybercrime targeting American companies, US Representative Mike Rogers said yesterday.
And Rogers, chairman of the US House of Representatives Permanent Select Committee on Intelligence also inisted "our allies in Europe and Asia have an obligation to confront Beijing."
Espionage sponsored by the Chinese government has resulted in "brazen and wide-scale theft of intellectual property of foreign commercial competitors," continued the Michigan Republican.
Espionage targeting other nations' military and government secrets has been common for centuries, but the Chinese government is conducting a "massive trade war" on other countries by targeting private businesses, said the Michigan Republican.
"I don't believe that there is a precedent in history for such a massive and sustained intelligence effort by a government to blatantly steal commercial data and intellectual property," he said during a committee hearing. "China's economic espionage has reached an intolerable level and I believe that the United States and our allies in Europe and Asia have an obligation to confront Beijing and demand that they put a stop to this piracy."
'Allegations unwarranted and irresponsible'
A representative of the Chinese embassy in Washington, DC, denied Rogers' allegations. "As my government has seriously and repeatedly pointed out, allegations of China conducting cyberspace espionage are unwarranted and irresponsible," spokesman Wang Baodong said. "As a victim of international cyberspace hacking activities, China is firmly against such criminal acts, and it has been working hard together with the international community for a more secure cyberspace. Facts should be respected, and accusations against China should be stopped."
Rogers wasn't the only speaker at the hearing to criticise the Chinese government. The US is "being attacked in an aggressive way" by China and possibly other countries, said Representative Dutch Ruppersberger of Maryland, the senior Democrat on the committee.
Michael Hayden, former director of the US National Security Agency (NSA) and the US Central Intelligence Agency, agreed. "As a professional intelligence officer, I step back in awe of the breadth, the depth, the sophistication, the persistence of the Chinese espionage effort against the United States of America," said Hayden, now with security consulting firm the Chertoff Group.
During the hearing, lawmakers questioned Art Coviello, executive chairman of RSA Security, about the breach of his company's SecurID authentication product earlier this year. Coviello described the type of phishing and social engineering attack that led to the compromise as being "very, very sophisticated" and previously unseen by investigators.
Rogers asked if thieves who pulled off the RSA attack were likely sponsored by another nation. "Our conclusion - especially in our discussions with law enforcement - is that this could not have been perpetrated by anyone other than a nation state," Coviello said.
Asked for suggestions on improving US cybersecurity, Coviello called on Congress to pass a national data breach notification law, and he called on the US government to share more information about cyberattacks with private companies. A quicker method of sharing information between the government and businesses is needed, he said, because in a large majority of successful cyberattacks, businesses don't know they were breached until the FBI or some other third party tells them.
In the past 50 cyberattacks investigated by cybersecurity firm Mandiant, 48 of the victims didn't know they were compromised until an outside organisation told them, said Kevin Mandia, Mandiant's CEO.
Coviello also called on Congress to give the NSA more power to stop cyberattacks on American companies. The NSA has the expertise but it has limited authority to act inside the US, witnesses said.
There's a "lack of clarity" among the US public about what resources the government should use to battle cyberattacks, Hayden added. "We have capabilities sitting on the sideline because we are not yet sure how to appropriately use them in this new domain," he said. "We, the American people, have not yet established the rules of the road for what it is we want the government to do in the cyberdomain, or what we will allow the government to do."
A huge, unresolved debate affecting cybersecurity is the right of privacy, Hayden added. "We don't have anything approaching a national consensus when it comes to what constitutes a reasonable expectation of privacy on the internet," he said (Computer World, 2012).
Chinese Hackers May Have Attacked US Satellites
Date: October 28, 2011
Source: Computer World
Abstract: Chinese hackers may have interfered with two US satellites on four separate occasions in 2007 and 2008.
On one occasion, the attackers had enough access to take complete control of one of the satellites but chose not to do so, according to a Bloomberg Businessweek story that cites a soon-to-be published report by a congressional commission.
According to Bloomberg, a Landsat-7 earth observation satellite managed by NASA and the US Geological Survey and a Terra AM-1 satellite managed by NASA were both attacked by hackers thought to be from China.
The attackers appear to have gained access to the satellites via compromised ground control systems at the Svalbard Satellite Station in Spitsbergen, Norway, Bloomberg said.
Hackers "interfered" with the Terra AM-1 satellite twice in 2008 - once for about two minutes in June and again for nine minutes in October. The Landsat-7 system, meanwhile, experienced more than 12 minutes of interference in October 2007 and July 2008.
The October 2007 attack on the Landsat-7 satellite was discovered only when the July 2008 interference was being investigated.
"Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions," the draft report says, according to Bloomberg. "Access to a satellite's controls could allow an attacker to damage or destroy the satellite. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite's transmission."
The report does not directly accuse the Chinese government or its military of being behind the attacks. But it does note that the disruptions are consistent with Chinese military strategies that advocate the disabling of enemy space systems and ground-based satellite control systems, Bloomberg said.
China's stated strategy in a conflict is to "compromise, disrupt, deny, degrade, deceive or destroy" US space and computer systems, the report says, according to Bloomberg.
A spokesman for the Chinese embassy in Washington is quoted as denying any involvement in the attacks and accusing the commission of collecting unsubstantiated stories for the purposes of "vilifying" China.
Though Chinese officials have denied involvement in such attacks, China has frequently been suspected of being behind cyberattacks against US government, military and commercial targets. Privately many security experts say that such attacks allow multiple terabytes of sensitive data and IP to be siphoned out of the country. So far, few have been able to or willing to substantiate those claims publicly.
Based on the Bloomberg story, the incidents described in the report appear similar to a scenario described earlier this year in the US Air Force's Strategic Studies Quarterly.
The report, authored by Christopher Bronk, a former diplomat with the US Department of State and a fellow specialising in IT policy at Rice University's Baker Institute, described how a hypothetical cyberwar between the US and China might play out.In the report, Bronk theorised that China's strategy in any cyberwar will be to degrade and disrupt communications but to not completely disable an opponent's networks. The goal will be to own as much of a network as possible in order to control it when hostilities break out, he said (Computer World, 2012).
Single Out Chinese Actors For "Persistent" Cyber Spying
Date: November 4, 2011
Source: Computer World
Abstract: The US can expect more aggressive efforts from countries such as Russia and China to collect information through cyberespionage in areas such as pharmaceuticals, defense and manufacturing, according to a new government report released Thursday.
The two countries were singled out in the report from the Office of the National Counterintelligence Executive, which also issued recommendations for how organisations can strengthen their defenses.
"Chinese actors are the world's most active and persistent perpetrators of economic espionage," the report said. "Russia's intelligence services are conducting a range of activities to collect economic information and technology from US targets."
Chinese actors are also spies
The growing complexity of IT systems will work to the advantage of cyberspies, as more sensitive information is held on devices such as smartphones and laptops.
Cyberspying is efficient since it can be conducted with relatively limited resources from far away. Once an intrusion is detected, it can be difficult to trace the origin since attacks can be routed through computers worldwide.
The information haul can be devastating. The reported cited the case of Dongfan Chung, who was an engineer with Rockwell and Boeing and was sentenced in 2010. He worked on the B-1 bomber program and was found to have 250,000 pages of documents in his house, which would have filled four, four-drawer filing cabinets.
If converted to digits, the information would fit onto one CD. "Cyberspace makes possible the near instantaneous transfer of enormous quantities of economic and other information," the report said.
Russia uses cybertechniques to gain advantage
China's intelligence agencies often leverage people who have insider access to corporate networks to gain trade secrets and copy them to removable media. Russia's desire to diversify its economy will drive the country to use its highly capable intelligence services, including cybertechniques, to try to gain an economic advantage.
"We judge that the governments of China and Russia will remain aggressive and capable collectors of sensitive US economic information and technologies, particularly in cyberspace," the report said.
It recommended that organisations encrypt information, use multifactor authentication and conduct real-time monitoring of networks, among others.
The report covers 2009 through this year and is part of a law that requires the US president to send Congress a biennial report on the threat to US industry from industrial espionage (Computer World, 2012).
Accused Chinese Cyber-Spy On Trial For Stealing Motorola Secrets
Date: November 8, 2011
Source: Computer World
Abstract: Software engineer Hanjuan Jin, accused of stealing thousands of confidential and proprietary technical documents from Motorola to share with competitors and the People's Republic of China, is expected to stand trial this week in Chicago.
According to a Bloomberg report, Jin, who has pled innocent, has waived her right to a jury trial and will be tried by US District Judge Ruben Castillo in Chicago. Jin, now 41, was arrested by US Customs officials on February 28, 2007, at Chicago O'Hare International Airport, ready to depart via a one-way ticket to China. Along with $30,000, she was carrying more than 1,000 electronic and paper documents from her former employer - she had just quit Motorola - as well as Chinese documents for military telecommunications technology, according to the FBI affidavit filed in court as part of the case.
That's the heart of the feds' criminal lawsuit against Jin, a US citizen born in China, who was released on $50,000 bail. Since Jin's arrest at the airport, the case has taken four years to go to trial in what has been a winding skein of accusations about her. Earlier legal documents filed by Motorola itself and made public paint a startling picture of the influence that software engineers had in Jin's working environment at Motorola and how Jin allegedly gained unauthorised network access to Motorola source code and other valuable trade secrets.
According to the Bloomberg account today, Jin is on trial for economic espionage for stealing mobile telecommunications technology for the benefit of China's military and for a Beijing business, Kai Sun News (Beijing) Technology Company, also called SunKaisens.
The Jin trial comes at a turning point in Motorola's history. In August, Google announced its intent to acquire Motorola Mobility for £7.7 billion. In late September, the US Department of Justice asked Google for more information about its planned purchase of Motorola Mobility, a move that could slow down the planned acquisition, Google said.
The Jin trial also comes as the US government is lashing out at the government of China and China-based firms, for alleged cyber-espionage against US-based businesses and government agencies. The American government last week issued a report blasting China for stealing information for economic gain."Chinese actors are the world's most active and persistent perpetrators of economic espionage," the report from the office of the National Counterintelligence Executive said. The report said China's intelligence agencies often leverage people who have inside access to corporate networks to gain trade secrets and copy them to removable media (Computer World, 2011).
Hackers Attacking Western Defence Firms Based In China, Says Symantec
Date: January 30, 2012
Source: Computer World
Abstract: Symantec researchers have uncovered additional clues that point to Chinese hacker involvement in attacks against a large number of Western companies, including major US defence contractors.
The attacks use malicious PDF documents that exploit an Adobe Reader bug patched last month to infect Windows PCs with "Sykipot", a general purpose backdoor Trojan horse.
According to findings by Symantec's research team, a "staging server" used by the attackers is based in the Beijing area, and is hosted by one of the country's largest Internet service providers, or ISPs.
Symantec did not identify the ISP.
The staging server stores new files, many of them malformed PDFs, that are used to infected machines. Symantec found more than 100 malicious files on the server; many had been used in Sykipot campaigns.
Researchers also said that one of the attackers who connected to the staging server did so from Zhejiang province on China's eastern coast. Hangzhou is that province's capital and largest city.
Previously, Symantec had confirmed that the Sykipot attacks had been aimed at people working at major defence contractors, and at a smaller number of individuals employed in the telecommunications, manufacturing, computer hardware and chemical sectors. Lockheed Martin, whose security team was among those who reported the Reader vulnerability to Adobe, may have been one of the targeted companies.
After digging through the staging server, Symantec found clues that led it to a second system where the same group hosted a tool that automatically modifies files, again including PDFs, as part of its strategy to evade detection by antivirus software.
Like other authors of targeted attacks, the Sykipot gang tags each campaign with an identification number so that it can evaluate each assault's effectiveness. The unique identifiers are hard-coded into the malware, said Symantec.
Duqu, a Trojan aimed at Iran last year, uses a similar tracking tactic that relies on customised malware, as well as a separate command-and-control (C&C) server for each attack.
Although Symantec did not come out and name China as the home base of the Sykipot hackers, it came close.
are familiar with the Chinese language and are using computer resources in
China," the company said. "They are clearly a group of attackers who
are constantly modifying their creation to utilise new vulnerabilities and to
evade security products and we expect that they will continue their attacks in
the future" (Computer World, 2012).
Occupying The Information High Ground: Chinese Capabilities For Computer
Network Operations And Cyber Espionage
Date: March 7, 2012
Source: Northrop Grumman Corp
Abstract: The People’s Liberation Army today is entering its second decade of a sustained modernization drive that has generated remarkable transformation within the force. The Revolution in Military Affairs (RMA), the transformational concept that has radically altered Western approaches to modern warfare, has put information technology and the ability to control the flow of data at the core of how modern militaries organize, equip, and fight. The PLA is pursuing the means to seize and occupy the “information high ground” in the modern battlespace by employing these concepts and new technologies to exert control over information and information systems.
While the modernization of China’s military hardware continues to capture headlines, the rapid development of a comprehensive C4ISR infrastructure, linking platforms, personnel, and operations, is arguably the most transformative of all PLA efforts currently underway. Unifying disparate information systems and enabling coordination between geographically dispersed units has the potential to generate greater lethality without the need to radically overhaul the existing force structure. Doctrinally, this process of networking its force structure is referred to as Fighting Local Wars Under Conditions of Informationization. Success in this environment means attaining near total situational awareness of the battlespace while limiting an adversary’s ability to do the same.
Computer network operations (attack, defense, and exploitation) have become fundamental to the PLA’s strategic campaign goals for seizing information dominance early and using it to enable and support other PLA operations throughout a conflict. During peacetime, computer network exploitation has likely become a cornerstone of PLA and civilian intelligence collection operations supporting national military and civilian strategic goals.
The apparent expansion of China’s computer network exploitation (CNE) activities to support espionage has opened rich veins of previously inaccessible information that can be mined both in support of national security concerns and, more significantly, for national economic development. Information that previously required close-in human intelligence (HUMINT) access, necessitating the long-term development and recruitment of individuals with access to targeted information, is now easily obtained by sending a phishing email to the unsuspecting targets.
Military operations have similarly benefitted from the unlimited range and precision of network based weapons and intelligence collection opportunities. Holding an adversary’s logistics and communications capabilities at risk previously required kinetic options (accurate missiles, quiet submarines, special operations forces, or advanced maritime strike aircraft) to physically target key communications nodes. PLA leaders understand now that tactical level employment of CNA tools used with sufficient precision can achieve dramatic strategic outcomes with the potential to alter a campaign. Conversely, as the PLA deploys more sophisticated information systems and grows increasingly reliant upon them for successful 109
military operations, it also must also protect itself from the same network vulnerabilities as its high-tech adversaries. This imperative places computer network defense (CND) on an equal footing with its counterparts in the CNO triad.
While CNO is appealing to China’s military leaders as a tool for offense and intelligence collection, its ease of use and development do not fully explain China’s apparent eagerness to employ CNO to further national strategy. CNO tools used in the support of military contingencies like a Taiwan or South China Sea crisis also carry appeal for their ability to reach strategic targets in the United States and Western Pacific without requiring the use of conventional weapons and kinetic strikes. Ballistic missiles, airstrikes and troop landings have attribution “fingerprints” like none other, whereas CNO actions often have none. Furthermore, the use of kinetic options is a clear casus belli under international law and leaves less ambiguity about a likely U.S. response. The skillful application of CNA or CNE tools, by contrast, can exploit the vagaries of international law and policy surrounding nation state responses to apparent network attack to delay or degrade a potential U.S. military response to a crisis.
The PLA is augmenting its developing CNO capabilities by relying on inputs from China’s commercial IT industry, academia, and civilian and military research institutions. The private sector is funding R&D with state grants, as well as its own resources in some cases, in areas that have relevance to improving information security and offensive tools. A defined group of military and civilian universities have emerged as centers of excellence or hosts of state laboratories devoted to CNO research. The PLA’s extensive network of research institutes is also making breakthroughs in many aspects of information security and computer science. The 2010 development at a PLA university of what was then the world’s fastest supercomputer demonstrated the high quality and focus of current research. It also underscores the inherently dual-use qualities of information technology that allow the PLA to leverage the “spin-on” effect of new innovation from China’s commercial IT sector.
Telecommunications hardware notables such as Huawei, Zhongxing (ZTE), and Datang maintain relationships with the PRC government to varying degrees, ranging from commercial contracting, to supporting research institutes, and funding R&D for dedicated military or dual-use technologies. Such relationships continue to fuel speculation in the United States and other Western nations about potential network attack or exploitation vectors created by the growing presence of these and other Chinese IT companies in global telecommunications infrastructure markets.
These concerns are magnified by the globally diffuse telecommunications supply chain that appears to allow multiple points of access to an adversary intent on corrupting hardware components, such as integrated circuits or larger components they support. The complexity of the global high-tech supply chain, however, may carry inherent defensive advantages. Obfuscating the end user of a chipset during the design and manufacturing processes has the potential to act as a deterrent by making the problem more logistically complex for most adversaries. Other measures that can diminish the chances that a compromised chipset 110
successfully reaches its intended target could also dramatically decrease the perceived return on investment in upstream supply chain compromises. Downstream supply chain penetrations of hardware resellers and distributors, however, continue to pose significant law enforcement and counterintelligence challenges to the United States.
Taken in the
aggregate, recent developments in Chinese CNO applications and R&D point to
a nation fully engaged in leveraging all available resources to create a
diverse, technically advanced ability to operate in cyberspace as another means
of meeting military and civilian goals for national development. Computer
network operations have assumed a strategic significance for the Chinese
leadership that moves beyond solely military applications and is being broadly
applied to assist with long term strategy for China’s national development (Northrop Grumman Corp).
Title: Chinese Hackers 'Had Full Access' To Nasa Lab That Commands 23
Date: March 7, 2012
Source: Daily Mail
Abstract: Chinese hackers gained 'full access' to the computer network in one of Nasa's key control centres, the Jet Propulsion Laboratory.
JPL manages 23 spacecraft conducting active space missions, including missions to Jupiter, Mars and Saturn.
The hackers, operating from an internet address in China, gained full system access in November 2011, allowing them to upload hacking tools to steal user IDs and control Nasa systems, as well as copy sensitive files.
The hackers were also able to modify system logs to conceal their actions.
‘The intruders had compromised the accounts of the most privileged JPL users, giving the intruders access to most of JPL's networks,’ said National Aeronautics and Space Administration Inspector General Paul Martin.
The cyber attack was one of 'thousands' of computer security lapses at the space agency.
Martin said the hackers gained full system access, which allowed them to modify, copy, or delete sensitive files, create new user accounts and upload hacking tools to steal user credentials and compromise other NASA systems.
National Aeronautics and Space Administration Inspector General Paul Martin testified before Congress on the breaches.
In another attack last year, intruders stole credentials for accessing NASA systems from more than 150 employees.
Martin said the his office identified thousands of computer security
lapses at the agency in 2010 and 2011.
He also said NASA has moved too slowly to encrypt or scramble the data on its laptop computers to protect information from falling into the wrong hands.
Unencrypted notebook computers that have been lost or stolen include ones containing codes for controlling the International Space Station, as well as sensitive data on NASA's Constellation and Orion programs, Martin said.
A NASA spokesman told Reuters on Friday the agency was implementing recommendations made by the Inspector General's Office.
‘NASA takes the issue of IT security very seriously, and at no point in time have operations of the International Space Station been in jeopardy due to a data breach,’ said NASA spokesman Michael Cabbagehe.
Giving testimony on the space agency's security issues, NASA Inspector
General Paul K. Martin told Congress that 48 agency devices were lost or stolen
over a two year period.
The mobile devices, which contained personable data, intellectual property, and highly sensitive export-controlled data, were stolen between April 2009 and April 2011, CBS News reported.
Over two years alone NASA was the victim of 5,408 computer security breaches that included unauthorized access to systems or the installation of unauthorized software. The incidents during 2010 and 2011 cost the space agency around $7 million.
Martin told Congress in written testimony: 'The March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station,'
Another stolen laptop contained classified information on NASA's space exploration Constellation and Orion programs and employees social security details.
These figures may be the tip of the iceberg, Martin said because the system for reporting lost data or devices is voluntary:
He said: 'NASA cannot consistently measure the amount of sensitive data exposed when employee notebooks are lost or stolen because the agency relies on employees to self-report regarding the lost data rather than determining what was stored on the devices by reviewing backup files,' CBS News reported.
In 2011 NASA was the victim of 47 serious cyberattacks by individuals or groups attempting to steal information or gain access to systems, Martin said.
13 of these advanced persistent threats or (APTs) were successful including one attack in which system access codes for some 150 NASA employees were stolen.
Another attack on the Jet Propulsion Laboratory in Pasadena, Calif. stemming from China based USPs is still under investigation. Cyber thieves 'gained full access to key JPL systems and sensitive user accounts,' Martin said.
Martin painted a gloomy picture of security at NASA explaining while the rate of mandated encryption across government departments was 54 percent, just 1 percent of NASA portable devices are encrypted.'Until NASA fully implements an agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft,' he said (Daily Mail, 2012).
Title: US Feels Threatened By
China's Cyber Capabilities
Date: March 8, 2012
Source: Computer World
Abstract: China's strengthening cyber capabilities will complicate US efforts to defend itself against industrial espionage and possible military confrontations in places such as Taiwan, according to a new US congressional report released today.
The report was written by defence contractor Northrop Grumman for the US-China Economic and Security Review Commission, which was set up by Congress in 2000.
It paints a grim picture for the US, whose defence and high-tech companies including Google have been successfully breached by suspected China-based hackers.
The US faces risks from attackers who seek to infiltrate the supply chains for electronics such as chips or integrated circuits, which could be modified to intentionally fail, the report said.
"The supply chain for microelectronics and telecommunications-related hardware in particular is extremely diffuse, complex, and globally dispersed, making it difficult for US firms to verify the trust and authenticity of the electronic equipment they purchase," it said.
At particular risk is the telecommunications industry, the report said. Equipment could be modified by an adversary in order to gain covert access, monitor systems. False instructions could be planted to cause "destruction of the targeted system," it said.
In 2010, Iran was targetted by a malicious software program called Stuxnet that caused industrial control equipment made by Siemens fail, interrupting the country's uranium enrichment machinery.
The US has already been battling with counterfeit equipment coming from China. The report said infiltration of hardware resellers and distributors "continue to pose significant law enforcement and counterintelligence challenges to the United States".
"By providing counterfeit hardware that already contains the Trojanized access built into the firmware or software, a foreign intelligence service or similarly sophisticated attacker has a greater chance of successfully penetrating these downstream supply chains," it said.
Within China's military, the report said the People's Liberation Army (PLA) has a broad framework called "information confrontation" that appears to wrap computer network operations together with electronic warfare, psychological operations and deception.
"PLA leaders have embraced the idea that successful warfighting is predicated on the ability to exert control over an adversary's information and information systems, often preemptively," the report reads.
The difficulty the US faces with electronic warfare is that aggressive cyber acts are difficult to attribute, which complicates a response. China has developed strong capabilities to disrupt the US military's electronic command-and-control systems, known as C4ISR infrastructure, which could hamper a quick response to a crisis in, for example, Taiwan.
"Chinese commanders may elect to use deep access to critical US networks carrying logistics and command and control data to collect highly valuable real time intelligence or to corrupt, the data without destroying the networks or hardware," the report said.
China also invests heavily at an academic level: At least 50 universities that do information security research received grants from national technology grant programmes, supporting the country's broad goals to be an information technology power (Computer World, 2012).
Joint Tech Ventures Between US And China Pose Cyberwar Risk
Date: March 9, 2012
Source: Computer World
Abstract: Should conflict occur, China's cyberwar plans target the US, and today's Chinese joint ventures with US manufacturers in hardware, software and telecommunications create a "potential vector" for the People's Liberation Army (PLA) to exploit and compromise, says a report from the US-China Economic and Security Review Commission sent to Capitol Hill today.
The report, "Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage," was researched under mandate by Congress when it first formed the external Washington, DC-based US-China Economic Security Review Commission to undertake ongoing research about relations between the two countries. The report, written by information security analysts from Northrop Grumman, says that leaders in the Chinese People's Liberation Army (PLA) "have embraced the idea that successful warfighting is predicated on the ability to exert control over an adversary's information and information systems, often preemptively."
The report claims China is actively planning out how it could attack US military operations. The report also notes that at least 50 civilian universities in China are receiving funding aimed at developing cyberwar capabilities for the military under at least five established national grant programs.
A cyberstrike could occur in advance of any physical military confrontation, the report states. "Chinese commanders may elect to use deep access to critical US networks carrying logistics and command and control data to collect highly valuable real-time intelligence or to corrupt the data without destroying the networks or hardware."
The report says evidence it has compiled, mainly from PLA, Chinese government and non-proprietary sources, shows that China does want to be prepared to launch a cyberwar strike on the US in the event of a conflict. The report goes on to claim that joint venture relationships between Chinese and non-Chinese hardware, software and telecom providers represent a "risk" from the US point of view.
"Potential for illicit access to sensitive network data" is high
The report notes that possible tampering could occur in hardware such as routers and switches from China. And it states, "Deliberate modifications of semiconductors upstream of final product assembly and delivery could have subtle or catastrophic effects. An adversary with the capability to gain covert access and monitoring of sensitive systems could degrade a system's mission effectiveness, insert false information or instructions to cause premature failure or complete remote control or destruction of the targeted system."
Collaboration between US and Chinese information security firms, according to the report, "has raised concerns over the potential for illicit access to sensitive network vulnerability data at a time when the volume of reporting about Chinese computer network exploitation activities directed against US commercial and government entities remains steady."
The report takes a dim view of partnerships between "US or other Western information security firms and Chinese IT and high-tech firms," saying there are risks "primarily related to the loss of intellectual property and erosion of long-term competitiveness, the same threats faced by many US companies in other sectors entering partnerships in China."
The report singles out the joint venture between Huawei Shenzhen Technology Company Ltd. and Symantec, under which for almost four years Symantec shared its security and storage technologies with Huawei to include in its telecom equipment. Symantec CEO Enrique Salem announced the joint venture had ended in November 2011, saying the two companies had decided it would be best to consolidate the venture under one owner. Huawei, which bought out Symantec for $530 million, still licenses Symantec's technologies.
"Partnering with an American or other Western anti-virus vendor does not necessarily allow the Chinese partner to obtain signature data earlier than legitimate participation in industry consortia such as the Microsoft Virus Information Alliance, but it may provide the Chinese partner with deeper access to US markets over the long term," the report said.
Huawei has been blocked by the US Dept of Commerce
Huawei is the large China-based telecom equipment and service provider which has been seeking to expand business in the US the past few years even as the atmosphere has grown more tense as several US companies, including Google, have spoken of cyber-espionage carried out by what appeared to be attacks out of China.
Without official explanation, Huawei has found itself blocked by the US Department of Commerce from participating in a USproject to build a wireless network for emergency personnel, police and firefighters. In addition, Huawei has found itself struggling with its involvement with Iran, where it has sold network gear, but recently said it would no longer supply Iran after its contracts there end.
Neither Symantec nor Huawei had immediate comment regarding the report. However, William Plummer, vice president of external communications at Huawei, who spoke with Network World last week about these topics, says assertions made in a Wall Street Journal story late last year that Huawei was helping Iran conduct cyber-surveillance against its citizens, especially dissidents, simply isn't true.
Plummer said Huawei's telecom equipment does have the equivalent of a backdoor for government use, but it is the same kind that is mandated in equipment by the US under the Communications Assistance for Law Enforcement (CALEA) laws in the US. This kind of interface is there for governments around the world, he notes.
"Every government on this planet has a shared concern about security," Plummer said. He said Huawei, which did $32 billion in business last year, is not part of the Chinese government, although its founder, Ren Zhengfei, is an ex-Army officer in the PLA. However, a number of US lawmakers are pushing to investigate Huawei and its ties to Iran, especially as concerns the WSJ's allegations of tracking of wireless mobile use in Iran.In general, cyber-espionage is a fact of life today, Plummer acknowledged. Based on his own experience in the US foreign service, he noted, "I believe there's hacking of all sorts" by Russia, China and the US (Computer World, 2012).
Title: Luckycat Hacking Attacks Originated In China, Says Trend Micro
Date: April 2, 2012
Source: Computer World
Abstract: Security vendor Trend Micro has been tracking a hacking campaign called Luckycat that has been linked to 90 attacks, including some aimed at Tibetan activists, and has tied it to a group based in China, the company said in a report published on Thursday.
The Luckycat campaign, which has been active since at least June 2011, has been connected with attacks against targets in Japan and India as well, according to Trend Micro. Industries targeted include military research, aerospace and energy, it said.
To avoid detection, the hackers used a diverse set of infrastructure and anonymity tools. Each attack used a unique campaign code to track which victims were compromised by which malware, illustrating that the attackers were both very aggressive and continually targeted intended victims with several waves of malware, according to Trend Micro's report.
The security company was able to connect an email address used to register one of the group's command-and-control servers to a hacker in the Chinese underground community.
The hacker has been using aliases "dang0102" or "scuhkr" and has been linked to the Information Security Institute of the Sichuan University in Chengdu, China, where he was involved in a research project on network attack and defense.
The person behind the aliases and the email address is Gu Kaiyuan, who is now apparently an employee at Tencent, China's leading Internet portal company, The New York Times reported on Thursday.
There are more signs pointing to China as the origin of the Luckycat campaign. The language settings of the attackers' computers indicate that they are Chinese speakers, according to Trend Micro. The work done by the hacker group was first documented earlier this month by Symantec, which showed that the hackers used IP addresses allocated to China, Trend Micro said.
The targeted nature of the attacks is no isolated occurrence. The number of targeted attacks has dramatically increased, Trend Micro said.
To better protect themselves, enterprises need to use a mixture of technology and education, according to Trend Micro. Apart from patch management, endpoint and network security, enterprises should also focus on detecting and mitigating attacks, the company said.
But an enterprise's defense is only as good as its employees. People trained to expect targeted attacks are better positioned to report potential threats and can become an important source of threat intelligence (Computer World, 2012).
Title: Is China Behind Hacker Attack On North
Carolina Website That Covered Political Scandal?
Date: April 20, 2012
Source: Fox News
Abstract: A massive hacker attack has crippled an overseas website that has reported extensively on China's biggest political turmoil in years, underscoring the pivotal role the Internet has played in the unfolding scandal.
North Carolina-based Boxun.com was forced to move to a new web hosting service Friday after its previous host said the attacks were threatening its entire business, website manager Watson Meng told The Associated Press. He believes the attacks were ordered by China's security services, but it isn't clear where they were launched from.
The assaults on Boxun's server followed days of reporting on Bo Xilai, formerly one of the country's most powerful politicians, who was fired as head of the mega-city of Chongqing and suspended from the Communist Party's powerful Politburo amid accusations of his wife's involvement in the murder of a British businessman.
The scandal has deeply embarrassed Communist Party leaders obsessed with controlling their image and imposing strict secrecy over their inner workings.
Six years ago, when Shanghai's powerful boss was toppled, Chinese social media was in its infancy and months went by with no word on the case against him.
Today, the dynamics have changed, and when the government fails to release information about a key political development, the online rumor mill goes into overdrive, with China's half-a-billion Internet users taking to blogs, foreign news sites, and — most significantly — Weibo, China's hugely popular version of Twitter.
"People on Weibo used to care mainly about lifestyle issues, but this time we're seeing it play an unprecedented role in spreading political information and opinion," said Zhan Jiang, a professor at Beijing Foreign Studies University's School of Mass Media.
The first whiff of the Bo scandal came when his former right-hand man, ex-Chongqing police chief Wang Lijun, breached protocol with a surprising Feb. 6 visit — first reported in Weibo postings — to a U.S. Consulate in a neighboring city. There were rumors of a spat with Bo, but neither Chinese nor U.S. revealed any details of the consulate visit.
At the time, Bo admitted to not properly managing his staff, but it appeared he would keep his job and remain a candidate for the party's all-powerful Politburo Standing Committee when a new generation of leaders is picked this fall.
But then the scandal caught fire with suggestions online that Wang was spreading the word about the alleged involvement of Bo's wife in the death of Briton Neil Heywood, a business consultant with close ties to Bo's family. Those suspicions first appeared in a brief posting in early March by a reporter from the Southern Weekend newspaper group, who said he'd received the information via a Feb. 15 text message from a telephone number used only by Wang.
That happened after Chinese authorities took Wang into custody on Feb. 7, so it wasn't known who sent the message. However, it was widely circulated online, and the foreign media flocked to Chongqing to investigate, making it impossible for the government to ignore the case without sparking an international incident.
A few weeks later, on March 15, Bo was sacked as Chongqing party chief, and on April 10 authorities announced he was under investigation and that his wife and a household aide were suspects in the Heywood murder.
Boxun, which has reported on the scandal since early February, was brought down for several hours Friday in a denial of service attack in which hackers deluge a website to paralyze it.
"We publish articles critical of the Chinese government so we're accused of having ulterior motives," Meng said in an online chat. "But in the West, most media is critical of its government, so why can't we be?" he said.
Foreign governments and corporations routinely complain of hacking attacks from China, although it is rarely provable where they originate or who is behind them. The Chinese government routinely denies using hackers to attack web sites or steal secrets online.
Meng set up Boxun in 2000 to spread word on the pro-democracy movement, human rights, and corruption, much of it submitted by readers in a form of citizen journalism. Its edgy nature has brought it under hacker attack before and forced it to go without advertising since 2005. Meng says Boxun is independently financed, although the U.S. government-funded National Endowment for Democracy has partly backed the China Free Press project managed by Meng and registered at the same address as Boxun.
Not all of Boxun's reports have held water and it has offered competing accounts of what drove the decision to cashier Bo. But many of its reports on allegations of Gu's involvement in the Heywood death and the Bo's falling-out with Wang have since been proven true or been corroborated by other sources.
Traffic to the site has grown 155 percent over the past three months, according to Internet monitoring firm Alexa, with the second largest chunk of visitors coming from China, despite government blocks.
China heavily censors the Internet and blocks Twitter, Facebook, YouTube and scores of other overseas sites. Government monitors swiftly remove sensitive postings and have tried to rein in Weibo by requiring proof of identification for new accounts and sometimes disabling sections where comments can be posted.
Still, the sites have a profound effect. Witness reports on a horrific train collision last year prompted disgust at officials' callousness and a sweeping safety review.
One reason why the government may not have cracked down harder on the Internet so far is because parties within the establishment also use it to attack their foes, spread disinformation or advance their own agendas, said Xiao Qiang, director of the China Internet Project at the University of California-Berkeley.
But they can't completely control the online discussions or filter out all unwanted revelations, Xiao said.
facts and opinions generate pressure or create the conditions for the
government to take actions such as firing Bo Xilai," he said (Fox News, 2012).
Targets Chinese Firm Over Iran Deal
Date: July 12, 2012
Source: Smoking Gun
Abstract: The FBI has opened a criminal investigation targeting a leading Chinese telecommunications firm that allegedly conspired to illegally ship hardware and software purchased from U.S. tech firms to Iran’s government-controlled telecom company, a violation of several federal laws and a trade embargo imposed on the outlaw Islamic nation, The Smoking Gun has learned.
The federal probe, launched earlier this year, has also uncovered evidence that officials with the Chinese company, ZTE Corporation (ZTE), are “engaged in an ongoing attempt to corruptly obstruct and impede” a Department of Commerce inquiry into the tainted $130 million Iranian transaction, according to a confidential FBI affidavit.
Officials with ZTE allegedly began plotting to cover up details of the Iranian deal after Reuters reported on the transaction in late-March. The news agency revealed that the telecom equipment sold to Iran was a “powerful surveillance system capable of monitoring landline, mobile, and Internet communications.” Included in the material sent to Iran were products manufactured by U.S. firms like Microsoft, Oracle, Cisco Systems, Dell, and Symantec.
Concerned that they could no longer “hide anything” in the wake of the Reuters report, ZTE lawyers discussed shredding documents, altering records, and lying to U.S. government officials, according to an insider’s account provided to FBI agents by a Texas lawyer who last year began serving as general counsel of ZTE’s wholly owned U.S. subsidiary. ZTE, the world’s fourth largest telecom equipment manufacturer, is publicly traded, though its controlling shareholder is a Chinese state-owned enterprise.
The FBI probe is being run out of the bureau’s Dallas office by agents assigned to a counterintelligence and counterespionage squad. Like the Department of Commerce investigation (and a related congressional inquiry being conducted by the House Permanent Select Committee on Intelligence), the FBI opened its case following the March 22 Reuters story by reporter Steve Stecklow.
According to an affidavit sworn by FBI Agent Zachary Carwile, federal investigators have been provided incriminating details about the actions of ZTE officials by Ashley Kyle Yablon, a 39-year-old attorney who was hired by ZTE’s Dallas-based U.S. subsidiary in October 2011. Yablon, who previously worked as an in-house counsel for the Chinese telecom giant Huawei Technologies, a ZTE rival, has allowed the FBI to make a forensic copy of all files on his work computer.
In a brief phone conversation, Yablon, seen at left, said that he did not have time to speak with a reporter. The attorney, who still works for ZTE, did not respond to subsequent messages left at his office and on his cell phone. Asked about his client’s role in the FBI investigation, Thomas Mills, Yablon’s lawyer, said, “I can’t talk about that topic.”
During a May 2 interview with two FBI agents, Yablon provided a startling account of his interaction with ZTE representatives who were once eager to devise strategies that would allow them to sell phones containing U.S. made components to “banned” countries. But following the Reuters story, Yablon recalled, the Chinese officials sought to obscure details of the illegal backdoor Iranian deal and, in the process, stymie U.S. government investigators circling the multinational company.
The FBI affidavit reveals that ZTE recently informed the Department of Commerce that it would not comply with an administrative subpoena served on the company seeking records of the nine-figure Iran transaction. Yablon told the FBI that he learned that ZTE officials “had contacted the PRC [People’s Republic of China] government, which was prepared to advise [the company] that if it complied with the DoC administrative subpoena, it would be violating PRC law.”
Days after the Reuters story was published, Yablon recalled, he spoke with ZTE lawyer Xue Xing Ma (also known as “Marsha”), who said the company was concerned about how the news outlet obtained a copy of the 907-page packing list for the system shipped to Telecommunication Company of Iran (TCI). “Marsha told Yablon the corporation was concerned because it could no longer ‘hide anything,’” reported Agent Carwile.
Yablon told investigators that, upon hearing this from Marsha, he responded that he would not engage in a “cover up,” and threatened to resign.
In late-March, at ZTE’s direction, Yablon retained the powerhouse law firm DLA Piper to handle the company’s response to the Department of Commerce subpoena (as well as to help prepare for a mid-April visit to ZTE’s Shenzhen headquarters by representatives of the House committee).
In early-April, Yablon traveled to China, where he conferred with assorted ZTE officials, several company attorneys, and two DLA Piper lawyers. As recalled by Yablon, during an April 11 meeting, a ZTE lawyer identified in the FBI affidavit as “Mr. Guo” “appeared to suggest several strategies for responding to the DoC subpoena,” including claiming that the packing list obtained by Reuters was “not the real document.”
Guo then asked Yablon and the DLA Piper attorneys what would happen if ZTE told U.S. government officials that the company “had not actually shipped the telecommunications system to Iran.” According to the FBI affidavit, Yablon replied that it appeared to him that ZTE officials were “suggesting potential scenarios that would obscure the fact that U.S.-made telecommunication equipment had been shipped to Iran.”
The day after Guo floated the cover-up trial balloon, Yablon and a DLA Piper lawyer met with two other ZTE officials, one of whom projected on a wall an image of the contract with the Iranian telecom company “for the sale of the surveillance system.” According to Yablon, “the contract essentially described how [ZTE] would evade the U.S. embargo and obtain the U.S.-manufactured components specified in the contract for delivery” to the Iranian company.
Yablon told the FBI that he believed ZTE established a separate company solely to buy “U.S.-made goods subject to the U.S. embargo,” and set up a second firm to “integrate the equipment for delivery to and installation in Iran.”
At another meeting on April 12, Yablon and DLA Piper lawyer Richard Newcomb presented ZTE officials with “a plan they had drafted for the company’s response to the DoC subpoena.” However, “none of the [ZTE] officials offered any substantive response to the plan.”
During the meeting, Yablon told the FBI, he watched as several company officials “huddled together in the corner of the room.” Yablon said that when he asked "Marsha" what was being discussed, she answered that “they were discussing shredding documents and changing the packing list.”
In late-April, Yablon noticed that he was no longer being copied on e-mail exchanges between ZTE and DLA Piper about the Commerce Department subpoena. During an April 26 conversation with John Merrigan, a DLA Piper partner, Yablon was told by Merrigan that he had spoken with ZTE officials the prior evening and that they said their firm “had never shipped the surveillance system equipment to Iran, and that the equipment either was in warehouses in the PRC or had been shipped to non-embargoed countries.”
Yablon recalled that he informed Merrigan that, weeks earlier, he had met with a ZTE lawyer who proposed a menu of possible stories to peddle to the DoC. The Chinese attorney said that U.S. investigators could either be told that telecom material had never been shipped to Iran, that the items actually went to a non-embargoed country, or that the shipment to Iran included only “de minimis” U.S. components not subject to the trade embargo.
According to Yablon, Merrigan said that a ZTE lawyer had directed him to omit Yablon from “all further communications regarding the company’s response to the DoC subpoena and other issues relating to the contract with TCI,” reported FBI Agent Carwile. Yablon, who had previously threatened to quit if asked to engage in a cover-up of the Iranian deal, appeared to have been totally frozen out by his ZTE superiors.
Merrigan, pictured below, did not respond to a phone message left at his Washington, D.C. office or an e-mail sent to his DLA Piper account.
In the last conversation recounted in the FBI affidavit, Yablon recalled speaking on April 26 with a ZTE attorney who “relayed…instructions to gather all records he had related to the export issues, including documents and computer files.”
While the affidavit does not detail what the Chinese company planned to do with this incriminating material, ZTE certainly had no intention of providing it to U.S. authorities. In fact, the company subsequently advised DoC that they would not respond to the agency’s administrative subpoena.
Six days after being instructed to compile his work product about the Chinese firm’s deal with Iran, Yablon sat down for a lengthy interview with the FBI (it is unclear whether he reached out to the bureau). The “documents and files” Yablon was ordered to gather were stored on his laptop, an Asus model issued to him by ZTE.
On May 7, Yablon met with the FBI in his lawyer’s office and provided written consent for agents to take temporary custody of his computer so that a complete “forensic image” of the machine could be made.Seeking to “preserve any evidence of a crime” on Yablon’s laptop, federal investigators had concluded that there was probable cause to believe that ZTE and its officers and employees had knowingly engaged in a conspiracy to illegally re-export goods to Iran, and were also involved in a “continuing and corrupt effort to obstruct and impede” U.S. government investigators (Smoking Gun, 2012).
Title: Chinese Police Arrests
10,000 For Cybercrimes
Date: July 27, 2012
Source: Times of India
Abstract: Chinese police arrested over 10,000 suspects and 600 criminal gangs during its latest crackdown on cybercrime.
The ministry of public security said the crackdown targeted pornography and the illegal sale of personal details. The ministry said that as of June, 3.2 million 'harmful' messages had been deleted and 30 internet service providers punished for granting access to unlicensed sites.
"Although illegal and harmful information on the internet has been sharply reduced through intensified crackdowns, fraudulent messages are still seen occasionally," the official Xinhua news agency quoted a ministry statement, as saying.
"And some telecom service providers are not strict enough when managing websites," it added.
According to BBC, the statement coincides with reports from some of the country's local authorities about their own efforts.
Police said it had arrested 5,007 people suspected of internet-related crimes
and closed 263 internet cafes as part of its efforts to 'protect the physical
and mental health of young people' using the web (Times of India, 2012).
Panetta Talks Cyber Issues With Chinese, But Experts See No Decline In Attacks
Date: September 20, 2012
Source: Fox News
Abstract: Despite several years of escalating diplomacy and warnings, the U.S. is making little headway in its efforts to tamp down aggressive Chinese cyberattacks against American companies and the government.
U.S. Defense Secretary Leon Panetta, who is wrapping up three days of meetings with military and civilian leaders, said he has brought the issue up at every session and come away with little more than agreements to talk again.
Meanwhile, cybersecurity analysts say the computer-based attacks emanating from China continue unabated, and in fact are expanding and focusing more intently on critical American oil, gas and other energy companies.
“No diplomatic actions have made a difference,” said Richard Bejtlich, chief security officer for the Virginia-based cybersecurity firm Mandiant. “They remain aggressive — they’re kicked out one day and try to get back in the next day.”
He said the China-backed hackers’ tactics are also evolving, and they are more often going after corporate computer systems by breaching software weaknesses, rather than simply trying to get into a network by duping an individual employee. And he said they appear to be increasingly targeting lucrative energy companies.
Efforts by officials across the U.S. government have not seemed to have any impact, Bejtlich said, adding: “The Chinese don’t seem to care. So I don’t have any hope that the dialogue is reaching anyone of any note.”
Panetta, who is leaving China on Thursday, met with China’s leader-in-waiting, Xi Jinping, Wednesday and afterward told reporters that he urged Xi and other leaders to have an ongoing dialogue with the United States about the cyber threat.
“I think it’s clear that they want to engage in a dialogue on this issue,” Panetta said, “and I guess that’s the most important thing. That’s the beginning of trying to perhaps be able to develop an approach to dealing with cyber issues that has some semblance of order here as opposed to having countries basically all flying in the dark.”
Chinese officials have steadfastly denied the cyberattacks, saying they also are victims of computer hackers and breaches.
But nine months ago senior U.S. intelligence officials for the first time publicly accused China of systematically stealing American high-tech data for its own national economic gain. It was the most forceful and detailed airing of U.S. allegations against Beijing after years of private complaints, and it launched a more open push to combat the attacks.
James Lewis, a cybersecurity expert with the Center for Strategic and International Studies, said the U.S. is starting to push the Chinese harder on the issue, but the administration needs to do more.
“The damage from Chinese cyber espionage is easy to overstate but that doesn’t mean we should accept it,” he said. “The Bush administration was unaware of the problem; this administration needs to come up with a more dynamic response.”
Cyber experts and U.S. officials agree that one of the biggest threats is the possibility of a miscalculation when a cyber breach triggers a clash between the two nations and there is no underlying relationship that can be used to discuss or work out the problem.
“How do you make sure something doesn’t go off course and become a flashpoint for a bigger crisis?” Lewis said.
He added that the People’s Liberation Army has been more confrontational lately, and lingering questions remain about the relationship between the Chinese political leaders and the military, and whether the civilian officials can effectively rein in the PLA.
Bejtlich and others describe a hierarchy of hackers in China that includes three main groups: those who are employed directly by the government, those who are affiliated with universities or quasi-government agencies and the so-called patriotic hackers who work on their own but direct their attacks against the U.S. and Western interests.
Bejtlich said some of the state-sponsored hackers appear to moonlight, stealing data from Western companies perhaps as a way of making more money. As long as they don’t present a threat to China or Chinese companies, it is tolerated.
Panetta has warned repeatedly that cyberattacks and cyberwarfare could set off the next war. And U.S. officials and security experts say government and private industry systems are constantly being probed, breached and attacked. A key threat is an attack against critical infrastructure, including the electric grid, power plants or financial networks, that could plunge the U.S. into crisis.
Officials have said
that at this point the main threats from China are intelligence espionage and
the theft of corporate and high-tech data, rather than an all-out act of war. But
they warn that hackers in China, many of whom work for, are backed by or are
tolerated by the Chinese government, are capable of highly sophisticated
attacks (Fox News, 2012)
White House Hack Attack
Date: September 30, 2012
Source: Free Beacon
Abstract: Hackers linked to China’s government broke into one of the U.S. government’s most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials familiar with the incident.
One official said the cyber breach was one of Beijing’s most brazen cyber attacks against the United States and highlights a failure of the Obama administration to press China on its persistent cyber attacks.
Disclosure of the cyber attack also comes amid heightened tensions in Asia, as the Pentagon moved two U.S. aircraft carrier strike groups and Marine amphibious units near waters by Japan’s Senkaku islands.
China and Japan—the United States’ closest ally in Asia and a defense treaty partner—are locked in a heated maritime dispute over the Senkakus, which China claims as its territory.
U.S. officials familiar with reports of the White House hacking incident said it took place earlier this month and involved unidentified hackers, believed to have used computer servers in China, who accessed the computer network used by the White House Military Office (WHMO), the president’s military office in charge of some of the government’s most sensitive communications, including strategic nuclear commands. The office also arranges presidential communications and travel, and inter-government teleconferences involving senior policy and intelligence officials.
An Obama administration national security official said: “This was a spear phishing attack against an unclassified network.”
Spear phishing is a cyber attack that uses disguised emails that seek to convince recipients of a specific organization to provide confidential information. Spear phishing in the past has been linked to China and other states with sophisticated cyber warfare capabilities.
The official described the type of attack as “not infrequent” and said there were unspecified “mitigation measures in place.”
“In this instance the attack was identified, the system was isolated, and there is no indication whatsoever that any exfiltration of data took place,” the official said.
The official said there was no impact or attempted breach of a classified system within the office.
“This is the most sensitive office in the U.S. government,” said a former senior U.S. intelligence official familiar with the work of the office. “A compromise there would cause grave strategic damage to the United States.”
Security officials are investigating the breach and have not yet determined the damage that may have been caused by the hacking incident, the officials said.
Despite the administration national security official’s assertion, one defense official said there is fairly solid intelligence linking the penetration of the WHMO network to China, and there are concerns that the attackers were able to breach the classified network.
Details of the cyber attack and the potential damage it may have caused remain closely held within the U.S. government.
However, because the military office handles strategic nuclear and presidential communications, officials said the attack was likely the work of Chinese military cyber warfare specialists under the direction of a unit called the 4th Department of General Staff of the People’s Liberation Army, or 4PLA.
It is not clear how such a high-security network could be penetrated. Such classified computer systems are protected by multiple levels of security and are among the most “hardened” systems against digital attack.
However, classified computer systems were compromised in the past using several methods. They include the insertion of malicious code through a contaminated compact flash drive; a breach by a trusted insider, as in the case of the thousands of classified documents leaked to the anti-secrecy web site Wikileaks; and through compromised security encryption used for remote access to secured networks, as occurred with the recent compromise involving the security firm RSA and several major defense contractors.
According to the former official, the secrets held within the WHMO include data on the so-called “nuclear football,” the nuclear command and control suitcase used by the president to be in constant communication with strategic nuclear forces commanders for launching nuclear missiles or bombers.
The office also is in charge of sensitive continuity-of-government operations in wartime or crises.
The former official said if China were to obtain details of this sensitive information, it could use it during a future conflict to intercept presidential communications, locate the president for targeting purposes, or disrupt strategic command and control by the president to U.S. forces in both the United States and abroad.
White House spokesmen had no immediate comment on the cyber attack, or on whether President Obama was notified of the incident.
Former McAffee cyber threat researcher Dmitri Alperovitch said he was unaware of the incident, but noted: “I can tell you that the Chinese have an aggressive goal to infiltrate all levels of U.S. government and private sector networks.”
“The White House network would be the crown jewel of that campaign so it is hardly surprising that they would try their hardest to compromise it,” said Alperovictch, now with the firm Crowdstrike.
Last week the senior intelligence officer for the U.S. Cyber Command said Chinese cyber attacks and cyber-espionage against Pentagon computers are a constant security problem.
“Their level of effort against the Department of Defense is constant” and efforts to steal economic secrets are increasing, Rear Adm. Samuel Cox, Cyber Command director of intelligence, told Reuters after a security conference.
“It’s continuing apace,” Cox said of Chinese cyber-espionage. “In fact, I’d say it’s still accelerating.”
Asked if classified networks were penetrated by the Chinese cyber warriors, Cox told the news agency: “I can’t really get into that.”
The WHMO arranges the president’s travel and also provides medical support and emergency medical services, according to the White House’swebsite.
“The office oversees policy related to WHMO functions and Department of Defense assets and ensures that White House requirements are met with the highest standards of quality,” the website states. “The WHMO director oversees all military operations aboard Air Force One on presidential missions worldwide. The deputy director of the White House Military Office focuses primarily on the day-to-day support of the WHMO.”
The office is also in charge of the White House Communications Agency, which handles all presidential telephone, radio, and digital communications, as well as airlift operations through both fixed-wing and helicopter aircraft.
It also operates the presidential retreat at Camp David and the White House Transportation Agency.
“To assure proper coordination and integration, the WHMO also includes support elements such as operations; policy, plans, and requirements; administration, information resource management; financial management and comptroller; WHMO counsel; and security,” the website states.
“Together, WHMO entities provide essential service to the president and help maintain the continuity of the presidency.”
Asked for comment on the White House military office cyber attack, a Cyber Command spokesman referred questions to the White House.
Regarding U.S. naval deployments near China, the carrier strike groups led by the USS George Washington and the USS Stennis, along with a Marine Corps air-ground task force, are now operating in the western Pacific near the Senkakus, according to Navy officials.
China recently moved maritime patrol boats into waters near the Senkakus, prompting calls by Japanese coast guard ships for the vessels to leave.
Chinese officials have issued threatening pronouncements to Japan that Tokyo must back down from the recent government purchase of three of the islands from private Japanese owners.
Tokyo officials have said Japan is adamant the islands are Japanese territory.
Officials said the Washington is deployed in the East China Sea and the Stennis is in the South China Sea.
About 2,200 Marines are deployed in the Philippine Sea on the USS Bonhomme Richard and two escorts.
The U.S. Pacific Command said the deployments are for training missions and carriers are not necessarily related to the Senkaku tensions.
“These operations are not tied to any specific event,” said Capt. Darryn James, a spokesman for the U.S. Pacific Command in Honolulu, according to Time magazine. “As part of the U.S. commitment to regional security, two of the Navy’s 11 global force carrier strike groups are operating in the Western Pacific to help safeguard stability and peace.”
As a measure of the tensions, Defense Secretary Leon Panetta told Chinese military leaders during his recent visit to China that the U.S. military will abide by its defense commitments to Japan despite remaining publicly neutral in the maritime dispute.
“It’s well known that the United States and Japan have a mutual defense treaty,” a defense official said of Panetta’s exchange in Beijing. “Panetta noted the treaty but strongly emphasized that the United States takes no position on this territorial dispute and encouraged the parties to resolve the dispute peacefully. This shouldn’t have to get to the point where people start invoking treaties.”
A report by the defense contractor Northrop Grumman made public by the congressional U.S.-China Economic and Security Review Commission in March stated that China’s military has made targeting of U.S. command and control networks in cyber warfare a priority.
“Chinese capabilities in computer network operations have advanced sufficiently to pose genuine risk to U.S. military operations in the event of a conflict,” the report said.
“PLA analysts consistently identify logistics and C4ISR infrastructure as U.S. strategic centers of gravity suggesting that PLA commanders will almost certainly attempt to target these system with both electronic countermeasures weapons and network attack and exploitation tools, likely in advance of actual combat to delay U.S. entry or degrade capabilities in a conflict,” the report said.
C4ISR is military jargon for command, control, communications, computers, intelligence, surveillance, and reconnaissance.
Little is known within the U.S. intelligence community about Chinese strategic cyber warfare programs.
However, recent military writings have disclosed some aspects of the program, which is believed to be one of Beijing’s most closely guarded military secrets, along with satellite weapons, laser arms, and other high-technology military capabilities, such as the DF-21 ballistic missile modified to attack aircraft carriers at sea.
A Chinese military paper from March stated that China is seeking “cyber dominance” as part of its efforts to build up revolutionary military capabilities.
“In peacetime, the cyber combat elements may remain in a ‘dormant’ state; in wartime, they may be activated to harass and attack the network command, management, communications, and intelligence systems of the other countries’ armed forces,” wrote Liu Wangxin in the official newspaper of the Chinese military on March 6.“While great importance is attached continuously to wartime actions, it is also necessary to pay special attention to non-wartime actions,” he said. “For example, demonstrate the presence of the cyber military power through cyber reconnaissance, cyber deployment, and cyber protection activities” (Free Beacon, 2012).
White House Thwarts Cyberattack
Date: October 1, 2012
Source: CBC News
Abstract: The White House is acknowledging an attempt to infiltrate its computer system but says it thwarted the effort.
A White House official said the attack targeted an unclassified network. He said the attack was identified and the system was isolated to prevent spread. He said there was no indication that any data was removed.
The official, who was not authorized to speak on the record about the attack, said there was no attempted breach of classified systems. The official described such "spear phishing" attacks as "not infrequent."
Last year, Google Inc. blamed computer hackers in China for a phishing effort against Gmail accounts of several hundred people, including senior U.S. government officials and military personnel.
Last November, senior U.S. intelligence officials for the first time publicly accused China of systematically stealing American high-tech data for its own national economic gain.
China fingered in past attacks
The White House would not say whether this attack was linked to China.
Defence Secretary Leon Panetta, during a visit to China last month, raised the subject of China-based cyberattacks against U.S. companies and the government.
News of the most recent attack came as the Obama administration is preparing an executive order with new rules to protect U.S. computer systems. After Congress failed this summer to pass a comprehensive cybersecurity bill, the White House said it would use executive branch authorities to improve the nation's computer security, especially for networks tied to essential U.S. industries, such as electric grids, water plants, and banks..
An initial draft of the order included provisions for voluntary cybersecurity standards for companies.
But by issuing the executive order just weeks before the Nov. 6 election, the White House risks complaints that President Barack Obama is anti-business from Republicans and the same pro-business groups that killed the legislation on Capitol Hill. They argued the bill could lead to costly rules and regulations that would burden companies without reducing the risks (CBC News, 2012).Title: Britain In Talks On Cybersecurity Hotline With China And Russia
Date: October 4, 2012
The discussions are at an early stage but they reflect anxiety from all sides that a calamity in cyberspace, whether deliberate or accidental, could have devastating consequences unless there is a quick and reliable way for senior officials to reach each other.
The US has been talking to the Chinese about a similar arrangement and the ideas will be among several raised at an international conference on cybersecurity in Hungary on Thursday.
The event will involve 600 diplomats from up to 50 countries and is a follow-up to a conference in London last year. One of the aims of the negotiations is to agree rules of behaviour in cyberspace at a time when states have become aware of the potential to attack, steal from and disrupt their enemies online.
China and Russia have been arguing for a more restrictive, state-controlled future for the internet and for formal arms-control-type treaties to govern what countries can and cannot do.
But they have been challenged by European countries and the US. The UK has said there is no need for treaties and that controls on the internet would restrict economic growth and freedom of speech.
Some progress has been made in reconciling the two positions, diplomats say, but the gulf between them is still huge, and the negotiations are continuing at snail's pace.
With the cyber arena evolving so quickly, and with the US and the UK saying cybertheft now represents a genuine threat to western economies and national security, the need for a hotline is pressing.
"At the moment, we don't really have sufficient information-sharing arrangements with some countries such as Chinaand the Chinese computer emergency response team," said a senior Foreign Office official.
"There isn't a form of crisis communication. If we can build that sort of partnership and relationship then the normative framework develops around that. If you ask for assistance, you get a response. That develops into an obligation to assist. One isn't naive about that, but I don't think the Chinese or the Russians enjoy uncertainty, not knowing who to turn to, who to talk to."
The official said the existing protocols and procedures were not robust enough for the type of emergencies that could materialise in cyberspace. "In theory, there are lists of people who to call, but I think they need to be tested and relied upon."
The foreign secretary, William Hague, and the cabinet secretary, Francis Maude, will be in Budapest for the two-day conference. They will announce that the UK is to establish a new £2m cyberhub at one of country's leading universities, which will provide guidance to the government and companies about where to invest money for initiatives in cyberspace abroad. The money will come from the £650m set aside for cybersecurity in the strategic defence and security review.
said talks with China were slow going and that there had not been any
fundamental shift in Beijing's position. "Through initiatives such as its
draft code of conduct, [China] has promoted a vision of cyberspace which has
got much more sovereignty and government involvement in it. They have got
particular points that they want to get across to the international
community" (Guardian, 2012).
Title: US Panel Warns Against Doing Business With China Tech Giants Due To Security Threat
Date: October 8, 2012
Source: Fox News
Abstract: American companies should avoid doing business with China's two leading technology firms because they pose a national security threat to the United States, the House Intelligence Committee is warning in a report to be issued Monday.
The panel says U.S. regulators should block mergers and acquisitions in this country by Huawei Technologies Ltd. and ZTE Corp, among the world's leading suppliers of telecommunications gear and mobile phones.
Reflecting U.S. concern over cyber-attacks traced to China, the report also recommends that U.S. government computer systems not include any components from the two firms because that could pose an espionage risk.
"China has the means, opportunity, and motive to use telecommunications companies for malicious purposes," the report says.
The recommendations are the result of a yearlong probe, including a congressional hearing last month in which senior Chinese executives of both companies testified, and denied posing a security threat.
A U.S. executive of one of the companies said the firm cooperated with investigators, and defended its business record. Huawei is a "globally trusted and respected company," said William Plummer, vice president for external affairs.
On Monday, ahead of the report's release, a Chinese foreign ministry spokesman said investment by China's telecommunications companies in the United States showed the countries have mutually beneficial relations.
"We hope the U.S. will do more to benefit the interests of the two countries, not the opposite," said spokesman Hong Lei at a regular briefing.
The bipartisan report is likely to become fodder for a presidential campaign in which the candidates have been competing in their readiness to clamp down on Chinese trade violations. Republican Mitt Romney, in particular, has made it a key point to get tougher on China by designating it a currency manipulator and fighting abuses such as intellectual property theft.
The committee made the draft available to reporters in advance of public release Monday, but only under the condition that they not publish stories until the broadcast Sunday of a CBS' "60 Minutes" report on Huawei. In the CBS report, the committee's chairman, Rep. Mike Rogers, R-Mich., urges American companies not to do business with Huawei.
The panel's recommendations will likely hamper Huawei and ZTE's ambitions to expand their business in America. Their products are used in scores of countries, including in the West. Both deny being influenced by China's communist government.
"The investigation concludes that the risks associated with Huawei's and ZTE's provision of equipment to U.S. critical infrastructure could undermine core U.S. national-security interests," the report says.
The report says the committee received information from industry experts and current and former Huawei employees suggesting that Huawei, in particular, may be violating U.S. laws. It says that the committee will refer the allegations to the U.S. government for further review and possible investigation. The report mentions allegations of immigration violations, bribery and corruption, and of a "pattern and practice" of Huawei using pirated software in its U.S. facilities.
Huawei is a private company founded by a former Chinese military engineer, and has grown rapidly to become the world's second largest supplier of telecommunications network gear, operating in more than 140 countries. ZTE Corp is the world's fourth largest mobile phone manufacturer, with 90,000 employees worldwide. While their business in selling mobile devices has grown in the U.S., espionage fears have limited the companies from moving into network infrastructure.
The report says the companies failed to provide responsive answers about their relationships and support by the Chinese government, and detailed information about their operations in the U.S. It says Huawei, in particular, failed to provide thorough information, including on its corporate structure, history, financial arrangements and management.
"The committee finds that the companies failed to provide evidence that would satisfy any fair and full investigation. Although this alone does not prove wrongdoing, it factors into the committee's conclusions," it says.
In Washington, Huawei executive Plummer said Friday the company cooperated in good faith with the investigation, which he said had not been objective and amounted to a "political distraction" from cyber-security problems facing the entire industry.
All major telecommunications firms, including those in the West, develop and manufacture equipment in China and overlapping supply chains require industry-wide solutions, he added. Singling out China-based firms wouldn't help.
Plummer complained that the volume of information sought by the committee was unreasonable, and it had demanded some proprietary business information that "no responsible company" would provide.
In justifying its scrutiny of the Chinese companies, the committee contended that Chinese intelligence services, as well as private companies and other entities, often recruit those with direct access to corporate networks to steal trade secrets and other sensitive proprietary data.
It warned that malicious hardware or software implants in Chinese-manufactured telecommunications components and systems headed for U.S. customers could allow Beijing to shut down or degrade critical national security systems in a time of crisis or war.
The committee concluded that Huawei likely has substantially benefited from the support of the Chinese government.
Huawei denies being financed to undertake research and development for the Chinese military, but the committee says it has received internal Huawei documentation from former employees showing the company provides special network services to an entity alleged to be an elite cyber-warfare unit within the People's Liberation Army.
The intelligence committee recommended that the government's Committee on Foreign Investment in the United States, or CFIUS, bar mergers and acquisitions by both Huawei and ZTE. A multi-agency regulatory panel chaired by Treasury Secretary Timothy Geithner, CFIUS screens foreign investment proposals for potential national security threats.
Last year, Huawei had to unwind its purchase of a U.S. computer company, 3Leaf Systems, after it failed to win CFIUS approval. However, Huawei employs 1,700 people in the U.S., and business is expanding. U.S. revenues rose to $1.3 billion in 2011, up from $765 million in 2010.
ZTE has also enjoyed growth in its sale of mobile devices, although in recent months it has faced allegations about banned sales of U.S.-sanctioned computer equipment to Iran. The FBI is probing reports that the company obstructed a U.S. Commerce Department investigation into the sales.
The intelligence panel says ZTE refused to provide any
documents on its activities in Iran, but did provide a list of 19 individuals
who serve on the Chinese Communist Party committee within the company. ZTE's
citing of China's state secrecy laws for limiting information it could release
only added to concern over Chinese government influence over its operations,
the report says (Fox News, 2012).
Title: China To Escalate Cyberwar War Capabilities
Date: November, 2012
Source: Top Secret Writers
Abstract: “The danger is pronounced,’ warns Charles Viar, chairman of the Washington, D.C.-based Center for Intelligence Studies. ‘In my view, no one is really doing enough to deal with the Chinese threat. It is too large, and by Western standards, too unconventional.”
On November 9th, before leaving his post, China’s Hu Jintao announced that China is speeding up its full military Internet technology IT applications and development, including new weapons and equipment.
With China being the world’s worst perpetrator of cyber-espionage and theft, this is a worrying prospect.
All nations have the right to protect themselves in all spheres of engagement, but the Chinese have taken it too far. They are recognized as the worst perpetrators of cyber-theft, and present the biggest threat to US national security. Hu Jintao’s pronouncement should be a concern for all Western nations.
sophistication, the volume of exploitation attempts yielded enough successful
breaches to make China the most threatening actor in cyberspace, ” -US Congressional Report on China
Hu’s pronouncement came before a leadership handover, which ushered in the newest generation of Chinese Princelings .
The timing of this proclamation is crucial, for it is through such decrees that China allows a peek into the opaque workings of its inner sanctum. Typically, communist party mandates are obtuse and lack precision. This ambiguity forestalls accountability, which in the communist system is essential.
By not being specific in their mandates, the party can manipulate ‘transgressions’ of those laws into something more benign. On the other hand, when the Chinese do come forth with a mandate like that made by Mr. Hu, it will receive full commitment and resources from the communist party, and will be enforced with an iron fist.
Beijing usually uses messages at such an pivotal time as a way to put the world on notice as to their intentions. The speech and declaration by Mr. Hu is a testament that for the next five years, China’s cyber army will ratchet up its presence, technology and presumably its theft as well.
The China Cyber Command Center
In order to make good on Hu’s proclamation, China has been constructing a Cyber Command center near the Communist Party School and Beijing University.
This command center appears to be the heart of the ‘network defense, attack and exploitation systems ‘. While China had relied on brute force techniques in terms of hacking in the past, it is trying to up its game.
Beijing operates under the fear of revolution and foreign interdiction. This fear, coupled with their knowledge that China’s military is no match for that of the US, has caused the Chinese to focus on cyber capabilities in order to nullify US strategic advantages.
Mr. Hu’s proclamation, coupled with Beijing’s increased focus on IT capabilities means that Internet hacking and theft by China will only intensify in the coming years.
One could argue that China has a right to defend itself, which is true. The problem, however, is that by developing its cyber capabilities, Beijing can not only ‘defend’ its sovereignty, but continue its widespread theft of military secrets and intellectual property. It is this combination of factors that has caused China to be labeled “The Most Significant Global Cyberthreat “.
In order to better understand the China threat, consider the following example.
On any given day, cyber attacks account for nearly 15% of all global internet traffic. During the Chinese holiday, when workers presumably take leave, incidences of hacking traffic declines.
A telling example is that during China’s national holiday last year, global traffic from hackers plummeted from 15% to 6.5% . If this figure is representative of China’s behavior, it shows the global scale of China’s hacking. It also reinforces the need for concern about China’s ability and intentions.
So What, Doesn’t the US do the Same Thing?
The first question you may be asking is whether China’s actions are really a big deal. After all, the US does the same thing, right? This is actually a two part question, with the first being true and the second not so.
The US is certainly active in cyberspace, and with the assistance of the NSA it has a powerful online presence. The proof of this is in the role of the US in using the stuxnet virus .
In that instance, the US in tandem with Israel, developed a virus to be used as a weapon against Iran. Due to the secretive nature of the NSA, however, we have little to no idea what else they may be involved with.
Irrespective of their presence, however, the NSA has done little to ebb the flow of secrets being stolen from US companies each year. It is this fact that proves that by increasing its cyber warfare capabilities, China will pose an even greater threat to US security in the near term.
It has been proven that China’s cyber aggression has been paying off in spades.
Recently Beijing stole the secrets of U.S. next-generation fighters, including the F-35 and F-22, missile technology, missile guidance systems  and much more.
Couple this with the fact that China began pilfering American nuclear weapons  and technology  over ten years ago, and one can get an idea of the depth and scope of China’s thirst for stolen US secrets.
However, stealing US military tech is only part of Beijing’s plan. They can also plant and activate trapdoors and logic bombs  in military use gear that is made in China.
Even more troubling is the fact that Chinese companies provide technology that is fundamental to US infrastructure. Many of these companies are closely aligned with the red army.
It has also been shown that the Chinese have accessed trapdoors like the one mentioned above, and may have the ability to bring down the US telecommunications infrastructure even before military engagement .
When viewed from this perspective, it is obvious that China poses a credible and imminent threat to US security.
Why it Matters- Jobs and Technology
“Every major company in the United States has already been penetrated by China.”- Richard Clarke
The incidence of cyber attacks increased by 44% in 2011 alone , and that figure has only been increasing.
As a consequence of these attacks and IPR theft, US companies lose hundreds of billions of dollars per year. Last year, for instance, US companies lost more from stolen tech than Wal-Mart made in sales all year .
The impact of such theft is undeniable. The result of this is not only the decay of America’s technological superiority, but jobs as well. It is estimated that IP theft has cost tens of millions of American  jobs , and China has played a significant role in that theft.
When viewed in this light, China’s announcement becomes even more worrying.
The problem is that communist regimes restrict the flow of information, which depletes creativity. In communistic and other dictatorial regimes, people do not ‘add value’ in the conventional sense of the word. Instead of taking risks, they toe the party line and adhere to ancient principles.
Consequently, such regimes do not innovate as the ‘value added’ is not in creation, but in ‘containment’. China realizes their innovative impotence and has relied on theft of technology so that they do not fall dangerously behind .
So, What’s New?
At this point, you may be wondering why the US is doing so little to confront this foreign threat. The unfortunately reality is that one of the biggest impediments in dealing with the China threat is US corporations – those who are most at risk.
Firstly, companies do not like to admit that their systems have been breached. They reason that by announcing their vulnerability, they will suffer further attack. But this is only part of the story.
Corporate greed also plays a role as well. With a market size of 1.34 billion people, companies are loathe to confront the ‘Chinese dragon’ out of fear of reprisal. Companies would rather convince the US public that doing business in China is not that different from doing business back home, and that China threats can be managed.
Corporate heads can then rest assured that stockholders will not question their involvement with China and the risks therein. By remaining mum, these corporate directors can smirk all the way to the bank as they cash in their options and buy a new home, thanks to that fat bonus check.
As far as the U.S. government is concerned, they acknowledge that the problem exists, but have no coherent plan of defense. Chalk this up to equal measures of greed, ignorance and ‘politics as usual’.
Various governmental officials have been wooed by the Chinese and their cash. These politicians figure that by selling out our security and land , they can secure a few more years in office and perhaps a nice consulting gig with a Chinese company upon retirement.
Their actions may be out of ignorance of how things work in China. Perhaps they truly believe that irrespective of all the data that exists to the contrary; China truly wants to increase American prosperity, economy and jobs.
On a positive note, it appears that the US Congress is now calling for a comprehensive assessment of Chinese cyber-spying. They would then seek to impose penalties on companies that benefit from this espionage . The act by Congress is a good start, but is it enough?
With China literally stealing our competitive
edge from right out of U.S. computers, something has to be done. At an
individual level, citizens of Western nations can get educated about the
hacking threat China poses, and then spread the word (Top
Secret Writers, 2012).
Title: Chinese Hackers Suspected In Cyber Attack On Council On Foreign Relations
Date: December 27, 2012
Source: Free Beacon
Abstract: Computer hackers traced to China carried out an advanced cyberespionage attack against one of America’s most elite foreign policy web groups – the website of the Council on Foreign Relations (CFR).
According to private computer-security forensic specialists, the hacking incident involved a relatively new type of ploy called a “drive-by” website cyber attack that was detected around 2:00 p.m. on Wednesday.
The specialists, who spoke on condition of anonymity, said the attack involved penetrating the computer server that operates the New York City-based CFR’s website and then using the pirated computer system to attack CFR members and others who visited or “drove by” the site.
The activity ended on Thursday and the specialists believe the attackers either removed their malicious software to prevent further details of the attack from being discovered, or CFR was able to isolate the software and remove it.
The FBI was notified of the attack and is said to be investigating.
FBI spokeswoman Jennifer Shearer declined to comment when asked about the attack. But she told the Washington Free Beacon: “The FBI routinely receives information about threats and takes appropriate steps to investigate those threats.”
However, David Mikhail, a Council on Foreign Relations spokesman, confirmed the attack. “The Council on Foreign Relations’ website security team is aware of the issue and is currently investigating the situation,” Mikhail said in an email. “We are also working to mitigate the possibility for future events of this sort.” He provided no details.
According to the computer security specialists, the cyber espionage attack represents a new level of sophistication by foreign hackers seeking government and other secrets by computer.
The method used in a “drive-by” attack requires hackers to covertly plant malicious software in the CFR computer system. Then, they used the software and the web site to attack visitors to the site by infecting their computers in a hunt for secrets and other valuable information. One of the specialists said the attack also involved using the CFR site for what is called a “watering hole” attack, when people who visit the website are infected.
One of the victims who visited the CFR’s website, cfr.org, discovered the attack and alerted computer security specialists on Wednesday.
In response, a small group of private security specialists launched an investigation into the activity and found that it only targeted computer users using the web browser Windows Internet Explorer 8 and higher versions. The attackers were able to exploit a security flaw in the browser software called a “zero-day” vulnerability – a previously unknown flaw that allows computer hackers to gain access to a targeted computer.
A similar Internet Explorer vulnerability was behind the major Aurora cyber attack on Google and other U.S. corporations that began in 2009 and was traced to China’s government.
Investigators said the computer attackers that targeted CFR were able to set up a covert network capable of identifying, encrypting, and sending stolen information found in targeted and infected computers back to a secret command and control computer.
In the case of the CFR hack, the malicious software involved software that included Mandarin Chinese language, the specialists said. Also, the attackers limited their targeting to CFR members and website visitors who used browsers configured for Chinese language characters – an indication the attackers were looking for people and intelligence related to China.
“This was a very sophisticated attack,” said one of the specialists. “They were looking for very specific information from specific people.”
The extent of the damage is not known but CFR members who visited the website between Wednesday and Thursday could have been infected and their data compromised, the specialists said.
The CFR is one of the most elite foreign policy organizations in the United States with a membership of some 4,700 officials, former officials, journalists, and others. Its members include NBC anchor Brian Williams, Hollywood actress Angelina Jolie, and former Sen. Chuck Hagel, President Obama’s embattled but as yet un-nominated choice for secretary of defense.
Current Secretary of State Hillary Clinton and Assistant Secretary of State Kurt Campbell, the Obama administration’s senior Asian affairs policy maker, also are CFR members. Senate Intelligence Committee Chairman Sen. Dianne Feinstein (D., Calif.) is also a member, as is Secretary of State-designate Sen. John Kerry.
Its board and members include a who’s who of U.S. foreign policy and national security elites, including former U.S. Central Command commander Army Gen. John Abizaid, and former Secretaries of State Madeleine K. Albright, Colin Powell, and Henry Kissinger.
Fox News CEO Roger Ailes also is a member, as is News Corp. chairman and CEO Rupert Murdoch. Former Presidents George W. Bush and Bill Clinton are members, as is former CIA Director and former Defense Secretary Robert M. Gates and former CIA Director David Petraeus.
The CFR cyberstrike is not the first strategic drive-by cyber attack.
The computer security website Dark Reading reported in May that the Center for Defense Information, and the Hong Kong chapter of the human rights group Amnesty International (AIHK), along with several other organizations, also were attacked using similar drive-by methods.
“The weapon of choice for a cyberspy or advanced persistent threat (APT) actor gaining a foothold inside its target traditionally has been the socially engineered email with a malicious link or attachment,” DarkReading stated. “But cyberspies are increasingly targeting specific, legitimate websites and injecting them with malware in hopes of snaring visiting victims from organizations from similar industries and sectors” (Free Beacon, 2012).
Title: RPT-China's Space Activities Raising US Satellite Security Concerns
Date: January 14, 2013
Abstract: The United States is concerned about China's expanding ability to disrupt the most sensitive U.S. military and intelligence satellites, as Beijing pursues its expanded ambitions in space, according to multiple sources in the U.S. government and outside space experts.
A classified U.S. intelligence assessment completed late last year analyzed China's increasing activities in space and mapped out the growing vulnerability of U.S. satellites that provide secure military communications, warn about enemy missile launches and provide precise targeting coordinates, said the sources, who were not authorized to speak publicly.
"It was a very credible and sobering assessment that is now provoking a lot of activities in different quarters," said one former government official who is familiar with U.S. national security satellite programs.
The intelligence report raised red flags about Beijing's ability to disrupt satellites in higher orbits, which could put the most sensitive U.S. spacecraft at risk, according to the sources. China has already conducted several anti-satellite tests at lower orbital levels in recent years.
Given the heightened concerns, Washington is keeping a watchful eye on Chinese activities that could be used to disrupt U.S. satellites. It is also urging Beijing to avoid a repeat of its January 2007 test that created an enormous amount of "space junk," said one senior defense official.
Details of the latest Chinese moves that have raised U.S. concerns remain classified.
U.S. officials charge that China's anti-satellite activities are part of a major military modernization that has seen Beijing test two new stealth fighters; step up cyber attacks on foreign computer networks; and launch more commercial and military satellites in 2012 than the United States.
China still lags behind the United States in most military fields.
"What we're seeing is a heightened sense in the United States that China is a potential threat and that it has the technology to be a threat if it wishes to," said Jonathan McDowell, with the Harvard-Smithsonian Center for Astrophysics.
"As China becomes a space superpower, and given that it does have a significant military component to its space program, it is inevitable that the U.S. will be concerned about threats to its most valued satellite systems, whether or not China actually intends to deploy such aggressive systems," he said.
Six years ago, on Jan. 11, 2007, China destroyed one of its own defunct weather satellites in low-earth orbit, which created over 10,000 pieces of debris that pose a threat to other spacecraft. A less-destructive test followed on Jan. 11, 2010.
Space experts and U.S. officials say they expect China to continue testing anti-satellite technologies, although they doubt it would repeat the 2007 test, given the massive international outcry it triggered.
Gregory Kulacki, a respected researcher with the Union of Concerned Scientists, reported earlier this month on the group's website that there was "a strong possibility" of a new anti-satellite test by China within the next few weeks.
He said Chinese sources had told him in November that an announcement about an upcoming anti-satellite test had been circulated within the Chinese government, and a high-ranking U.S. defense official confirmed in December that Washington was "very concerned" about an imminent Chinese anti-satellite test.
The Chinese Defense Ministry did not respond to emailed queries by Reuters' Beijing office on the question.
The Pentagon said it was aware of reports predicting another test, but declined comment on what it called "intelligence matters."
"We monitor carefully China's military developments and urge China to exhibit greater transparency regarding its capabilities and intentions," said Lieutenant Colonel Monica Matoush.
Sources within the U.S. government and outside experts said there was no immediate evidence pointing to the preparations for the type of satellite or rocket launches used by China for past anti-satellite tests at lower orbits.
But they said Beijing could test its anti-satellite weapons in other ways that would be harder to detect, such as by jamming a satellite's signals from the ground or issuing a powerful electromagnetic pulse from one satellite to disable another.
China could also maneuver two satellites very close together at higher orbits, replicating actions it has already taken in lower orbits in August 2010 and November 2010. Such activities could be used to perform maintenance or test docking capabilities for human spaceflight, but could clearly be used for more destructive purposes as well, they said.
The United States has continued to test its own anti-satellite capabilities. In February 2008, a missile fired from a U.S. Navy cruiser in the north Pacific destroyed an ailing American satellite in orbit.
The U.S. government said the satellite's toxic fuel posed a risk upon re-entry of the earth's atmosphere. Skeptics said the test was a message to China.
Any further anti-satellite test by China would be troubling, especially if it occurred at higher altitudes, said Bruce MacDonald, a former White House official who is now a senior director at the U.S. Institute of Peace.
The United States operates its fleet of Global Positioning System (GPS) satellites in medium earth orbit about 11,000 miles (17,700 kilometers) above the surface of the earth, while U.S. military communications and early missile warning satellites are located in geostationary orbit 22,000 miles (35,400 km) above the equator.
Brian Weeden, technical adviser for the nonprofit Secure World Foundation and a former Air Force space and missile expert, said a Chinese anti-satellite test at those higher orbits would put U.S. satellites at risk.
"Some critical U.S. assets in that
region have been assumed for the most part to be safe from those kind of
attacks," he said. "Such tests would signal that they're not" (Reuters,
Title: US Mulls Action Against China Cyberattacks
Date: January 31, 2013
Source: Fox News
Abstract: The Obama administration is considering more assertive action against Beijing to combat a persistent cyber-espionage campaign it believes Chinese hackers are waging against U.S. companies and government agencies.
As The New York Times and Wall Street Journal reported Thursday that their computer systems had been infiltrated by China-based hackers, cybersecurity experts said the U.S. government is eyeing more pointed diplomatic and trade measures.
Two former U.S. officials said the administration is preparing a new National Intelligence Estimate that, when complete, is expected to detail the cyberthreat, particularly from China, as a growing economic problem. One official said it also will cite more directly a role by the Chinese government in such espionage.
The official said the NIE, an assessment prepared by the National Intelligence Council, will underscore the administration's concerns about the threat, and will put greater weight on plans for more aggressive action against the Chinese government. The official was not authorized to discuss the classified report and spoke only on condition of anonymity.
Secretary of State Hillary Rodham Clinton, in an interview with reporters as she wound up her tenure, said the U.S. needs to send a strong message that it will respond to such incidents.
'This is a major problem in the bilateral relationship that threatens to destabilize U.S. relations with China.'
- James Lewis, a cybersecurity expert at the Center for Strategic and International Studies
"We have to begin making it clear to the Chinese -- they're not the only people hacking us or attempting to hack us -- that the United States is going to have to take action to protect not only our government, but our private sector, from this kind of illegal intrusions. There's a lot that we are working on that will be deployed in the event that we don't get some kind of international effort under way," she said.
"Obviously this can become a very unwelcome and even dangerous tit-for-tat that could be a crescendo of consequences, here at home and around the world, that no one wants to see happen," she said.
Although the administration hasn't yet decided what steps it may take, actions could include threats to cancel certain visas or put major purchases of Chinese goods through national security reviews.
"The U.S. government has started to look seriously at more assertive measures and begun to engage the Chinese on senior levels," said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. "They realize that this is a major problem in the bilateral relationship that threatens to destabilize U.S. relations with China."
To date, extensive discussions between Chinese officials and top U.S. leaders -- including President Barack Obama and Defense Secretary Leon Panetta -- have had little impact on what government and cybersecurity experts say is escalating and technologically evolving espionage. The Chinese deny such espionage efforts.
Internet search leader Google focused attention on the China threat three years ago by alleging that it had traced a series of hacking attacks to that country. The company said the breaches, which became known as "Operation Aurora," appeared aimed at heisting some of its business secrets, as well as spying on Chinese human rights activists who relied on Google's Gmail service. As many as 20 other U.S. companies were also said to be targeted.
A four-month long cyberattack against The New York Times is the latest in a long string of breaches said to be by China-based hackers into corporate and government computer systems across the United States. The Times attacks, routed through computers at U.S. universities, targeted staff members' email accounts, the Times said, and were likely in retribution for the newspaper's investigation into the wealth amassed by the family of a top Chinese leader.
The Wall Street Journal on Thursday said that its computer systems, too, had been breached by China-based hackers in an effort to monitor the newspaper's coverage of China issues.
Media organizations with bureaus in China have believed for years that their computers, phones and conversations were likely monitored on a fairly regular basis by the Chinese. The Gmail account of an Associated Press staffer was broken into in China in 2010.
Richard Bejtlich, the chief security officer at Mandiant, the firm hired by the Times to investigate the cyberattack, said the breach is consistent with what he routinely sees China-based hacking groups do. But, he said it had a personal aspect to it that became apparent: The hackers got into 53 computers but largely looked at the emails of the reporters working on a particular story. The newspaper's investigation delved into how the relatives and family of Premier Wen Jiabao built a fortune worth over $2 billion.
"We're starting to see more cases where there is a personal element," Bejtlich said, adding that it gives companies another factor to consider. "It may not just be the institution, but, is there some aspect of your company that would cause someone on the other side to take personal interest in you?"
Journalists are popular targets, particularly in efforts to determine what information reporters have and who may be talking to them.
The Chinese foreign and defense ministries called the Times' allegations baseless, and the Defense Ministry denied any involvement by the military.
"Chinese law forbids hacking and any other actions that damage Internet security," the Defense Ministry said. "The Chinese military has never supported any hacking activities. Cyberattacks are characterized by being cross-national and anonymous. To accuse the Chinese military of launching cyberattacks without firm evidence is not professional and also groundless."
In a report in November 2011, U.S. intelligence officials for the first time publicly accused China and Russia of systematically stealing American high-tech data for economic gain. And over the past several years, cybersecurity has been one of the key issues raised with allies as part of a broader U.S. effort to strengthen America's defenses and encourage an international policy on accepted practices in cyberspace.
U.S. cybersecurity worries are not about China alone. Administration officials and cybersecurity experts also routinely point to widespread cyberthreats from Iran and Russia, as well as hacker networks across Eastern Europe and South America
The U.S. itself has been named in one of the most prominent cyberattacks -- Stuxnet -- the computer worm that infiltrated an Iranian nuclear facility, shutting down thousands of centrifuges there in 2010. Reports suggest that Stuxnet was a secret U.S.-Israeli program aimed at destabilizing Iran's atomic energy program, which many Western countries believe is a cover for the development of nuclear weapons.
The White House declined comment on whether it will pursue aggressive action on China.
"The United States has substantial and growing concerns about the threats to U.S. economic and national security posed by cyber intrusions, including the theft of commercial information," said spokesman Caitlin Hayden. "We have repeatedly raised our concerns with senior Chinese officials, including in the military, and we will continue to do so."
Cybersecurity experts have been urging tougher action, suggesting that talking with China has had no effect.
"We need to find new approaches if we want to dissuade this type of activity," said Stewart Baker, former assistant secretary at the Homeland Security Department and now in private law practice with Steptoe and Johnson in Washington. He said the U.S. must do a better job of attributing the cyberattacks to particular groups or nations and "see if we can sanction the people who are actually benefiting from them."
The Obama administration has slowly been ratcheting up its rhetoric. In an unusually strong speech last October, Panetta warned that the U.S. would strike back against cyberattacks, even raising the specter of military action. And the White House has been urging Congress to authorize greater government action to protect infrastructure such as the nation's electric grid and power plants.
Alan Paller, director of research at SANS Institute, a computer-security organization, said that the level of cyberattacks, including against power companies and critical infrastructure, has shot up in the last seven or eight months. And the U.S. is getting more serious about blocking the attacks, including an initiative by the Defense Department to hire thousands of high-tech experts.
Just talking about it, he said, is having no effect.
Lewis, who has met and worked with Chinese officials on the issue, said their response has been consistent denial that China is involved in the hacking and counter-accusations that the U.S. is guilty of the same things.
"In the next year there will be an effort to figure out a way to engage the Chinese more energetically," he said. "The issue now is how do we get the Chinese to take this more seriously as a potentially major disruption to the relationship."The answer, he said, is, "You have to back up words with actions, and that's the phase I think we're approaching" (Fox News, 2013).
Title: New York Times, Wall Street Journal Say Chinese Hackers Broke Into
Date: January 31, 2013
Abstract: The New York Times says Chinese hackers have carried out sustained attacks on its computer systems, breaking in and stealing the passwords of high-profile reporters and other staff members.
According to The Times, one of the biggest and most respected U.S. newspapers, the cyberassaults took place over the past four months, beginning during an investigation by the newspaper into the wealth reportedly accumulated by relatives of the Chinese premier, Wen Jiabao.
The Wall Street Journal reported on Thursday that its computer
systems also had been infiltrated by Chinese hackers. The hackers were monitoring
the newspaper's China coverage, according to a written statement from Paula
Keve, chief communications officer for parent company Dow Jones & Co.
"Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China, and are not an attempt to gain commercial advantage or to misappropriate customer information," the statement read, according to The Journal.
The Times's reports on Wen's family members, alleging they had amassed financial holdings worth billions of dollars through business transactions, infuriated Chinese authorities, who responded by blocking access to The Times' website in mainland China.
The Times said in an extensive article dated Wednesday that it had worked with computer security experts to monitor, study and then eject the attackers. It said that by following their movements, it aimed to "erect better defenses to block them" in the future.
The newspaper said that the security experts it used to counter the attacks had accumulated "digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times's network."
Asked about The Times's allegations on Thursday, a spokesman for the Chinese Foreign Ministry said that "all such alleged attacks are groundless, irresponsible accusations lacking solid proof or reliable research results."
China has been the victim of cyberattacks and "has laws and regulations prohibiting such actions," the spokesman, Hong Lei, said at a regular news briefing.
A separate statement from the Chinese Ministry of National Defense said the country's military "has never supported any hacker activities."
The U.S. State Department said that The Times's experience with Chinese hackers is similar to those of other businesses and individuals and that the department has expressed its concerns to Chinese officials.
"The United States has substantial and growing concern about the threats to economic and national security posed by cyberintrusions, including the theft of commercial information," department spokesman Peter Velasco said in a statement. "We have repeatedly raised our concerns with senior Chinese officials, including military officials, and we will continue to do so."
On Thursday, it appeared that television censors in China were blacking out CNN's reporting of the hacking story.
China-focused journalists targeted
According to The Times, the intruders hacked into the e-mail accounts of its Shanghai bureau chief, David Barboza, the reporter on the controversial articles about Wen's relatives' wealth, and Jim Yardley, the New Delhi bureau chief who had previously covered China.
"What they appeared to be looking for," the Times article said, "were the names of people who might have provided information to Mr. Barboza."
But the security experts hired by the newspaper "found no evidence that sensitive emails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied," said Jill Abramson, executive editor of The Times.
The investigators gathered evidence that the hackers obtained the corporate passwords for every Times employee, using them to break into the personal computers of 53 employees, most of them outside the newsroom.
With the level of access the intruders had gained, senior editors at the newspaper were reportedly worried that they might attempt to disrupt the news organization's publishing systems, notably on the night of the U.S. presidential election in November, when it said the attackers were especially active.
"They could have wreaked havoc on our systems," Marc Frons, the Times' chief information officer, said in the newspaper's report. "But that was not what they were after."
There was no evidence the hackers used the passwords they obtained to pursue information not connected to the Wen family investigation, The Times said, adding that no customer data were stolen.
The Times said it informed and "voluntarily briefed" the FBI about the attacks.
An angry reaction last year
At the time of the publication of the initial Times report on Wen's family in October, Chinese authorities called it an attempt "to blacken China's image," saying it had "ulterior motives."
It came at a particularly sensitive time in China, a matter of weeks before the start of the ruling Communist Party's 18th National Congress, at which the country's next set of leaders was announced.
The Times' English- and Chinese-language websites remain blocked in mainland China, as do those of Bloomberg News, which in June published a report on the business interests of relatives of Xi Jinping, who is now the country's top leader.
The Chinese government tries aggressively to control the flow of information inside its borders about sensitive topics like unrest in Tibetan areas and criticism of senior officials. It strictly manages the output of domestic news media outlets and has a history of shutting off access to international news websites.Chinese authorities have blacked out the broadcast signal for international television stations like CNN and the BBC when they have aired sensitive reports about the country (CNN, 2013).
Title: Chinese Cyber Attacks On West Are Widespread, Experts Say
Date: February 2, 2013
Abstract: Allegations that Chinese hackers infiltrated the computers of two leading U.S. newspapers add to a growing number of cyber attacks on Western companies, governments and foreign-based dissidents that are believed to originate in China, experts say.
According to one recent report, one in every three observed computer attacks in the third quarter of 2012 emanated from China.
Chinese officials have denied that Beijing has supported any cyber attacks, stressing that hacking is illegal in the country.
The New York Times reported Wednesday it had been the target of four months of cyber assaults, which started during an investigation by the newspaper into the wealth reportedly accumulated by relatives of the Chinese premier, Wen Jiabao. The Wall Street Journal said Thursday that its computer systems also had been infiltrated by Chinese hackers.
Cyber security experts say the alleged attack on The New York Times appeared to be similar to previously reported attacks that were linked to China.
"To do a spear-phishing attack of this kind is a well-established move in attacks against Google and various U.S. defense contractors from China," said Thomas Parenty, a former employee of the U.S. National Security Agency who now advises foreign firms in China on computer security.
"You could say the tools are sort of stock-in-trade" for Chinese hackers, he said.
"Spear-phishing" is a technique of disguising an email so that it appears to be from a trusted source, luring the victim to open an attachment or link that unleashes malicious software on the computer.
Investigators for The Times say they suspect the technique was used by the hackers to break into the newspaper's system where they were able collect passwords of every Times employee and gain access to the personal computers of 53 employees.
Security experts who helped the newspaper to counter the attacks accumulated evidence that the hackers used methods "associated with the Chinese military in the past" to breach the network, The Times said.
Asked about The Times's allegations on Thursday, a spokesman for the Chinese Foreign Ministry said that "all such alleged attacks are groundless, irresponsible accusations lacking solid proof or reliable research results." China has been the victim of cyberattacks and "has laws and regulations prohibiting such actions," the spokesman, Hong Lei, said at a regular news briefing.
A separate statement from the Chinese Ministry of National Defense said the country's military "has never supported any hacker activities."
But data reported by Western companies suggest that even though Chinese authorities say they prohibit hacking, they are struggling to keep it under control.
One-third of all observed computer attacks from July through September last year came from China, according to a report last month from Akamai Technologies, an Internet services company.
The United States was a distant second, originating 13% of observed attacks, followed by Russia with 4.7%.
"China has been consistently responsible for the largest percentage of observed attacks since (the fourth quarter of) 2011," the report said.
The most recent report shows a dramatic upswing in incidents from the Asian country. In the second quarter, 16% of observed cyber attacks came from China, the company said.
The executive summary of the report didn't specify from which groups or individuals in China the attacks might have come.
Google had a very public spat with the Chinese government in 2010 after it claimed China had led a hacking attack against Google, other technology companies, defense corporations and Chinese dissidents.
"In the past they've been pretty much focused on either intellectual properties, such as the hacking of defense companies, or dissidents they want to get at, like the Google Gmail attacks," Parenty said. "In this case, it appears they were trying to be able to get to people who talked to The New York Times -- they could make their lives miserable and send the message: Don't do this.
"They love to instill fear so people self censor or limit what they would say or do with the media," he added.
Mandiant, the security firm that led the investigation at The New York Times, says there is good reason for concern in the United States.
"There are thousands of computers compromising the United States at universities, at Mom and Pop shops -- small organizations without a big cyber security program -- and those computers serve as the beachhead to hack blue-chip American companies," Kevin Mandia, the chief executive of Mandiant, told CNN.
"The majority of victims, well over 90% of the victims we have responded to, really don't disclose that these attacks occur" for fear of losing customer trust, Mandia said.
"The folks that perpetrated this intrusion have done it to hundreds of other organizations and usually they are very successful," Mandia said. "What's really unique here is the fact that the victim organization, The New York Times, has decided to share this information with the public, so people can be more aware of the problem -- because it's a very pervasive problem."
Marc Frons, chief information officer of The Times, told CNN that the newspaper believed it had prevented this attack from revealing confidential sources.
In the case of the investigation into Wen's family's finances, much of the information came from public records.
But Frons said The Times isn't letting its guard down after expelling the hackers.
"I think we're over this phase of the
attack and obviously the types of things they tried to do previously they'll
have a more difficult time doing, but this isn't over," he said. "As
long as there are computers and networks we're going to be faced with cyber
espionage threats" (CNN,
Title: Sophisticated Cyber-Attack Hits Energy Department, China Possible
Date: February 4, 2013
Source: Fox News
Abstract: The Energy Department has been hit by a major cyber-attack, which resulted in the personal information of several hundred employees being compromised and could have been aimed at obtaining other sensitive information, The Washington Free Beacon reports.
FBI agents are investigating the attacks, which happened two weeks ago, at the Washington-based headquarters. Fourteen computer servers and 20 workstations reportedly were penetrated during the attack.
The Energy Department is in the process of notifying employees whose information was stolen. While no classified information was compromised, the Free Beacon reports there are indications the hackers could have been seeking access to such data. Chinese hackers may be suspects, as the department is a known target of Beijing -- according to the Free Beacon, the sophistication of the attack indicates the involvement of a foreign government.
The department includes the National Nuclear Security Administration, which maintains nuclear weapons.
"It's a continuing story of negligence," former Energy Department security official Ed McCallum told the Free Beacon, explaining that the department continues to have security problems despite controlling some of the most "sophisticated military and intelligence technology the country owns."
He said China, as well as Iran, have been after Energy Department secrets. Several groups and agencies have warned about stepped-up cyber activities out of China.
"China continues to develop its capabilities in the cyber arena," the U.S. China Economic and Security Review Commission said in a November 2012 report to Congress. "U.S. industry and a range of government and military targets face repeated exploitation attempts by Chinese hackers as do international organizations and nongovernmental groups including Chinese dissident groups, activists, religious organizations, rights groups, and media institutions."
Officials tell the Beacon they're working to plug security holes in the system and are developing ways to prevent a similar cyber attack in the future.Confirmation of the attack comes only days after The New York Times and The Wall Street Journal announced that Chinese hackers had infiltrated its computers and stolen passwords for its employees. In a written statement, News Corporation, parent company of FoxNews.com, described the attack as an "ongoing issue." China's Ministry of National Defense has denied accusations they were behind the cyber attacks (Fox News, 2013).
Title: Report: Chinese Military Engaged In 'Extensive Cyber Espionage
Date: February 19, 2013
Source: CNN Money
Abstract: An American cybersecurity firm has linked one of the world's most prolific groups of computer hackers to the Chinese government, saying in a new report that an extensive cyber-espionage campaign is being waged from a location near Shanghai.
The security firm, Mandiant, detailed the allegations in a 60-page report published Tuesday that describes the group's tactics over a six-year period.
The Virginia-based Mandiant, which helps companies detect and respond to cyber threats, said it has observed the group of hackers -- called the "comment crew" -- systematically steal hundreds of terabytes of data from at least 141 organizations across 20 industries worldwide since 2006.
Mandiant claims the activity can be traced to four networks near Shanghai -- with some operations taking place in a location that is also the headquarters of Unit 61398, a secret division of China's military.
"The sheer scale and duration of sustained attacks against such a wide set of industries from a singularly identified group based in China leaves little doubt about the organization behind [the group]," Mandiant said. "We believe the totality of the evidence we provide in this document bolsters the claim that [the group] is Unit 61398."
Chinese foreign ministry spokesman Hong Lei dismissed the hacking charges on Tuesday, insisting that China is the victim of many cyberattacks -- most originating in the United States.
"Making baseless accusations based on premature analysis is irresponsible and unprofessional," he said. "China resolutely opposes any form of hacking activities."
Last month, the Chinese defense ministry said the country's military "has never supported any hacker activities."
The latest accusation against Beijing comes amid concerns about the breadth and depth of cyberattacks originating in China. Recently, several leading U.S. news organizations reported their computer systems had been attacked by China-based hackers.
Mandiant estimates that hundreds, and perhaps thousands, of people work within Unit 61398, which is housed in a 12-story, 130,663 square-foot facility.
Organizations in English-speaking countries are the primary victims of the comment crew -- making up 87% of the 141 attacks observed by Mandiant. Of that, 115 attacks targeted organizations in the United States.
The hackers have a "well-defined attack methodology," and Mandiant said the group has stolen large volumes of intellectual property, including technology blueprints, proprietary manufacturing processes and business plans.
The report did not list companies or agencies that have been attacked, but the comment crew is known to have attacked Coca-Cola, security firm RSA, and consultancy Chertoff Group.
The Coca-Cola (CCE, Fortune 500) hack occurred in 2009 when the beverage giant was trying to purchase China's Huiyuan Juice Group. According to reports, comment crew stole Coca-Cola's negotiation strategy along with other information about the proposed offer. The deal was scuttled just days after the hack, when the Chinese government said it could not accept the deal on antitrust grounds.
RSA was attacked by the group in 2011, which compromised the security of some of its SecurID tokens used to gain entry into corporate systems. Using information gained from the RSA hack, the group subsequently attacked aerospace and defense company Lockheed Martin (LMT, Fortune 500).
All of these attacks started the same way: via a cleverly worded emails -- written in perfect English -- that appeared to be from someone inside the company. Instead, it contained malicious software designed to gain access to the corporations networks.
Mandiant was able to pinpoint the identities of three individuals working with the group. The report identifies the hackers who use the monikers "Ugly Gorilla," "dota" and "SuperHard." It tracks their activities in an unusually detailed manner, including information on their e-mail accounts, cell phones and hacking techniques.
Government and intelligence officials in the United States are increasingly concerned about the threats posed by cybercrime, especially from government actors.
Outgoing Defense Secretary Leon Panetta said last year that a cyberattack could be crippling, citing risks to the power grid, Wall Street and the financial system.
"We are literally getting hundreds of thousands of attacks everyday that try to exploit information in various agencies and departments and frankly throughout this country," Panetta said.
In a statement, White House spokesman Tommy Vietor said the administration is aware of the Mandiant report, and is acting to negate these threats.
"The United States has substantial and growing concerns about the threats to U.S. economic and national security posed by cyber intrusions," Vietor said. "We have repeatedly raised our concerns at the highest levels about cyber theft with senior Chinese officials, including in the military, and we will continue to do so."
Earlier this month, President Obama signed an executive order designed to address the country's most basic cybersecurity needs -- and highlighted the effort in his State of the Union address.
The order will make it easier for private companies in control of the nation's critical infrastructure to share information about cyberattacks with the government. The order also directs the government to work with the private sector on standards that will help protect companies from cybercrime.
In recent weeks, The New York Times, Washington Post and Wall Street Journal have disclosed that their computer networks had been targeted by hackers in China.
The New York Times, which hired Mandiant to help mitigate the threat, reported Tuesday that the comment crew was not the source of the attack on its network.China is not the only country believed to be involved in cyberattacks. The existence of several other state-sponsored cyberweapons have also been reported in recent years, with names like Stuxnet, Duqu and Flame. The U.S. government is widely believed to have played a role in developing some of those viruses, with an eye toward containing Iran (CNN Money, 2013).
Title: Wake Up, America! China Is Attacking
Date: February 19, 2013
Source: CNN Money
Abstract: The United States is reportedly under attack by the Chinese government. America's business secrets, critical infrastructure and wealth are the targets.
But many businesses are taking a lackadaisical approach to cybersecurity. Multiple industry studies have shown that the vast majority of companies don't begin following cybersecurity best practices until after they've been hit.
The latest and most telling example came Tuesday. According to a new report from information security company Mandiant, the Chinese military is linked to one of the most prolific hacking groups in the world.
That group, known as the "Comment Crew," has attacked Coca-Cola (KO, Fortune 500), EMC (EMC, Fortune 500) security division RSA, military contractor Lockheed Martin (LMT, Fortune 500), and hundreds of others. It reportedly holds the blueprints to America's energy systems, and has funneled trade secrets out of some of the country's largest corporations.
The implications of China's presence in Corporate America's networks are vast, from matters of economic competitiveness to international diplomacy.
China has strong ties with its businesses, and any information gathered from U.S. corporations could wind up in the hands of a Chinese rival. Imagine Apple's rumored iWatch being produced first by a competitor that stole Apple's plans. Not only would Apple (AAPL, Fortune 500) lose an edge in the market, but the theft could impact the vast ecosystem of third-party software developers and accessory makers.
"It is fundamentally important that the American private sector wake up to the fact that dozens of countries -- including China -- are robbing us blind." said Tom Kellermann, head of cybersecurity at Trend Micro (TMICY) and former commissioner of President Obama's cybersecurity council.
Kellerman estimates that the cost of trade secrets being stolen online is in the hundreds of billions of dollars annually.
U.S. jobs are also at stake.
"This is not some 15-year old trying to hack your database to see if he can," said Andy Serwin, adviser to the Naval Post Graduate School's Center for Asymmetric Warfare and chair of the information security practice at Foley & Lardner. "This is a large-scale organized effort to steal your company's most valuable information."
The Chinese government has long been believed to be behind a widespread cyberespionage scheme, but Mandiant's report is the first to clearly explain the link.
"It is time to acknowledge the threat is originating from China," said Dan McWhorter, Mandiant's managing director of threat Intelligence. "Without establishing a solid connection to China, there will always be room for observers to dismiss advanced persistent threat actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns."
Cyber Cold War has clearly begun. Fears about a crippling attack by China on the nation's power grid or other critical infrastructure are also a legitimate worry. That's because 85% of such infrastructure -- including electric and water utilities -- is controlled by private industry.
"Knowing China could turn off our lights has vast diplomatic implications," said Dave Aitel, CEO of security consultancy Immunity.
And while there haven't been any successful breaches of critical infrastructure command and control centers yet, there is strong evidence that a cybercriminal could strike if they wanted to. Last year, Comment Crew broke into the network of smart grid control systems maker Telvent. In that attack, Comment Crew gained access to blueprints for 60% of North and South America's oil and gas pipelines.
That's likely part of the reason why the Obama administration, which signed an executive order last week that promotes sharing information about cyberattacks between the government and critical infrastructure companies, has been reluctant to call out China on its own. In his State of the Union address, the president simply said that the U.S. knows "foreign countries and companies swipe our corporate secrets."
In response to the Mandiant report on Tuesday, an administration spokesman said the White House continues to work with the Chinese government to stop the flow of these attacks.
But experts say something bigger needs to be done. An increasing number of businesses are looking to Congress to pass legislation that would set minimum cybersecurity standards for businesses to follow. Industry experts say that if Mandiant's report truly serves as a wake-up call, hopefully such a bill will ultimately get passed."Every time a big report comes out, it builds awareness ... and it gives us a chance to saber rattle and blame someone else. But we still don't pass cybersecurity legislation," said Art Coviello, CEO of RSA. "There are a lot of really good proposals on the table. Are we going to have rule of law prevail or not?" (CNN Money, 2013).
Title: US Ready To Strike Back Against China Cyberattacks
Date: February 19, 2013
Source: AP My Way
Abstract: As public evidence mounts that the Chinese military is responsible for stealing massive amounts of U.S. government data and corporate trade secrets, the Obama administration is eyeing fines and other trade actions it may take against Beijing or any other country guilty of cyberespionage.
According to officials familiar with the plans, the White House will lay out a new report Wednesday that suggests initial, more-aggressive steps the U.S. would take in response to what top authorities say has been an unrelenting campaign of cyberstealing linked to the Chinese government. The officials spoke on condition of anonymity because they were not authorized to speak publicly about the threatened action.
The White House plans come after a Virginia-based cybersecurity firm released a torrent of details Monday that tied a secret Chinese military unit in Shanghai to years of cyberattacks against U.S. companies. After analyzing breaches that compromised more than 140 companies, Mandiant has concluded that they can be linked to the People's Liberation Army's Unit 61398.
Military experts believe the unit is part of the People's Liberation Army's cyber-command, which is under the direct authority of the General Staff Department, China's version of the Joint Chiefs of Staff. As such, its activities would be likely to be authorized at the highest levels of China's military.
The release of Mandiant's report, complete with details on three of the alleged hackers and photographs of one of the military unit's buildings in Shanghai, makes public what U.S. authorities have said less publicly for years. But it also increases the pressure on the U.S. to take more forceful action against the Chinese for what experts say has been years of systematic espionage.
"If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three or four times, the president would be on the phone and there would be threats of retaliation," said former FBI executive assistant director Shawn Henry. "This is happening thousands of times a day. There needs to be some definition of where the red line is and what the repercussions would be."
Henry, now president of the security firm CrowdStrike, said that rather than tell companies to increase their cybersecurity the government needs to focus more on how to deter the hackers and the nations that are backing them.
James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said that in the past year the White House has been taking a serious look at responding to China, adding that "this will be the year they will put more pressure on, even while realizing it will be hard for the Chinese to change. There's not an on-off switch."
The Chinese government, meanwhile, has denied involvement in the cyber-attacks tracked by Mandiant. Instead, the Foreign Ministry said that China, too, is a victim of hacking, some of it traced to the U.S. Foreign Ministry spokesman Hong Lei cited a report by an agency under the Ministry of Information Technology and Industry that said in 2012 alone that foreign hackers used viruses and other malicious software to seize control of 1,400 computers in China and 38,000 websites.
"Among the above attacks, those from the U.S. numbered the most," Hong said at a daily media briefing, lodging the most specific allegations the Chinese government has made about foreign hacking.
Cybersecurity experts say U.S. authorities do not conduct similar attacks or steal data from Chinese companies, but acknowledge that intelligence agencies routinely spy on other countries.
China is clearly a target of interest, said Lewis, noting that the U.S. would be interested in Beijing's military policies, such as any plans for action against Taiwan or Japan.
In its report, Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a white 12-story office building run by the PLA's Unit 61398.
Mandiant said there are only two viable conclusions about the involvement of the Chinese military in the cyberattacks: Either Unit 61398 is responsible for the persistent attacks or they are being done by a secret organization of Chinese speakers with direct access to the Shanghai telecommunications infrastructure who are engaged in a multi-year espionage campaign being run right outside the military unit's gates.
"In a state that rigorously monitors Internet use, it is highly unlikely that the Chinese government is unaware of an attack group that operates from the Pudong New Area of Shanghai," the Mandiant report said, concluding that the only way the group could function is with the "full knowledge and cooperation" of the Beijing government.
The unit "has systematically stolen hundreds of terabytes of data from at least 141 organizations," Mandiant wrote. A terabyte is 1,000 gigabytes. The most popular version of the new iPhone 5, for example, has 16 gigabytes of space, while the more expensive iPads have as much as 64 gigabytes of space. The U.S. Library of Congress' 2006-2010 Twitter archive of about 170 billion tweets totals 133.2 terabytes.
"At some point we do have to call the Chinese out on this," said Michael Chertoff, Homeland Security secretary under President George W. Bush and now chairman of the Chertoff Group, a global security firm. "Simply rolling over and averting our eyes, I don't think is a long-term strategy."
Richard Bejtlich, the chief security officer at Mandiant, said the company decided to make its report public in part to help send a message to both the Chinese and U.S. governments.
"At the government level, I see this as a tool that they can use to have discussions with the Chinese, with allies, with others who are concerned about this problem and have an open dialogue without having to worry about sensitivities around disclosing classified information," Bejtlich said. "This problem is overclassified."
He said the release of an unclassified report that provides detailed evidence will allow authorities to have an open discussion about what to do.
Mandiant's report is filled with high-tech details and juicy nuggets that led to its conclusion, including the code names of some of the hackers, like Ugly Gorilla, Dota and SuperHard, and that Dota appears to be a fan of Harry Potter because references to the book and movie character appear as answers to his computer security questions.
The White House would not comment on the report expected Wednesday.
"We have repeatedly raised our concerns at the highest levels about cybertheft with senior Chinese officials, including in the military, and we will continue to do so," said Caitlin Hayden, spokeswoman for the National Security Council. "The United States and China are among the world's largest cyber actors, and it is vital that we continue a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace."Sen. Dianne Feinstein, D-Calif., chairman of the Senate Intelligence Committee, said the report reinforces the need for international agreements that prohibit cybercrimes and have a workable enforcement mechanism (AP My Way, 2013).
Title: US And China Accuse Each Other Of Cyber Warfare
Date: February 19, 2013
Abstract: US security experts claim a 12-story office building outside of Shanghai is the headquarters of a hacking unit in China established to attack international computer networks. Beijing has rejected the allegations, calling the reports “unreliable”.
According to a report published Tuesday morning by a Northern Virginia-based information security company, an elusive squadron of Chinese cyberwarriors operating under the name Unit 61398 has engaged in countless battles with governments and entities around the globe for years under the umbrella of the People’s Liberation Army.
The group is accused of infiltrating the computers of some of the biggest businesses and agencies in the US, both public and private alike, and is assumed to still be at large.
Alexandria, Virginia’s Mandiant says they’ve been investigating PLA Unit 61398 for years now and has watched them compromise 141 companies across 20 major industries, infecting the computers at places like Coca-Cola and the Canadian arm of Telvent with malicious codes used to pilfer servers for privileged information and wreak havoc. In their report, the security experts say that they are all but certain that those attacks have originated out of an inconspicuous white office building on the outskirts of Shanghai that has been provided with a special fiber optic communications infrastructure from Chinese telecom providers in the name of national defense — but China maintains the claim that they have not engaged in any illegal hacks.
Mandiant founder Kevin Mandia begs to differ, and tells The New York Times that either those attacks are being waged by Unit 61398 out of the building in question, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
“It’s where more than 90 percent of the attacks we followed come from,” says Mr. Mandia, who adds that the unit is "chartered with hiring people that can speak English, and be able to exploit networks, and know computer security.”
“We thought that was an interesting combination, and that unit just so happens to be located in the same region of Shanghai where we're tracking over 90 percent of the connections coming from,” he tells the Times. Additionally, his company discovered that two sets of I.P. addresses used in the attacks being studied were registered in the same neighborhood as the building assumed to be used by Unit 61398.
“The totality of the evidence” leads to the company to conclude that the building described by the Times to be in a run-down neighborhood on the outskirts of Shanghai is the originating point of the attacks.
Details of an advanced cyberwar against the US by way of China has been hinted at by members of the Obama administration since the president began his first term in office in 2009, although publically little information about the actual threat posed by Far East hackers has been officially divulged. Through documents obtained by the website WikiLeaks, however, information has emerged that only begins to discuss the intensity of the threat. US State Department diplomatic cables released in 2010 by WikiLeaks and attributed to accused whistleblower Bradley Manning discus sophisticated cyberattacks against the US waged by a Chinese unit given the codename “Byzantine Candor,” or BC. The Times reports that that moniker for Unit 61398 — formally, the Second Bureau of the People’s Liberation Army’s General Staff Department’s Third Department — was dropped by American officials following the highly publicized disclosure of the hundreds of thousands of sensitive State Department documents.
In one cable from November 2008, a State Department official writes, “hackers based in Shanghai and linked to the PRC’s People’s Liberation Army (PLA) Third Department have been using these compromised systems as part of the larger BC attack infrastructure to facilitate computer network exploitation (CNE) of U.S. and foreign information systems.”
“A October 23 DoD cable states Shanghai-based hackers associated with BC activity and linked to the PLA have successfully targeted multiple U.S. entities,” the memo continues. “In the US, the majority of the systems BC actors have targeted belong to the U.S. Army, but targets also include other DoD services as well as DoS, Department of Energy, additional USG entities and commercial systems and networks.”
But despite the State Department cables spawning an insurmountable number of media articles and remarks, the publishing of the Mandiant report presents an American audience for the first time with detailed claims about intrusions and attacks waged against countries around the globe with undoubtedly damaging repercussions. It also comes on the heels of a renewed call for federal cybersecurity legislation in the United States, which could now be sooner than ever thanks to the latest revelations regarding Unit 61398.
On Wednesday last week, Rep. Mike Rogers (R-Mich.) and Sen. Dutch Ruppersberger (D-Calif.) reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA), a bill that was touted as being a solution to America’s mysterious cyberwar woes when first brought up last year but was eventually stalled before it could reach a vote in the Senate. On the eve of the reintroduction, Rep. Rogers wrote an op-ed for The Detroit News in which he says, “Every morning in China, thousands of highly-trained computer engineers wake up with one mission: Steal American intellectual property that the Chinese can in turn use to compete against us in the international market.” During a formal unveiling of the rekindled CISPA, Sen. Ruppersberger claimed that the US loses around $300 billion in trade secrets annually because of foreign cyberattacks.
Now to address the latest news from Mandiant, the White House is reportedly in discussion with the Chinese to snuff any possible cyberwar before it escalates. According to Foreign Policy, a senior White House official says on condition of anonymity that the Obama administration is speaking with Chinese government officials "at the highest levels" about the attacks.
"The United States has substantial and growing concerns about the threats to US economic and national security posed by cyber intrusions, including the theft of commercial information," the source says.
Additionally, Foreign Policy says Rep. Rogers told them in a candid interview just last week that America is in need of having “direct talks with China,” with cyber espionage being top priority for the bilateral discussions. "This is a problem of epic proportions here and they need to be called on the carpet. There has been absolutely no consequences for what they have been able to steal and repurpose to date,” he told them.
For now, though, the Chinese are refuting the claims made by Mandiant and the US government. Mandiant says the cybercrimes in question “are based primarily in China and that the Chinese Government is aware of them,” but Hong Lei, a spokesman for China’s foreign ministry, said on Tuesday that his country disavowed hacking while discrediting the report.
“Groundless criticism is irresponsible and unprofessional, and it will not help to solve the problem," he said of the Mandiant analysis.
"Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult. We don't know how the evidence in this so-called report can be tenable," Lei added.
China's Defense Ministry on Wednesday issued a statement arguing the report’s accusations are scientifically flawed and not reliable.
"The report, in only relying on linking IP address to reach a conclusion the hacking attacks originated from China, lacks technical proof," the statement said. "Everyone knows that the use of usurped IP addresses to carry out hacking attacks happens on an almost daily basis."
The ministry also suggested that gathering information is not “online spying”.
Speaking to the Times, officials at the Chinese embassy in Washington have also dismissed the allegations while noting the epidemic of international hacks originating in the US. "They describe China itself as a victim of computer hacking, and point out, accurately, that there are many hacking groups inside the United States," the Times' report reads.
Just last month, the Chinese Defense Ministry issued a statement saying “it is unprofessional and groundless to accuse the Chinese military of launching cyber attacks without any conclusive evidence.” And while Mandiat’s report include a good number of information that suggests attacks on US entities are coming from the rumored Unit 61398 headquarters, at the same time they still lack cold hard proof.
The same could be said about the United States’ own attacks, though, after testimonies offered to The New York Times last year linked both the George W. Bush and Obama administrations to a program nicknamed ‘Olympic Games’ that was put together with Israeli allies to wage a covert cyberwar on Iranian nuclear facilities. The White House has yet to formally admit to the allegations, but former administration officials attributed attacks on Iran to the US. Meanwhile, Iranian hackers are being blamed for recent assaults on the US banking industry.
"We are in a cyberwar [but] most Americans don’t know it,” Sen. Rogers said during last week’s CISPA unveiling.
Discussing the need for cybersecurity legislation during the event, Rogers urged Congress to approve the bill he co-authored with Rep. Ruppersberger before a cyberattack of epic proportions prompts Washington to act urgently and perhaps without oversight. The senator warned of what an assault on the US infrastructure conducted by cybercriminals could mean and said, "We don’t do anything well after a significant emotional event."
Should there be a cyberattack on America on par with the September 11, 2001 tragedy, Rep. Ruppersberger said Congress “will get all the bills passed we want.”Should Mandiant’s assumptions prove correct, though, it would pin the blame on China for a number of high-profile hacks. Among the entities that the security experts say were targeted by Chinese hackers are defense contractors Lockheed Martin; the National Geospatial-Intelligence Agency; lobbyists the National Electrical Manufacturers Association; Coca-Cola; the Chertoff Group and Telvent. According to the Times, computers at Telvent are used to design software “that gives oil and gas pipeline companies and power grid operators remote access to valves, switches and security systems” in Canada. Coincidently, last month China's state-owned CNOOC spent $15 billion to buy-out Canadian oil and gas company Nexen Inc. in China's largest-ever foreign takeover (RT, 2013).
Title: Cyber-Assault HQ: How US Is Under Attack From This Office In
Date: February 19, 2013
Abstract: A barrage of malicious cyber-attacks against computer networks in the United States and other countries over several years has been sourced by a private US security firm to a single building on the fringes of Shanghai, which, it says, is occupied by the Chinese military.
A 60-page report released by Mandiant, a Virginia-based firm that specialises in cyber-espionage, concludes that hundreds or perhaps thousands of English-speaking Chinese computer experts toil daily inside the anonymous-looking 12-storey building in the Pudong district of Shanghai. ‘Unit 61398’, as it is known, hacks into foreign networks on behalf of the People’s Liberation Army (PLA), Mandiant alleges.
“The nature of Unit 61398’s work is considered by China to be a state secret; however, we believe it engages in harmful computer network operations,” the security firm said in the report, which drew instant rebukes from the Chinese government. “It is time to acknowledge the threat that is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively.”
The company asserted that the unit, one of several in China believed to be involved in invading overseas computer systems, had “stolen hundreds of terabytes of data from at least 141 organisations across a diverse set of industries beginning as early as 2006”. While most of the activity targeted corporations in the United States are smaller number is located in Canada and Britain, it said.
Cyber-espionage is becoming an increasingly urgent worry in Washington. The concern is not just that China, as well any number of other countries, is successfully stealing corporate information – for example merger plans, design blueprints, pricing documents or negotiating strategies – but that it is developing the capacity to sabotage physical infrastructure networks in the US like gas pipelines or power grids.
“In the cold war, we were focused every day on the nuclear command centres around Moscow,” one senior defence official was cited as saying by the New York Times, which first revealed the contents of the Mandiant report. “Today, it’s fair to say that we worry as much about the computer servers in Shanghai.”
President Barack Obama included a call to arms to confront the cyber-threat in his State of the Union address last week. “We know foreign countries and companies swipe our corporate secrets,” he said. “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing.”
Beijing continues to deny sanctioning such activity. “Hacking attacks are transnational and anonymous,” foreign ministry spokesman Hong Lei said. “Determining their origins are extremely difficult. We don’t know how the evidence in this so-called report can be tenable.” When BBC journalists approached the building they were briefly detained and forced to relinquish their footage.
Unit 61398 has been known both to private cyber-security firms as well as US intelligence for a while and is sometimes referred as the ‘Comment Crew’ because it has been known to infiltrate online forums and leave comments. The Mandiant report does not name any victims but says that the 141 companies already infiltrated span 20 major industries.
American companies known to have been targeted by Comment Crew, however, include Coca Cola at a time when it was considering a take-over of a Chinese juice company and RSA, a technology company that creates computer codes to protect confidential corporate and government databases. Alarm bells sounded last September when a unit of Telvent which supplies equipment enabling utility companies remotely to operate valves and switches on gas and oil networks had been invaded by unidentified cyber-intruders.
Responding to the report, White House spokeswoman Caitlin Hayden reiterated only that the United States “has substantial and growing concerns about the threats to U.S. economic and national security posed by cyber intrusions, including the theft of commercial information.”The Mandiant report acknowledges that while it has traced assorted cyber-intrusions to servers precisely in the rather run-down district of Pudong where the building occupied by Unit 61398 stands, it cannot be certain they are actually within its walls. But to suppose they are not is barely plausible, the firm says (Independent, 2013).
Title: Major Chinese Internet Hacking Base Exposed
Date: February 19, 2013
Abstract: American computer analysts have traced more than 100 attacks on government departments, companies and journalists to the site of the 12-storey building about 40 minutes outside Shanghai's city centre.
A 60-page report by Mandiant, a computer security company, said the headquarters of People's Liberation Army Unit 61398 was located in the compound.
The Daily Telegraph confirmed that a woman who questioned a reporter's purpose in visiting the area was a member of Unit 61398. While she admitted her afilliation, she refused to produce any identification.
The Mandiant report said a hacking network named the Comment Crew or the 'Shanghai Group' operated from the compound. It said "hundreds, and perhaps thousands of people" were working inside to breach the security of global corporations, as well as foreign power grids, gas lines and waterworks.
While the Shanghai PLA base is off-limits to outsiders, the existence of the military compound is no secret in what is a bustling residential neighbourhood.
There is no sign identifying the base by name but clear orders have been placed outside in Chinese and English: "Restricted military area. No photographing or filming."
Men in PLA uniform guard the entrance. Large propaganda posters are pinned to walls around the base. Next door, a residential compound for military families greets visitors with a plaque reading: "Be faithful and loyal to the Party. Love the people. Dedicate yourself to the cause."
While Mandiant could not trace the hacking attacks to inside the building, its chief executive, Kevin Mandia, told The New York Times: "Either they are coming from inside Unit 61398 or the people who run the most controlled, most monitored internet networks in the world are clueless about thousands of people generating attacks from this one neighbourhood."
A succession of media groups, including The New York Times, The Washington Post and The Wall Street Journal have reported in recent months that hackers, with alleged ties to the PLA, had invaded or attempted to compromise their systems.
The Mandiant report claimed that hackers who appeared to be working out of the Shanghai PLA unit had launched more than 140 attacks since 2006, stealing "hundreds of terabytes of data".
Most of the targets were in the United States although some were in Britain.
The report is the most concrete confirmation yet that the wave of cyber attacks emanating from China is sponsored, at least in part, by the Chinese government. However, a spokesman for the Chinese foreign ministry dismissed the allegations as "groundless".
In the past, the People's Daily, the mouthpiece of the Communist Party, has accused the US of sensationalising China's cyber threat as an excuse to expand its own "internet army".
In his recent State of the Union address, US
president Barack Obama warned: "Our enemies are also seeking the ability
to sabotage our power grid, our financial institutions, our air-traffic control
systems. We cannot look back years from now and wonder why we did nothing"
Title: Accused China Cyberspy Unit Appears To Be Highly Specialized
Date: February 20, 2013
Source: Fox News
Abstract: Unit 61398 of the People's Liberation Army has been recruiting computer experts for at least a decade. It has made no secret of details of community life such as badminton matches and kindergarten, but its apparent purpose became clear only when a U.S. Internet security firm accused it of conducting a massive hacking campaign against North American targets.
Hackers with the Chinese unit have been active for years, using online handles such as "UglyGorilla," Virginia-based firm Mandiant said in a report released Tuesday as the U.S. prepared to crack down on countries responsible for cyberespionage. The Mandiant report plus details collected by The Associated Press depict a highly specialized community of Internet warriors working from a blocky white building in Shanghai:
Unit 61398, alleged to be one of several hacking operations run by China's military, recruits directly from universities. It favors high computer expertise and English language skills. A notice dated 2003 on the Chinese Internet said the unit was seeking master's degree students from Zhejiang University's College of Computer Science and Technology. It offered a scholarship, conditional on the student reporting for work at Unit 61398 after graduation.
Mandiant says it traced scores of cyberattacks on U.S. defense and infrastructure companies to a neighborhood in Shanghai's Pudong district that includes the 12-story building where Unit 61398 is known to be housed. The building has office space for up to 2,000 people. Mandiant estimates the number of personnel in the unit to be anywhere from hundreds to a couple of thousand. The surrounding neighborhood is filled with apartment buildings, tea houses, shops and karaoke bars.
UNIT 61398 COMMUNITY
While the building's activities may be top secret, Unit 61398's status in the community as a military division is not. It turns up in numerous Chinese Internet references to community events, including a 2010 accord with the local government to set up a joint outreach center on family planning. Other articles describe mass weddings for officers, badminton matches and even discussion of the merits of the "Unit 61398 Kindergarten." Other support facilities include a clinic, car pool, and guesthouse -- all standard for the military's often self-contained communities across China.
The Mandiant report describes a special arrangement made with China Telecom for a fiber optic communication infrastructure in the Unit 61398 neighborhood, pointing to its need for bandwidth and its elite status. The contract between the two refers to Unit 61398 as belonging to the General Staff Department 3rd Department, 2nd Bureau, and says China Telecom agreed to the military's suggested price due to "national defense construction" concerns.
The cyberspies typically enter targeted computer networks through "spearfishing" attacks, in which a company official receives a creatively disguised email and is tricked into clicking on a link or attachment that then opens a secret door for the hackers, Mandiant says. The cyberspies would steal and retransmit data for an average of just under a year, but in some cases more than four years. Information technology companies were their favorite targets, followed by aerospace firms, pointing to a key area of interest as China seeks to develop its own cutting-edge civilian and military aircraft.
Mandiant identifies three of the unit's hackers by their screen names. It says one of them, "UglyGorilla," was first detected in a 2004 online forum posing a question to a cybersecurity expert about whether China needed a dedicated force to square off against an online cohort being mustered by the United States. The user of another screen name, "Dota," appears to be a fan of Harry Potter; Mandiant said references to the book and movie character appear as answers to his computer security questions.
Unit 61398 hackers were sometimes identified as the "Comment Crew" by security companies due to their practice of inserting secret backdoors into systems by using code embedded in comments on websites.
And what helped Mandiant track down the source of hacking into more than 140 companies and organizations from the U.S. and elsewhere? Facebook and Twitter.
China's "Great Firewall" of Internet filtering blocks those U.S.-based social networks, but Unit 61398 operators got around that by accessing them directly from the unit's system. Mandiant was able to see that Facebook and Twitter accounts were being accessed from Internet Protocol addresses connected to the unit. It's not clear whether those accounts aided in hacking or were simply for the hackers' personal use."These actors have made poor operational security choices, facilitating our research and allowing us to track their activities," the report says (Fox News, 2013).
Title: China's Military Denies Hacking Allegations
Date: February 20, 2013
Source: CNN Money
Abstract: What is happening inside 208 Datong Road in Shanghai?
Definitely no computer hacking, according to China's military, which said Wednesday that it is not engaged in cyberattacks of any sort.
The forceful denial comes a day after Virginia-based cybersecurity firm Mandiant released a 60-page report detailing the activities of a hacking collective it claims has direct ties to China's military.
Mandiant says it has watched the group systematically steal hundreds of terabytes of data from at least 141 organizations across 20 industries worldwide since 2006.
Mandiant claims the activity -- perpetrated by a group called the "comment crew" -- can be traced to four networks near Shanghai, with some operations taking place in a nondescript building on Datong Road that is also the headquarters of Unit 61398, a secret wing of the People's Liberation Army.
Geng Yansheng, a spokesman for China's Ministry of National Defense, characterized the charges Wednesday as "groundless both in facts and legal basis."
The spokesman offered, for the first time, a detailed rebuttal of Mandiant's charges. The report relies too heavily on the tracking of IP addresses, Geng said, referring to the digital identifiers which are stolen "almost everyday."
"The report, in only relying on linking IP addresses to reach a conclusion the hacking attacks originated from China, lacks technical proof," the spokesman said, according to a transcript posted on the ministry's website.
Geng also resorted to a somewhat arcane legal argument.
"There is still no internationally clear, unified definition of what constitutes a hacking attack," Geng said. "There is no legal evidence behind the report subjectively concluding that the everyday gathering of online information is online spying."
The Obama administration appears unconvinced -- and says it is acting to counter the threats.
"We have repeatedly raised our concerns at the highest levels about cybertheft with senior Chinese officials, including in the military, and we will continue to do so," White House spokesman Tommy Vietor said Tuesday.
Mandiant estimates that hundreds, and perhaps thousands, of people work within Unit 61398, which is housed in a 12-story, 130,663 square-foot facility.
Organizations in English-speaking countries are the primary victims of the comment crew -- making up 87% of the 141 attacks observed by Mandiant. Of that, 115 attacks targeted organizations in the United States.
The hackers have a "well-defined attack methodology," and Mandiant said the group has stolen large volumes of intellectual property, including technology blueprints, proprietary manufacturing processes and business plans.
The report did not list companies or agencies that have been attacked, but the comment crew is known to have attacked Coca-Cola, security firm RSA, and consultancy Chertoff Group.
China is not the only country believed to be involved in cyberattacks. The existence of several other state-sponsored cyberweapons has also been reported in recent years, with names like Stuxnet, Duqu and Flame.The U.S. government is widely believed to have played a role in developing some of those viruses, with an eye toward containing Iran (CNN Money, 2013).
Title: Commercial Cyberspying, Theft
Promise Rich Payoff
Date: February 20, 2013
Abstract: For state-backed cyberspies such as a Chinese military unit implicated by a U.S. security firm in a computer crime wave, hacking foreign companies can produce high-value secrets ranging from details on oil fields to advanced manufacturing technology.
This week's report by Mandiant Inc. adds to mounting suspicion that Chinese military experts are helping state industry by stealing secrets from Western companies possibly worth hundreds of millions of dollars. The Chinese military has denied involvement in the attacks.
"This is really the new era of cybercrime," said Graham Cluley, a British security expert. "We've moved from kids in their bedroom and financially motivated crime to state-sponsored cybercrime, which is interested in stealing secrets and getting military or commercial advantage."
Instead of credit card numbers and other consumer data sought by crime gangs, security experts say cyberspies with resources that suggest they work for governments aim at better-guarded but more valuable information.
Companies in fields from petrochemicals to software can cut costs by receiving stolen secrets. An energy company bidding for access to an oil field abroad can save money if spies can tell it what foreign rivals might pay. Suppliers can press customers to pay more if they know details of their finances. For China, advanced technology and other information from the West could help speed the rise of giant state-owned companies seen as national champions.
"It's like an ongoing war," said Ryusuke Masuoka, a cybersecurity expert at Tokyo's Center for International Public Policy Studies, a private think tank. "It is going to spread and get deeper and deeper."
Mandiant, headquartered in Alexandria, Virginia, said it found attacks on 141 entities, mostly in the United States but also in Canada, Britain and elsewhere.
Attackers stole information about pricing, contract negotiations, manufacturing, product testing and corporate acquisitions, the company said. It said multiple details indicated the attackers, dubbed APT1 in its report, were from a military unit in Shanghai, though there was a small chance others might be responsible.
Target companies were in four of the seven strategic industries identified in the Communist Party's latest five-year development plan, it said.
"We do believe that this stolen information can be used to obvious advantage" by China's government and state enterprises, Mandiant said.
China's military is a leader in cyberwarfare research, along with its counterparts in the United States and Russia. The People's Liberation Army supports hacker hobby clubs with as many as 100,000 members to develop a pool of possible recruits, according to security consultants.
Mandiant said it traced attacks to a neighborhood in Shanghai's Pudong district where the PLA's Unit 61398 is housed in a 12-story building. The unit has advertised online for recruits with computer skills. Mandiant estimated its personnel at anywhere from hundreds to several thousand.
On Wednesday, the PLA rejected Mandiant's findings and said computer addresses linked to the attacks could have been hijacked by attackers elsewhere. A military statement complained that "one-sided attacks in the media" destroy the atmosphere for cooperation in fighting online crime.
Many experts are not swayed by the denials.
"There are a lot of hackers that are sponsored by the Chinese government who conduct cyberattacks," said Lim Jong-in, dean of Korea University's Graduate School of Information Security.
The United States and other major governments are developing cyberspying technology for intelligence and security purposes, though how much that might be used for commercial spying is unclear.
"All countries who can do conduct cyber operations," said Alastair MacGibbon, the former director of the Australian Federal Police's High Tech Crime Center.
"I think the thing that has upset people mostly about the Chinese is ... that they're doing it on an industrialized scale and in some ways in a brazen and audacious manner," said MacGibbon, who now runs an Internet safety institute at the University of Canberra.
China's ruling party has ambitious plans to build up state-owned champions in industries including banking, telecoms, oil and steel. State companies benefit from monopolies and other official favors but lack skills and technology.
Last year, a group of Chinese state companies were charged in U.S. federal court in San Francisco in the theft of DuPont Co. technology for making titanium dioxide, a chemical used in paints and plastics.
In 2011, another security company, Symantec Inc., announced it detected attacks on 29 chemical companies and 19 other companies that it traced to China. It said the attackers wanted to steal secrets about chemical processing and advanced materials manufacturing.
In Australia, a report by the attorney general this week said 20 percent of 225 companies surveyed had experienced a cyberattack in the previous year.
Australian mining companies make a tempting target because of their knowledge about global resources, said Tobias Feakin, head of national security at the Australian Strategic Policy Institute, a think tank.
As Chinese resource producers expand abroad, "you could see the motivation for understanding the Australian competition and infiltrating their systems," Feakin said.
China has long been cited by security experts as a center for Internet crime. They say some crimes might be carried out by attackers abroad who remotely control Chinese computers. But experts see growing evidence of Chinese involvement.
Few companies are willing to confirm they are victims of cyberspying, possibly fearing it might erode trust in their business.
"When companies admit their servers were hacked, they become the target of hackers. Because the admission shows the weakness, they cannot admit," said Kwon Seok-chul, president of Cuvepia Inc., a security firm in Seoul.
An exception was Google Inc., which announced in 2010 that it and at least 20 other companies were hit by attacks traced to China. Only two other companies disclosed they were targets. Google cited the hacking and efforts to snoop on Chinese dissidents' email as among reasons for closing its China-based search service that year.
Mandiant cited the example of an unidentified company with which it said a Chinese commodity supplier negotiated a double-digit price increase after attackers stole files and emails from the customer's chief executive over 2½ years beginning in 2008."It would be surprising if APT1 could continue perpetrating such a broad mandate of cyberespionage and data theft if the results of the group's efforts were not finding their way into the hands of entities able to capitalize on them," the report said (AP, 2013).
Title: Small Firm Hit By 3-Year Hacking Campaign Puts Face On Growing
Date: February 22, 2013
Source: Fox News
Abstract: For three straight years, a group of Chinese hackers waged a cyber war against a family-owned, eight-person software firm in California, according to court records.
It started when Solid Oak Inc. founder Brian Milburn claims he discovered that China was stealing his company's parental filtering software, CYBERsitter. The theft hurt their business and sales, which was bad enough. But twelve days after he publicly accused Chinese hackers, he says he was inundated by attempts to bring down his Santa Barbara-based business.
Hackers broke into the company's system, shut down its email and web servers, spied on employees using their own webcams and gained access to sensitive company files, according to court records.
"We started watching sales go down," Milburn told FoxNews.com Thursday. "We depend on cash flow and it's not like we're Apple or Dell who have lots of money. We needed to pay our bills, pay our employees and pay our salaries."
So Milburn waged his own one-man cyber fight against one of the most prolific and patient hacking teams around.
He didn't have help from authorities, lacked the cash larger companies have and faced an unknown giant pretty much on his own -- and, last year, won a $2.2 billion settlement, from a decision in federal court in California.
Milburn's case is rare in that it ended with a big judgment -- though he declined to say whether he's received the money. But, while Solid Oak is one of the few small companies that have spoken out in detail about being victimized by hackers, the threat of cyber-assault has become all too common.
Apple Inc. reported earlier this week it was hacked by the same group that hit social-networking monster Facebook in January. The security breaches are the latest in a string of high-profile attacks on companies including The Wall Street Journal and New York Times.
Cybersecurity firm Mandiant also came out with a report earlier this week that accused a secret Chinese military unit in Shanghai of years of systematic cyber-espionage against more than 140 U.S. companies.
Adam Levin, co-founder and chairman of Identity Theft 911, says that for most companies it's not a matter of if they will have a breach but when.
"No company is ultimately immune to this," he told FOXBusiness.com. "A lot of the times this happens from spear-phishing -- employees at companies are opening things they think are from people within their organization or things that they think are related to their companies. They open the door, and we get killed."
According to cybersecurity experts, high tech spies have been targeting small- to medium-sized companies at alarming rates. Businesses that make the leap to computerized systems often leave their digital identities exposed and primed to be plucked by hackers.
"You hear about the big breaches on the news but what you don't hear is how they happen every day at a lot of medium- or small-sized companies," Angie Keating, CEO of Reclamere, a data security company, said.
Keating's team helps smaller businesses fend off online thugs and has followed cyber trails that have led to rogue Russian PayPal accounts and other digital money mule scams which shift ill-gotten gains from account to account. Even though one of her clients reportedly was hacked by the Chinese, Keating tells FoxNews.com the threat isn't limited to one or two international culprits. In the time it takes to break into a major company like Apple, a home-grown hacker can steal data from dozens of smaller businesses and not be detected.
"They are the perfect target," she said. "If you have your business accounts tied in to an online bank account, I can get the routing numbers and then I can start moving money around. I can start a separate account, accept a wire transfer or send out a transfer."
One of Keating's clients, a small chiropractor's office, had their data hacked and held hostage. A person pretending to be from Microsoft got an employee to give up her password and from there wreaked havoc on the system. While Keating's team was able to untangle the tech mess, she said many other companies have not been so lucky.
Across the country many businesses victimized by cyber criminals are afraid to come forward. Several declined to speak to FoxNews.com for this article.
Generally, they fear the stigma attached to being hacked and say admitting it sends a bad message to customers that their company isn't safe. Others simply don't have the cash to front an investigation and end up spending thousands of dollars trying to get out of the red or simply out of business.
"If I knew at the beginning what I know now, I'm not sure if I would do it again but I'm kind of stubborn," Milburn said, in reference to his lawsuit against the hackers.
Milburn's micro-tech billion-dollar victory against the Chinese government as well as a string of companies tied to the government but operating in the U.S. is a rare example of a small business taking on a giant and winning. But it wasn't easy.
"From a legal perspective, it hasn't really been done before," he said. "There was no precedent. It just didn't exist."
Milburn said some business owners have heard about his struggle and asked for advice.
"I tell them they need to be prepared for the absolute worst," he said. "I knew from the first day we started this that the battle was going to be way uphill."
Milburn said that while there was a settlement reached in his civil suit, that doesn't mean he's out of the cyber woods."I'd like to be able to say that all the abuse has stopped but we'll probably stay on their list for a long time," he said (Fox News, 2013).
Title: Chinese Hackers Seen As Increasingly Professional, Experts Say
Date: February 25, 2013
Source: Fox News
Abstract: Beijing hotly denies accusations of official involvement in massive cyberattacks against foreign targets, insinuating such activity is the work of rogues. But at least one element cited by Internet experts points to professional cyberspies: China's hackers take the weekend off.
Accusations of state-sanctioned hacking took center stage this past week following a detailed report by a U.S.-based Internet security firm Mandiant. It added to growing suspicions that the Chinese military is not only stealing national defense secrets and harassing dissidents but also pilfering information from foreign companies that could be worth millions or even billions of dollars.
Experts say Chinese hacking attacks are characterized not only by their brazenness, but by their persistence.
"China conducts at least an order of magnitude more than the next country," said Martin Libicki, a specialist on cyber warfare at the Rand Corporation, based in Santa Monica, California. The fact that hackers take weekends off suggests they are paid, and that would belie "the notion that the hackers are private," he said.
Libicki and other cyber warfare experts have long noted a Monday-through-Friday pattern in the intensity of attacks believed to come from Chinese sources, though there has been little evidence released publicly directly linking the Chinese military to the attacks.
Mandiant went a step further in its report Tuesday saying that it had traced hacking activities against 141 foreign entities in the U.S. Canada, Britain and elsewhere to a group of operators known as the "Comment Crew" or "APT1," for "Advanced Persistent Threat 1," which it traced back to the People's Liberation Army Unit 61398. The unit is headquartered in a nondescript 12-story building inside a military compound in a crowded suburb of China's financial hub of Shanghai.
Attackers stole information about pricing, contract negotiations, manufacturing, product testing and corporate acquisitions, the company said.
Hacker teams regularly began work, for the most part, at 8 a.m. Beijing time. Usually they continued for a standard work day, but sometimes the hacking persisted until midnight. Occasionally, the attacks stopped for two-week periods, Mandiant said, though the reason was not clear.
China denies any official involvement, calling such accusations "groundless" and insisting that Beijing is itself a major victim of hacking attacks, the largest number of which originate in the U.S. While not denying hacking attacks originated in China, Foreign Ministry spokesman Hong Lei said Thursday that it was flat out wrong to accuse the Chinese government or military of being behind them.
Mandiant and other experts believe Unit 61398 to be a branch of the PLA General Staff's Third Department responsible for collection and analysis of electronic signals such as e-mails and phone calls. It and the Fourth Department, responsible for electronic warfare, are believed to be the PLA units mainly responsible for infiltrating and manipulating computer networks.
China acknowledges pursuing these strategies as a key to delivering an initial blow to an opponent's communications and other infrastructure during wartime -- but the techniques are often the same as those used to steal information for commercial use.
China has consistently denied state-sponsored hacking, but experts say the office hours that the cyberspies keep point to a professional army rather than mere hobbyists or so-called "hacktivists" inspired by patriotic passions.
Mandiant noticed that pattern while monitoring attacks on the New York Times last year blamed on another Chinese hacking group it labeled APT12. Hacker activity began at around 8:00 a.m. Beijing time and usually lasted through a standard workday.
The Rand Corporation's Libicki said he wasn't aware of any comprehensive studies, but that in such cases, most activity between malware embedded in a compromised system and the malware's controllers takes place during business hours in Beijing's time zone.
Richard Forno, director of the University of Maryland Baltimore County's graduate cybersecurity program, and David Clemente, a cybersecurity expert with independent analysis center Chatham House in London, said that observation has been widely noted among cybersecurity specialists.
"It would reflect the idea that this is becoming a more routine activity and that they are quite methodical," Clemente said.
The PLA's Third Department is brimming with resources, according to studies commissioned by the U.S. government, with 12 operation bureaus, three research institutes, and an estimated 13,000 linguists, technicians and researchers on staff. It's further reinforced by technical teams from China's seven military regions spread across the country, and by the military's vast academic resources, especially the PLA University of Information Engineering and the Academy of Military Sciences.
The PLA is believed to have made cyber warfare a key priority in its war-fighting capabilities more than a decade ago. Among the few public announcements of its development came in a May 25, 2011 news conference by Defense Ministry spokesman Geng Yansheng, in which he spoke of developing China's "online" army.
"Currently, China's network protection is comparatively weak," Geng told reporters, adding that enhancing information technology and "strengthening network security protection are important components of military training for an army."
Unit 61398 is considered just one of many such units under the Third Department responsible for hacking, according to experts.
Greg Walton, a cyber-security researcher who has tracked Chinese hacking campaigns, said he's observed the "Comment Crew" at work, but cites as equally active another Third Department unit operating out of the southwestern city of Chengdu. It is tasked with stealing secrets from Indian government security agencies and think tanks, together with the India-based Tibetan Government in Exile, Walton said.
Another hacking outfit believed by some to have PLA links, the "Elderwood Group," has targeted defense contractors, human rights groups, non-governmental organizations, and service providers, according to computer security company Symantec.
It's believed to have compromised Amnesty International's Hong Kong website in May 2012, although other attacks have gone after targets as diverse as the Council on Foreign Relations and Capstone Turbine Corporation, which makes gas microturbines for power plants.
Civilian departments believed to be involved in hacking include those under the Ministry of Public Security, which commands the police, and the Ministry of State Security, one of the leading clandestine intelligence agencies. The MSS is especially suspected in attacks on foreign academics studying Chinese social issues and unrest in the western regions of Tibet and Xinjiang.
Below them on the hacking hierarchy are private actors, including civilian universities and research institutes, state industries in key sectors such as information technology and resources, and college students and other individuals acting alone or in groups, according to analysts, University of Maryland's Forno said.
China's government isn't alone in being accused of cyber espionage, but observers say it has outpaced its rivals in using military assets to steal commercial secrets."Stealing secrets is stealing secrets regardless of the medium," Forno said. "The key difference is that you can't easily arrest such electronic thieves since they're most likely not even in the country, which differs from how the game was played during the Cold War” (Fox News, 2013).
Title: China Fires Back At Hacking Claims: ‘144,000 Hacks A Month, Mostly
Date: February 28, 2013
Abstract: In a fresh round of cyberwarfare accusations, the Chinese Defense Ministry said two of the country’s major military sites endured about 144,000 hacking attacks a month last year, two-thirds of which originated in the United States.
"The Defense Ministry and China Military Online websites have faced a serious threat from hacking attacks since they were established, and the number of hacks has risen steadily in recent years," ministry spokesperson Geng Yansheng said Thursday.
"According to the IP addresses, the Defense Ministry and China Military Online websites were, in 2012, hacked on average from overseas 144,000 times a month, of which attacks from the US accounted for 62.9 percent," he added.
The Chinese official also said that the US has been unhelpful in efforts at international cooperation against hacking: "We hope that the US side can explain and clarify this."
Earlier this month, US security firm Mandiant said that the Chinese military were likely behind a large number of hacking attacks against US targets. Mandiant claimed that the Shanghai-based Unit 61398 of the People’s Liberation Army was the driving force behind the hacking; China has denied the allegations.
The war of words comes as the US ramps up its cybersecurity and cyber-attack capabilities. Earlier, numerous US officials claimed that Chinese hackers were a major threat to both national security and US commercial interests.
Some experts believe the US is exploiting the rhetoric of China as a cyber-threat as part of its mounting rivalry with the ascendant Asian nation.
"I think what we’re looking at is part of this Obama pivot to focus on China and to paint China as a new military threat to the world,” geopolitical analyst William Engdahl told RT. “It’s a demonization of China.”
So far, the only public case of cyber-weapons
being used for geopolitical ends is the alleged attack by American and Israeli
hackers on an Iranian uranium enrichment facility. While neither nation has
officially acknowledged using the Stuxnet virus
to damage centrifuges at the Natanz plant, the so-called ‘Olympic Games’
operation was widely reported by international media, citing anonymous
government sources (RT,
Title: Cyber-War Of Words: US, China Trade Blame For Online Security
Date: March 12, 2013
Abstract: Washington and Beijing are both calling for an end to global cyber-attacks and espionage. The two capitals have accused each other of being the principle source of cyber threats, claiming that each has suffered more than the other.
The world’s two leading economies continue to
lob competing accusations of the supposedly deadly threats posed to each
other’s security through cyber-attacks launched against vital web hubs. Both
the US and China also believe that cyber espionage has become an integral part
the other’s everyday foreign policy, and praised at a governmental level.
The blame game in the escalating the cyber-security conflict has been ongoing for months, but the latest US statement condemning Chinese hackers in the strongest terms provoked a comparable backlash.
US urges for ‘acceptable norms of
In a speech on Monday, President Obama’s national security adviser Tom Donilon implored China to stop hackers within its borders from engaging in industrial espionage and breaking into US computer systems.
“The international community cannot afford to tolerate such activity from any country ”, Donilon said in his speech at the Asia Society, a New York think tank. He stressed that online spying damages the global economy, especially as cyber-security becomes a “growing challenge ” to Washington and Beijing’s relationship.
“US businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale ,” Donilon said in prepared remarks.
Donilon also said that Washington has urged China to acknowledge the "urgency and scope " of the threat, and to take "serious steps" to stop the attacks, asking the Chinese government to engage in a dialogue to establish norms for cyberspace.
“From the president on down, this has become a key point of concern and discussion with China at all levels of our governments ,” Donilon said, adding that US hopes China will engage in a “constructive, direct dialogue to establish acceptable norms of behavior in cyberspace.”
US officials have said they expect hacking to be one of the thorniest issues between Washington and Beijing in the coming months.
Chinese ‘final warning’
On Tuesday, less than 24 hours after Donilon’s speech, Beijing aired a similar list of grievances against the government. "
China is willing, on the basis of the principles of mutual respect and mutual trust, to have constructive dialogue and cooperation on this issue with the international community including the United States to maintain the security, openness and peace of the Internet ," Chinese Foreign Ministry spokesperson Hua Chuying announced at a daily news briefing.
"Internet security is a global issue," she added, arguing that “China is a marginalized group in this regard, and one of the biggest victims of hacking attacks.”
In February, the White House revealed its strategy to combat the theft of trade secrets: The administration said it would use “trade policy tools” to enforce intellectual property laws, and to compel other nations to stop hacking US computer networks.
According to a February report, an elite military group of Chinese hackers – the People's Liberation Army Unit 61398 – has been engaged in ferocious cyber-espionage against the US. In the last seven years, it has allegedly hacked 141 companies across 20 major industries, including those vital to national security.
China has denied any involvement in the attacks, and accused the US of perpetuating cyber-warfare. Wang Hongguang, deputy commander of the PLA's Nanjing Military District, called the US “a thief calling others a thief ,” Reuters reported.
Beijing claimed that the Chinese military’s two major websites, one of them belonging to country’s Defense Ministry, were subjected to an average of 140,000 hacking attacks a month in 2012.
In 2012, a total of 10.5 million server-controlling infected computers with American IP addresses were tracked, China’s top cyber-security agency reported last month. The agency said US hacking made up 74 per cent of all such attacks on China.
Wang Hongguang believes China should develop hacking capabilities of its own to counter cyber-attacks. “We must have the means at least to defend ourselves ,” he said.
Other senior PLA officers interviewed by Reuters confirmed Beijing’s official position: "This talk from the US has no foundation whatsoever ," said Maj. Gen. Liu Lianhua of the Guangzhou Military District. “And what evidence is there? There isn't any!” (RT, 2013).
China Hacking: New Premier Says US Should Avoid 'Groundless Accusations'
Date: March 17, 2013
Source: Huffington Post
Abstract: China and the United States should avoid "groundless accusations" against each other about cyber-security and hacking into each other's computer systems, newly installed Premier Li Keqiang said on Sunday.
Li's comments, at the close of China's annual meeting of parliament and a day after he assumed the premiership, come amid a war of words between Beijing and Washington over cyber-attacks and national security.
A U.S. computer security company said last month that a secretive Chinese military unit was likely behind a series of hacking attacks mostly targeting the United States.
Responding to a reporter at a news conference, Li said he "sensed the presumption of guilt" in the question.
"I think we should not make groundless accusations against each other, and spend more time doing practical things that will contribute to cyber-security," Li said.
"This is a worldwide problem. In fact, China itself is a main target of such attacks," he said. "China does not support, indeed we are opposed to, such activities."
U.S. Treasury Secretary Jack Lew will press China to investigate and stop cyber-attacks on U.S. companies and other entities when he visit China this week, a senior U.S. official said on Friday.
President Barack Obama also raised U.S. concerns about computer hacking in a phone call with Chinese President Xi Jinping on Thursday, the same day Xi took office (Huffington Post, 2013).
Title: Hacking Attack On South Korea Traced To Chinese Address, Officials
Date: March 21, 2013
Abstract: The suspected cyberattack targeting South Korean banks and broadcasters originated from an IP address in China, South Korean regulators said Thursday, heightening suspicions of North Korean involvement.
The attack Wednesday damaged 32,000 computers and servers at media and financial companies, South Korea's Communications Commission said.
It infected banks' and broadcasters' computer networks with a malicious program, or malware, that slowed or shut down systems, officials and the semiofficial Yonhap News Agency said.
Suspicion immediately fell on North Korea, which has recently renewed threats to go to war with the South amid rising tensions over Pyongyang's nuclear weapons, and missile testing and international efforts to stop them.
Some past cyberattacks on South Korean organizations that officials linked to North Korea were traced to IP addresses in China. An IP address is the number that identifies a network or device on the Internet.
China, which has been accused by U.S. organizations of supporting cyberattacks, said Thursday that it was aware of reports on the matter.
"We have pointed out many times that hacking is a global issue. It is anonymous and transnational," said Hong Lei, a Chinese foreign ministry spokesman. "Hackers would often use IP addresses from other countries to launch cyberattacks."
South Korean officials are still analyzing the cause of the network crashes and are working to prevent any further damage, the country's communications commission said.
Increased alert level
The military has stepped up its cyberdefense efforts in response to the widespread outages, which hit nine companies, Yonhap reported, citing the National Police Agency.
Government computer networks did not seem to be affected, Yonhap cited the National Computing and Information Agency as saying.
A joint team from government, the military and private industry was responding.
A South Korean official close to the investigation told CNN that malicious computer code spread through hacking caused the outages.
How the hackers got in and spread the code remains under investigation, and analysts are examining the malware, the official said.
Previous attacks linked to North
South Korean officials have not said who they suspect unleashed the malicious code, but experts believe it is consistent with what North Korea has done in the past.
"It's happened before in similar circumstances where there have been tensions on the peninsula," said Adam Segal, a cybersecurity expert with the Council on Foreign Relations.
There didn't appear to be any mention of the computer crash in North Korean state media.
South Korea has accused the North of similar hacking attacks before, including incidents in 2010 and 2012 that also targeted banks and media organizations. The North rejected the allegations.
The outages come amid heightened tensions on the Korean Peninsula, with the North angrily responding to a recent U.N. Security Council vote to impose tougher sanctions on Pyongyang after the country's latest nuclear test last month.
Last week, North Korea invalidated its 60-year-old armistice with the South. It has threatened to attack its neighbor with nuclear weapons and has also threatened the United States.
The armistice agreement, signed in 1953, ended the three-year war between North and South but left the two nations technically in a state of war.
The United States has deployed B-52 bombers to conduct high-profile flyovers of its South Korean ally and announced that it will deploy new ground-based missile interceptors on its West Coast against the remote possibility that North Korea could strike the United States with long-range weapons.
Accusations against U.S., South Korea
Last week, North Korea complained that it was the victim of "intensive and persistent virus attacks" from the United States and South Korea, according to KCNA, the official North Korean news agency.
Yonhap said Wednesday's outages affected three broadcasters, four banks and two insurance companies.
The three broadcasters -- KBS, MBC and YTN -- reported varying levels of trouble containing the virus. While the networks remained on the air, cable network YTN said editing equipment had been affected and it expected to experience broadcasting problems, Yonhap reported.
Computer networks stopped working entirely at three banks -- Shinhan, Nonghyup and Jeju -- around 2 p.m. Wednesday, Yonhap reported, citing the National Police Agency. Another financial institution, Woori Bank in Seoul, reported it was able to fend off a hacking attack about the same time.The banks that were affected reported problems with a variety of systems, including Internet banking, ATMs and telecommunication services, and some branches stayed open late because of the slowdown, Yonhap said (CNN, 2013).
Title: South Korea Misidentifies China As Origin Of Cyberattacks
Date: March 22, 2013
Source: Fox News
Abstract: In an embarrassing twist to a coordinated cyberattack on six major South Korean companies this week, investigators said Friday they wrongly identified a Chinese Internet Protocol address as the source.
A joint team of government and private experts still maintains that hackers abroad were likely to blame, and many analysts suspect North Korea. But the error raises questions about investigators' ability to track down the source of an attack that shut down 32,000 computers Wednesday and exposed big Internet security holes in one of the world's most wired, tech-savvy countries.
South Korean investigators said Thursday that a malicious code that spread through the server of one of the hackers' targets, Nonghyup Bank, was traced to an IP address in China. Even then it was clear that the attack could have originated elsewhere because hackers can easily manipulate such data.
But the state-run Korea Communications Commission said Friday that the IP address actually belonged to a computer at the bank. The IP address was used only for the company's internal network and happened to be identical to a public Chinese address.
"We were careless in our efforts to double-check and triple-check," KCC official Lee Seung-won told reporters. He blamed the error on investigators' rush to give the public details on the search for a culprit.
Yonhap news agency, in an analysis Friday, called the blunder "ridiculous" and said the announcement is certain to undermine government credibility.
Yonhap criticized officials for failing to dispel public anxiety in a country where people's lives are closely interwoven with services provided by media and financial institutions.
An initial assumption that the attack came from abroad may have made investigators jump to conclusions, said Lee Kyung-ho, a cybersecurity expert at Seoul's Korea University.
"They rushed," he said. "They should've investigated by checking the facts step by step."
The investigation will take weeks. Investigators have said the attacks appeared to come from "a single organization" and suspect the hackers were from outside the country. Lee Seung-won, the KCC official, discounted the possibility that the attack could have come from within South Korea, but he didn't elaborate.
Lee Kyung-ho and many other South Korean experts suspect North Korea is behind the attack on broadcasters YTN, MBC and KBS, as well as Nonghyup and two other banks.
While there are many possible explanations, he said, including a homegrown hacker, the culprits are most likely to be North Koreans angry over ongoing U.S.-South Korean military drills. Lee said Pyongyang is well aware that an attack on financial institutions and media companies would create lots of publicity and turmoil in South Korea's vibrantly capitalistic society.
North Korea has issued many threats against the South and the U.S. in recent days, but by Friday it had yet to mention the South Korean computer crashes in state-run media.
South Korean officials say they have no proof of Pyongyang's involvement. The country is preparing to deal with more possible attacks, presidential spokesman Yoon Chang-jung told reporters earlier Friday. He didn't elaborate.
Determining who's behind a digital attack is often difficult, but North Korea is a leading suspect for several reasons.
It has unleashed a torrent of threats against Seoul and Washington since punishing U.N. sanctions were imposed for Pyongyang's Feb. 12 nuclear test. It calls ongoing routine U.S.-South Korean military drills a threat to its existence. Pyongyang also threatened revenge after blaming Seoul and Washington for a separate Internet shutdown that disrupted its own network last week.
Seoul alleges six previous cyberattacks by North Korea on South Korean targets since 2009.
Wednesday's cyberattack did not affect South Korea's government, military or infrastructure, and there were no initial reports that customers' bank records were compromised. But it disabled cash machines and disrupted commerce.All three of the banks that were hit were back online and operating regularly Friday. It could be next week before the broadcasters' systems have fully recovered, though they said their programming was never affected (Fox News, 2013).
Title: Chinese University Linked To Military Hacking Group
Date: March 25, 2013
Source: PC Mag
Abstract: Researchers at Chinese universities have been collaborating on security-related papers with members of the military linked to hacking, according to Reuters.
In examining technical research papers available online, the news wire found that several were co-authored by PLA Unit 61398, a section of China's People's Liberation Army linked to hacks carried out against Western companies. The papers, from Shanghai Jiaotong University, focus on computer network security and intrusion detection.
According to Reuters, most universities in the developed world avoid working with government intelligence agencies on official papers. There's no evidence that university staff have been involved in the hacks, but the collaboration is troublesome.
In late February, a report from U.S.-based security firm Mandiant accused the Chinese military of carrying out cyber attacks on U.S. and other targets. Mandiant linked the attacks to a group known as APT1 and a building in Shanghai that houses PLA Unit 61398.
"Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China's cyber threat actors," Mandiant concluded. "We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support."
China said the report is factually inaccurate and unprofessional, and instead accused the U.S. of carrying out cyber attacks against China.
Reuters was unable to contact everyone named
on the reports in question, but those it did reach also denied any wrongdoing.
One associate professor told Reuters that he did not know that Chen Yi-qun, for
example, worked for the PLA, even though Chen is identified on the paper as
working for the PLA. That paper dates back to 2007 (PC Mag, 2013).
Title: Report: China Gained U.S. Weapons
Secrets Using Cyberespionage
Date: March 29, 2013
Abstract: American defense officials Tuesday pushed back against the notion that China has used cyberespionage to obtain extensive design information on advanced American weapons.
"Suggestions that cyberintrusions have somehow led to the erosion of our capabilities or technological edge are incorrect," said Pentagon press secretary George Little. "We maintain full confidence in our weapons platforms."
The Pentagon was responding to a list of weapons systems whose secrets had been compromised by Chinese cyberespionage, which the Washington Post says was in a confidential report by the Defense Science Board.
While the extent of the secrets stolen was not clear, the list of compromised weapons in the Post included some of the Defense Department's crown jewels of high-tech fighting: jets like the F-35 and the FA-18, anti-missile defenses like the Patriot and Aegis systems, the new Littoral Combat Ship and the Global Hawk unmanned surveillance plane.
But James Lewis, a cyberexpert at the Center for Strategic and International Studies, said that China could use such cyberespionage in several ways that could put American fighters at risk: to copy weapons technology, counter American weapons based on that knowledge or even disrupt their operation by interfering with the software that runs them.
"If you mess with that software," he said, "the airplane won't fly. The missile will miss its target and the ship might not get where it was intended to go."
Rep. Mike Rogers, R-Michigan and chairman of the House Intelligence Committee, described cyberespionage as "tremendously serious."
"The viciousness, and just the volume of attacks, not only by the Chinese but Russians and others trying to get the blueprints of our most sensitive material is just breathtaking -- and they're getting better," he told CNN's Wolf Blitzer.
He laid out why such attacks might matter.
"We, in some cases, have to go back for any material that may have been stolen ... and redesign it. It costs more money," he said.
"It costs billions and billions of dollars extra to try to make sure that we're staying ahead of our adversaries with technology. When they steal it, they leap ahead. That means we have to invest more, and change that technology. It is a serious problem."
In a publicly released portion of the Defense Science Board's report, the authors warn that cyberwarfare "may impose severe consequences for U.S. forces engaged in combat," including American weapons failing to operate, communications problems, or even planes or satellites potentially crashing.
One American official, while acknowledging cyberintrusions from China, said the claims of design details being compromised were overstated.
"The idea that somehow whoever the intruders were got the keys to the weapons kingdom is a stretch," the official said. "Getting one piece without the rest of the parts makes it hard to build a weapons platform."
Defense officials also said they have taken steps to address the concerns, and that some of the information about potential breaches was dated.
Kevin Mandia of Mandiant, a cybersecurity firm that has also been tracking Chinese military hackers, said that while many key Pentagon installations are well-fortified against hackers, cyberdefenses need to be deployed more widely.
"There's a lot of engineering that gets done in an academic setting," he said. "There's a lot of engineering that gets done at the defense industrial base. And a lot of these places have been compromised for over 10 years."
The allegation of cyberpenetration comes at a time when China has been stepping up its efforts to close the gap with the United States in terms of advanced military technology. In recent years, China has tested a missile that knocked out a satellite, conducted test flights of a stealth warplane, deployed its first aircraft carrier and developed an advanced "carrier-killer" missile for warfare against ships.China's embassy in Washington did not immediately respond to inquiries from CNN about the allegation of stealing secrets. But in the past, Chinese officials have said China does not conduct cyberespionage on U.S. agencies or companies (CNN, 2013).
Title: Six Official US Air Force
Cyberweapons May Codify Digital War
Date: April 9, 2013
Source: Fox News
Abstract: The U.S. Air Force’s Space Command center has officially designated six cyberweapons in its digital arsenal, an senior officer said Monday -- opening the door to a codified definition of cyberwar.
Lieutenant General John Hyten, vice commander of Space Command, said the new designations would help the military to fund the rapidly changing theater of war, according to Reuters.
“What is a cyberweapon? Does it kill? Does it destroy? Does it hurt human beings?'
- Mischel Kwon, former director of US-CERT
Hyten did not offer any details on what the weapons were, whether “cyberbombs” like the Stuxnet virus that temporarily disabled Iran’s nuclear power ambitions or something more mundane, like well trained cyber soldiers or digital tools that might facilitate attacks on electronic, real-world weapons.
But the very act of acknowledging such weapons has dramatic implications, said Mischel Kwon, former director of the U.S. Computer Emergency Readiness Team (US-CERT) and former Chief IT security technologist at the Department of Justice.
“What is a cyberweapon? Does it kill? Does it destroy? Does it hurt human beings? Is there life at risk because of the use of this?” Kwon told FoxNews.com.
“If we’re going to call [these capabilities] weapons, are we going to have to revisit treaties? And rethink how they fit in the context of international negotiations? It opens a lot of discussions that have needed to take place, because we don’t have a way of talking about things that happen and align them with plain English language in the physical world.”
Hyten’s comments -- given at a cyber conference held in conjunction with the National Space Symposium in Colorado Springs -- were meant to underscore the challenges of funding cyber in a difficult budgetary period; Hyten said the Air Force planned to expand its cyber workforce of about 6,000 by 1,200 people, including 900 military personnel.
He said it took the Air Force decades to explain the central importance of space-based assets for warfare, but did not have time to wait with cybersecurity, according to Reuters.
"We have to do this quickly. We cannot wait. If we just let decades go by, the threat will pass us screaming by," he said.
But Hyten’s statements are also a window into the shadowy world of cyberwar, something all countries engage in but few are willing to publicly acknowledge or discuss, the U.S. included, Kwon told FoxNews.com.
“The veil is being lifted,” said Kwon, who now heads security consultancy Mischel Kwon & Associates. “We tend to call everything cyberwar -- even cybercrime and hacktivism. And espionage. And it’s been very difficult to define what is cyberwar.”
When the U.S. is officially at war, a specific definition and set of terms is applied, she noted.
“Does that same definition apply to cyber or is there another well-crafted set of words we need to define cyberwar?”“The discussion is just beginning,” she said (Fox News, 2013).
Title: China: Cyberattacks Are Like
Date: April 22, 2013
Abstract: Cyberattacks could be "as serious as a nuclear bomb," according to a top Chinese general, who rejected suggestions that the Chinese military is behind cyberspying aimed at Western companies.
Gen. Fang Fenghui, chief
of staff of the People's Liberation Army, made the comments after meeting with
his U.S. counterpart Martin Dempsey, chairman of the Joint Chiefs of Staff.
Cybersecurity was one of a number of sensitive issues covered. The Obama administration is looking at options to confront Beijing over the issue, including trade sanctions, diplomatic pressure and indictments of Chinese nationals in U.S. courts.
Gen. Fang denied
allegations that the army sponsors hacking against Western companies to steal
commercial secrets. "None of these activities is tolerated here in
China," he said at a news conference. If Internet security can't be
guaranteed, "the damaging consequences may be as serious as a nuclear
He also suggested it was hard to trace the source of attacks, saying "the Internet is open to anyone, and anyone can launch attacks from the place where they live, from their own country or from another country." The general reiterated that China itself is a victim of cyberattacks. "We should jointly work on this," he said.
Meantime, Gen. Fang repeated the consistent Chinese line that North Korea's nuclear threat is best dealt with through negotiation, even though he said it was possible Pyongyang could conduct a fourth nuclear test despite U.N. sanctions that China helped draft following the latest test by China's close ally.
He urged restraint from all sides, comments suggesting Beijing thinks Washington as much as Pyongyang should take responsibility for calming tensions in North Asia.
Secretary of State John Kerry, on a visit to China this month, made little headway in trying to persuade Beijing to publicly rebuke North Korea after it threatened to attack U.S. and allied targets in North Asia and the Pacific.
The first face-to-face meeting between the two chiefs of staff was part of an effort to rebuild military-to-military ties between the U.S. and China that are strained by U.S. arms sales to Taiwan.
The Obama administration is considering a raft of options to confront China more aggressively over cyberspying, officials say, a potentially rapid escalation of a conflict the White House has only recently acknowledged. Siobhan Gorman reports. Photo: Getty.
Military relations have lagged behind other aspects of the engagement between the U.S. and China, whose economies are deeply entwined. There is a sense of strategic distrust between the two powers, as China becomes more assertive in Asia and as the U.S. refocuses its attention on the world's most economically dynamic region.
But Gen. Fang struck a conciliatory tone. "The Pacific Ocean is wide enough to accommodate us both," he said, though adding that each country should respect the other's "core interests." China's expansive interests in the region include a claim to sovereignty over almost the entire South China Sea, which brings it into conflict with many of its smaller neighbors.
Gen. Fang said it is important for the two countries "to avoid vicious competition, friction, or even confrontation in this area."
Gen. Dempsey said the U.S. wants a "healthy, stable and reliable" military-to-military relations with China. "The U.S. is a Pacific power," he said, adding that Washington seeks to be a stabilizing presence in the region and "the absence of a U.S. presence would be destabilizing."China believes the U.S. aims to contain China's rise in the world. It feels hemmed in by a string of U.S. military alliances in the region stretching from Japan all the way to Australia (WSJ, 2013).
Title: Pentagon Says China Using
Date: May 7, 2013
Source: CNN Money
Abstract: The Pentagon has accused China of trying to extract sensitive information from U.S. government computers, the latest in a series of rhetorical skirmishes between the two countries on the issue of cyberattacks.
The frank assessment, made in an annual report to U.S. lawmakers on Chinese military capabilities, is the harshest and most detailed set of accusations made thus far by the Obama administration.
"In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military," the report said.
The Pentagon said China is carrying out the attacks in an effort to extract information from "diplomatic, economic and defense industrial base sectors that support U.S. national defense programs." The intellectual property and data is likely being used to bolster China's own defense and high tech industries, the report said.
Foreign Ministry spokeswoman Hua Chunying said Tuesday that China is "firmly against any forms of cyberattacks." The government has in the past insisted that China is the victim of cyberattacks, most originating in the U.S.
The information haul is not limited to the military and related contractors, the Pentagon says. China is also seeking similar information from the private sector, often through more legitimate avenues.
"China continues to leverage foreign investments, commercial joint ventures, academic exchanges, the experience of repatriated Chinese students and researchers, and state sponsored industrial and technical espionage to increase the level of technologies and expertise available to support military research, development, and acquisition," the report said.
China is not the only country believed to be involved in cyberattacks. The existence of several other state-sponsored cyberweapons has also been reported in recent years, with names like Stuxnet, Duqu and Flame. The U.S. government is widely believed to have played a role in developing some of those viruses, with an eye toward containing Iran.
Yet China has drawn intense scrutiny in recent months after its military was linked by an American cybersecurity firm to one of the world's most prolific groups of computer hackers.
Virginia-based Mandiant said in February it had observed the group of hackers -- called the "comment crew" -- systematically steal hundreds of terabytes of data from at least 141 organizations across 20 industries worldwide since 2006.
Mandiant claims the activity can be traced to four networks near Shanghai -- with some operations taking place in a location that is also the headquarters of Unit 61398, a secret division of China's military.
The Mandiant report confirmed in dramatic and public fashion what many analysts had long suspected -- that China was engaging in cyberattacks on a significant scale -- and drew a response from President Obama."We have seen a steady ramping up of cybersecurity threats," Obama said. "We've made it very clear to China and some other state actors that, you know, we expect them to follow international norms and abide by international rules" (CNN Money, 2013).
Title: Chinese Hackers Who Breached Google
Gained Access To Sensitive Data, U.S. Officials Say
Date: May 20, 2013
Source: Washington Post
Abstract: Chinese hackers who breached Google’s servers several years ago gained access to a sensitive database with years’ worth of information about U.S. surveillance targets, according to current and former government officials.
The breach appears to have been aimed at unearthing the identities of Chinese intelligence operatives in the United States who may have been under surveillance by American law enforcement agencies.
It’s unclear how much the hackers were able to discover. But former U.S. officials familiar with the breach said the Chinese stood to gain valuable intelligence. The database included information about court orders authorizing surveillance — orders that could have signaled active espionage investigations into Chinese agents who maintained e-mail accounts through Google’s Gmail service.
“Knowing that you were subjects of an investigation allows them to take steps to destroy information, get people out of the country,” said one former official, who, like others interviewed for this article, spoke on the condition of anonymity to discuss a highly sensitive matter. The official said the Chinese could also have sought to deceive U.S. intelligence officials by conveying false or misleading information.
Although Google disclosed an intrusion by Chinese hackers in 2010, it made no reference to the breach of the database with information on court orders. That breach prompted deep concerns in Washington and led to a heated, months-long dispute between Google and the FBI and Justice Department over whether the FBI could access technical logs and other information about the breach, according to the officials.
Google declined to comment for this article, as did the FBI.
Last month, a senior Microsoft official suggested that Chinese hackers had targeted the company’s servers about the same time that Google’s system was compromised. The official said Microsoft concluded that whoever was behind the breach was seeking to identify accounts that had been tagged for surveillance by U.S. national security and law enforcement agencies.
“What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on,” David W. Aucsmith, senior director of Microsoft’s Institute for Advanced Technology in Governments, said at a conference near Washington, according to a recording of his remarks.
“If you think about this, this is brilliant counterintelligence,” he said in the address, which was first reported by the online magazine CIO.com. “You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that’s difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That’s essentially what we think they were trolling for, at least in our case.”
Microsoft now disputes that its servers had been compromised as part of the cyberespionage campaign that targeted Google and about 20 other companies. Aucsmith, who cited that campaign in his remarks, said in a statement to The Washington Post that his comments were “not meant to cite any specific Microsoft analysis or findings about motive or attacks.”
The U.S. government has been concerned about Chinese hacking since at least the early 2000s, when network intrusions were discovered at U.S. energy labs and defense contractors. The FBI has for years led a national security investigation into Chinese cyberespionage, some of which has been linked to the Chinese military.
The Chinese, according to government, academic and industry analysts, have stolen massive volumes of data from companies in sectors including defense, technology, aerospace, and oil and gas. Gen. Keith B. Alexander, the director of the National Security Agency, has referred to the theft of proprietary data as the “greatest transfer of wealth in history.”
The Chinese emphatically deny that they are engaged in hacking into U.S. computer systems and have said that many intrusions into their own networks emanate from servers in the United States.
“The Chinese government prohibits online criminal offenses of all forms, including cyber attack and cyber espionage, and has done what it can to combat such activities in accordance with Chinese laws,” a Chinese Embassy spokesman, Yuan Gao, said in an e-mail. “We’ve heard all kinds of allegations but have not seen any hard evidence or proof.”
Experts said an elaborate network of interconnected routers and servers can make the Internet tailor-made for the shadowy work of spying and counterspying. It stands to reason, they said, that adversaries would be interested in finding vulnerabilities in the networks of the companies that authorize surveillance on behalf of the government.
“It is an absolute rule of thumb that the best counterintelligence tool isn’t defensive — it’s offensive. It’s penetrating the other service,” said Michael V. Hayden, a former director of the National Security Agency and the CIA, who said he had no knowledge of the incidents. Hacking into a surveillance database, he said, “is a form of that.”
Google’s crisis began in December 2009, when, several former government officials said, the firm discovered that Chinese hackers had penetrated its corporate networks through “spear phishing” — a technique in which an employee was effectively deceived into clicking a bogus link that downloads a malicious program. The hackers had been rooting around insider Google’s servers for at least a year.
Alarmed by the scope and audacity of the breach, the company went public with the news in January 2010, becoming the first U.S. firm to voluntarily disclose an intrusion that originated in China. In a blog post, Google chief legal officer David Drummond said hackers stole the source code that powers Google’s vaunted search engine and also targeted the e-mail accounts of activists critical of China’s human rights abuses.
As Google was responding to the breach, its technicians made another startling discovery: its database with years of information on surveillance orders had been hacked. The database included information on thousands of orders issued by judges around the country to law enforcement agents seeking to monitor suspects’ e-mails.
The most sensitive orders, however, came from a federal court that approves surveillance of foreign targets such as spies, diplomats, suspected terrorists and agents of other governments. Those orders, issued under the Foreign Intelligence Surveillance Act, are classified.
Google did not disclose that breach publicly, but soon after detecting it, the company alerted the FBI, former officials said. Bureau officials told FBI Director Robert S. Mueller III, who briefed President Obama.
At one point, an FBI supervisory agent working on Chinese cyberespionage cases traveled to Google’s Mountain View, Calif., headquarters to conduct a national security investigation, the former officials said. The company, without any guarantees about the scope of the investigation, denied access.
The bureau undertook an extensive assessment to include determining whether individuals under surveillance had moved to other means of communication. Although the assessment showed no damage to national security because of the breach, Google took steps to shield sensitive data.
Michael M. DuBose, former chief of the Justice Department’s Computer Crime and Intellectual Property Section, declined to comment on either the Microsoft or Google cases. But, he said, in general such intrusions serve as “a wake-up call for the government that the overall security and effectiveness of lawful interception and undercover operations is dependent in large part on security standards in the private sector.“Those,” he said, “clearly need strengthening” (Washington Post, 2013).
Title: Hacking: Chinese Spies Steal ASIO
Date: May 27, 2013
Abstract: Secret and highly sensitive blueprints outlining the layout of Australia's top spy agency's new headquarters have been stolen by Chinese hackers, the ABC says.
The documents contained details of the ASIO building's floor plans, communication cabling layouts, server locations and security systems, potentially putting the entire organisation at risk, Monday night's Four Corners program alleges.
It is unclear precisely when the alleged theft took place, or if there have been diplomatic ramifications from the embarrassing breach.
But it comes amid deepening concern about widespread, aggressive state-sponsored hacking by China, with further allegations that its cyber spies have recently obtained sensitive Australian military secrets and foreign affairs documents.
Companies including BlueScope Steel and Adelaide-based Codan, which makes radios for military and intelligence agencies, are also said have been targeted by the Chinese, according to the ABC.
The allegation comes just weeks after Canberra softened its stance towards China, claiming in May's Defence White Paper that it no longer saw the rising superpower as a threat.
Aside from the diplomatic implications, the alleged ASIO theft may help explain why its new headquarters, overlooking Canberra's Lake Burley Griffin, is millions over budget and still not operational.
ASIO said in its October annual report that the building would cost taxpayers about $630 million - $41 million more than expected.
It was due to open in April, but staff are yet to move in.
The ABC did not cite the source of its claims, but said the blueprints had been taken from a contractor involved with the project.
"It reeked of an espionage operation. Someone had mounted a cyber hit on a contractor involved in the site," Four Corners reported.
"The plans were traced to a server in China."
Professor Des Ball, from the Australian National University's Strategic and Defence Studies Centre, suggested the theft meant China could bug the building.
"At this stage with construction nearly completed you have two options," he told the ABC.
"One is to accept it and practice utmost sensitivity even within your own headquarters.
"The other, which the Americans had to do with their new embassy in Washington ... was to rip the whole insides out and to start again."
Federal Attorney-General Mark Dreyfus refused to confirm the theft.
Whistleblowers interviewed by Four Corners also allege the Australian defence department's classified email and restricted networks have been hacked.
"A factor of of ten times the entire database, or the entire amount of information stored within the Defence Restricted Network, has been leached out over a number of years," one worker said.
Another whistleblower said a "highly sensitive document" belonging to the Department of Foreign Affairs and Trade had been stolen by China."It's a project that would give an adversary a significant advantage when dealing with Australia," the source told the ABC about the DFAT document (News.com, 2013).
Title: Obama To Confront Chinese President
Over Spate Of Cyber-Attacks On US
Date: May 28, 2013
Abstract: Barack Obama will confront Chinese president Xi Jinping next week over a spate of cyber-attacks on the US, including the latest allegation that Chinese hackers gained access to more than two dozen of America's most advanced weapons systems.
The alleged cyber-attacks are the most serious of a series of issues creating friction between the US and China ahead of next week's summit in California. Military analysts described the scale of the alleged attacks as breathtaking.
The Chinese government denies any involvement in the attacks.
But a classified report by the Defence Science Board, a group of civilian and government specialists who advise the Pentagon on military developments, says advanced weapons systems compromised by hackers include missiles, fighter jets, helicopters and naval ships. A leaked copy was published by the Washington Post on Tuesday.
Access to the designs would allow China to catch up on years of military development and save it billions of dollars. It would also make it easier for China to develop weapons to counter US systems.
The Defence Science Board report comes amid a spate of accusations worldwide claiming Beijing is engaged in a sustained campaign of hacking defence and business secrets. In a separate row, Chinese hackers are alleged to have stolen the blueprints for Australia's new spy headquarters.
Asked on Tuesday about the alleged hacking of secret military projects, White House spokesman Jay Carney said cyber security would be discussed by the two leaders when they meet at the US-China summit on June 7 and 8.
He declined to comment directly on the Defence Science Board report but said cyber issues were a key concern for the US.
The summit, at a private estate in southern California, is the first between the two since Xi was promoted to president and since Obama's re-election and comes at a time of friction between the two countries.
The White House national security adviser Tom Donilon, who is in Beijing for discussions with Chinese officials about the summit, has warned that cyber-attacks could jeopardise relations between the two countries.
Dean Cheng, a China specialist at the conservative Heritage Foundation in Washington, said the summit "offers an opportunity to make clear to Beijing the serious consequences of its cyber activities. The question is whether the Obama administration will seize it."
A broad warning about cyber-security contained in the Defence Science Report was published in January but the details about military programmes alleged to have been hacked remained classified.
Projects named in the report include: the advanced Patriot missile system, the PAC-3;the F/A-18 fighter jet; the Littoral Combat Ship intended for use close to shore, and anti-ballistic missile system, the Terminal High Altitude Area Defence. The Patriot missile system offers the main defence against missile attacks on Europe, Israel, the Persian Gulf and US allies in Asia. The report does not blame the Chinese government, only Chinese hackers.
In a CBS interview, Winslow Wheeler, who monitors defence spending at the Project on Government Oversight, a Washington think-tank, described the projects as the US military's "family jewels".Cyber security will also be discussed at a meeting in Singapore this weekend of defence ministers and officials, including US defence secretary Chuck Hagel (Guardian, 2013).
Title: Chinese Infiltrated Top U.S.
Weapons Systems, Confidential Report Claims
Date: May 28, 2013
Source: Fox News
Abstract: More than two dozen top weapons systems -- including the Patriot missile defense program, the V-22 Osprey, the Black Hawk helicopter and the Navy’s new Littoral Combat Ship -- were compromised by a widening Chinese cyber espionage campaign, according to a new military report.
A portion of the confidential Defense Science Board report, titled “Resilient Military Systems and the Advanced Cyber Threat,” was obtained by the Washington Post. The confidential portion detailed the various weapons that had been compromised.
'When I hear this in totality, it’s breathtaking.'
- Mark Stokes, executive director of the Project 2049 Institute think tank
It includes the F-35 Joint Strike Fighter, the most expensive weapons system ever built at $1.4 trillion, the Post reported.
A senior defense official who has seen the classified portion of the otherwise public report confirmed to Fox News its contents. Experts questioned about the breach were astounded by the scale of the espionage.
“That’s staggering,” said Mark Stokes, executive director of the Project 2049 Institute, a think tank that focuses on Asia security issues. “These are all very critical weapons systems, critical to our national security. When I hear this in totality, it’s breathtaking.”
The report stopped short of saying that China stole the designs, but senior military officials with knowledge of the breaches told the paper that the vast majority of the compromises were the result of a growing Chinese espionage campaign against U.S. defense contractors and government agencies.“The Department of Defense has growing concerns about the global threat to economic and national security from persistent cyber-intrusions,” a spokesman for the Pentagon told the Post. He said they were “aimed at the theft of intellectual property, trade secrets and commercial data, which threatens the competitive edge of U.S. businesses like those in the Defense Industrial Base” (Fox News, 2013).
Title: Australian Prime Minister Says
Reports Of Chinese Hacking Are 'Inaccurate'
Date: May 28, 2013
Abstract: Prime Minister Julia Gillard of Australia has described as "inaccurate" a TV report alleging that several government institutions including the country's main spy agency fell victim to foreign cyberattacks.
The Australian Broadcasting Corporation's investigative program Four Corners reported that hackers, thought to be from China, had breached government agencies including the prime minister's office and cabinet, as well as the departments of foreign affairs and defense.
The most striking element in the report was the allegation that a cyberattack from a server in China stole the blueprints to the new headquarters of the ASIO, Australia's top intelligence organization, including details on the building's security and communications systems, its floor plan and the locations of its servers.
But Gillard sought to play down the TV program's claims.
"There were a number of unsubstantiated allegations of hacking in the Four Corners report as the attorney general has stated," she said, according to CNN affiliate Network Seven. "Neither he or the director general of ASIO intend to comment further on these inaccurate reports."
At a foreign ministry news conference Tuesday, Chinese officials called the report a "baseless accusation."
"Since the attacks are technically untraceable, it's difficult to find the origin of these attacks," said foreign ministry spokesman Hong Lei. "I don't know where does the evidence come from for media to make such reports."
Hong added that cybersecurity is an issue internationally and it calls for a "calm and thorough discussion."
"Making baseless accusation will not help to improve the current situation," he said.
Earlier this month, the United States accused China of trying to extract sensitive information from U.S. government computers.
A Pentagon report said China was carrying out the attacks in an effort to extract information from "diplomatic, economic and defense industrial base sectors that support U.S. national defense programs."At the time, the Chinese Foreign Ministry said China was "firmly against any forms of cyberattacks." Beijing has in the past insisted that China is the victim of cyberattacks, most originating in the United States (CNN, 2013).
Title: Confidential Report Lists U.S.
Weapons System Designs Compromised By Chinese Cyberspies
Date: May 28, 2013
Source: Washington Post
Abstract: Designs for many of the nation’s most sensitive advanced weapons systems have been compromised by Chinese hackers, according to a report prepared for the Pentagon and to officials from government and the defense industry.
Among more than two dozen major weapons systems whose designs were breached were programs critical to U.S. missile defenses and combat aircraft and ships, according to a previously undisclosed section of a confidential report prepared for Pentagon leaders by the Defense Science Board.
A list of the compromised U.S. weapons designs
The systems named in a report by the Defense Science Board includes some critical to U.S. missile defense.
Experts warn that the electronic intrusions gave China access to advanced technology that could accelerate the development of its weapons systems and weaken the U.S. military advantage in a future conflict.
The Defense Science Board, a senior advisory group made up of government and civilian experts, did not accuse the Chinese of stealing the designs. But senior military and industry officials with knowledge of the breaches said the vast majority were part of a widening Chinese campaign of espionage against U.S. defense contractors and government agencies.
The significance and extent of the targets help explain why the Obama administration has escalated its warnings to the Chinese government to stop what Washington sees as rampant cybertheft.
In January, the advisory panel warned in the public version of its report that the Pentagon is unprepared to counter a full-scale cyber-conflict. The list of compromised weapons designs is contained in a confidential version, and it was provided to The Washington Post.
Some of the weapons form the backbone of the Pentagon’s regional missile defense for Asia, Europe and the Persian Gulf. The designs included those for the advanced Patriot missile system, known as PAC-3; an Army system for shooting down ballistic missiles, known as the Terminal High Altitude Area Defense, or THAAD; and the Navy’s Aegis ballistic-missile defense system.
Also identified in the report are vital combat aircraft and ships, including the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the Navy’s new Littoral Combat Ship, which is designed to patrol waters close to shore.
Also on the list is the most expensive weapons system ever built — the F-35 Joint Strike Fighter, which is on track to cost about $1.4 trillion. The 2007 hack of that project was reported previously.
China, which is pursuing a comprehensive long-term strategy to modernize its military, is investing in ways to overcome the U.S. military advantage — and cyber-espionage is seen as a key tool in that effort, the Pentagon noted this month in a report to Congress on China. For the first time, the Pentagon specifically named the Chinese government and military as the culprit behind intrusions into government and other computer systems.
As the threat from
Chinese cyber-espionage has grown, the administration has become more public
with its concerns. In a speech in March, Thomas Donilon, the national security adviser to President
Obama, urged China to control its cyber-activity. In its public criticism, the
administration has avoided identifying the specific targets of hacking.
But U.S. officials said several examples were raised privately with senior Chinese government representatives in a four-hour meeting a year ago. The officials, who spoke on the condition of anonymity to describe a closed meeting, said senior U.S. defense and diplomatic officials presented the Chinese with case studies detailing the evidence of major intrusions into U.S. companies, including defense contractors.
In addition, a recent classified National Intelligence Estimate on economic cyber-espionage concluded that China was by far the most active country in stealing intellectual property from U.S. companies.
The systems named in a report by the Defense Science Board includes some critical to U.S. missile defense.
The Chinese government
insists that it does not conduct cyber-
espionage on U.S. agencies or companies, and government spokesmen often complain that Beijing is a victim of U.S. cyberattacks.
Obama is expected to raise the issue when he meets with Chinese President Xi Jinping next month in California.
A spokesman for the Pentagon declined to discuss the list from the science board’s report. But the spokesman, who was not authorized to speak on the record, said in an e-mail, “The Department of Defense has growing concerns about the global threat to economic and national security from persistent cyber-intrusions aimed at the theft of intellectual property, trade secrets and commercial data, which threatens the competitive edge of U.S. businesses like those in the Defense Industrial Base.”
The confidential list of compromised weapons system designs and technologies represents the clearest look at what the Chinese are suspected of targeting. When the list was read to independent defense experts, they said they were shocked by the extent of the cyber-espionage and the potential for compromising U.S. defenses.
“That’s staggering,” said Mark Stokes, executive director of the Project 2049 Institute, a think tank that focuses on Asia security issues. “These are all very critical weapons systems, critical to our national security. When I hear this in totality, it’s breathtaking.”
The experts said the cybertheft creates three major problems. First, access to advanced U.S. designs gives China an immediate operational edge that could be exploited in a conflict. Second, it accelerates China’s acquisition of advanced military technology and saves billions in development costs. And third, the U.S. designs can be used to benefit China’s own defense industry. There are long-standing suspicions that China’s theft of designs for the F-35 fighter allowed Beijing to develop its version much faster.
“You’ve seen significant improvements in Chinese military capabilities through their willingness to spend, their acquisitions of advanced Russian weapons, and from their cyber-espionage campaign,” said James A. Lewis, a cyber-policy expert at the Center for Strategic and International Studies. “Ten years ago, I used to call the PLA [People’s Liberation Army] the world’s largest open-air military museum. I can’t say that now.”
The public version of the science board report noted that such cyber-espionage and cyber-sabotage could impose “severe consequences for U.S. forces engaged in combat.” Those consequences could include severed communication links critical to the operation of U.S. forces. Data corruption could misdirect U.S. operations. Weapons could fail to operate as intended. Planes, satellites or drones could crash, the report said.
In other words, Stokes said, “if they have a better sense of a THAAD design or PAC-3 design, then that increases the potential of their ballistic missiles being able to penetrate our or our allies’ missile defenses.”
Winslow T. Wheeler, director of the Straus Military Reform Project at the Project on Government Oversight, made a similar point. “If they got into the combat systems, it enables them to understand it to be able to jam it or otherwise disable it,” he said. “If they’ve got into the basic algorithms for the missile and how they behave, somebody better get out a clean piece of paper and start to design all over again.”
A list of the compromised U.S. weapons designs
The systems named in a report by the Defense Science Board includes some critical to U.S. missile defense.
The list did not describe the extent or timing of the penetrations. Nor did it say whether the theft occurred through the computer networks of the U.S. government, defense contractors or subcontractors.
Privately, U.S. officials say that senior Pentagon officials are frustrated by the scale of cybertheft from defense contractors, who routinely handle sensitive classified data. The officials said concerns have been expressed by Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, and Adm. James A. Winnefeld Jr., the vice chairman, as well as Gen. Keith Alexander, director of the National Security Agency.
“In many cases, they don’t know they’ve been hacked until the FBI comes knocking on their door,” said a senior military official who was not authorized to speak on the record. “This is billions of dollars of combat advantage for China. They’ve just saved themselves 25 years of research and development. It’s nuts.”
In an attempt to combat the problem, the Pentagon launched a pilot program two years ago to help the defense industry shore up its computer defenses, allowing the companies to use classified threat data from the National Security Agency to screen their networks for malware. The Chinese began to focus on subcontractors, and now the government is in the process of expanding the sharing of threat data to more defense contractors and other industries.
An effort to change defense contracting rules to require companies to secure their networks or risk losing Pentagon business stalled last year. But the 2013 Defense Authorization Act has a provision that requires defense contractors holding classified clearances to report intrusions into their networks and allow access to government investigators to analyze the breach.
The systems on the science board’s list are built by a variety of top defense contractors, including Boeing, Lockheed Martin, Raytheon and Northrop Grumman. None of the companies would comment about whether their systems have been breached.
But Northrop Grumman spokesman Randy Belote acknowledged the company “is experiencing greater numbers of attempts to penetrate its computer networks” and said the firm is “vigilant” about protecting its networks.
A Lockheed Martin official said the firm is “spending more time helping deal with attacks on the supply chain” of partners, subcontractors and suppliers than dealing with attacks directly against the company. “For now, our defenses are strong enough to counter the threat, and many attackers know that, so they go after suppliers. But of course they are always trying to develop new ways to attack.”
The Defense Science Board report also listed broad technologies that have been compromised, such as drone video systems, nanotechnology, tactical data links and electronic warfare systems — all areas where the Pentagon and Chinese military are investing heavily.“Put all that together — the design compromises and the technology theft — and it’s pretty significant,” Stokes said (Washington Post, 2013).
Title: A List Of The U.S. Weapons Designs
And Technologies Compromised By Chinese Hackers
Date: May 28, 2013
Source: Washington Post
Abstract: The following is reproduced from the nonpublic version of the Defense Science Board report “Resilient Military Systems and the Advanced Cyber Threat”: Table 2.2 Expanded partial list of DoD system designs and technologies compromised via cyber exploitation:
Terminal High Altitude Area Defense
Patriot Advanced Capability-3
Extended Area Protection and Survivability System (EAPS)
Advanced Harpoon Weapon Control System
Long-term Mine Reconnaissance System
Navy antenna mechanisms
Global Freight Management System
Micro Air Vehicle
Brigade Combat Team Modernization
Aegis Ballistic Missile Defense System
USMC Tracked Combat Vehicles
Warfighter Information Network-Tactical (WIN-T)
T700 Family of Engines
Full Authority Digital Engine Controller (FADEC)
UH-60 Black Hawk
AMRAAM (AIM-120 Advanced Medium-Range Air-to-Air Missile)
Affordable Weapons System
Littoral Combat Ship
Navy Standard Missile (SM-2,3,6)
F/A and EA-18
Mk54 Light Weight Torpedo
UAV video system
Specific Emitter identification
Dual Use Avionics
Fuze/Munitions safety and development
Electronic Intelligence Processing
Tactical Data Links
Advanced Signal Processing Technologies for Radars
Nanostructured Metal Matrix Composite for Light Weight Ballistic Armor
Vision-aided Urban Navigation & Collision Avoidance for Class I Unmanned Air Vehicles (UAV)
Space Surveillance Telescope
IR Search and Track systems
Electronic Warfare systems
Electromagnetic Aircraft Launch
Side Scan sonar
Mode 5 IFF
Export Control, ITAR, Distribution Statement B,C,D Technical Information
CAD drawings, 3D models, schematics
Vendor/supply chain data
PII (email addresses, SSN, credit card numbers, passwords, etc.)
Attendee lists for program reviews and meetings(Washington Post, 2013).
Title: Pentagon: The Chinese Stole Our
Date: May 28, 2013
Abstract: The designs for more than two dozen major weapons systems used by the United States military have fallen into the hands of the Chinese, US Department of Defense officials say.
Blueprints for the Pentagon’s most advanced weaponry, including the Black Hawk helicopter and the brand new Littoral Combat Ship used by the Navy, have all been compromised, the Defense Science Board claims in a new confidential report.
The Washington Post
acknowledged late Monday that they have seen a copy of the report and confirmed
that the Chinese now have the know-how to emulate some of the Pentagon’s most
“This is billions of dollars of combat advantage for China,” a senior military official not authorized to speak on the record told Post reporters. “They’ve just saved themselves 25 years of research and development.”
“It’s nuts,” the source said of the report.
The Defense Science Board, a civilian advisory committee within the Pentagon, fell short of accusing the Chinese of stealing the designs. However, the Post’s report comes on the heels of formal condemnation courtesy of the DoD issued only earlier this month.
Ellen Nakashima, the Post reporter who detailed the DSB analysis this week, wrote that the computer systems at the Pentagon may not have necessarily been breached. Instead, rather, she suggested that the defense contractors who built these weapons programs have likely been subjected to a security breach. US officials speaking on condition of anonymity, she reported, said that a closed door meeting last year ended with evidence being presented of major defense contractors suffering from intrusions. When reached for comment, the largest defense contractors — Boeing, Lockheed Martin, Raytheon and Northrop Grumman — all refused to weigh in.
Chinese hackers have previously been accused of waging cyberattacks on a number of US entities, including billion-dollar corporations and governmental departments. In 2007 it was reported that China accumulated the blueprints for the Pentagon’s F-35 fighter jets, the most expensive weapons program ever created, but the latest news from the DSB decries that much more has been compromised.
According to the Post, the plans for the advanced Patriot missile system, an Army anti-ballistic program and a number of aircraft have all ended up in the hands of the Chinese. The result could mean the People’s Republic is working towards recreating the hallmarks of America’s military might for their own offensive purposes, while also putting China in a position where even the most advanced weaponry in the world won’t be able to withstand complex defensive capabilities once those projects are reverse engineered.
“If they got into the combat systems, it enables them to understand it to be able to jam it or otherwise disable it,” Winslow T. Wheeler, director of the Straus Military Reform Project at the Project on Government Oversight, told the Post. “If they’ve got into the basic algorithms for the missile and how they behave, somebody better get out a clean piece of paper and start to design all over again.”
Mandiant, a US security firm located outside of Washington, reported earlier this year that the China has enlisted an elite squadron of cyber warrior to attack American computer systems and conduct espionage on behalf of the People’s Liberation Army. When the report was released in February, Mandiant said the PLA’s elusive Unit 61398 has successfully compromised the networks of more than 141 companies across 20 major industries, including Coca-Cola and a Canadian utility company. Those hacks reportedly subsided after Mandiant went public with their claims, but earlier this month the firm said those attacks have since been renewed.
“They dialed it back for a little while, though other groups that also wear uniforms didn’t even bother to do that,” CEO Kevin Mandia told the New York Times recently. “I think you have to view this as the new normal.”
On their part, China has adamantly denied all claims that they’ve waged attacks on US networks. Following Mandiant’s initial report, a spokesperson for China’s foreign ministry said the claims were “irresponsible and unprofessional.”
“Hacking attacks are transnational and anonymous,” Hong Lei said. “Determining their origins are extremely difficult. We don't know how the evidence in this so-called report can be tenable” (RT, 2013).
Title: Pentagon Aircraft, Missile Defense
Programs Said Target Of China Cyber Threat
Date: May 29, 2013
Source: Fox News
Abstract: New revelations that China used cyberattacks to access data from nearly 40 Pentagon weapons programs and almost 30 other defense technologies have increased pressure on U.S. leaders to take more strident action against Beijing to stem the persistent breaches.
The disclosure, which was included in a Defense Science Board report released earlier this year, but is only now being discussed publicly, comes as Defense Secretary Chuck Hagel heads to Southeast Asia, where he will discuss the escalating cyberthreat with counterparts from a number of area nations.
While officials have been warning for years about China's cyber espionage efforts aimed at U.S. military and high-tech programs, the breadth of the list underscored how routine the attacks have become. And, as the U.S. looks to grow its military presence in the Asia Pacific, it heightens worries that China can use the information to blunt America's military superiority and keep pace with emerging technologies.
"It introduces uncertainty on how well the weapons may work, and it means we may have to redo weapons systems," said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. "If they know how it works precisely, they will be able to evade it and figure out how to better beat our systems."
A chart included in the science board's report laid out what it called a partial list of 37 breached programs, which included the Terminal High Altitude Area Defense weapon — a land-based missile defense system that was recently deployed to Guam to help counter the North Korean threat. Other programs include the F-35 Joint Strike Fighter, the F-22 Raptor fighter jet, and the hybrid MV-22 Osprey, which can take off and land like a helicopter and fly like an airplane.
The report also listed another 29 broader defense technologies that have been compromised, including drone video systems and high-tech avionics. The information was gathered more than two years ago, so some of the data is dated and a few of the breaches — such as the F-35 — had actually already become public.
The details of the breaches were first reported by The Washington Post.
According to a defense official, the report is based on more than 50 briefings that members of the board's task force received from senior leaders in the Pentagon, the State Department, the intelligence community, national laboratories and business. The official was not authorized to discuss the report publicly so spoke on condition of anonymity.
U.S. officials have been far more open about discussing the China cyberattacks over the past year or two, beginning with a November 2011 report by U.S. intelligence agencies that accused China of systematically stealing American high-tech data for its own national economic gain. The Pentagon, meanwhile, in its latest report on China's military power, asserted publicly for the first time that Beijing's military was likely behind computer-based attacks targeting federal agencies.
"In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military," said the report, which was released earlier this month.
Cybersecurity experts have for some time been urging the government to use sanctions or other punishments against China for the breaches.
The benefits to the cyber espionage are high and the costs are low, said Shawn Henry, former cyber director at the FBI and now president of CrowdStrike Services, a security technology company.
"There is no cost, there are no sanctions, no diplomatic actions, no financial disincentives," said Henry, adding that the U.S. intellectual property losses are in the hundreds of millions of dollars. He said that the U.S. needs to have a discussion with Chinese leaders about "what the red lines are and what the repercussions will be for crossing those red lines."
U.S. leaders, including President Barack Obama, however, have instead been using the bully pulpit to increase pressure on the Chinese to confront the problem. Obama is expected to raise the issue with China's new leader Xi Jinping during a summit next month in Southern California.
Pentagon Press Secretary George Little said Tuesday that the Pentagon maintains "full confidence in our weapons platforms," adding that the department has taken a number of steps to strengthen its network defenses and monitor for threats.
Defense contractors, meanwhile, declined to say whether their systems had been breached. But recent filings to shareholders indicate these companies see intrusions as a serious risk to their business, particularly when they must rely on third-party suppliers.
In its most recent annual report, Lockheed Martin — a primary contractor on missile defense programs — told shareholders that prior cyberattacks "have not had a material impact on our financial results," and that it believed its security efforts were adequate.
However, suppliers and subcontractors have "varying levels of cybersecurity expertise and safeguards and their relationships with government contractors, such as Lockheed Martin may increase the likelihood that they are targeted by the same cyber threats we face," according to the 2012 report.
In a statement emailed to reporters on Tuesday, Lockheed Martin said it has made "significant investments" in cybersecurity and that the company was trying to secure its supply chain given that "program information resides in a large cyber ecosystem."
Similar risk disclosures to shareholders have been made recently by Northrop Grumman, Boeing and Raytheon. For example, Northrop Grumman wrote in its 2012 annual report that cyber intrusions "could damage our reputation and lead to financial losses from remedial actions, loss of business or potential liability."Company spokesman Randy Belote on Tuesday declined to say whether Northrop Grumman's systems had been breached, citing company policy. But, he added, "the number of attempts to breach our networks (is) increasing at an alarming rate" (Fox News, 2013).
Title: Hacking Revelations Overshadow
Closer US-China Military Ties Ahead Of Obama-Xi Summit Next Month
Date: May 29, 2013
Source: Fox News
Abstract: U.S. National Security Adviser Tom Donilon has pushed for stronger military relations with China as part of preparations for a summit next month between President Barack Obama and China's Xi Jinping.
However, difficulties establishing trust between the sides were underscored by new revelations Tuesday that China used cyberattacks to access data from nearly 40 Pentagon weapons programs and almost 30 other defense technologies, ranging from missile defense systems to the F-35 joint strike fighter.
The disclosure was included in a Defense Science Board report released earlier this year, but is only now being discussed publicly. It came shortly after Donilon wrapped up discussions with Chinese officials in Beijing and as Defense Secretary Chuck Hagel was heading to Southeast Asia for multinational talks on issues including the escalating cyberthreat.
While officials have been warning for years about China's cyber espionage efforts aimed at U.S. military and high-tech programs, the breadth of the list underscored how routine the attacks have become.
Donilon did not directly mention hacking in his opening comments at a meeting Tuesday morning with Gen. Fan Changlong, a vice chairman of the commission overseeing China's armed forces.
Instead, he emphasized that nontraditional military activities such as peacekeeping, disaster relief and anti-piracy operations offer opportunities to boost cooperation and "contribute to greater mutual confidence and understanding."
A "healthy, stable, and reliable military-to-military relationship" is an essential part of overall China-U.S. ties, Donilon said at the start of the meeting at China's hulking Defense Ministry building in central Beijing.
Donilon met with a range of Chinese officials over two days to hammer out plans for the June 7-8 summit, the first face-to-face meeting between the presidents since Obama's re-election and Xi's promotion to Communist Party chief last November.
Their informal summit at the private Sunnylands estate of the late publishing tycoon Walter Annenberg in southern California will come months before the two leaders had been originally scheduled to meet, underscoring concerns that the U.S-China relationship was drifting.
Xi told Donilon on Monday that relations were at a critical juncture, and that the sides must now "build on past successes and open up new dimensions for the future."
Building trust between their militaries is one of the main challenges the sides face in seeking to stop a drift in relations, troubled by issues from trade disputes to allegations of Chinese cyberspying.
A White House statement issued after Tuesday's meeting emphasized the need to cooperate further on North Korea, cyber-security, climate change and stability in Asia. It called the upcoming summit a "unique and important opportunity" to discuss U.S.-China relations and regional and global challenges facing both countries.
Although Washington and Beijing have talked about boosting military cooperation for more than a decade, distrust runs high and disagreements over Taiwan, North Korea and China's assertive claims to disputed territories in the East and South China seas remain potential flashpoints.
The U.S. has repeatedly questioned the purpose of China's heavy military buildup over the past two decades, while Beijing is deeply suspicious of Washington's new focus on military alliances in Asia and plans to redeploy more weaponry and troops to the Asia-Pacific region.
Steps to increase benign interactions between their militaries have been modest so far, including joint anti-piracy drills in the Gulf of Aden and a classroom natural disaster response simulation. The U.S. has also invited China to take part in large U.S.-led multinational naval exercises, though China has not said if it would participate.
Apart from purely military issues, distrust has deepened as the U.S. feels its world leadership challenged and China, its power growing, demands greater deference to its interests and a larger say over global rule-setting. Chinese officials and state media regularly say Washington is thwarting China's rise by hemming Beijing in through its Asian alliances and discouraging Chinese investment in the U.S. on grounds of national security.
U.S. officials have been far more open about discussing the China cyberattacks over the past year or two, beginning with a November 2011 report by U.S. intelligence agencies that accused China of systematically stealing American high-tech data for its own national economic gain. The Pentagon, meanwhile, in its latest report on China's military power, asserted publicly for the first time that Beijing's military was likely behind computer-based attacks targeting federal agencies."In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military," said the report, which was released earlier this month (Fox News, 2013).
Title: Hagel Says Chinese Cyberthreats
Pose 'Stealthy' Danger To US
Date: May 31, 2013
Source: Fox News
Abstract: Defense Secretary Chuck Hagel said Friday that cyberthreats pose a "quiet, stealthy, insidious" danger to the United States and called for the development of guidelines to establish "rules of the road" and foster a better understanding among nations for the use of cyber technologies.
Speaking to reporters on his plane en route to Singapore on Friday, Hagel said he will address ongoing cyberthreats during a meeting with members of a Chinese delegation amid reports that China used computer-based attacks to access data from dozens of Pentagon weapons programs and other defense technologies.
"Cyber threats are real, they're terribly dangerous," Hagel was quoted by Reuters as saying. "They're probably as insidious and real a threat (as there is) to the United States, as well as China, by the way, and every nation."
Hagel told reporters that the U.S. must find ways to work with China and other countries to develop "international understandings" of responsibilities governments must take in order to ensure responsible use of cyber technologies, Reuters reported.
"These are issues that we're going to deal with, frame up, put right at the top of the agenda," said Hagel, who is expected to have the brief meeting with the Chinese on the sidelines of a session at the Shangri-La Dialogue, an international security conference. "There's only one way to deal with these issues — that's straight up."
Hagel also noted that cybersecurity will, for the first time, be the topic at a dedicated session in next week's NATO meeting for defense ministers. World leaders have long been talking about the need to set international standards and come to some broad agreements about the use of cyber technologies.
Hagel's comments came on the heels of a report by the Defense Science Board that said nearly 40 Pentagon weapons programs and almost 30 other defense technologies were compromised by cyber intrusions. The report said that some of the intrusions appeared to be "attributable directly to the Chinese government and military."
Other U.S. and private cybersecurity reports have made similar assertions, while also noting that in some cases the breaches emanated from within China, but it was not certain they were directed or sanctioned by the government.
Officials have been warning for years about China's cyber espionage efforts aimed at U.S. military and high-tech programs. But as the U.S. looks to grow its military presence in the Asia Pacific, worries increase that China can use the information to blunt America's military superiority and keep pace with emerging technologies.
America's expanded focus on the Asia Pacific will also be a key theme this weekend for Hagel, who makes his first trip to Asia as defense chief. He is also expected to assure allies in Asia that despite America's ongoing budget crisis, the U.S. remains committed to shifting more military troops and assets to the region.
"We're on track," Hagel told reporters, adding that the Pentagon is moving ahead with "every measurement of that commitment" to refocus on the Asia Pacific.
He also said he expects to meet with China's minister of defense in August in the U.S., but details have not yet been worked out.
Former defense chief Leon Panetta spoke to the Singapore conference last year, describing plans to assign 60 percent of the Navy's fleet to the Pacific even as he acknowledged ongoing budget problems.
Congress has been unable to agree on any plan to avoid automatic budget cuts that will slash about $487 billion in defense spending over 10 years. Already this year, the military services have had to curtail flight and combat training, ground some Air Force squadrons and delay or cancel some ship deployments.
And the Pentagon has announced it will furlough about 680,000 civilian employees for up to 11 days through the end of the fiscal year, allowing only limited exceptions for the services to avoid or reduce the unpaid days off.
The conference will be a comfortable reunion for Hagel. The former senator from Nebraska, a Republican, was a founder of the Shangri-La Dialogue conference 11 years ago and has spoken there several times. Hagel also served in the Vietnam War, earning two Purple Hearts.
Defense officials said that they expect North Korea to be the dominant focus of the conference. Over the last several months, Pyongyang has ratcheted up tensions in the region with a series of rocket launches, an underground nuclear test and other saber-rattling, along with increasingly hostile rhetoric including threats of nuclear strikes against the U.S. and its allies.
Hagel will also conduct a number of private meetings with defense leaders from countries in the region, including counterparts from Japan, South Korea and Indonesia.
Just before boarding his plane for the flight to Singapore, Hagel met Thursday with troops at Hickam Field in Hawaii. He told service members that they will all have to do more with less, and he said the Pentagon must look at personnel costs as it tries to meet budget cuts.Hagel stood in front of an F-22 Raptor fighter jet inside an airport hangar as he spoke to about 200 troops from across the services (Fox News, 2013).
Title: China Claims ‘Mountains Of Data’ On
Cyber Attacks By US
Date: June 5, 2013
Abstract: Beijing has upped the ante on the US over accusations of cyber attacks by China, warning that it also has evidence against the US before a meeting between Barack Obama and Xi Jinping this week.
China Daily said cyber attacks from the US had been “as grave as the ones the US claims China has conducted” and quoted a senior cyber security official as calling on Washington not to openly press Beijing over cyber attacks.
The warning comes as Mr Obama is under pressure to do just that at his first presidential summit with Mr Xi at the Annenberg Estate in California on Friday.
“We have mountains of data, if we wanted to accuse the US, but it’s not helpful in solving the problem,” Huang Chengqing, director of the National Computer Network Emergency Response Team of China (CNCERT), told the English-language China Daily.
“The importance of handling internet security cases keeps rising, but the issue can only be settled through communication, not confrontation,” Mr Huang said, according to the paper.
CERTs are national bodies that try to detect and protect against internet security incidents.
After accusations by US researchers that the Chinese government and military are sponsoring an organised effort to steal US trade secrets through hacking, calls are mounting in Washington for the country to “name and shame” China or even retaliate with trade and visa sanctions.
Mr Huang’s remarks echo complaints by CNCERT’s chief engineer in an interview with the Financial Times last month that the politicisation of the cyber security issue was impeding CERTs’ efforts to exchange information and protect against attacks.
Beijing has been using the argument that China is one of the main victims of cyber attacks itself and many of those attacks emanate from the US. That is its standard response to US accusations of state-sponsored cyber theft from China, which is trying to set a more balanced framework for negotiations.
But Mr Huang’s comments mark the strongest language so far.
“It seems China is still in a remarkably weaker position because we have not accused the American government of cyber attacks against China,” said Shi Yinhong, director of the Centre of American Studies at Renmin University in Beijing.
“So far, the Chinese government has not presented proof that a large portion of cyber attacks on China come from the US government. That is why it has not been able to substantially reduce America’s accusations.”
Mr Huang’s warning comes as Beijing frets the cyber security controversy could poison relations with Washington just as the two governments are trying to put ties on a smoother track with the summit between Mr Xi and Mr Obama.Professor Shi said it would be difficult for Mr Obama to reject Beijing’s demand to discuss cyber security in closed-door meetings rather than in public, but the issue had “made bilateral relations more complicated” (FT, 2013).
Title: Chinese Hacked Obama, McCain
Campaigns, Took Internal Documents, Officials Say
Date: June 6, 2013
Abstract: The U.S. secretly traced a massive cyberespionage operation against the 2008 presidential campaigns of Barack Obama and John McCain to hacking units backed by the People’s Republic of China, prompting high level warnings to Chinese officials to stop such activities, U.S. intelligence officials tell NBC News.
The disclosure on the eve of a two-day summit between the U.S. and Chinese presidents highlights what has become a persistent source of tension between the two global powers: Beijing’s aggressive, orchestrated campaign to pierce America’s national security armor at any weak point – in this case the computers and laptops of top campaign aides and advisers who received high-level briefings.
The goal of the campaign intrusion, according to the officials: to export massive amounts of internal data from both campaigns—including internal position papers and private emails of key advisers in both camps.
“Based on everything I know, this was a case of political cyberespionage by the Chinese government against the two American political parties,” said Dennis Blair, who served as President Obama’s director of national intelligence in 2009 and 2010. “They were looking for positions on China, surprises that might be rolled out by campaigns against China.”
The intrusion into the campaigns’ computer networks and subsequent efforts to penetrate them were highly sophisticated and continued for months after they were first detected by the FBI in the summer of 2008, according to the officials and an Obama campaign security consultant hired to thwart them. The intrusions and some details of what was targeted have been previously reported, but not publicly attributed to government-backed Chinese hackers.
President Obama's 2008 campaign manager, David Plouffe, tells NBC's Michael Isikoff about the cyberattacks that infiltrated Obama's campaign. At the time, Plouffe said, Obama's reaction was one of surprise because there was no precedent for such an attack.
Obama publicly referred to the attacks -- in general terms -- at a May 29, 2009, White House event announcing a new cybersecurity policy. “Hackers gained access to emails and a range of campaign files, from policy position papers to travel plans,” he said then.
But neither the president nor his top aides publicly spoke about the identity of the hackers, or the depth and gravity of the attack.
Officials and former campaign officials now acknowledge to NBC News that the security breach was far more serious than has been publicly known, involving the potential compromise of a large number of internal files. And, in one case, it included the apparent theft of private correspondence from McCain to the president of Taiwan.
Cyberattacks by the Chinese are expected to be at the top of the president’s agenda this weekend. U.S. officials say that such intrusions – many of them traced to a unit of the People’s Republic of China in Shanghai – have gotten even more brazen since the 2008 campaign.
Shawn Henry, president of CrowdStrike Services, tells NBC's Michael Isikoff there's "little doubt" the Chinese government has an aggressive electronic espionage program targeting the US government and the commercial sector.
“There’s been successful exfiltration of data from government agencies (by the Chinese) up and down Pennsylvania Avenue,” said Shawn Henry, who headed up the FBI’s probe of the 2008 attacks as the bureau’s chief of cyberinvestigations. He is now president of Crowdstrike, a computer security firm.
David Plouffe, Obama campaign manager, vividly recalls getting a phone call from Josh Bolton, then President George W. Bush’s chief of staff, in the middle of August 2008 alerting him to the intrusion and that the FBI was investigating the attack. “He said we have reason to believe that your campaign system has been penetrated by a foreign entity,” Plouffe said in an interview.
Within days, the campaign dispatched a computer security team from Kroll Advisory Solutions to Chicago to cleanse the campaign’s infected computers — including the laptops of senior staffers.
In retrospect, the attack seems simple. It was delivered by a “phishing” email – outlining the “agenda” for an upcoming meeting — that circulated among top staffers and contained a zip file attachment with “malware,” a hidden malicious virus.
But it was no ordinary virus, said Alan Brill, the senior managing director of Kroll Solutions. The malware was “as sophisticated as anything we had seen” and was part of what he called “an infection chain” that replicated itself throughout the Obama campaign’s computer system. It also was designed to stay buried in the computers for months, if not years, he said.
He and his consultants were unable to determine precisely what had been compromised, but Brill says the bombardment of viruses by the attackers continued for months. “It was like a firefight,” Brill said. “This was starting every day knowing that you didn’t know what they were going to throw at you.”
Trevor Potter, who served as general counsel to the McCain campaign, said he got a similar warning about the cyberintrusion during a briefing from U.S. law enforcement officials at campaign headquarters.. “They told us, ‘You've been compromised, your computers are under the control of someone else. You need to get off network’,” said Potter.
In one incident that caused concern among U.S. intelligence officials, the Chinese hackers appeared to have gotten access to private correspondence between McCain, then the GOP presidential candidate, and Ma Ying-jeou, the newly elected president of Taiwan. On July 25, 2008, McCain had signed a personal letter — drafted on campaign computers — pledging his support for the U.S. –Taiwanese relationship and Ma’s efforts to modernize the country’s military. A copy of the letter has been obtained by NBC News.
But before the letter had even been delivered, a top McCain foreign policy adviser got a phone call from a senior Chinese diplomat in Washington complaining about the correspondence. “He was putting me on notice that they knew this was going on,” said Randall Schriver, a former State Department official who was serving as a top McCain adviser on Asian policy. “It certainly struck me as odd that they would be so well-informed.”
A spokesman for the Chinese Embassy said officials were unavailable for comment because they were busy preparing for this weekend’s summit between President Obama and Chinese President Xi Jinping in California. But in recent weeks, Chinese officials have denied any role in cyberattacks against the U.S. government and private enterprise. “China opposes all forms of cyberattacks,” Zheng Zeguang, assistant Chinese foreign minister, said in a press briefing in Beijing last week.
When the summit does take place this weekend, hacking by the Chinese is expected to be at the top of the president’s agenda.
U.S. officials say that Chinese intrusions have escalated in the years since, involving repeated attacks on U.S. government agencies, political campaigns, corporations, law firms, and defense contractors — including the theft of national security secrets and hundreds of billions of dollars in intellectual property.
A recent report from a U.S. commission chaired by former Intelligence Director Blair and former U.S. Ambassador to China Jon Huntsman Jr., estimated that the theft of intellectual property – mostly from China – was costing the U.S. $300 billion a year.
“It’s stealing of information and there should be outrage,” said Henry, the former FBI executive assistant director.
Previous warnings to the Chinese about cyberattacks have been brushed off. The 2008 attacks, for example, prompted U.S. intelligence officials to sternly warn the Chinese that they had “crossed the line,” says one former senior U.S. official who was directly involved in the investigation.“We told them we knew what they were up to – and that this had gone too far,” said the former official. Chinese officials listened politely and denied they had anything to do with the attacks on the campaign, the former official said (NBC, 2013).
Title: Cyberattacks And North Korea Top
Issues For Talks Between Obama And Xi
Date: June 7, 2013
Abstract: The leaders of the world's arguably two most powerful nations are due to meet Friday in southern California. President Barack Obama of the United States and President Xi Jinping of China will hold talks that could shape relations between Washington and Beijing for years to come.
"This is an attempt to set out the ground rules for how our two countries will work together in the 21st century," said Kurt Campbell, who recently served as U.S. assistant secretary of state for East Asian and Pacific Affairs.
Officials in Beijing are also trumpeting the potential importance of the event, the first time the two leaders have met in person since Xi became China's paramount leader.
The meeting is of "profound historic and strategic significance," Hong Lei, a spokesman for the Chinese foreign ministry, said Thursday.
The setting of the meeting, in the Sunnylands estate outside Los Angeles, is unusually informal and a far cry from the elaborately choreographed summits typically held between Chinese and American leaders.
"This is the first time in 50 years that leaders will sit down, somewhat unscripted, to have a real conversation about our relationship," Campbell said in an interview with CNN's Christiane Amanpour. "It's long overdue and important."
The issues of cybersecurity and North Korea are expected to top the agenda.
The United States has recently become more vocal about linking cyberattacks on American businesses and government agencies to Chinese authorities. The attacks allegedly to involve attempts to steal secret military and corporate technology and information.
Beijing has repeatedly denied the accusations, saying that hacking is a global problem, of which China is also a victim. But the chorus of voices arguing that the Chinese stance is untenable is growing.
"In the past, rogue behavior such as cybertheft may have provided a shortcut to greatness," the editorial board of the Washington Post wrote this week. "But no longer. If China fails to evolve toward more responsible behavior both abroad and at home, a backlash that is already forming in the United States and among its neighbors will swell."
Some observers, however, have noted that Obama will have to raise cybersecurity and spying issues with Xi against the unflattering backdrop of recent reports alleging widespread surveillance of phone and Internet data by U.S. intelligence agencies.
The two leaders may make progress on the North Korea question, according to Campbell.
"I think the Chinese have just about had it with North Korea," he said. "They recognize that the steps that they have taken -- nuclear provocations -- are creating the context for more military activities on the part of the United States and other countries that ultimately are not in China's best strategic interests."
Tensions spiked on the Korean Peninsula in March and April as the North unleashed a torrent of dramatic threats against the United States and South Korea. The menacing rhetoric came amid U.S-South Korean military drills and after the United Nations had stepped up sanctions on Pyongyang in response to the latest North Korean nuclear test in February.
The U.S. officials called on China, North Korea's key ally, to rein in the provocative behavior of Kim Jong Un's regime.
The situation in the region has become calmer in recent weeks. The clearest sign of a possible thaw in relations came Thursday when North and South Korea agreed to hold talks about reopening their shared industrial complex that Pyongyang shut down in April.
Friday isn't the first time Obama and Xi have met. The two leaders held talks in Washington last year, while Xi still held the title of vice president.
During that visit, in addition to the more formal engagements, the Chinese leader visited a small town in Iowa, where he had stayed in the 1980s, when he was a provincial official.He also took in a Lakers game in Los Angeles (CNN, 2013).
Title: Obama Orders US To Draw Up Overseas
Target List For Cyber-Attacks
Date: June 7, 2013
Abstract: Barack Obama has ordered his senior national security and intelligence officials to draw up a list of potential overseas targets for US cyber-attacks, a top secret presidential directive obtained by the Guardian reveals.
The 18-page Presidential Policy Directive 20, issued in October last year but never published, states that what it calls Offensive Cyber Effects Operations (OCEO) "can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging".
It says the government will "identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power".
The directive also contemplates the possible use of cyber actions inside the US, though it specifies that no such domestic operations can be conducted without the prior order of the president, except in cases of emergency.
The aim of the document was "to put in place tools and a framework to enable government to make decisions" on cyber actions, a senior administration official told the Guardian.
The administration published some declassified talking points from the directive in January 2013, but those did not mention the stepping up of America's offensive capability and the drawing up of a target list.
Obama's move to establish a potentially aggressive cyber warfare doctrine will heighten fears over the increasing militarization of the internet.
The directive's publication comes as the president plans to confront his Chinese counterpart Xi Jinping at a summit in California on Friday over alleged Chinese attacks on western targets.
Even before the publication of the directive, Beijing had hit back against US criticism, with a senior official claiming to have "mountains of data" on American cyber-attacks he claimed were every bit as serious as those China was accused of having carried out against the US.
Presidential Policy Directive 20 defines OCEO as "operations and related programs or activities … conducted by or on behalf of the United States Government, in or through cyberspace, that are intended to enable or produce cyber effects outside United States government networks."
Asked about the stepping up of US offensive capabilities outlined in the directive, a senior administration official said: "Once humans develop the capacity to build boats, we build navies. Once you build airplanes, we build air forces."
The official added: "As a citizen, you expect your government to plan for scenarios. We're very interested in having a discussion with our international partners about what the appropriate boundaries are."
The document includes caveats and precautions stating that all US cyber operations should conform to US and international law, and that any operations "reasonably likely to result in significant consequences require specific presidential approval".
The document says that agencies should consider the consequences of any cyber-action. They include the impact on intelligence-gathering; the risk of retaliation; the impact on the stability and security of the internet itself; the balance of political risks versus gains; and the establishment of unwelcome norms of international behaviour.
Among the possible "significant consequences" are loss of life; responsive actions against the US; damage to property; serious adverse foreign policy or economic impacts.
The US is understood to have already participated in at least one major cyber attack, the use of the Stuxnet computer worm targeted on Iranian uranium enrichment centrifuges, the legality of which has been the subject of controversy. US reports citing high-level sources within the intelligence services said the US and Israel were responsible for the worm.
In the presidential directive, the criteria for offensive cyber operations in the directive is not limited to retaliatory action but vaguely framed as advancing "US national objectives around the world".
The revelation that the US is preparing a specific target list for offensive cyber-action is likely to reignite previously raised concerns of security researchers and academics, several of whom have warned that large-scale cyber operations could easily escalate into full-scale military conflict.
Sean Lawson, assistant professor in the department of communication at the University of Utah, argues: "When militarist cyber rhetoric results in use of offensive cyber attack it is likely that those attacks will escalate into physical, kinetic uses of force."
An intelligence source with extensive knowledge of the National Security Agency's systems told the Guardian the US complaints again China were hypocritical, because America had participated in offensive cyber operations and widespread hacking – breaking into foreign computer systems to mine information.
Provided anonymity to speak critically about classified practices, the source said: "We hack everyone everywhere. We like to make a distinction between us and the others. But we are in almost every country in the world."
The US likes to haul China before the international court of public opinion for "doing what we do every day", the source added.
One of the unclassified points released by the administration in January stated: "It is our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as preferred courses of action."
The full classified directive repeatedly emphasizes that all cyber-operations must be conducted in accordance with US law and only as a complement to diplomatic and military options. But it also makes clear how both offensive and defensive cyber operations are central to US strategy.
Under the heading "Policy Reviews and Preparation", a section marked "TS/NF" - top secret/no foreign - states: "The secretary of defense, the DNI [Director of National Intelligence], and the director of the CIA … shall prepare for approval by the president through the National Security Advisor a plan that identifies potential systems, processes and infrastructure against which the United States should establish and maintain OCEO capabilities…" The deadline for the plan is six months after the approval of the directive.
The directive provides that any cyber-operations "intended or likely to produce cyber effects within the United States" require the approval of the president, except in the case of an "emergency cyber action". When such an emergency arises, several departments, including the department of defense, are authorized to conduct such domestic operations without presidential approval.
Obama further authorized the use of offensive cyber attacks in foreign nations without their government's consent whenever "US national interests and equities" require such nonconsensual attacks. It expressly reserves the right to use cyber tactics as part of what it calls "anticipatory action taken against imminent threats".
The directive makes multiple references to the use of offensive cyber attacks by the US military. It states several times that cyber operations are to be used only in conjunction with other national tools and within the confines of law.
When the directive was first reported, lawyers with the Electronic Privacy Information Center filed a Freedom of Information Act request for it to be made public. The NSA, in a statement, refused to disclose the directive on the ground that it was classified.
In January, the Pentagon announced a major expansion of its Cyber Command Unit, under the command of General Keith Alexander, who is also the director of the NSA. That unit is responsible for executing both offensive and defensive cyber operations.
Earlier this year, the Pentagon publicly accused China for the first time of being behind attacks on the US. The Washington Post reported last month that Chinese hackers had gained access to the Pentagon's most advanced military programs.
The director of national intelligence, James Clapper, identified cyber threats in general as the top national security threat.
Obama officials have repeatedly cited the threat of cyber-attacks to advocate new legislation that would vest the US government with greater powers to monitor and control the internet as a means of guarding against such threats.
One such bill currently pending in Congress, the Cyber Intelligence Sharing and Protection Act (Cispa), has prompted serious concerns from privacy groups, who say that it would further erode online privacy while doing little to enhance cyber security.
In a statement, Caitlin Hayden, national security council spokeswoman, said: "We have not seen the document the Guardian has obtained, as they did not share it with us. However, as we have already publicly acknowledged, last year the president signed a classified presidential directive relating to cyber operations, updating a similar directive dating back to 2004. This step is part of the administration's focus on cybersecurity as a top priority. The cyber threat has evolved, and we have new experiences to take into account.
"This directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the full array of national security tools we have at our disposal. It provides a whole-of-government approach consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace."This directive will establish principles and processes that can enable more effective planning, development, and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action. The procedures outlined in this directive are consistent with the US Constitution, including the president's role as commander in chief, and other applicable law and policies” (Guardian, 2013).
Title: Former CIA Officer: Intel
Considering NSA Whistleblower 'Potential Chinese Espionage'
Date: June 10, 2013
Abstract: Former CIA officer Bob Baer said on CNN Sunday evening officials are speculating that Edward Snowden's whistleblowing could be "potential Chinese espionage." Snowden came forward yesterday and identified himself as the leaker of the NSA's massive surveillance operation.
Snowden revealed he was currently located in Hong Kong.
“It’s [Hong Kong's] not an independent part of China at all. I’ve talked to a bunch of people in Washington today, in official positions, and they are looking at this as a potential Chinese espionage case,” said Baer.
When he was asked if there was a possibility to extradite Snowden, Baer responded, “We’ll never get him in China. They’re not about to send him to the United States and the CIA is not going to render him, as he said in the tape, is not going to try to grab him there.”
President Obama recently met with China's Presdent Xi Jinping where they discussed issues of cybersecurity.Baer said, "“It almost seems to me that this was a pointed affront to the United States on the day the president is meeting the Chinese leader,” Baer said, “telling us, listen, quit complaining about espionage and getting on the internet and our hacking. You are doing the same thing” (Breitbart, 2013).
Title: Inside The NSA's Ultra-Secret China
Date: June 10, 2013
Abstract: This weekend, U.S. President Barack Obama sat down for a series of meetings with China's newly appointed leader, Xi Jinping. We know that the two leaders spoke at length about the topic du jour -- cyber-espionage -- a subject that has long frustrated officials in Washington and is now front and center with the revelations of sweeping U.S. data mining. The media has focused at length on China's aggressive attempts to electronically steal U.S. military and commercial secrets, but Xi pushed back at the "shirt-sleeves" summit, noting that China, too, was the recipient of cyber-espionage. But what Obama probably neglected to mention is that he has his own hacker army, and it has burrowed its way deep, deep into China's networks.
When the agenda for the meeting at the Sunnylands estate outside Palm Springs, California, was agreed to several months ago, both parties agreed that it would be a nice opportunity for President Xi, who assumed his post in March, to discuss a wide range of security and economic issues of concern to both countries. According to diplomatic sources, the issue of cybersecurity was not one of the key topics to be discussed at the summit. Sino-American economic relations, climate change, and the growing threat posed by North Korea were supposed to dominate the discussions.
Then, two weeks ago, White House officials leaked to the press that Obama intended to raise privately with Xi the highly contentious issue of China's widespread use of computer hacking to steal U.S. government, military, and commercial secrets. According to a Chinese diplomat in Washington who spoke in confidence, Beijing was furious about the sudden elevation of cybersecurity and Chinese espionage on the meeting's agenda. According to a diplomatic source in Washington, the Chinese government was even angrier that the White House leaked the new agenda item to the press before Washington bothered to tell Beijing about it.
So the Chinese began to hit back. Senior Chinese officials have publicly accused the U.S. government of hypocrisy and have alleged that Washington is also actively engaged in cyber-espionage. When the latest allegation of Chinese cyber-espionage was leveled in late May in a front-page Washington Post article, which alleged that hackers employed by the Chinese military had stolen the blueprints of over three dozen American weapons systems, the Chinese government's top Internet official, Huang Chengqing, shot back that Beijing possessed "mountains of data" showing that the United States has engaged in widespread hacking designed to steal Chinese government secrets. This weekend's revelations about the National Security Agency's PRISM and Verizon metadata collection from a 29-year-old former CIA undercover operative named Edward J. Snowden, who is now living in Hong Kong, only add fuel to Beijing's position.
But Washington never publicly responded to Huang's allegation, and nobody in the U.S. media seems to have bothered to ask the White House if there is a modicum of truth to the Chinese charges.
It turns out that the Chinese government's allegations are essentially correct. According to a number of confidential sources, a highly secretive unit of the National Security Agency (NSA), the U.S. government's huge electronic eavesdropping organization, called the Office of Tailored Access Operations, or TAO, has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People's Republic of China.
Hidden away inside the massive NSA headquarters complex at Fort Meade, Maryland, in a large suite of offices segregated from the rest of the agency, TAO is a mystery to many NSA employees. Relatively few NSA officials have complete access to information about TAO because of the extraordinary sensitivity of its operations, and it requires a special security clearance to gain access to the unit's work spaces inside the NSA operations complex. The door leading to its ultramodern operations center is protected by armed guards, an imposing steel door that can only be entered by entering the correct six-digit code into a keypad, and a retinal scanner to ensure that only those individuals specially cleared for access get through the door.
According to former NSA
officials interviewed for this article, TAO's mission is simple. It collects
intelligence information on foreign targets by surreptitiously hacking into
their computers and telecommunications systems, cracking passwords,
compromising the computer security systems protecting the targeted computer,
stealing the data stored on computer hard drives, and then copying all the
messages and data traffic passing within the targeted email and text-messaging
systems. The technical term of art used by NSA to describe these operations is
computer network exploitation (CNE).
TAO is also responsible for developing the information that would allow the United States to destroy or damage foreign computer and telecommunications systems with a cyberattack if so directed by the president. The organization responsible for conducting such a cyberattack is U.S. Cyber Command (Cybercom), whose headquarters is located at Fort Meade and whose chief is the director of the NSA, Gen. Keith Alexander.
Commanded since April of this year by Robert Joyce, who formerly was the deputy director of the NSA's Information Assurance Directorate (responsible for protecting the U.S. government's communications and computer systems), TAO, sources say, is now the largest and arguably the most important component of the NSA's huge Signal Intelligence (SIGINT) Directorate, consisting of over 1,000 military and civilian computer hackers, intelligence analysts, targeting specialists, computer hardware and software designers, and electrical engineers.
The sanctum sanctorum of TAO is its ultramodern operations center at Fort Meade called the Remote Operations Center (ROC), which is where the unit's 600 or so military and civilian computer hackers (they themselves CNE operators) work in rotating shifts 24 hours a day, seven days a week.
These operators spend their days (or nights) searching the ether for computers systems and supporting telecommunications networks being utilized by, for example, foreign terrorists to pass messages to their members or sympathizers. Once these computers have been identified and located, the computer hackers working in the ROC break into the targeted computer systems electronically using special software designed by TAO's own corps of software designers and engineers specifically for this purpose, download the contents of the computers' hard drives, and place software implants or other devices called "buggies" inside the computers' operating systems, which allows TAO intercept operators at Fort Meade to continuously monitor the email and/or text-messaging traffic coming in and out of the computers or hand-held devices.
TAO's work would not be possible without the team of gifted computer scientists and software engineers belonging to the Data Network Technologies Branch, who develop the sophisticated computer software that allows the unit's operators to perform their intelligence collection mission. A separate unit within TAO called the Telecommunications Network Technologies Branch (TNT) develops the techniques that allow TAO's hackers to covertly gain access to targeted computer systems and telecommunications networks without being detected. Meanwhile, TAO's Mission Infrastructure Technologies Branch develops and builds the sensitive computer and telecommunications monitoring hardware and support infrastructure that keeps the effort up and running.
TAO even has its own small clandestine intelligence-gathering unit called the Access Technologies Operations Branch, which includes personnel seconded by the CIA and the FBI, who perform what are described as "off-net operations," which is a polite way of saying that they arrange for CIA agents to surreptitiously plant eavesdropping devices on computers and/or telecommunications systems overseas so that TAO's hackers can remotely access them from Fort Meade.
It is important to note that TAO is not supposed to work against domestic targets in the United States or its possessions. This is the responsibility of the FBI, which is the sole U.S. intelligence agency chartered for domestic telecommunications surveillance. But in light of information about wider NSA snooping, one has to prudently be concerned about whether TAO is able to perform its mission of collecting foreign intelligence without accessing communications originating in or transiting through the United States.
Since its creation in 1997, TAO has garnered a reputation for producing some of the best intelligence available to the U.S. intelligence community not only about China, but also on foreign terrorist groups, espionage activities being conducted against the United States by foreign governments, ballistic missile and weapons of mass destruction developments around the globe, and the latest political, military, and economic developments around the globe.
According to a former NSA official, by 2007 TAO's 600 intercept operators were secretly tapping into thousands of foreign computer systems and accessing password-protected computer hard drives and emails of targets around the world. As detailed in my 2009 history of NSA, The Secret Sentry, this highly classified intercept program, known at the time as Stumpcursor, proved to be critically important during the U.S. Army's 2007 "surge" in Iraq, where it was credited with single-handedly identifying and locating over 100 Iraqi and al Qaeda insurgent cells in and around Baghdad. That same year, sources report that TAO was given an award for producing particularly important intelligence information about whether Iran was trying to build an atomic bomb.
By the time Obama became president of the United States in January 2009, TAO had become something akin to the wunderkind of the U.S. intelligence community. "It's become an industry unto itself," a former NSA official said of TAO at the time. "They go places and get things that nobody else in the IC [intelligence community] can."
Given the nature and extraordinary political sensitivity of its work, it will come as no surprise that TAO has always been, and remains, extraordinarily publicity shy. Everything about TAO is classified top secret codeword, even within the hypersecretive NSA. Its name has appeared in print only a few times over the past decade, and the handful of reporters who have dared inquire about it have been politely but very firmly warned by senior U.S. intelligence officials not to describe its work for fear that it might compromise its ongoing efforts. According to a senior U.S. defense official who is familiar with TAO's work, "The agency believes that the less people know about them [TAO] the better."
The word among NSA officials is that if you want to get promoted or recognized, get a transfer to TAO as soon as you can. The current head of the NSA's SIGINT Directorate, Teresa Shea, 54, got her current job in large part because of the work she did as chief of TAO in the years after the 9/11 terrorist attacks, when the unit earned plaudits for its ability to collect extremely hard-to-come-by information during the latter part of George W. Bush's administration. We do not know what the information was, but sources suggest that it must have been pretty important to propel Shea to her position today. But according to a recently retired NSA official, TAO "is the place to be right now."
There's no question that TAO has continued to grow in size and importance since Obama took office in 2009, which is indicative of its outsized role. In recent years, TAO's collection operations have expanded from Fort Meade to some of the agency's most important listening posts in the United States. There are now mini-TAO units operating at the huge NSA SIGINT intercept and processing centers at NSA Hawaii at Wahiawa on the island of Oahu; NSA Georgia at Fort Gordon, Georgia; and NSA Texas at the Medina Annex outside San Antonio, Texas; and within the huge NSA listening post at Buckley Air Force Base outside Denver.The problem is that TAO has become so large and produces so much valuable intelligence information that it has become virtually impossible to hide it anymore. The Chinese government is certainly aware of TAO's activities. The "mountains of data" statement by China's top Internet official, Huang Chengqing, is clearly an implied threat by Beijing to release this data. Thus it is unlikely that President Obama pressed President Xi too hard at the Sunnydale summit on the question of China's cyber-espionage activities. As any high-stakes poker player knows, you can only press your luck so far when the guy on the other side of the table knows what cards you have in your hand (FP, 2013).
Title: Snowden Showed Evidence Of US
Hacking China To Hong Kong Newspaper
Date: June 12, 2013
Source: Business Insider
Abstract: NSA whistleblower Edward Snowden has told a Hong Kong newspaper that the U.S. government has been hacking Hong Kong and Chinese networks for at least four years.
The comments were made as part of the South China Morning Post's exclusive interview with Snowden — his first since revealing himself on Sunday.
Snowden reportedly showed reporter Lana Lam documents that showed the NSA had been hacking computers in Hong Kong and on the mainland since 2009. He estimated there were hundreds of targets in Hong Kong and mainland China, including the Chinese University of Hong Kong. None of the documents revealed any information about Chinese military systems, Snowden said.
“We hack network backbones – like huge internet routers, basically – that give us access to the communications of hundreds of thousands of computers without having to hack every single one,” Snowden told Lam.China's own online espionage efforts were put in the spotlight earlier this year after a report from U.S. security firm Mandiant that accused military-linked groups of hacking major U.S. companies. After that story, China hit back saying Washington was the "real hacking empire” (Business Insider, 2013).
Title: Party-Backed Newspaper Suggests
China Get More Details From Snowden, Not Return Him To US
Date: June 14, 2013
Source: Fox News
Abstract: A popular Communist Party-backed newspaper is urging China's leadership to get more information from former defense contractor Edward Snowden rather than send him back to the U.S., because his revelations about secret U.S. surveillance programs concern China's national interest.
The Global Times newspaper said in an editorial Friday that the Chinese government should not only consider Beijing's relations with the United States but also domestic public opinion, which the paper says would be unhappy if Snowden were sent back.
The Chinese paper known for nationalist views says Snowden could offer intelligence that can help China update its understanding of cyberspace.Snowden alleged in an interview with a Hong Kong newspaper that the U.S. National Security Agency's 61,000 hacking targets around the world include hundreds in Hong Kong and mainland China (Fox News, 2013).
Title: Chinese Newspaper Urges Government
To Get More Details From Snowden
Date: June 14, 2013
Source: Fox News
Abstract: A Communist Party-backed newspaper in China is urging that country's leadership to obtain more information from the former CIA employee who leaked information about the U.S. surveillance programs before fleeing to Hong Kong.
The Global Times newspaper said in an editorial Friday that Edward Snowden should not be sent back to the U.S. because his revelations about secret American surveillance programs concern China's national interest.
The newspaper said that the Chinese government should not only consider Beijing's relations with the United States but also domestic public opinion, which the paper says would be unhappy if Snowden were sent back.
The Global Times said in the editorial, which ran in the paper's Chinese- and English-language editions, that Snowden could offer intelligence that would help China update its understanding of cyberspace and improve its position in negotiations with Washington.
"Snowden took the initiative to expose the U.S. government's attacks on Hong Kong and the mainland's Internet networks. This concerns China's national interest," the commentary said. "Maybe he has more evidence. The Chinese government should let him speak out and according to whether the information is public, use it as evidence to negotiate with the United States openly or in private."
The paper said that the Chinese government should not only consider Beijing's relations with the United States but also the opinion of its domestic public, which the paper said would be unhappy if Snowden were sent back.
"We have realized the United States' aggressiveness in cyberspace, we have realized that nine Internet companies have assisted the U.S. government in intelligence outsourcing," said the paper known for a nationalist stance. "We have realized their hypocrisy in saying one thing and doing another, and we have realized their ruthlessness in doing what they please with no regard for other people."
"China is a rising power, and it deserves corresponding respect from the United States," it said.
Snowden alleged in an interview with the South China Morning Post newspaper Thursday that the NSA has been monitoring the Chinese University of Hong Kong and public officials and citizens in the city.
Snowden told the paper he believes there have been more than 61,000 NSA hacking operations globally.
The 29-year-old reportedly also told the newspaper his plans for the immediate future, steps he claims the U.S. has taken since he broke his cover in Hong Kong, fears for his family as well as explosive details on U.S. surveillance targets.
On Thursday, Ministry of Foreign Affairs spokeswoman Hua Chungying said China is a "major victim" of cyberattacks but did not lay blame.
Snowden is behind one of the biggest intelligence leaks in American history. The former Booz Allen Hamilton contractor who worked at the National Security Agency, hopped a flight to Asia on May 20 and has remained on the lam ever since.
The Associated Press reported Friday that the British government issued an alert to airlines around the world, urging them not to allow Snowden to board flights to the United Kingdom.
The alert, dated Monday on a Home Office letterhead, said carriers should deny Snowden boarding because "the individual is highly likely to be refused entry to the UK."
The Associated Press saw a photograph of the document taken Friday at a Thai airport. A British diplomat confirmed that the document was genuine and was sent out to airlines around the world.
In what is likely his final appearance as FBI director before the House Judiciary Committee, Mueller said Thursday that Snowden is the subject of an ongoing criminal investigation.
In his three hours of testimony, Mueller defended the government's collection of millions of U.S. phone records, emails and other information as vital to the nation's national security."Every time that we have a leak like this — and if you follow it up and you look at the intelligence afterwards" — the terrorists "are looking at the ways around it," Mueller said (Fox News, 2013).
Title: New Snowden Leak Reveals US Hacked
Chinese Cell Companies, Accessed Millions Of SMS - Report
Date: June 23, 2013
Abstract: US government has been hacking Chinese mobile operator networks to intercept millions of text messages, as well as the operator of region’s fibre optic cable network, South China Morning Post writes citing Edward Snowden.
More information on
National Security Agency activity in China and Hong Kong has been revealed by
SCMP on Sunday, shedding light on statements Snowden made in an interview on
“The NSA does all kinds of things like hack Chinese cell phone companies to steal all of your SMS data,” Snowden was quoted as saying on the SCMP's website.
In a series of reports the paper claims Snowden has provided proof of extensive US hacking activity in the region.
The former CIA technician
and NSA contractor reportedly provided to the paper the documents detailing
specific attacks on computers over a four-year period, including internet
protocol (IP) addresses, dates of attacks and whether a computer was still
being monitored remotely. SCMP however did not reveal any supporting documents.
The US government has been accused of a security breach at the Hong Kong headquarters of the operator of the largest regional fibre optic cable network operator, Pacnet. Back in 2009, the company’s computers were hacked by the NSA but since then the operation has been shut down, according to the documents the paper claims to have seen.
Pacnet’s network spans
across Hong Kong, China, Korea, Japan, Taiwan, the Philippines and Singapore
and provides connections to 16 data centers for telecom companies, corporations
and governments across the region.
The whistleblower has also allegedly revealed the US had viewed millions of text messages by hacking Chinese mobile phone companies. That is a significant claim since the Chinese sent almost billion text messages in 2012 and China Mobile is the world’s largest mobile network carrier.
In his very first leak to the media, Snowden had already exposed the scale of the American government spying operation on its domestic mobile network operators. He later revealed that the US and the UK possessed technology to access the Blackberry phones of delegates at two G20 summit meetings in London in 2009.
In a third article, SCMP claims that the US on a regular basis has been attacking the servers at Tsinghua University, one of country’s biggest research institutions. The whistleblower said that information obtained pointed to hacking activities, because it contained such details as external and internal IP addresses in the University’s network, which could only have been retrieved by a security breach.
Tsinghua University is host to one of Chinas’ six major backbone networks, the China Education and Research Network (CERNET) containing data about millions of Chinese citizens (RT, 2013).
Title: Breach: U.S. Officials: China,
Russia Gained Access To Snowden’s Secrets
Date: June 26, 2013
Source: Free Beacon
Abstract: Intelligence agencies in China and Russia gained access to highly classified U.S. intelligence and military information contained on electronic media held by renegade former National Security Agency (NSA) contractor Edward Snowden, according to U.S. officials.
The exact compromise of the secret data held on Snowden’s laptop computers remains unknown but is the subject of an ongoing damage assessment within NSA and other intelligence agencies, said officials familiar with the case.
One of the biggest fears about the compromise is whether Snowden, an NSA contractor and former CIA technician who hacked into classified intelligence networks, gained access to new U.S. nuclear war plans, the officials said.
The nuclear war plans, among the most closely guarded U.S. secrets, were recently modified as a result of President Barack Obama’s shift in U.S. nuclear strategy.
The president last week signed new guidance for the Pentagon limiting the use of nuclear weapons in U.S. planning and strategy. The shift is the first step in the president’s plan to cut deployed nuclear weapons by one-third to about 1,000 warheads. That plan was announced in Berlin June 19.
“The Chinese already have everything Snowden had,” said one official who said there were intelligence reports indicating Chinese Ministry of State Security (MSS) agents have been in contact with Snowden during his month-long stay in Hong Kong.
Snowden had four laptop computers while in Hong Kong that contained what he asserted were thousands of classified documents he gathered while working at NSA and other intelligence agencies. He is known to have used encryption for his communications with news reporters.
Asked at a Chinese Foreign Ministry press briefing if Snowden was a spy for China, spokesman Hua Chunying said: “This is utter nonsense and is extremely irresponsible.”
The timing of Snowden’s disclosures of NSA surveillance and cyber reconnaissance of China—he first went public days before the summit between Obama and Chinese President Xi Jinping—raised questions about whether he was under Chinese control. His disclosures of NSA’s PRISM program and other highly classified electronic spying muted U.S. efforts to press China on its cyber attacks.
NSA Director Gen. Keith Alexander said Sunday: “What Snowden has revealed has caused irreversible and significant damage to our country and to our allies.” He did not elaborate.
Alexander said during earlier congressional testimony that Snowden, as a computer network administrator, had access to NSA “web forums” that limited his access to collected intelligence.
Snowden said in an online chat hosted by the Guardian newspaper June 17 that “I did not reveal any U.S. operations against legitimate military targets.”
The comment suggests Snowden had access to military secrets but had not at that point in his defection disclosed them.
U.S. officials believe Russian intelligence delayed Snowden’s departure from Moscow in order to question him about NSA programs targeted on Russia.
Snowden remained in Moscow on Tuesday and U.S. officials said it is “highly likely” that several laptop computer carried by Snowden were “imaged” by Russian intelligence, which would have access to everything carried by the former NSA contractor.
Russian President Vladimir Putin told reporters in Finland on Tuesday that Snowden “is a transit passenger in the transit zone and is still there now. … Mr. Snowden is a free man. The sooner he selects his final destination point, the better both for us and for himself.”
A former NSA official said Snowden’s claims of access to NSA surveillance programs appeared to be exaggerated. The former official said that most of what he has disclosed so far has been reported in the public domain in the past.
However, Snowden provided the Guardian and Washington Post with classified documents that indicated he was able to gain unauthorized entry into tightly guarded classified information systems. The documents included a presidential order on cyber warfare, PowerPoint slides from secret briefings on Internet data surveillance, and the first ever leak of a Foreign Intelligence Surveillance Act (FISA) court order for data records.
John Bolton, former undersecretary of state for international security, said the Snowden case could be a national security disaster.
“Many in the U.S. intelligence community fear the worst, namely that both Russia and China will have had full access to whatever documents Snowden has, plus whatever he has on the NSA laptop computers he took with him, plus whatever he told their respective authorities in debriefings,” Bolton told the Washington Free Beacon.
“All of this raises the question how much help he had either from his media handlers, WikiLeaks, or other sources of support.”
Bolton said earlier on Fox News Channel that the administration should take punitive action against China and Russia for not assisting in the repatriation of Snowden.
Snowden told the South China Morning Post in an interview that he initially took the position with the NSA contractor Booz Allen to gain access to intelligence he could take with him to expose what he believes is illicit U.S. electronic surveillance.
“Though he has posed as a lone wolf, you have to wonder if he had assistance or help since he has been in the United States,” Bolton said. “We know since he has been in Hong Kong he had help and financial assistance from WikiLeaks. The real question is did he have help before he departed?”
Bolton said intelligence provided by someone in Snowden’s position could be used to counter U.S. electronic spying and “that’s very damaging.”
Sen. John McCain (R., Ariz.) said on CNBC that the failure of cooperation from both Moscow and Beijing was due to the Obama administration’s weakness.
“It means that for five years now, we have sent a signal to the world that we’re ‘leading from behind,’ that we are impotent, that we don’t act when we say that we’re going to,” McCain said.
Alexander, the NSA director, said investigators at NSA and the FBI are working to figure out how the computer administrator was able to gain access to computer systems that are normally restricted to officials who have been granted access by a special “certificate” designed to prevent such unauthorized access.
Snowden’s representative in Hong Kong, legislator Albert Ho, told news outlets a Chinese official on Friday told Snowden to leave Hong Kong and that his departure would not be delayed.
Ho also told the Standard newspaper that Snowden stayed in two different hideouts after he left the Mira hotel after giving a videotape interview to the Guardian.
The disclosure that Ho knew Snowden’s location also indicates that Chinese authorities were aware of his location, the U.S. officials said.
Snowden’s departure was a snub from Beijing to the United States. Senior Obama administration officials made several requests to both Beijing and Hong Kong authorities to detain Snowden so he could be extradited to face charges on disclosing classified information.
The Obama administration expressed surprise that both China and Russia ignored requests to detain and extradite Snowden.
“It would be very disappointing if he was willfully allowed to board an airplane” in Hong Kong for travel to Moscow, Secretary of State John Kerry said Monday during a visit to India.
Kerry also said he would be “deeply troubled” if Russia and China assisted Snowden’s travel and ignored U.S. requests for assistance in capturing him.
“And there would be, without any question, some effect and impact on the relationship and consequences,” Kerry said.
For relations with China, Snowden’s escape from Hong Kong undermined U.S. efforts to build trust with Beijing, White House spokesman Jay Carney said.
“The Chinese have emphasized the importance of building mutual trust, and we think that they have dealt that effort a serious setback,” Carney said. “If we cannot count on them to honor their legal extradition obligations, then there is a problem.”
The Obama administration’s efforts over the past five years to reset relations with Russia also may be undermined by Moscow’s handling of the Snowden case.
At the State Department on Tuesday, spokesman Patrick Ventrell said, “We do agree with President Putin that we do not want the issue to negatively affect the bilateral relationship.”
“And so while we do not have an extradition treaty with Russia and do not expect that Mr. Snowden be formally extradited, we do believe there is a basis for law enforcement cooperation to expel Mr. Snowden based on the charges against him and the status of his travel documents,” Ventrell said.
Russian nationalist political figure Vladimir Zhirinovsky, sent a tweet on Monday that said Russia should seek to exchange Snowden for imprisoned Russian arms dealer Viktor Bout and convicted drug pilot Konstantin Yaroshenko.
The newspaper Izvestiya reported Monday that “Snowden’s flight to Moscow was coordinated with the Russian authorities and security services and despite the fact that his disclosures are not a sensation for specialists, representatives of the Main Intelligence Directorate, the GRU military intelligence service and Federal Security Service (FSB) will absolutely meet and converse with him.”
Michelle Van Cleave, the former national counterintelligence executive, said the Snowden case is a slowly unraveling nightmare for U.S. counterintelligence officials.
“At this stage, there is no telling whether or not Snowden acted alone or what all he compromised,” Van Cleave told the Free Beacon.
“Whether or not there are audit trails for IT administrators, we can only guess. If not, there may be no way of bounding the potential damage here.”
Van Cleave said damage will be revealed when sources and methods of intelligence “go dark, as they surely will, and we will be hard pressed to rule out Snowden as the possible cause.”
“In other words, other spies still in place will be able to continue to operate under the cover that Snowden’s espionage provides,” she said. “And since we don’t know what secrets may have been lost, we won’t know what or who may now be at risk. That uncertainty alone is an intelligence bonanza for our adversaries.”
Kenneth deGraffenreid, a former National Security Council staff intelligence director during the Reagan administration, said the Snowden case is similar to the Bradley Manning case, where a junior enlisted soldier stole hundreds of thousands of secret documents and gave them to the anti-secrecy group WikiLeaks.
“This is yet another rcase where a person who is a low-level ne’er-do-well is able to compromise the most sensitive intelligence,” he said in an interview.
U.S. security was supposed to be improved by the shift from paper documents to digital information systems, but obviously it was not, deGraffenreid said.
For example, Foreign Intelligence Surveillance Act documents are “extremely” closely held within government, yet Snowden was able to access a FISA court order.
DeGraffenreid said Snowden, along with Manning and Wikileaks founder Julian Assange, appear to be part of the “international, anti-American left” movement.“If there are 30-year-old radicalized, narcissistic kids who can get to the core of American intelligence secrets, and walk them out of the building and fly to China with them, we have a very serious security problem that has to be fixed,” he said (Free Beacon, 2013).
Title: China’s Sinovel Charged With
Stealing Trade Secrets
Date: June 28, 2013
Abstract: Sinovel Wind Group Co. (601558), a Chinese wind-turbine company, was charged with stealing trade secrets from its former U.S. supplier, a case of industrial espionage that may heighten tensions in U.S.-China relations in the wake of the Edward Snowden affair.
U.S. prosecutors secured an indictment of the company and two of its executives in federal court yesterday in Madison, Wisconsin. Also charged was Dejan Karabasevic, who pleaded guilty in Klagenfurt, Austria, to stealing source code for the turbine controllers made by American Superconductor Corp. (AMSC), his former employer. The company lost more than $1 billion in market value after the theft became public.
Sinovel Wind Group Co. wind turbines operate at a wind farm in Zhangbei county, Zhangjiakou city, Hebei province, China. Source: Imaginechina
The indictment’s timing may give it prominence in the U.S. intensifying dispute with China over economic espionage. That conflict has only been inflamed by Snowden’s disclosures of U.S. computer-based spying, and China’s decision to allow the ex-National Security Agency contractor to fly to Russia from Hong Kong, where he had fled.
“My 5-year-old understands that this is wrong,” AMSC Chief Executive Officer Daniel McGahn said by phone. “If your ideas can be stolen without recourse, there is no reason to invest in innovation, and if there is no reason to invest in innovation, there is no purpose to the American economy.”
Sinovel’s stock fell 1.5 percent to 3.95 yuan at 10:44 a.m. local time in Shanghai after plunging 7 percent earlier. Wang Wen, a Beijing-based spokeswoman at Sinovel, declined to comment.
The indictment is the latest development in a legal struggle between AMSC, a maker of small industrial computers that fit inside wind turbines, and the company that was formerly its largest customer. AMSC, based in Devens, Massachusetts, is seeking more than $1.2 billion in damages from Sinovel in Chinese courts, accusing Beijing-based Sinovel of putting the stolen source code in more than 1,000 turbines that it sold in its home country.
Amy Riella and Elliott Joh, lawyers for Sinovel at Vinson & Elkins LLP, didn’t immediately respond to an e-mail message seeking comment on the charges.
Sinovel, China’s third-largest turbine maker, has been battered by global competition and falling prices for its products. Still, the company remains well-connected to China’s elite. One of its early investors was the private equity group New Horizon Capital, co-founded by Wen Yunsong, son of China’s former premier, Wen Jiabao.
A probe by the Federal Bureau of Investigation, which has been developing the case for more than a year, received a boost when Sinovel exported stolen code to the U.S., installing it in four turbines in Massachusetts. One, owned by the state Water Resources Authority, wasn’t far from AMSC’s headquarters, according to Kerry Farrell, a spokesman for the company.
Paul Tiao, former senior adviser for intellectual property crimes to FBI Director Robert Mueller, said the indictment coming just weeks after Snowden fled to Hong Kong with a trove of stolen NSA secrets is coincidental. Regardless, it “underscores the reason why the administration is demanding that the PRC government stop engaging in cyber-based commercial espionage,” said Tiao, now a partner at Hunton & Williams LLP in Washington.
When President Barack Obama met Chinese President Xi Jinping this month, he raised the issue of “large-scale theft” of U.S. property through Chinese cyberattacks.
An internal investigation by AMSC uncovered hundreds of messages about the code Karabasevic exchanged with three Sinovel employees, including one e-mail in which the engineer sent AMSC’s source code to his counterpart at Sinovel, according to the company.
Using search warrants, the FBI obtained an even bigger trove of communications that Karabasevic swapped via Yahoo! and Google Inc. Gmail accounts with the two charged executives, Su Liying, deputy director for research and development, and Zhao Haichun, technology manager. Like the company, the pair is charged with conspiracy, theft of trade secrets and fraud.
In one exchange, Su Liying complained about error messages she received after testing the stolen AMSC code in China. Karabasevic obliged by modifying the code so that it would run more smoothly.
Prosecutors said Sinovel induced Karabasevic to provide the code, promising him a $1.7 million contract with the company and other perks. The indictment was filed in Wisconsin because Karabasevic allegedly uploaded the code from an engineering center there.
AMSC, which prosecutors said was cheated out of $800 million, has filed four lawsuits against Sinovel in Chinese courts. After almost two years, the cases are still entangled in procedural disputes, John Powell, AMSC’s general counsel, said in a phone interview.
Sinovel said last month that it’s being investigated for suspected violations of securities laws and regulations.
The company received a notice from the China Securities Regulatory Commission on the decision to start the probe, and will cooperate, according to a May 28 filing to the Shanghai Stock Exchange. The statement didn’t provide more details.
Sinovel, based in Beijing, in March revised down 2011 profit by 22 percent to 607.4 million yuan ($99.1 million) due to an accounting error.The case is U.S. v. Sinovel Wind Group Co. Ltd., 13-cr-00084, U.S. District Court, Western District of Wisconsin (Madison) (Bloomberg, 2013).