Monthly Archives: May 2018

Chinese Spy Networks in Britain and United States

Posted on by

The agents are thought to have handed over secrets while still in service for France’s external DGSE intelligence agency, similar to Britain’s MI6 and America’s CIA, Ms Parly told CNews television. The third person – believed to be the wife – has been indicted for “concealment of treasonable crimes” and placed under “judicial control”, meaning judges keep close tabs on her pending trial. More here.

France arrests two spies for passing secrets to China photo

France has confirmed the arrest of two French intelligence officers who are accused of spying for the Chinese government. It appears that the two officers were captured and charged in December. However, their arrests were not publicized at the time, because French counterintelligence officials wanted to avoid alerting more members of a possible spy ring, which some say may include up to five French citizens. It was only last Friday, a day after French media published leaked reports of the arrests, that the French government spoke publicly about the case.

France’s Minister of the Armed Forces, Florence Parly, told France’s CNews television on Friday that two French intelligence officers were “accused of extremely serious acts of treason” against the French state. The two officers had been charged with delivering classified information to a foreign power”, she said. Parly added that the spouse of one of the officers was also being investigated for participating in acts of espionage on behalf of a foreign country. When asked to identify the country that the two officers are accused of spying for, the minister refused to respond. But the Agence France Presse news agency cited an anonymous “security source”, who said that the two intelligence officers were being suspected of spying for China and that they had been captured following a sting operation by French counterintelligence officers.

French television station TFI1 said on Friday that both spy suspects are officers in the General Directorate of External Security (DGSE), France’s primary external intelligence agency. The station added that at least one of the two suspects was stationed at the embassy of France in Beijing when French counterintelligence became aware of the alleged espionage. According to some reports, the two suspects had retired from the DGSE by the time they were arrested, but committed their alleged espionage while still in the service of the spy agency. French government officials have refused to provide information about the length of the alleged espionage or the nature of the classified information believed to have been compromised. Additionally, no information is available about whether the two alleged spies were working in cooperation with each other. The BBC asked China last week about the arrests in France, but the Chinese Ministry of Foreign Affairs said it was not aware of the incident.

*** As a reminder, the United States has it’s own Chinese spy network. Jerry Chun Shing Lee was charged with aiding China dismantle a U.S. informant network in China in exchange for money. He has plead not guilty.

a man smiling for the camera © Provided by South China Morning Post Publishers Limited

It was this past February that FBI Director Chris Wray provided testimony to the Senate Intelligence Committee that Chinese spies have fully infiltrated U.S. universities. Additionally, China continues to gain access and in many cases successfully, of U.S. technologies and intellectual properties through telecommunications companies, academia and most especially with joint business adventures.

China has launched an ‘all society’ approach to gain access to intellectual property and some universities are pushing back on the warnings put forth by Director Wray as there are an estimated 400,000 Chinese students studying in the United States, many attending cash strapped colleges.

US Warships Challenge Chinese Islands: FONOP

Posted on by

combatindex.com: DDG 76 : USS HIGGINS USS Higgins

The US Navy sent two warships to a disputed archipelago in the South China Sea on May 28 in its latest symbolic protest against China’s claims there.

Reuters first reported that the USS Higgins and the USS Antietam ventured within 12 miles of the Paracel Islands in a demonstration the Pentagon calls a “freedom of navigation operation” or FONOP. The move signals US rejection of China’s claims of political control in the South China Sea.

The objective of their sail-by was a speck of land called “Woody Island,” where China has developed airstrips and port facilities in recent years as part of a broader strategy of establishing bases in these islands to demonstrate and exercise its political claims. This spring, China landed strategic bombers capable of carrying nuclear weapons on the island, a symbolic display of its deterrent power, and satellite imagery showed the arrival of surface-to-air missiles this month.

**

The Vietnamese government protested China’s move as a violation of its sovereign claim to the islands—exactly the language used by China to protest US actions today after sending its own warships to warn away the Americans.

** See more here.

China triggers new storm over military build-up on ... photo

The island is one of many that lay behind the “nine dash line,” a diplomatic term of art for China’s political vision for the South China Sea, which is at the center of a web of claims by nearby nations:

China's claim over the South China Sea is different from its neighbors' interpretations. In March, the US sent a destroyer on a FONOP to the Spratly Islands. In response, China increased its naval activity there, including a parade of warships that was also captured by Planet satellites. Tensions in the South China Sea have been simmering for years, but are now complicated by China’s role in North Korean nuclear talks and growing trade disputes with the Trump administration.

*** Meanwhile in April of 2018:

Surveillance photos suggest it has already broken its promise to not land military aircraft on its artificial islands. And there are claims the facilities have begun jamming US forces.

Philippines news service The Inquirer has obtained an aerial surveillance photo taken back in January which appears to show two Chinese Xian Y-7 twin engine aircraft on the recently constructed artificial island of Mischief Reef — also known as Panganiban Reef.

These are military combat transport aircraft, built to rapidly deploy special forces troops and munitions to a battlefield.

The news comes amid reports that electronic warfare equipment recently installed on the islands were last week directed at disrupting the passage of the United States Navy’s aircraft carrier, the USS Roosevelt.

FAIT ACCOMPLI?

Mischief Reef is within the internationally recognised 370km exclusive economic zone (EEZ) that applies to the Philippines. It is one of seven artificial islands arbitrarily constructed within the disputed Spratly Islands cluster. Three of these have large, 3km long military-grade runways.

China refuses to accept the UN economic zone standard, established after World War II to reduce international tensions, as well as an adverse ruling in 2016 by an international court of arbitration on the matter.

Instead, it insists it holds sovereign territorial rights over the whole 3.5 million-square-kilometre South China Sea, right up to 20km of the coasts of bordering nations including Taiwan, Vietnam, Borneo and Malaysia.

“If they could land transports now, in the future they might want to land more provocative and destabilising types of assets such as fighter jets and bombers,” research fellow Collin Koh at Singapore’s Rajaratnam School of International Studies’ Maritime Security Program, told The Inquirer.

ELECTRONIC MISCHIEF

The Wall Street Journal reports US intelligence officers have identified radar and communications jamming equipment being installed on Beijing’s artificial South China Sea island fortresses.

Such electronic warfare devices are designed to block an opponent’s radar from ‘seeing’ what is going on, and prevent ships and aircraft from communicating with each other and the outside world.

Now, a US Navy pilot appears to have confirmed that these facilities are active.

Serving aboard the USS Roosevelt aircraft carrier which passed through the South China Sea to visit the Philippines last week, he implied the immense warship and its aircraft had been targeted by these disruptive devices.

“The mere fact that some of your equipment is not working is already an indication that someone is trying to jam you.” the pilot told the Philippines’ GMA News Online.

“And so we have an answer to that,” the naval officer cryptically told the journalist invited aboard for a tour of the ship.

DELVE DEEPER: How does China’s military compare with the US?

The USS Roosevelt had passed through the disputed waterway at the same time as a major Chinese naval parade was being staged on behalf of its new President-for-life, Xi Jinping.

The pilot reportedly flew one of the US Navy’s EA-18G Growler aircraft — a modified Super Hornet intended to provide electronic warfare support for accompanying ships and aircraft.

“This is not something that the US will look kindly on or think they can overlook.” military analyst Omar Lamrani at geopolitical think-tank Stratfor told Business Insider .

Lamrani said that even though electronic jamming was nothing like shooting a weapon, such activity was provocative and “could lead to an escalatory pattern that could be negative for both sides.” More here.

China Annexed the DPRK, C’mon Admit it, China is an Adversary

Posted on by

Primer: The Fiscal 2019 NDAA includes impose a ban on technology products from Chinese firms such as ZTE and Huawei. Yet, North Korea has it courtesy of China.

And:

The Financial Crimes Enforcement Network (FinCEN) is issued this advisory to further alert financial institutions to North Korean schemes being used to evade U.S. and United Nations (UN) sanctions, launder funds, and finance the North Korean regime’s weapons of mass destruction (WMD) and ballistic
missile programs.

Private companies in China are not private at all. The Chinese state holds at least some stock and often a larger voting block. Private Chinese companies invests all over the world including Venezuela, United States, Britain as well as regions such as Latin America and Africa.

You can bet most of those companies in North Korea are actually owned by the Chinese State.

China does bad things and yet no world leader publicly states that fact nor declares China is an adversary while China has declared the United States as an adversary. President Xi, the now eternal ruler quotes a dynasty cliche ‘Tǒngzhì yīqiè zài yángguāng xià’, translation is rule everything under the sun.

So now we have ZTE: ZTE, once the scourge of U.S. authorities for its violations of Iran sanctions, has become a key source of evidence about North Korea’s use of the American financial system to launder money, said the people, who gave details about the confidential investigations on the condition of anonymity. Federal investigators have been poring through data supplied by ZTE to find links to companies that North Korea has used to tap into the U.S. banking system, the people said.

Using evidence from ZTE, prosecutors on June 14 filed a case seeking $1.9 million held in six U.S. bank accounts in the name of China’s Mingzheng International Trading Limited. Prosecutors allege that Mingzheng is a front company for a covert Chinese branch of North Korea’s state-run Foreign Trade Bank. Between October and November 2015, Mingzheng was a counterparty to 20 illicit wire transfers in violation of the International Emergency Economic Powers Act, according to prosecutors.

On Aug. 22, prosecutors in Washington filed a lawsuit seeking more than $4 million in funds tied to China’s Dandong Chengtai Trading Limited and a network of companies owned by Chi Yupeng, a Chinese national with close ties to North Korea’s military. That same day, the Treasury Department added Dandong Chengtai Trading and several of its business affiliates, as well as Mingzheng, to the sanctions list. More here.

During the negotiations for the talks between Kim Jung Un and President Trump, ZTE was thrown in the mix. Why? China made some demands during recent trade talks. It was just announced that Trump imposed a $1.5 billion fine on ZTE and relayed that to President Xi. More negotiations and the final fine was $1.3 billion and alter the Board members of ZTE, which means that China state cannot have any management or vote. China will skirt that too. How so?

AEI explained it for us and quite well.

One of the substantial challenges in curtailing North Korea’s nuclear program is preventing Chinese companies from doing business with their pals in Pyongyang. Usually, Chinese companies in North Korea operate through networks of shell companies to avoid falling afoul of US and international sanctions. And most of these companies are small in scope and can easily rebrand themselves if caught. Enter Zhongxing Telecommunications Equipment (ZTE), not a small, expendable subsidiary, but instead a large PRC state-owned enterprise (SOE) with over 74,000 employees.

ZTE has transferred US technology to North Korea, supplying the Kim regime with US telecommunications tech that strengthens its defense capabilities by allowing it indirect access to US semiconductors (dual use technology for communications).  For that and other transgressions — including violating US Iran sanctions — ZTE paid a monster fine and entered into an agreement with the US to cease and desist. It was caught violating that agreement and banned from business with the United States as a result.

But President Trump offered China’s state-owned ZTE a lifeline via a May 13 tweet. Apparently, all that it took was for Chinese President Xi to dangle access for US agriculture exports to China in exchange for allowing ZTE to continue to do business with American firms. For what it’s worth, the president denied intending to lift the sales ban, but then followed up to describe a punishment that includes lifting the sales ban.

What’s Donald Trump’s message to Beijing (and Pyongyang and Tehran)? Companies that matter to China’s top leadership can violate US sanctions with impunity. All it takes is the will to blackmail the US and large Chinese SOEs will have carte blanche to supply the rogue regimes of the world.

Remember, Chinese SOEs that do business with North Korea are not motivated merely by profit. Instead, they are motivated by policy directives that originate in the Chinese Communist Party. Historically, China’s position on North Korea has been fairly opaque, yet its continued trade with the regime indicates Beijing has an interest in its wellbeing, in direct opposition to US interests and overall security in Asia.

At the end of the day, President Trump says he wants to cripple North Korea’s nuclear program. If North Korean dictator Kim Jong Un won’t denuclearize voluntarily, the US will have to rely on “maximum pressure,” including aggressive sanctions. Forgiving ZTE for violating US law is yet another example of the US shooting itself in the foot in dealing with North Korea. And probably not the last.

Meanwhile, as North Korea blew up the tunnels leading to the already destroyed nuclear test site, no one has asked where are those nuclear weapons now? No one has mentioned other possible military dimension sites or missile locations. Just as a reminder:

 

 

FBI Working to Stop Massive Russian Malware Network

Posted on by

Sofacy Cyber-Espionage Group Resurfaces with New Backdoors ...  photo

Cisco’s Talos research unit yesterday reported its discovery of VPNFilter, a modular and stealthy attack that’s assembled a botnet of some five-hundred-thousand devices, mostly routers located in Ukraine. There’s considerable code overlap with the Black Energy malware previously deployed in attacks against Ukrainian targets, and the US Government has attributed the VPNFilter campaign to the Sofacy threat group, a.k.a. Fancy Bear, or Russia’s GRU military intelligence service.
Ukrainian cybersecurity authorities think, and a lot of others agree with them, that Russia was gearing up a major cyberattack to coincide with a soccer League Championship match scheduled this Saturday in Kiev as part of the run-up to the World Cup. They also think it possible an attack could be timed for Ukraine’s Constitution Day, June 28th.
The US FBI has seized a key website used for VPNFilter command-and-control, which US authorities hope will cripple the campaign. The Justice Department says that VPNFilter could be used for “intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”

***

FBI agents armed with a court order have seized control of a key server in the Kremlin’s global botnet of 500,000 hacked routers, The Daily Beast has learned. The move positions the bureau to build a comprehensive list of victims of the attack, and short-circuits Moscow’s ability to reinfect its targets.

The FBI counter-operation goes after  “VPN Filter,” a piece of sophisticated malware linked to the same Russian hacking group, known as Fancy Bear, that breached the Democratic National Committee and the Hillary Clinton campaign during the 2016 election. On Wednesday security researchers at Cisco and Symantec separately provided new details on the malware, which has turned up in 54 countries including the United States.

VPN Filter uses known vulnerabilities to infect home office routers made by Linksys, MikroTik, NETGEAR, and TP-Link. Once in place, the malware reports back to a command-and-control infrastructure that can install purpose-built plug-ins, according to the researchers. One plug-in lets the hackers eavesdrop on the victim’s Internet traffic to steal website credentials; another targets a protocol used in industrial control networks, such as those in the electric grid. A third lets the attacker cripple any or all of the infected devices at will.

The FBI has been investigating the botnet since at least August, according to court records, when agents in Pittsburgh interviewed a local resident whose home router had been infected with the Russian malware. “She voluntarily relinquished her router to the agents,” wrote FBI agent Michael McKeown, in an affidavit filed in federal court. “In addition, the victim allowed the FBI to utilize a network tap on her home network that allowed the FBI to observe the network traffic leaving the home router.”

FBI working to disrupt massive malware network linked to Russia

The FBI is working to disrupt a massive, sophisticated Russia-linked hacking campaign that officials and security researchers say has infected hundreds of thousands of network devices across the globe.

The Justice Department late Wednesday announced an effort to disrupt a botnet known as “VPNFilter” that compromised an estimated 500,000 home and office (SOHO) routers and other network devices. Officials explicitly linked the botnet to the cyber espionage group known as APT 28, or Sofacy, believed to be connected to the Russian government.

Officials said that the U.S. attorney’s office for the western district of Pennsylvania has obtained court orders allowing the FBI to seize a domain that is part of the malware’s command-and-control infrastructure. This will allow officials to redirect attempts by the malware to reinfect devices to an FBI-controlled server, thereby protecting devices from being infected again after rebooting.

Assistant Attorney General for National Security John C. Demers in a statement described the effort as the “first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”

Cybersecurity researchers first began warning of the destructive, sophisticated malware threat on Wednesday. Cisco’s Talos threat intelligence group said in a blog post Wednesday that VPNFilter had infected at least 500,000 devices in 54 or more countries.

The researchers had been tracking the hacking threat for several months and were not ready to publish their findings, but when the malware began infecting devices in Ukraine at an “alarming rate,” they decided to publish their research early.

“Both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries,” the researchers wrote.

The malware targets home and office routers and what are known as network-access storage (NAS) devices, hardware devices that store data in one, single location but can be accessed by multiple individuals — creating a massive system of infected devices, commonly known as a botnet.

VPNFilter also uses two stages of malware, an unusual set up that makes it more difficult to prevent a device from being re-infected after it is rebooted. The FBI on Wednesday urged individuals whose devices may have been infected to reboot them as soon as possible.

The FBI is also also soliciting help from a nonprofit known as the Shadowserver Foundation, which will pass the IP addresses to internet service providers, foreign computer emergency teams and others to help stem the damage.

The malware is the latest sign of the growing cyber threat from Russia. News of the outbreak comes roughly a month after senior U.S. and British officials blamed the Russian government for coordinated cyberattacks on network devices in an effort to conduct espionage and intellectual property theft.

The U.S. has also blamed Moscow for the global cyberattack known as notPetya that ravaged computers across the globe last summer, calling it the most destructive and costly cyberattack in history.

The code of VPNFilter has similarities with version of another malware known as BlackEnergy, which was used in an attack on Ukraine’s power grid in late 2015. The Department of Homeland Security has linked the malware to the Russian government.

President Trump Withdraws from North Korea Nuclear Summit

Posted on by

A letter from President Donald Trump to North Korean dictator Kim Jong Un canceling their planned meeting.  There are several things in play. China, Iran and Russia and North Korea are watching all U.S. positions and it began with the Pompeo demands announced of Iran since exiting the JCPOA, nuclear deal. Iran has not only responded with several nasty grams but Iran is putting threats towards Europe on many of their demands to stay in the deal.

National Security Counsel chair John Bolton is also being blamed by North Korea for the breakdowns due to the reference of the Libya model. That is an excuse as the Libya model for removing the nuclear program was far in advance of the removal of Maummar Gaddafi and his eventual death.

Further, there is the matter of China injecting itself into the preparations and talks between North Korea and the United States. North Korea follows all advise and leads from President Xi. Now, where are those pesky nuclear weapons in North Korea since the nuclear test site collapsed and was further blown up in a gesture move for selected outside media?

There is also the issue of the other locations of interest in North Korea that the United States is well aware of that proves China has aided and assisted in the military sites and nuclear program as had Iran and Russia. China does not want to be confronted with that proof.

Further, there is the matter of the ‘nuclear umbrella’.  Japan, South Korea, and the United States Nuclear Umbrella

In this book, Terence Roehrig provides a detailed and comprehensive look at the nuclear umbrella in northeast Asia in the broader context of deterrence theory and U.S. strategy. He examines the role of the nuclear umbrella in Japanese and South Korean defense planning and security calculations, including the likelihood that either will develop its own nuclear weapons. Roehrig argues that the nuclear umbrella is most important as a political signal demonstrating commitment to the defense of allies and as a tool to prevent further nuclear proliferation in the region. While the role of the nuclear umbrella is often discussed in military terms, this book provides an important glimpse into the political dimensions of the nuclear security guarantee. As the security environment in East Asia changes with the growth of North Korea’s capabilities and China’s military modernization, as well as Donald Trump’s early pronouncements that cast doubt on traditional commitments to allies, the credibility and resolve of U.S. alliances will take on renewed importance for the region and the world.

The U.S. nuclear umbrella in the region is not focused on North Korea but also incorporates planning against potential Chinese aggression. Nullifying or weakening the umbrella over the Peninsula, some would argue, might leave South Korea open to potential Chinese coercion and send the wrong signal at a time when China is seem by some as trying to pressure Taiwan and reassert its influence in the region.

Related reading: Japan Under the US Nuclear Umbrella

Related reading: The US Nuclear Umbrella Over South Korea