Oh, Another Incident of Chinese Industrial Espionage

There is no denying Russia is using cyber warfare against the West. Little is ever mentioned about China’s industrial espionage, something this site attempts to publish as often as possible. Further, the owner of this site participated in two key hearings today in Congress, one with former CIA Director John Brennan and the other included ODNI Dan Coats and DIA Director General Stewart.

Clearly both hearings revealed just how pervasive and common cyber warfare is at the hands of China and Russia. Here is just another example.

China’s theft of IBM’s intellectual property

A former employee of IBM pleaded guilty to theft of source code on behalf of China

Image result for Xu Jiaqiang ibm  And you think the FBI has easy work? Further, we are trusting China to deal with North Korea’s nuclear program and missile systems aimed against Western interests.

CSO: China continues to view the theft of intellectual property as a viable means of technology transfer. Global private sector entities are finding their insiders are being used by China to purloin the proprietary information for use by Chinese state-owned-enterprises or national entities with ever increasing regularity.

On 19 May 2017, Xu Jiaqiang, a PRC national, pleaded guilty to economic espionage and trade secret theft. Xu stole source code from his employer, IBM, and attempted to share it with the National Health and Family Planning Commission in the PRC.  According to the Department of Justice, Xu pleaded guilty to all six of the counts included in his indictment.

A review of Xu’s Linked-In profile shows only his employment with IBM from November 2010 through July 2014 (date is different from that which is contained in the indictment) as a “General Parallel File System Developer at IBM”

Xu was a trusted insider within IBM. According to the DOJ advisory, which contained content from both the criminal complaint and superseding indictment, Xu worked for IBM from 2010-14, with unencumbered access to the “proprietary source code.” DOJ advises, Xu voluntarily resigned from IBM in May 2014.

In late 2014, the Federal Bureau of Investigation (FBI) was informed (source unidentified) that Xu claimed to have access (unauthorized) to the source code and was using the source code in various business ventures. Undercover law enforcement officers subsequently contacted Xu to affirm Xu’s possession of the source code

The criminal complaint describes undercover officers posing as investors engaged in a multi-month email exchanges with Xu which culminated in his sharing portions of the source code as bonafides of his knowledge of “operating systems and parallel file systems.”  At that time, the victim company, IBM, identified the shared code as identical to their proprietary source code.

In late-2015, Xu had a face-to-face meeting with undercover law enforcement officers. At the meeting, Xu noted the code was his former employer’ s(IBM) code. Xu also confirmed to his interlocutors how he had purloined the code prior to his May 2014 employment separation and had made modification so as to obscure the point of origin, IBM.

In June 2016, Xu was indicted and charged with three counts of economic espionage, one count each of theft of trade secrets, possession of trade secrets, and distribution of trade secrets. He will be sentenced in October 2017.

Though IBM has declined comment to media regarding this theft of their intellectual property, reading between the lines, it would appear IBM had deduced (correctly) that Xu absconded with a copy of their GPFS proprietary source code, and was attempting to use it commercially. They then brought the theft to the attention of the FBI.

Illicit technology transfer

China has not slowed down in their acquisition of technology utilizing the access afforded to trusted insiders. The US Director of National Intelligence made it clear in his May 2017 presentation to the Senate Select Committee on Intelligence on the worldwide threat to the United States as to the threat posed by China.

In April 2017, we saw the arrest of a Dutch employee of Siemens, working within the energy arm of Siemens, charged with stealing the intellectual property of his employer and attempting to share it with China.

From the FBI perspective, this was the perfect economic espionage case. Theft of proprietary information for provision to a foreign government. The theft was from a company with an insider threat program in place and who was cooperative (providing technical expertise during the investigation), and of sufficient size to withstand any blow-back from China which may occur.

There is no need to be xenophobic. Multinational companies employee individuals from a great variety of nationalities. The reality is, few employees break trust with their employer.

That said, having your paper trail on agreements which safeguard intellectual property is mandatory. As is a review of all activities of all departing employees for break from pattern, be it a voluntary separation or for cause. If a deeper dive into the employees activities is warranted, make sure to look for any sudden increase in 403 errors – or similar (caused by attempts to access unauthorized data). Verify the complete inventory of all storage devices which the employee may have accessed, and have each returned and or data on the devices destroyed, and review email and uploads for any inappropriate usage.

Remember, though it is the FBI and DOJ success which brought Xu to our collective attention, it was not the FBI who initially discovered Xu’s intellectual property theft. The FBI pursued the lead brought to them by an unidentified third party (presumably IBM).

You are your company’s first line of defense in the protection of intellectual property, not the FBI.

U.S. is Doing ‘That’ Extreme Vetting in Australia

Remember on the campaign trail when President Trump said it was stupid to take the Syria refugees Australia was holding on a remote island that was under agreement by Barack Obama? Remember when there was a discussion between President Trump and the Prime Minister of Australia where apparently Trump hung up the phone, terminating the conversation. The Prime Minister visited the Trump White House and now all is allegedly fine between the two countries.Remember when VP Pence finally agreed to honor the deal and accept those refugees? The reason? The US. is accepting a number of those refugees.

Exclusive: U.S. starts ‘extreme vetting’ at Australia’s offshore detention centers

Reuters: U.S. Homeland Security officials have begun “extreme vetting” interviews at Australia’s offshore detention centers, two sources at the camps told Reuters on Tuesday, as Washington honors a refugee swap that U.S. President Donald Trump had called “a dumb deal”.

The Trump administration said last month the agreement to offer refuge to up to 1,250 asylum seekers in the centers would progress on condition that refugees satisfied strict checks.

In exchange, Australia has pledged to take Central American refugees from a center in Costa Rica, where the United States has expanded intake in recent years, under the deal struck with former President Barack Obama.

Image result for Papua New Guinea's Manus Island detention center DailyMail

The first security interviews finished last week at Papua New Guinea’s Manus Island detention center, two refugees who went through the process told Reuters.

The refugees told Reuters that interviews began with an oath to God to tell the truth and then proceeded for as long as six hours, with in-depth questions on associates, family, friends and any interactions with the Islamic State militant group.

Image result for Papua New Guinea's Manus Island detention center  VOANews

“They asked about why I fled my home, why I sought asylum in Australia,” said one refugee who declined to be named, fearing it could jeopardize his application for U.S. resettlement.

The security interviews are the last stage of U.S. consideration of applicants.

Manus Island is one of two Australian-operated detention centers, which hold nearly 1,300 people who were intercepted trying to reach Australia by boat.

Human rights groups have condemned the intercept policy and the harsh conditions of the camps. Australia says offshore processing is needed as a deterrent after thousands of people drowned at sea before the policy was introduced in 2013.

A decision on the fate of the first 70 people interviewed is expected to be reached within the next month, a different source who works with refugees said.

A spokesman for Australia’s immigration minister refused to comment on the resettlement process.

A U.S. State Department spokeswoman said that refugees from the Australian-run facilities will be subject to the same stringent vetting applied to all refugees who are being considered for entry to the United States.

“The United States remains deeply committed to safeguarding the American public, just as we are committed to providing refuge to some of the world’s most vulnerable people. These goals are not mutually exclusive,” she said.

The White House did not immediately respond to questions.

U.S. President Donald Trump’s plans for extreme vetting have extended to those traveling to the United States from Muslim countries.

Australia’s relationship with the new administration in Washington got off to a rocky start when Trump lambasted Australian Prime Minister Malcolm Turnbull over the resettlement arrangement, which Trump labeled a “dumb deal”.

Details of an acrimonious phone call between the pair soon after Trump took office made headlines around the world. Australia is one of Washington’s staunchest allies and has sent troops to fight alongside the U.S. military in conflicts in Iraq and Afghanistan.

The relocation of asylum seekers to the United States is designed to help Papua New Guinea and Australia proceed with the planned closure of the Manus detention center on Oct. 31.

But the fate of approximately 200 men deemed non-refugees is uncertain.

Those not offered resettlement in the United States will be offered the chance to settle in Papua New Guinea or return home.

Australia has already offered detainees up to $25,000 to voluntarily return home; an offer very few have taken up.

2010: Remember When Obama Pulled U.S. Spies From China

Of course you don’t, one had to be quite the investigator of journalism to know it much less remember it.

So….why you ask? Hold on….there is a pattern and story here.

Image result for u.s. spies in china  Image result for trump with jinping

2010: The White House National Security Council recently directed U.S. spy agencies to lower the priority placed on intelligence collection for China, amid opposition to the policy change from senior intelligence leaders who feared it would hamper efforts to obtain secrets about Beijing’s military and its cyber-attacks.

The downgrading of intelligence gathering on China was challenged by Director of National Intelligence Dennis C. Blair and CIA Director Leon E. Panetta after it was first proposed in interagency memorandums in October, current and former intelligence officials said.

The decision downgrades China from “Priority 1” status, alongside Iran and North Korea, to “Priority 2,” which covers specific events such as the humanitarian crisis after the Haitian earthquake or tensions between India and Pakistan.

The National Security Council staff, in response, pressed ahead with the change and sought to assure Mr. Blair and other intelligence chiefs that the change would not affect the allocation of resources for spying on China or the urgency of focusing on Chinese spying targets, the officials told The Washington Times.

White House National Security Council officials declined to comment on the intelligence issue. Mike Birmingham, a spokesman for Mr. Blair, declined to comment. A CIA spokesman also declined to comment.

*** Image result for u.s. spies in china Cyberwarzone

Directors of CIA in that time frame:

Leon Panetta 2010

Mike Morrell (acting) 2011

David Petraeus 2011

Mike Morrell (acting) 2012

John Brennan 2013

Mike Pompeo, current director

***

Killing C.I.A. Informants, China Crippled U.S. Spying Operations

NYT/WASHINGTON — The Chinese government systematically dismantled C.I.A. spying operations in the country starting in 2010, killing or imprisoning more than a dozen sources over two years and crippling intelligence gathering there for years afterward.
Current and former American officials described the intelligence breach as one of the worst in decades. It set off a scramble in Washington’s intelligence and law enforcement agencies to contain the fallout, but investigators were bitterly divided over the cause. Some were convinced that a mole within the C.I.A. had betrayed the United States. Others believed that the Chinese had hacked the covert system the C.I.A. used to communicate with its foreign sources. Years later, that debate remains unresolved.
But there was no disagreement about the damage. From the final weeks of 2010 through the end of 2012, according to former American officials, the Chinese killed at least a dozen of the C.I.A.’s sources. According to three of the officials, one was shot in front of his colleagues in the courtyard of a government building — a message to others who might have been working for the C.I.A.
Still others were put in jail. All told, the Chinese killed or imprisoned 18 to 20 of the C.I.A.’s sources in China, according to two former senior American officials, effectively unraveling a network that had taken years to build.
Assessing the fallout from an exposed spy operation can be difficult, but the episode was considered particularly damaging. The number of American assets lost in China, officials said, rivaled those lost in the Soviet Union and Russia during the betrayals of both Aldrich Ames and Robert Hanssen, formerly of the C.I.A. and the F.B.I., who divulged intelligence operations to Moscow for years.
The previously unreported episode shows how successful the Chinese were in disrupting American spying efforts and stealing secrets years before a well-publicized breach in 2015 gave Beijing access to thousands of government personnel records, including intelligence contractors. The C.I.A. considers spying in China one of its top priorities, but the country’s extensive security apparatus makes it exceptionally hard for Western spy services to develop sources there.
At a time when the C.I.A. is trying to figure out how some of its most sensitive documents were leaked onto the internet two months ago by WikiLeaks, and the F.B.I. investigates possible ties between President Trump’s campaign and Russia, the unsettled nature of the China investigation demonstrates the difficulty of conducting counterespionage investigations into sophisticated spy services like those in Russia and China.
The C.I.A. and the F.B.I. both declined to comment.
Details about the investigation have been tightly held. Ten current and former American officials described the investigation on the condition of anonymity because they did not want to be identified discussing the information.
Investigators still disagree how it happened, but the unsettled nature of the China investigation demonstrates the difficulty of conducting counterespionage investigations into sophisticated spy services. Credit Carolyn Kaster/Associated Press..Photo by: Carolyn Kaster/Associated Press..
The first signs of trouble emerged in 2010. At the time, the quality of the C.I.A.’s information about the inner workings of the Chinese government was the best it had been for years, the result of recruiting sources deep inside the bureaucracy in Beijing, four former officials said. Some were Chinese nationals who the C.I.A. believed had become disillusioned with the Chinese government’s corruption.
But by the end of the year, the flow of information began to dry up. By early 2011, senior agency officers realized they had a problem: Assets in China, one of their most precious resources, were disappearing.
The F.B.I. and the C.I.A. opened a joint investigation run by top counterintelligence officials at both agencies. Working out of a secret office in Northern Virginia, they began analyzing every operation being run in Beijing. One former senior American official said the investigation had been code-named Honey Badger.
As more and more sources vanished, the operation took on increased urgency. Nearly every employee at the American Embassy was scrutinized, no matter how high ranking. Some investigators believed the Chinese had cracked the encrypted method that the C.I.A. used to communicate with its assets. Others suspected a traitor in the C.I.A., a theory that agency officials were at first reluctant to embrace — and that some in both agencies still do not believe.
Their debates were punctuated with macabre phone calls — “We lost another one” — and urgent questions from the Obama administration wondering why intelligence about the Chinese had slowed.
The mole hunt eventually zeroed in on a former agency operative who had worked in the C.I.A.’s division overseeing China, believing he was most likely responsible for the crippling disclosures. But efforts to gather enough evidence to arrest him failed, and he is now living in another Asian country, current and former officials said.
There was good reason to suspect an insider, some former officials say. Around that time, Chinese spies compromised National Security Agency surveillance in Taiwan — an island Beijing claims is part of China — by infiltrating Taiwanese intelligence, an American partner, according to two former officials. And the C.I.A. had discovered Chinese operatives in the agency’s hiring pipeline, according to officials and court documents.
But the C.I.A.’s top spy hunter, Mark Kelton, resisted the mole theory, at least initially, former officials say. Mr. Kelton had been close friends with Brian J. Kelley, a C.I.A. officer who in the 1990s was wrongly suspected by the F.B.I. of being a Russian spy. The real traitor, it turned out, was Mr. Hanssen. Mr. Kelton often mentioned Mr. Kelley’s mistreatment in meetings during the China episode, former colleagues say, and said he would not accuse someone without ironclad evidence.
Those who rejected the mole theory attributed the losses to sloppy American tradecraft at a time when the Chinese were becoming better at monitoring American espionage activities in the country. Some F.B.I. agents became convinced that C.I.A. handlers in Beijing too often traveled the same routes to the same meeting points, which would have helped China’s vast surveillance network identify the spies in its midst.
Some officers met their sources at a restaurant where Chinese agents had planted listening devices, former officials said, and even the waiters worked for Chinese intelligence.
This carelessness, coupled with the possibility that the Chinese had hacked the covert communications channel, would explain many, if not all, of the disappearances and deaths, some former officials said. Some in the agency, particularly those who had helped build the spy network, resisted this theory and believed they had been caught in the middle of a turf war within the C.I.A.
Still, the Chinese picked off more and more of the agency’s spies, continuing through 2011 and into 2012. As investigators narrowed the list of suspects with access to the information, they started focusing on a Chinese-American who had left the C.I.A. shortly before the intelligence losses began. Some investigators believed he had become disgruntled and had begun spying for China. One official said the man had access to the identities of C.I.A. informants and fit all the indicators on a matrix used to identify espionage threats.
After leaving the C.I.A., the man decided to remain in Asia with his family and pursue a business opportunity, which some officials suspect that Chinese intelligence agents had arranged.
Officials said the F.B.I. and the C.I.A. lured the man back to the United States around 2012 with a ruse about a possible contract with the agency, an arrangement common among former officers. Agents questioned the man, asking why he had decided to stay in Asia, concerned that he possessed a number of secrets that would be valuable to the Chinese. It’s not clear whether agents confronted the man about whether he had spied for China.
The man defended his reasons for living in Asia and did not admit any wrongdoing, an official said. He then returned to Asia.
By 2013, the F.B.I. and the C.I.A. concluded that China’s success in identifying C.I.A. agents had been blunted — it is not clear how — but the damage had been done.
The C.I.A. has tried to rebuild its network of spies in China, officials said, an expensive and time-consuming effort led at one time by the former chief of the East Asia Division. A former intelligence official said the former chief was particularly bitter because he had worked with the suspected mole and recruited some of the spies in China who were ultimately executed.
China has been particularly aggressive in its espionage in recent years, beyond the breach of the Office of Personnel Management records in 2015, American officials said. Last year, an F.B.I. employee pleaded guilty to acting as a Chinese agent for years, passing sensitive technology information to Beijing in exchange for cash, lavish hotel rooms during foreign travel and prostitutes.
In March, prosecutors announced the arrest of a longtime State Department employee, Candace Marie Claiborne, accused of lying to investigators about her contacts with Chinese officials. According to the criminal complaint against Ms. Claiborne, who pleaded not guilty, Chinese agents wired cash into her bank account and showered her with gifts that included an iPhone, a laptop and tuition at a Chinese fashion school. In addition, according to the complaint, she received a fully furnished apartment and a stipend.
*** Just to be sure China had a real handle on all CIA operatives in country, what came next? The OPM hack, remember that one?
Enter China’s Unit 61398
The program used by China:

In part from Wired: The US-CERT team moved into OPM’s sub-basement and among the first moves was to analyze the malware that Saulsbury had found attached to mcutil.dll. The program turned out to be one they knew well: a variant of PlugX, a remote-access tool commonly deployed by Chinese-­speaking hacking units. The tool has also shown up on computers used by foes of China’s government, including activists in Hong Kong and Tibet. The malware’s code is always slightly tweaked between attacks so firewalls can’t recognize it.

By Tuesday the 21st, having churned through a string of nearly sleepless days and nights, the investigators felt satisfied that they’d done their due diligence. Their scans had identified over 2,000 individual pieces of malware that were unrelated to the attack in question (everything from routine adware to dormant viruses). The PlugX variant they were seeking to annihilate was present on fewer than 10 OPM machines; unfortunately, some of those machines were pivotal to the entire network. “The big one was what we call the jumpbox,” Mejeur says. “That’s the administrative server that’s used to log in to all the other servers. And it’s got malware on it. That is an ‘Oh feces’ moment.”

By controlling the jumpbox, the attackers had gained access to every nook and cranny of OPM’s digital terrain. The investigators wondered whether the APT had pulled off that impressive feat with the aid of the system blueprints stolen in the breach discovered in March 2014. If that were the case, then the hackers had devoted months to laying the groundwork for this attack.

Leaping forward in details:

Once established on the agency’s network, they used trial and error to find the credentials necessary to seed the jumpbox with their PlugX variant. Then, during the long Fourth of July weekend in 2014, when staffing was sure to be light, the hackers began to run a series of commands meant to prepare data for exfiltration. Bundles of records were copied, moved onto drives from which they could be snatched, and chopped up into .zip or .rar files to avoid causing suspicious traffic spikes. The records that the attackers targeted were some of the most sensitive imaginable.

The hackers had first pillaged a massive trove of background-check data. As part of its human resources mission, OPM processes over 2 million background investigations per year, involving everyone from contractors to federal judges. OPM’s digital archives contain roughly 18 million copies of Standard Form 86, a 127-page questionnaire for federal security clearance that includes probing questions about an applicant’s personal finances, past substance abuse, and psychiatric care. The agency also warehouses the data that is gathered on applicants for some of the government’s most secretive jobs. That data can include everything from lie detector results to notes about whether an applicant engages in risky sexual behavior.

The hackers next delved into the complete personnel files of 4.2 million employees, past and present. Then, just weeks before OPM booted them out, they grabbed approximately 5.6 million digital images of government employee fingerprints.

Then comes, a little too late and thin on substance in February 2015:

President Obama Speaks at the White House Summit on Cybersecurity and Consumer Protection

Is all this fix yet? Hah…not even close. Then we need to ask why are we trusting China with North Korea’s nuclear weapons and missile program? Do we have spies in Iran? North Korea? Any new operatives in China?

Scary eh?

 

President Trump in Saudi Arabia, Joined the Culture

Stephen Miller, Trump’s senior adviser for policy and speechwriter, is the principal aide in charge of writing both the speech on Islam and Trump’s later speech on the future of the North Atlantic Treaty Organization. The speech appeared to be well received, yet there were a few flaws. The word ‘genocide’ should have been included applying it to Jews and Christians. Another persecuted sect is the Yazidi. They are a Kurdish people living chiefly in Iraq, Syria, Armenia, and Georgia and adhering to an ancient monotheistic religion. Calling out Iran, Hezbollah and Hamas was a perfect moment and raising the issue of women’s rights in the region was spot on.

Placing the accountability and responsibility on all Islamic countries to defeat militancy within Islam needed to be said, and Trump repeated this often in his speech.

When it comes to this ‘sword dance’, many questions should be raised. Trump’s speech rightly included the notion that the United States did not come to Saudi Arabia to dictate how to live, who to worship or pass judgment, however, joining in the sword dance was over the top. The State Department and the CIA has Islamic experts that likely told the Trump White House to not participate. Wilbur Ross and Rex Tillerson also joined in. Why was this a screw up? Saudi Arabia, as with other Islamic countries is steeped in history and tradition. This dance is known as Ardha.  The nomadic Bedouins (indigenous people of Saudi Arabia) have great influence on Saudi folk music. The music varies in every region, for instance, in the Hijaz, the music of al-sihba combines poetry and songs of Arab Andalusia, while the folk music of Makkah and Madinah incorporates both local and music influences from other Islamic countries.

The national dance, Ardha, is an ancient tradition with its roots in the country’s central area known as the Najd. The Ardha used to be performed before a battle by soldiers and involves singing, dancing with swords and poetry. In summary, the dance and the sword are symbolic to submission to Allah. Hummm, right?

To formally open the new counter terrorism center in Riyadh, leaders touched the glowing light. This project actually began two years ago, about the time the CIA operations were forced out of Yemen and had to relocate in Saudi Arabia. It is a state of the art center.

Image result for counter terrorism center in saudi arabia More here.

The glowing light in the orb is calling to the Madhi to return in the text of the Hadith. “The Mahdi will conquer the world; at that time the world will be illuminated by the light of Allah, and everywhere in which those other than Allah are worshipped will become places where Allah is worshiped; and even if the polytheists do not wish it, the only faith on that day will be the religion of Allah.”

The Mahdi will not be (from any tribe) other than from Quraish. The Caliphate is not (from any tribe) other than from Quraish. However, he has an origin (roots) and kinship in Yemen.” ( Nuaim bin Hammad’s Kitab Al-Fitan, Jalal-uddine AsSuyuti’s  Al-Urf Al-Wardi fi Akhbar Al-Mahdi, a part of Al-Hawi li Al-Fatawa)  

His name will be Muhammad and his father’s name will be Abdullah. Ibn Masood reported that the Prophet صلى الله عليه وسلم said, “Even if there remains only a day before the World ends, the almighty Allah will greatly prolong that day to send a man from me (my progeny), from members of my House (family). His name will be similar to my name and his father’s name similar to my father’s name.” (Abu Dawud)

Al-Abdal (pious individuals) and those seeking the Mahdi like them will come to him (the Mahdi) from Syria. Al-Nujaba (pious individuals) from the dwellers of  Egypt will come to him (the Mahdi). Groups of dwellers from the East and those seeking the Mahdi like them will come until they all gather together in Mecca. So, they will pledge their allegiance to him (the Mahdi) between Al-Rukn (corner of the Ka’ba containing the Black Stone) and Al-Maqam (Place) of (Prophet) Abraham عليه السلام (located on a side of the Ka’ba).

Then, he (the Mahdi) will lead (an army) towards Syria, with (angel) Gabriel at the fore front and (angel) Michael in the middle. The dwellers of Heaven and Earth will be joyful because of him. Water will be plentiful in his country (Syria) and the River (Euphrates) will spread and treasures will be found ( gold or treasures of religious significance ) .

When he (the Mahdi) reaches Syria, he will slay the Sufyani under a tree, the branches of which grow in the direction of Lake Tiberias and he will defeat Kalb (tribe).  On that Day (battle) of Kalb, disappointed will be whoever does not get some (of the treasures).”

United Healthcare and the Billion Dollar Fraud

Image result for medicare

Primer:

The FBI is the primary agency for exposing and investigating health care fraud, with jurisdiction over both federal and private insurance programs. Health care fraud investigations are considered a high priority within the Complex Financial Crime Program, and each of the FBI’s 56 field offices has personnel assigned specifically to investigate health care fraud matters. Our field offices proactively target fraud through coordinated initiatives, task forces and strike teams, and undercover operations.

The Bureau seeks to identify and pursue investigations against the most egregious offenders involved in health care fraud through investigative partnerships with other federal agencies, such as Health and Human Services-Office of Inspector General (HHS-OIG), Food and Drug Administration (FDA), Drug Enforcement Administration (DEA), Defense Criminal Investigative Service (DCIS), Office of Personnel Management-Office of Inspector General (OPM-OIG), and Internal Revenue Service-Criminal Investigation (IRS-CI), along with various state Medicaid Fraud Control Units and other state and local agencies. On the private side, the FBI is actively involved in the Healthcare Fraud Prevention Partnership, an effort to exchange facts and information between the public and private sectors in order to reduce the prevalence of health care fraud. The Bureau also maintains significant liaison with private insurance national groups, such as the National Health Care Anti-Fraud Association, the National Insurance Crime Bureau, and private insurance investigative units.

UnitedHealth fudged Medicare claims, overbilled by $1 billion, feds say

Company denies wrongdoing, claims Justice Department ‘fundamentally misunderstands’ how Medicare Advantage program works

This story is a collaboration between Kaiser Health News and the Center for Public Integrity.

The Justice Department has accused insurance giant  UnitedHealth Group of overcharging the federal government by more than $1 billion through its Medicare Advantage plans.

In a 79-page lawsuit filed late Tuesday in Los Angeles, the Justice Department alleged that the insurer made patients appear sicker than they actually were in order to collect higher Medicare payments than the company deserved. The government said it had “conservatively estimated” that the company “knowingly and improperly avoided repaying Medicare” for more than a billion dollars over the course of the alleged decade-long scheme.

“To ensure that the program remains viable for all beneficiaries, the Justice Department remains tireless in its pursuit of Medicare fraud perpetrated by health care providers and insurers,” said acting U.S. Attorney Sandra R. Brown for the Central District of California, in a statement announcing the suit. “The primary goal of publicly funded healthcare programs like Medicare is to provide high-quality medical services to those in need — not to line the pockets of participants willing to abuse the system.”

UnitedHealth denied the allegations.

Tuesday’s filing marks the second time that the Justice Department has intervened to support a whistleblower suing UnitedHealth under the federal False Claims Act. Earlier this month, the government joined a similar case brought by California whistleblower James Swoben in 2009. Swoben, a medical data consultant, also alleges that UnitedHealth overbilled Medicare.

The case that the feds effectively joined on Tuesday was first filed in 2011 by Benjamin Poehling, a former finance director for the UnitedHealth division that oversees Medicare Advantage Plans. Under the False Claims Act, private parties can sue on behalf of the federal government and receive a share of any money recovered.

UnitedHealth is the nation’s biggest operator of Medicare Advantage plans, covering about 3.6 million patients in 2016, when Medicare paid the company $56 billion, according to the complaint.

Medicare Advantage plans are private insurance plans offered as an alternative to Medicare’s traditional fee-for-service option.

Medicare pays the private health plans using a complex formula called a risk score, which is supposed to pay higher rates for sicker patients than for those in good health. But waste and overspending tied to inflated risk scores has repeatedly been cited by government auditors, including the Government Accountability Office. A series of articles published in 2014 by the Center for Public Integrity concluded that improper payments linked to jacked-up risk scores have cost taxpayers tens of billions of dollars.

Tuesday’s court filing argues that UnitedHealth repeatedly ignored findings from its own auditors that risk scores were often inflated, as well as warnings by officials from the Centers for Medicare & Medicaid Services (CMS) that the firm was responsible for ensuring the billings it submitted were accurate.

UnitedHealth argued that it had done nothing wrong, and said it would aggressively contest the case.

“We are confident our company and our employees complied with the government’s Medicare Advantage program rules, and we have been transparent with CMS about our approach under its unclear policies,” UnitedHealth spokesman Matt Burns said in a statement.

Burns went on to say that the Justice Department “fundamentally misunderstands or is deliberately ignoring how the Medicare Advantage program works. We reject these claims and will contest them vigorously.”

A spokesman for CMS, which has recently faced congressional criticism for lax oversight of the program, declined comment.

Central to the government’s case is UnitedHealth’s aggressive effort, starting in 2005, to review millions of patient records to search for missed revenue. These reviews often uncovered payment errors, sometimes too much and sometimes too little. The Justice Department contends that UnitedHealth typically notified Medicare only when it was owed money.

UnitedHealth “turned a blind eye to the negative results of those reviews showing hundreds of thousands of unsupported diagnoses that it had previously submitted to Medicare,” according to the suit.

Justice lawyers also argue that UnitedHealth executives knew as far back as 2007 that they could not produce medical records to validate about one in three medical conditions Medicare paid UnitedHealth’s California plans to cover. In 2009, federal auditors found about half the diagnoses were invalid at one of its plans.

The lawsuit cites more than a dozen examples of undocumented medical conditions, from chronic hepatitis to spinal cord injuries. At one medical group, auditors reviewed records of 126 patients diagnosed with spinal injuries. Only two were verified, according to the complaint.

The Justice Department contends that invalid diagnoses can cause huge losses to Medicare. For instance, UnitedHealth allegedly failed to notify the government of at least 100,000 diagnoses it knew were unsupported based on reviews in 2011 and 2012. Those cases alone generated $190 million in overpayments, according to the suit.

While Medicare Advantage has grown in popularity and now treats nearly 1 in 3 elderly and disabled Medicare patients, its inner workings have remained largely opaque.

CMS officials for years have refused to make public financial audits of Medicare Advantage insurers, even as they have released similar reviews of payments made to doctors, hospitals and other medical suppliers participating in traditional Medicare.

But Medicare Advantage audits obtained by the Center for Public Integrity through a court order in a Freedom of Information Act lawsuit show that payment errors — typically overpayments — are common.

All but two of 37 Medicare Advantage plans examined in a 2007 audit were overpaid — often by thousands of dollars per patient. Overall, just 60 percent of the medical conditions health plans were paid to cover could be verified. The 2007 audits are the only ones that have been made public.

CMS officials are conducting more of these audits, called Risk Adjustment Data Validation, or RADV. But results are years overdue.