Biden Gives Putin a List of Entities to not Hack

Yup…16 of them. All the other parts of infrastructure is okay or not as important? Does the same list apply to hackers from China, Iran or North Korea? Do they get a copy too?

Primer:

Remember MH17? Just for what context on Russian operatives, it is not just the United States.

Russian hackers compromised the computer systems of the Dutch national police while the latter were conducting a criminal probe into the downing of Malaysia Airlines Flight 17 (MH17), according to a new report. MH17 was a scheduled passenger flight from Amsterdam to Kuala Lumpur, which was shot down over eastern Ukraine on July 17, 2014. All 283 passengers and 15 crew on board, 196 of them Dutch citizens, were killed.

Dutch newspaper De Volkskrant, which revealed this new information last week, said the compromise of the Dutch national police’s computer systems was not detected by Dutch police themselves, but by the Dutch General Intelligence and Security Service (AIVD). The paper said that neither the police nor the AIVD were willing to confirm the breach, but added that it had confirmed the breach took place through multiple anonymous sources.

On July 5, 2017, the Netherlands, Ukraine, Belgium, Australia and Malaysia announced the establishment of the Joint Investigation Team (JIT) into the downing of flight MH-17. The multinational group stipulated that possible suspects of the downing of flight MH17 would be tried in the Netherlands. In September 2017, the AIVD said it possessed information about Russian targets in the Netherlands, which included an IP address of a police academy system. That system turned out to have been compromised, which allowed the attackers to access police systems. According to four anonymous sources, evidence of the attack was detected in several different places.

The police academy is part of the Dutch national police, and non-academy police personnel can access the network using their log-in credentials. Some sources suggest that the Russian Foreign Intelligence Service (SVR) carried out the attack through a Russian hacker group known as APT29, or Cozy Bear. However, a growing number of sources claim the attack was perpetrated by the Main Directorate of the Russian Armed Forces’ General Staff, known commonly as GRU, through a hacker group known as APT28, or Fancy Bear. SVR attackers are often involved in prolonged espionage operations and are careful to stay below the radar, whereas the GRU is believed to be more heavy-handed and faster. The SVR is believed to be partly responsible for the compromise of United States government agencies and companies through the supply chain attack known as the SolarWinds cyber attack, which came to light in late 2020. source

Live blog: Biden, Putin finish Geneva summit, confirms ... source

(notice Victoria Nuland at the table?)

FNC:

President Biden told reporters Wednesday he gave President Vladimir Putin a list of 16 critical infrastructure entities that are “off limits” to a Russian cyberattack.

Those entities include energy, water, health care, emergency, chemical, nuclear, communications, government, defense, food, commercial facilities, IT, transportation, dams, manufacturing and financial services.

“We’ll find out whether we have a cybersecurity arrangement that begins to bring some order,” Biden said. Putin, for his part, denied any involvement in a recent spate of cyberattacks that have hit major industries across the U.S.

“I looked at him. I said, ‘How would you feel if ransomware took on the pipelines from your oil fields?’ He said, ‘It would matter.’ This is not about just our self-interest.” the president said.

Biden refused to say if military action was on the table if Russia was found to be responsible for a ransomware attack.

“In terms of the red line you laid down is military response an option for a ransomware attack?” a reporter asked.

“Thank you very much,” Biden said as he abruptly tried to end the shorter-than-expected conference. “No, we didn’t talk about military response,” he said when pressed again.

Biden in another moment had said he didn’t make any threats but rather “simple assertions.”

Biden stressed the need for both nation “to take action against criminals that conduct ransomware activities on their territory.”

Putin, in his own press conference after the meeting, claimed that American sources say that a “majority” of the cyberattacks in the world come from within the U.S.

The number of organizations affected by ransomware has jumped 102% compared to the beginning of 2020 and “shows no sign of slowing down,” according to a research note last month from IT security firm Check Point.

Both Colonial Pipeline and JBS Holdings, a meat-processing company, have been subject to major cyberattacks, where against the guidance of the FBI they paid millions of dollars in ransom to resume operation. The Colonial Pipeline attack was linked back to a Russian hacking group.

 

 

Proof There are Bats Inside the Wuhan Lab

Primer question: Will social media shut down this article? It has evidence and comes from renowned scientists including at MIT.

Back in early 2020, during the middle of the nationwide lockdown, this site published two items, here and here regarding the Wuhan Institute of Virology and that bats were in fact at the center of the cause of the pandemic.

Recently, former President Trump told media that the United States should demand at least $10 trillion from China due to the various forms of destruction and death by China. He is right. Frankly, the United States should declare all the debt load that China carries in the form of loans for the United States paid in full. Further, President Trump was exactly right to defund the World Health Organization and in fact it should be criminally charged for death and destruction.

*** The WIV had been genetically sequencing the mine virus in 2017 and 2018, analyzing it in a way they had done in the past with other viruses in preparation for running experiments with them.

For years, concerned scientists have warned that this type of pathogen research was going to trigger a pandemic. Foremost among them was Harvard epidemiologist Marc Lipsitch, who founded the Cambridge Working Group in 2014 to lobby against these experiments. In a series of policy papers, op-eds, and scientific forums, he pointed out that accidents involving deadly pathogens occurred more than twice a week in U.S. labs, and estimated that just 10 labs performing gain-of-function research over a 10-year period would run a nearly 20 percent risk of an accidental release. In 2018, he argued that such a release could “lead to global spread of a virulent virus, a biosafety incident on a scale never before seen.”

Thanks in part to the Cambridge Working Group, the federal government briefly instituted a moratorium on such research. By 2017, however, the ban was lifted and U.S. labs were at it again. Today, in the United States and across the globe, there are dozens of labs conducting experiments on a daily basis with the deadliest known pathogens. One of them is the Wuhan Institute of Virology. For more than a decade, its scientists have been discovering coronaviruses in bats in southern China and bringing them back to their lab in Wuhan. There, they mix genes from different strains of these novel viruses to test their infectivity in human cells and lab animals. source

 

Now we appear to have video evidence that came from an Australian media source.

As a reminder, the United States was not the only country that not only gave funding to ‘gain of function’ to the WIV but Australia did as well. More research paper summaries are surfacing as well as additional evidence that includes patent applications. The scientific theory now is that the WIV modeled the function of the virus to be more lethal in the transmission of human to human, altering it from animal to human.

So, where is Dr. Fauci on this? His emails did not include anything that resembled an inquiry of gain of function or bats.

There were live bats in the Wuhan Institute of Virology ... that is a bat hanging off the lab workers hat.

***

The Wuhan Institute of Virology (WIV) was found to have filed patents for “bat rearing cages” and “artificial breeding” systems in the months before the coronavirus first emerged last December. WIV has been subject to international scrutiny as it was known to have been carrying out experiments on bat coronaviruses – and is located just miles from Covid’s ground zero.

And the allegations continue despite the World Health Organisation appearing to exonerate the lab in its findings after a mission to Wuhan – which since been branded a “whitewash”.

The new revelations about the bat cages raises more questions about the work the Chinese scientists – lead by Dr Shi Zhengli, known as Batwoman – were doing in the months leading up to the pandemic.

It had previously been denied that WIV was keeping any live bats on site – but an online profile of the lab reportedly claimed it has capacity to keep 12 bat cages.

WIV scientists filed patents in June 2018 and October 2020 for the cages and methods for breeding of bats, which are believed to be the natural reservoir of Covid.

The first patent was filed for “bat rearing cages” which would be “‘capable of healthy growth and breeding under artificial conditions”, reports the Mail on Sunday.

And the second patent relates to a method of “artificially breeding” of wild bats, and in the document it describes bats being “artificially” infected with coronaviruses.

It explains it is hoped the breeding scheme will allow them to create a “brand-new model experimental animal for scientific research”.

The patents raise yet further questions about the work of the shadowy lab which has been accused by the US of having links to the Chinese military.

It comes as the White House said it has “deep concerns” that the Chinese government may have interfered with WHO’s investigation into the origins of Covid.WHO investigator Peter Daszak, who has longstanding links with WIV, had previously claimed no live bats were being kept by the lab.

Last April, he said: “All bats are released back to their cave site after sampling. It’s a conservation measure and is much safer in terms of disease spread than killing them or trying to keep them in a lab.”

In December, he appeared to repeat the claim by stating labs he had worked with “DO NOT have live or dead bats in them. There is no evidence anywhere that this happened”.

Daszak had been a member of the ten-person WHO team who swung its weight behind the Chinese government’s effort to deflect blame over the origins with the virus.

The team all but ruled out the lab leak, suggested the virus may have come from outside of China, and appeared to place their focus on claims the virus may have come from frozen food.And then just days later, WHO investigator Dominic Dwyer backtracked as he said it likely did start in China, and later claimed the Communist Party authorities refused to hand over raw data.

He said: “Why that doesn’t happen, I couldn’t comment. Whether it’s political or time or it’s difficult .

“But whether there are any other reasons why the data isn’t available, I don’t know. One would only speculate.”

The WHO mission was tightly controlled and stage managed by China – and even saw the scientists visits a propaganda museum celebrating Wuhan’s fight against Covid.

The organisation itself is also facing questions about how it handled the early days of the pandemic, being accused by former US President Donald Trump of being “China-centric”.

26M Amazon, Facebook, Apple, eBay User Logins Stolen by Hackers

The private login information belonging to tens of millions of people was compromised after malware infiltrated over 3.2 million Windows-based computers during a two-year span.

According to a report by cybersecurity provider NordLocker, a custom Trojan-type malware infiltrated the computers between 2018 and 2020 and stole 1.2 terabytes (TB) of personal information.
As a result, hackers were able to get their hands on nearly 26 million login credentials including emails, usernames and passwords from almost a million websites, according to Nordlocker’s report, which was conducted in partnership with a third-party company specializing in data breach research.

The targeted websites include major namesakes such as Amazon, Walmart, eBay, Facebook, Twitter, Apple, Dropbox and LinkedIn.

Adobe breach far bigger than thought - 38 million records ...

The malware was transmitted through email and “illegal software” which included a pirated version of “Adobe Photoshop 2018, a Windows cracking tool, and several cracked games,” according to the report.

To steal the personal information, the malware was reportedly able to take screenshots of a person’s information and also photograph “the user if the device had a webcam.”

Among the stolen database were 2 billion browser cookies and 6.6 million files, including 1 million images and more than 650,000 Word and .pdf files.

“Cookies help hackers construct an accurate picture of the habits and interests of their target,” the report read. “In some cases, cookies can even give access to the person’s online accounts.”

Making up the bulk of the stolen database was “3 million text files, 900,00 image files, and 600,000+ Word files.”

What was of most concern, according to Nordlocker, was that “some people even use Notepad to keep their passwords, personal notes, and other sensitive information,” according to the report.

***

McDonald's discloses hack of customer data in South Korea ...

But now McDonald’s is the latest victim.

McDonald’s on Friday disclosed limited details of a data breach that may have exposed some customer data.

“While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data,” a McDonald’s spokesperson said, adding that based on the company’s investigation so far, only Korean and Taiwanese customers were impacted.

The Wall Street Journal initially reported that U.S. markets were also impacted and that the breach exposed some U.S. business and employee contact information.

Those markets “will be taking steps to notify regulators and customers listed in these files,” which did not include customer payment information, the McDonald’s spokesperson said.

“McDonald’s understands the importance of effective security measures to protect information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defense,” the spokesperson said.

The fast-food chain said it was able to “quickly identify and contain” threats on its network. It also conducted a “thorough investigation” and worked with “experienced third parties” to do so.

McDonald’s did not share any additional details about the breach.

From Cyberscoop in part:

In other cases, by compromising payment machines, cybercriminals have swept up troves of customer data. That’s what happened in a 2019 breach of Checkers Drive-In Restaurants, when hackers accessed data such as payment card numbers and verification codes in an incident that affected more than 100 Checkers locations. The most notorious group to use the tactic is known as FIN7, a multibillion dollar criminal enterprise that has targeted payment data at Chipotle, Red Robin and Taco’s John.

McDonald’s defended its cybersecurity practices on Friday.

“McDonald’s understands the importance of effective security measures to protect information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defense,” the company’s statement reads.

“Moving forward, McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures.”

Airline Hacked by APT41

On March 4, 2021, SITA, an international provider of IT services for the air transport industry worldwide, said it had suffered a security incident. The announcement, however, was not getting the attention it deserved until Air India, one of SITA’s customers, reported a massive passenger data breach on May 21 caused by an earlier attack against SITA. Between March and May, various airline companies, including Singapore Airlines, Malaysia Airlines, and others, disclosed data breaches. All of those companies were SITA customers. After Air India revealed the details of its security breach, it became clear that the carriers were most likely dealing with one of the biggest supply chain attacks in the airline industry’s history.

Using its external threat hunting tools, Group-IB’s Threat Intelligence team attributed the Air India incident with moderate confidence to the Chinese nation-state threat actor known as APT41. The campaign was codenamed ColunmTK.

On May 21, Air India, India’s flag carrier, published an official statement on their website about a data breach. The announcement revealed that the breach was caused by a February incident at the airline’s IT service provider, SITA PSS, which is responsible for processing customers’ personally identifiable information (PII). It came to light that the SITA cyberattack affected 4,500,000 data subjects globally, including data related to Air India’s customers.

On May 21, Air India, India’s flag carrier, published an official statement on their website about a data breach. The announcement revealed that the breach was caused by a February incident at the airline’s IT service provider, SITA PSS, which is responsible for processing customers’ personally identifiable information (PII). It came to light that the SITA cyberattack affected 4,500,000 data subjects globally, including data related to Air India’s customers. Significant attribution detail continues here.

***

The FBI defines the APT41 as:

From 2020:

A global hacking collective known as APT41 has been accused by US authorities of targeting company servers for ransom, compromising government networks and spying on Hong Kong activists.

Seven members of the group—including five Chinese nationals—were charged by the US Justice Department on Wednesday.

Some experts say they are tied to the Chinese state, while others speculate money was their only motive. What do we really know about APT41?

Who are they?

Five members of the group were expert hackers and current or former employees of Chengdu 404 Network Technology, a company that claimed to provide legitimate “white hat” hacking services to detect vulnerabilities in clients’ .

But the firm’s work also included malicious attacks on non-client organisations, according to Justice Department documents.

Chengdu 404 says its partners include a government tech security assessor and Chinese universities.

The other two hackers charged are Malaysian executives at SEA Gamer Mall, a Malaysia-based firm that sells video game currency, power-ups and other in-game items.

What are they accused of?

The team allegedly hacked the computers of hundreds of companies and organisations around the world, including healthcare firms, and telecoms and pharmaceutical providers.

The breaches were used to collect identities, hijack systems for ransom, and remotely use thousands of computers to mine for cryptocurrency such as bitcoin.

One target was an anti-poverty non-profit, with the hackers taking over one of its computers and holding the contents hostage using encryption software and demanding payment to unlock it.

The group is also suspected of compromising in India and Vietnam.

In addition it is accused of breaching video game companies to steal in-game items to sell back to gamers, the Justice Department court filings said.

How did they operate?

Their arsenal ran the gamut from old-fashioned phishing emails to more sophisticated attacks on software development companies to modify their code, which then allowed them access to clients’ computers.

In one case documented by security company FireEye, APT41 sent emails containing malicious software to human resources employees of a target just three days after the firm recovered from a previous attack by the group.

Wong Ong Hua and Ling Yang Ching, the two Malaysian businessmen, ordered their employees to create thousands of fake video game accounts in order to receive the virtual objects stolen by APT41 before selling them on, the court documents allege.

Is the Chinese government behind them?

FireEye says the group’s targeting of industries including healthcare, telecoms and news media is “consistent with Chinese national policy priorities”.

APT41 collected information on pro-democracy figures in Hong Kong and a Buddhist monk from Tibet—two places where Beijing has faced political unrest.

One of the hackers, Jiang Lizhi, who worked under the alias “Blackfox”, had previously worked for a hacking group that served government agencies and boasted of close connections with China’s Ministry of State Security.

But many of the group’s activities appear to be motivated by financial gain and personal interest—with one laughing in chat messages about mass-blackmailing wealthy victims—and the US indictments did not identify a strong official connection.

Where are they now?

The five Chinese hackers remain at large but the two businessmen were arrested in Malaysia on Monday after a sweeping operation by the FBI and private companies including Microsoft to block the hackers from using their online accounts.

The United States is seeking their extradition.

None of the men charged are known to have lived in the US, where some of their targets were located.

They picked targets outside Malaysia and China because they believed law enforcement would not be able to track them down across borders, the court documents said.

The Under Reported Threat to the US of Smuggling Chinese

We have watched for years the chaos at the U.S. Southern border with Mexico. While there is has been a single focus on Latin Americans crossing into the United States, very little has been reported about the volume of Chinese. This should stimulate some critical thinking and questions.

Is this espionage, operatives or the building of a force for other reasons? In February of 2020, NBC News was asking some of the same questions.

A Chinese student walked around a perimeter fence at a U.S. naval base in Key West, taking pictures of government buildings. Stopped by police, he said he was trying to capture images of the sunrise.

aerial view of nas key west naval air station base truman ...

And nine days after that, two more Chinese students drove past a guard at the same naval base. When stopped by security 30 minutes later, they voluntarily displayed the videos and photos they had taken of the base.

The first Chinese student arrested at the naval base in Key West was Zhao Qianli, 20, who was taken into custody on Sept. 26, 2018.

Zhao entered the base by walking along the facility’s secure fence line and trudging through the beach, court documents say.

Zhao headed directly to the Joint Interagency Task Force South property, according to court records, where he took several photographs on his Motorola cellphone and his Canon EOS digital camera.

His devices contained photos and videos of sensitive equipment at the facility’s “antenna farm,” as well as images of warning signs that read “Military Installation” and “Restricted Area,” according to court documents.

Zhao initially told military police that he was “lost” and that he was a “dishwasher from New Jersey.” In later conversations with the FBI, Zhao said he traveled to Key West to “see the sights, such as the Hemingway House,” but there were no images of tourist attractions on his phone, according to his sentencing memo.

Zhao admitted to receiving military training as a university student in China and was found to have a “police blouse” and a People’s Republic of China Interior Ministry belt buckle at his hotel, the memo says.

 

In 2016, Newsweek in part reported:

Smuggling Chinese across the southern U.S. border appeals to traffickers because it is more lucrative than smuggling individuals from Mexico or Central America. A longer journey commands a steeper price and the going rate per person is believed to be somewhere between $50,000 and $70,000; the total value of the trade for the Chinese mafias involved has been estimated at $750 million.

The role of Chinese mafia groups (triads) in bringing migrants across the border has also deepened their exposure to and ties with Latin American narcotics cartels, both in human smuggling and beyond.

An “alliance between Chinese and Latin American smuggling rings” was noted as early as 1993, but today the scope of this “alliance” encompasses not just smuggling, but also other illicit activity including the sale of drug precursors from Asia and pirated materials.

In Mexico, contact between triads and cartels occurs in various regions, including those ruled by the ruthless Los Zetas syndicate and the Gulf and Juarez cartels, depending on what routes are used for migrants. Triad groups are believed to operate in the Mexican state of Chiapas and the Red Dragon triad, which operates in Peru, is involved not only in smuggling, but also in extortion and drug trafficking within Latin America. The wide-ranging activities of transnational organized crime groups generate additional law enforcement concerns beyond border security.

But it is important to look to the other side of our country, the area of the Bahamas and South Florida. A few islands in the Bahamas are now fully owned by China, one such island is Bird Cay. From Forbes in 2019 in part:

Quoting CaribbeanNews.com directly:

“China has set its sights on The Bahamas and has invested billions of dollars in building new infrastructure and industry across the country.

New roads, new businesses, new hotels, and booming Chinese immigration has led to many companies being staffed with more Chinese workers than local Bahamians.”

Plus, “Reports show that over 200,000 Chinese are illegally smuggled into the Caribbean every year to open their shops or work at Chinese businesses, with many sending their money back to China.”

However, the local government doesn’t see how it’s in a good position to do anything about it since Chinese state banks are simultaneously flooding the islands with tens of millions of dollars… even going so far as to finance new ports there.

Private Islands for sale - Bird Cay - Bahamas - Caribbean Bird Cay, owned now by China

Hold on, there is South Florida where those smuggled Chinese are making their way into the United States aboard some very expensive yachts.

The Miami Herald just last year told us:

Dozens of Chinese nationals without proper papers have been smuggled from the Bahamas to South Florida by operators of luxury yachts who are charging them thousands of dollars each for the short Atlantic journey, according to federal criminal cases.

In recent instances, the Coast Guard stopped two vessels approaching the South Florida shore, leading to the arrests of three men accused of transporting a total of 26 Chinese passengers and one Bahamian, court records show. The alien smuggling operations were not related, however.

Rocco Oppedisano, a 51-year-old Italian national, is scheduled for arraignment in Miami federal court Wednesday on charges of conspiring to transport aliens into the United States and bringing them here for financial gain. Oppedisano told a magistrate judge this week that properties he once owned in the Northeast have been sold along with his Mercedes-Benz, Porsche and Fiat vehicles to pay for legal costs over his immigration troubles.

Oppedisano was stopped by the Coast Guard on Dec. 2 while he was commandeering a 63-foot Sunseeker yacht named INXS FINALLY with 14 Chinese passengers and one Bahamian, according to an indictment. Among the passengers was a Chinese national, Ying Lian Li, who was deported last April but tried to re-enter the country.

It is unclear why these Chinese nationals — unlike Cubans and Haitians smuggled here in both go-fast and rickety boats in the past — sought to come to South Florida. But over the past five years, the Bahamas has experienced an influx of Chinese workers flocking to the archipelago as part of a push by China to invest in the country’s hotel, tourism and trade industries.

In the other alien smuggling case, a Coast Guard cutter encountered a 70-foot Hatteras yacht about 20 miles east of South Florida on July 23, when officers radioed the vessel to ask how many people were on board. The yacht’s response: two crew and eight Japanese passengers with passports, who did not need additional visas to enter the United States.

It was all a lie, according to a Homeland Security Investigations criminal affidavit.

About 10 miles east of Port Everglades, Coast Guard officers boarded the yacht and asked crew member Robert L. McNeil Jr. to bring all the passengers on deck. The officers counted 12 passengers with passports from the People’s Republic of China but without required visas to enter the United States, according to the HSI affidavit.

The Coast Guard concluded that none of the 12 Chinese nationals possessed documents that would allow them to enter the United States legally. McNeil, and the yacht’s charter captain, James A. Bradford, along with the 12 Chinese nationals were transferred to the Coast Guard cutter.

During questioning, Bradford said he left South Florida on the Hatteras yacht bearing the name CAREFREE on July 22 and arrived in Nassau, Bahamas, that day. He admitted that the purpose of the trip was to pick up a “tour group of aliens” in the Bahamas, transport them to South Florida and return to the Bahamas on July 26.

Bradford, who has been a charter captain for decades, said “he never checked to see if the passengers had proper documents to come to the U.S.,” according to the affidavit.

A search of the yacht uncovered 10 cellphones in the bridge area; none of the Chinese nationals had mobile phones on them.

“Based on my knowledge and experience in human smuggling cases, smugglers often collect cell phones from migrants until they are paid for delivering the migrants to the U.S.” wrote HSI special agent David Jansen, who added that none of the passengers carried any luggage.

The search also uncovered $118,100 hidden behind the wall paneling of the yacht’s master bedroom, the affidavit said. Investigators also seized more than $2,800 from McNeil.

Both Bradford and McNeil were indicted on charges of conspiring to transport aliens into the United States and bringing them here for financial gain. To resolve his case, McNeil pleaded guilty earlier this month to one count of alien smuggling to make a profit. He faces up to 10 years in prison.

The Hill says this is a disturbing trend.

Matt Cardy/Getty Images

While it’s unclear why these Chinese nationals sought to come to South Florida, the move is part of a larger five-year trend in the region. The Bahamas has seen a surge of Chinese workers as China invests in the archipelago’s hospitality and tourism industries. China’s presence in the Bahamas reportedly stems from a burgeoning relationship between the two countries, after China provided disaster relief in a bid to establish trade.