Eligible Receiver 97, Red Team Being Applied Today for Cyber Hacks?

An early classified Defense Department cybersecurity exercise named “Eligible Receiver 97” (ER97) featured a previously unpublicized series of mock terror attacks, hostage seizures, and special operations raids that went well beyond pure cyber activities in order to demonstrate the potential scope of threats to U.S. national security posed by attacks in the cyber domain, according to recently declassified documents and a National Security Agency (NSA) video posted today by the nongovernmental National Security Archive at The George Washington University.

“Joint Exercise Eligible Receiver 97”, run during the Clinton presidency, is frequently pointed to as a critical event in the United States’ appreciation of threats in cyber space. The exercise led directly to the formation of what would eventually become United States Cyber Command (USCYBERCOM) and informed key studies such as the formative Marsh Report on critical infrastructure protection. Despite the significance of ER97, however, very little is publicly known about the exercise itself.

ER97 involved an NSA Red Team playing the role of North Korean, Iranian and Cuban hostile forces whose putative aim was to attack critical infrastructure as well as military command-and-control capabilities to pressure the U.S. government into changing its policies toward those states. An interagency Blue Team was required to provide recommendations to personnel enacting defensive responses. Until now, only two phases out of three (infrastructure and command-and-control) had been publicly known.  The video and documents posted today provide new details about the third phase involving kinetic attacks in the physical domain – i.e. more traditional terrorist assaults on civilian targets – which were built upon intelligence gathered through the Red Team’s successes. Read more here on the declassified files.

*** With all the cyber terror going on today in the United States, are we doing more ‘red team’ exercises? Perhaps some of those tactics are paying off many years later.

3 Carbanak (FIN7) Hackers Charged With Stealing 15 Million ...

Three Members of Notorious International Cybercrime Group “Fin7” in Custody for Role in Attacking Over 100 U.S. Companies

Victim Companies in 47 U.S. States; Used Front Company ‘Combi Security’ to Recruit Hackers to Criminal Enterprise

          SEATTLE – Three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe have been arrested and are currently in custody facing charges filed in U.S. District Court in Seattle, announced U.S. Attorney Annette L. Hayes, Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division and Special Agent in Charge Jay S. Tabb Jr. of the FBI’s Seattle Field Office.

According to three federal indictments unsealed today, Ukrainian nationals Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kolpakov, 30, are members of a prolific hacking group widely known as FIN7 (also referred to as the Carbanak Group and the Navigator Group, among other names).  Since at least 2015, FIN7 members engaged in a highly sophisticated malware campaign to attack more than 100 U.S. companies, predominantly in the restaurant, gaming, and hospitality industries.  As set forth in the indictments, FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers which were used or sold for profit.

In the United States alone, FIN7 successfully breached the computer networks of businesses in 47 states and the District of Columbia, stealing more than 15 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations.  Additional intrusions occurred abroad, including in the United Kingdom, Australia, and France.  Companies that have publicly disclosed hacks attributable to FIN7 include such familiar chains as Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and Jason’s Deli.  Additionally here in Western Washington FIN7 targeted the Emerald Queen Casino (EQC) and other local businesses.  The Emerald Queen Casino was able to stop the intrusion and no customer data was stolen.

“Protecting consumers and companies who use the internet to conduct business – both large chains and small ‘mom and pop’ stores — is a top priority for all of us in the Department of Justice,” said U.S. Attorney Annette L. Hayes.  “Cyber criminals who believe that they can hide in faraway countries and operate from behind keyboards without getting caught are just plain wrong.  We will continue our longstanding work with partners around the world to ensure cyber criminals are identified and held to account for the harm that they do – both to our pocketbooks and our ability to rely on the cyber networks we use.”

“The three Ukrainian nationals indicted today allegedly were part of a prolific hacking group that targeted American companies and citizens by stealing valuable consumer data, including personal credit card information, that they then sold on the Darknet,” said Assistant Attorney General Benczkowski.  “Because hackers are committed to finding new ways to harm the American public and our economy, the Department of Justice remains steadfast in its commitment to working with our law enforcement partners to identify, interdict, and prosecute those responsible for these threats.”

“The naming of these FIN7 leaders marks a major step towards dismantling this sophisticated criminal enterprise,” said Special Agent in Charge Jay S. Tabb Jr., of the FBI’s Seattle Field Office.  “As the lead federal agency for cyber-attack investigations, the FBI will continue to work with its law enforcement partners worldwide to pursue the members of this devious group, and hold them accountable for stealing from American businesses and individuals.”

Each of the three FIN7 conspirators is charged with 26 felony counts alleging conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft.

In January 2018, at the request of U.S. officials, foreign authorities separately arrested Ukrainian Fedir Hladyr and a second FIN7 member, Dmytro Fedorov.  Hladyr was arrested in Dresden, Germany, and is currently detained in Seattle pending trial.  Hladyr allegedly served as FIN7’s systems administrator who, among other things, maintained servers and communication channels used by the organization and held a managerial role by delegating tasks and by providing instruction to other members of the scheme.  Hladyr’s trial is currently scheduled for October 22, 2018.

Fedorov, a high-level hacker and manager who allegedly supervised other hackers tasked with breaching the security of victims’ computer systems, was arrested in Bielsko-Biala, Poland.  Fedorov remains detained in Poland pending his extradition to the United States.

In late June 2018, foreign authorities arrested a third FIN7 member, Ukrainian Andrii Kolpakov in Lepe, Spain.  Kolpakov, also is alleged to be a supervisor of a group of hackers, remains detained in Spain pending the United States’ request for extradition.

According to the indictments, FIN7, through its dozens of members, launched numerous waves of malicious cyberattacks on numerous businesses operating in the United States and abroad.  FIN7 carefully crafted email messages that would appear legitimate to a business’ employee, and accompanied emails with telephone calls intended to further legitimize the email. Once an attached file was opened and activated, FIN7 would use an adapted version of the notorious Carbanak malware in addition to an arsenal of other tools to ultimately access and steal payment card data for the business’ customers. Since 2015, many of the stolen payment card numbers have been offered for sale through online underground marketplaces. (Supplemental document “How FIN7 Attacked and Stole Data” explains the scheme in greater detail.)

FIN7 used a front company, Combi Security, purportedly headquartered in Russia and Israel, to provide a guise of legitimacy and to recruit hackers to join the criminal enterprise.  Combi Security’s website indicated that it provided a number of security services such as penetration testing.  Ironically, the sham company’s website listed multiple U.S. victims among its purported clients.

 

The charges in the indictments are merely allegations, and the defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

The indictments are the result of an investigation conducted by the Seattle Cyber Task Force of the FBI and the U.S. Attorney’s Office for the Western District of Washington, with the assistance of the Justice Department’s Computer Crime and Intellectual Property Section and Office of International Affairs, the National Cyber-Forensics and Training Alliance, numerous computer security firms and financial institutions, FBI offices across the nation and globe, as well as numerous international agencies. Arrests overseas were executed in Poland by the “Shadow Hunters” from CBŚP (Polish Central Bureau of Investigation); in Germany by LKA Sachsen – Dezernat 33, (German State Criminal Police Office) and the Polizeidirektion Dresden (Dresden Police); and in Spain by the Grupo de Seguridad Logica within the Unidad de Investigación Technologica of the Cuerpo Nacional de Policía (Spanish National Police).

This case is being prosecuted by Assistant U.S. Attorneys Francis Franze-Nakamura and Steven Masada of the Western District of Washington, and Trial Attorney Anthony Teelucksingh of the Justice Department’s Computer Crime and Intellectual Property Section.

how_fin7_attacked_and_stole_data.pdf

Legislation Proposed on Front Co.’s/Foreign Investment

Frankly, Britain has a much worse issue, but big hat tip to Senator Rubio. There are cities in America which are pockets of some nasty dark money in real estate.

There needs to be some real reform to CFIUS, Committee for Foreign Investment in the United States.

Crackdown on dirty money shook Miami real estate. Now, Rubio wants to take it national

In a move with significant implications for the U.S. housing market, Florida Republican Sen. Marco Rubio is seeking to take a Treasury Department crackdown on dirty money in luxury real estate and expand it from a few high-priced enclaves to the entire nation.

Rubio says his proposal is an attempt to root out criminals who use illicit funds and anonymous shell companies to buy homes — a form of money laundering that hides the cash’s tainted origin from law enforcement and banks. The widespread practice enables terrorism, sex trafficking, corruption, and drug dealing by providing an outlet for dirty cash, according to transparency advocates.

Through an amendment to an unrelated major spending bill, Rubio will ask Treasury to study whether government regulators should force shell companies that buy homes priced at $300,000 or more in cash nationwide to disclose their owners. That could be a figure as high as 10 percent of the nation’s real-estate deals.

A similar reporting requirement affecting transactions priced at $1 million or more has already had a chilling effect on all-cash corporate sales in Miami-Dade County, which has been under Treasury’s microscope since 2016.

“Shell companies involved in shady activities are a big problem, especially throughout South Florida,” Rubio said in a statement to McClatchy and the Miami Herald. “With this provision, a study would be conducted to look at requiring all shell companies that make cash transactions, regardless of their area, to disclose their identities.”

The amendment builds on a previous Treasury disclosure order that applied only to certain markets, including South Florida.

That order — which forced shell companies buying homes with cash to reveal their true owners to the government — has been in place in some areas since March 2016 at various price points. Its effects were immediate and stunning. As soon as the order took hold, shell companies buying homes with cash dropped off the map, a recent study by academic economists found. In Miami-Dade, the number of corporate cash sales plummeted 95 percent, although a strong overall market suggests creative buyers found ways to circumvent the rules, researchers said.

Before the crackdown, corporate cash sales accounted for roughly a third of home-sale volume in Miami-Dade, which is popular with foreign investors.

The amendment has the support of the top Democrat on the Senate Finance Committee, Oregon’s Ron Wyden, as well as Rhode Island Democratic Sen. Sheldon Whitehouse. Both have tried to widen disclosure of true owners of shell companies, which can be listed in the names of lawyers, accountants, and other fronts. The lack of corporate transparency frustrates law-enforcement officials, who say it stymies their investigations.

A vote is expected on the overall bill as soon as this week, Rubio’s office said.

The powerful real-estate industry has fought attempts from the government to have it act as a watchdog against money laundering, as banks, precious-metals dealers, money-service businesses, and other financial institutions are required to do. Many Realtors and developers say their clients are simply wealthy buyers seeking privacy, not criminals.

But over the past two years, Treasury has moved with force into what had been a largely unregulated sector of the U.S. financial system. Starting in Miami-Dade County and Manhattan two years ago, Treasury’s Financial Crimes Enforcement Network (FinCEN) began requiring anonymous shell companies to disclose their true owners when they bought pricey homes with cash.

The temporary directives — called “geographic targeting orders” or GTOs — were later expanded to other housing markets in Florida, New York, Texas, California, and Hawaii where foreign and anonymous investors are gobbling up real estate and driving up prices. The rules require title agents to identify the owners of shell companies buying homes with cash and disclose their names to the federal government.

“The GTOs are working, and it’s time they were expanded. Laundering money through real estate isn’t new, but [what is new is] an effective approach to combat dirty money,” said Clark Gascoigne, deputy director of the Financial Accountability and Corporate Transparency (FACT) Coalition, a watchdog nonprofit.

Rubio’s proposal to take the project national, Gascoigne added, “sends a strong message that we’re serious about protecting the U.S. financial system, the real-estate market, and communities across the country.”

Stephen Hudak, a spokesman for FinCEN, declined to comment.

Cracking down

The Rubio amendment asks Treasury to consider expanding the FinCEN directive to include all cash real-estate transactions over $300,000 anywhere in the United States.

It would give Treasury 180 days to submit a study to Congress providing details about the data that has been collected by FinCEN since 2016 and how it is being used. The agency is also being asked to determine if it needs more authority to combat money laundering and whether expanding the targeting order would be of use. In addition, FinCEN is asked if a registry of company owners — something supported by a bipartisan cast of federal legislators — would help authorities fight money laundering, tax evasion, election fraud, and other illegal activities.

Previously, the FinCEN disclosure requirement kicked in for corporate cash sales that were priced at $3 million or higher in New York City, $1 million or higher in Miami-Dade, Broward, and Palm Beach, and at different price points in other states. In May, FinCEN enacted a new directive that secretly lowered the number to $300,000 in all GTO areas. Sources familiar with the agency’s thinking say the new order was kept confidential because regulators don’t want to give money launderers a road map for structuring their transactions to avoid reporting.

Rubio’s amendment would start at that lower price point, covering a major chunk of home sales nationwide. Last year, the median U.S. home sold for a price of $247,200, according to the National Association of Realtors.

A cash transaction is one in which there is no mortgage and the property is purchased outright. Cash doesn’t just mean stacks of greenbacks; it also includes such financial instruments as wire transfers, checks, and money orders. Unlike mortgages, cash deals don’t involve heavy scrutiny from banks, which can identify potential money laundering and file suspicious-activity reports to the feds.

The 2016 publication of the Panama Papers spotlighted how anonymous shell companies in faraway tax havens were used to camouflage property purchases in the United States by politicians, drug traffickers, and financial fraudsters. Housing analysts argue that the flow of anonymous money is driving up prices.

“There’s hardly a metropolitan area in the country that is not experiencing a real public-policy issue regarding affordable housing,” said Ned Murray, a housing expert and associate director of Florida International University’s Metropolitan Center. “The whole focus of the real-estate industry is on … supplying homes for wealthy investors that we don’t know much about. It really is a factor for prices and supply.”

Much of the world has responded to the threat of corruption in real estate by requiring greater ownership disclosure. The United States has done relatively less, although Rubio’s amendment could help close the gap.

Those operating in the shadows of the real-estate market certainly seem aware of the Treasury disclosure requirements — and are working to get around them.

Take Carmelo Urdaneta Aqui, who is the former legal counsel to the Venezuelan Ministry of Oil and Mining. He was recently among those charged in a federal $1.2 billion money-laundering case involving funds stolen from Venezuela’s state oil company.

When Urdaneta prepared to close on a brand-new, $5.3 million condo at the Porsche Design Tower in Sunny Isles Beach, he was informed by paperwork from the developer that “taking title [to the unit] under a company or trust may trigger FinCEN reporting requirements,” according to a federal indictment filed last week. He was worried enough about the disclosure that he discussed how to avoid it with a government informant.

Ultimately, Urdaneta set up a company in his wife’s name to do the deal, prosecutors allege.

001 Gil Dezer DS
Developer Gil Dezer’s company built the Porsche Design Tower in Sunny Isles Beach, where units sell for millions of dollars to wealthy out-of-towners.
David Santiago [email protected]

Dezer Development did not say why it alerts potential buyers that they might end up on Treasury’s radar.

“All language relating to legal requirements associated with closings was prepared by Dezer Development’s outside legal counsel,” a spokeswoman wrote in an email to the Herald on Monday.

The 60-story Porsche Design Tower is famous for a car elevator that allows owners to park in “sky garages” within their units. On Friday, federal prosecutors indicated that they would move to seize the unit.

Bad for brokers?

While overall home sales held steady even after the FinCEN rule went into place, the real-estate study found, luxury home prices were slightly softer in markets affected by the GTO.

That suggests that expanding the GTO could have a dampening effect on the nation’s real-estate market, said Jeff Morr, a luxury real-estate broker at Douglas Elliman and chairman of the Miami Master Brokers Forum, an industry group.

“Does it stop money laundering? Probably, yes,” Morr said. “Is it good for the real-estate market? Probably, no.”

But at least making the rule nationwide might take some of the heat off Miami, he said.

“It may make Florida less unattractive now that it’s everywhere,” Morr said. “We shouldn’t be treated differently than other areas.”

Real Estate Cycle_Edgewater (4).jpeg
The crane has become the unofficial city bird of Miami during the latest construction boom.
Miami Herald

That was exactly the sentiment of the Miami-Dade County Commission when the rule was first enacted in 2016. At the time, commissioners passed a symbolic resolution asking regulators to stop singling out Miami for special scrutiny. The industry still feels the same way.

Legitimate buyers need privacy, too, said Ron Shuffield, president and CEO of EWM Realty International.

“There are wealthy people who don’t want everyone to know that they live at the end of the block,” Shuffield said. “If someone is determined to launder money, they can pick anywhere in the country to do it, from the smallest city in the Midwest to Miami or New York City. It’s only fair that every area have to report. Otherwise, the rules could be scaring people away from certain markets.”

 

Asia Pivot/Latin America Failure, China Owns L.A.

Remember when just a few weeks ago when President Trump announced a new ‘space command‘?

The House Armed Services Committee has a fiscal item in the 2018 NDAA for something called ‘Management and Organization of Space Programs’. The Air Force is not too happy. Redundancy maybe or no?

US Air Force Sees Multidomain Command and Control As Critical photo

Air Force Space Command, activated Sept. 1, 1982, is a major command with headquarters at Peterson Air Force Base, Colorado. AFSPC provides military focused space capabilities with a global perspective to the joint warfighting team.

Mission

AFSPC’s mission is to provide resilient, defendable and affordable space capabilities for the Air Force, Joint Force and the Nation.

Vision

Innovate, Accelerate, Domininate

Priorities

1. Build Combat Readiness

2. Innovate and Accelerate to Win

3. Develop Joint Warfighters

4. Organize for Sustained Success

 

People

More than 30,000 space professionals worldwide.

Organization

Fourteenth Air Force is located at Vandenberg AFB, California, and provides space capabilities for the joint fight through the operational missions of spacelift; position, navigation and timing; satellite communications; missile warning and space control.

The Space and Missile Systems Center at Los Angeles AFB, California, designs and acquires all Air Force and most Department of Defense space systems. It oversees launches, completes on-orbit checkouts and then turns systems over to user agencies. It supports the Program Executive Office for Space on the Global Positioning, Defense Satellite Communications and MILSTAR systems. SMC also supports the Evolved Expendable Launch Vehicle, Defense Meteorological Satellite and Defense Support programs and the Space-Based Infrared System.

AFSPC major installations include: Schriever, Peterson and Buckley Air Force bases in Colorado; Los Angeles and Vandenberg Air Force bases in California; and Patrick AFB in Florida. Major AFSPC units also reside on bases managed by other commands in New Mexico, Virginia and Georgia. AFSPC manages many smaller installations and geographically separated units in North Dakota, Alaska, Hawaii and across the globe.

 

Space Capabilities

Spacelift operations at the East and West Coast launch bases provide services, facilities and range safety control for the conduct of DOD, NASA and commercial launches. Through the command and control of all DOD satellites, satellite operators provide force-multiplying effects — continuous global coverage, low vulnerability and autonomous operations. Satellites provide essential in-theater secure communications, weather and navigational data for ground, air and fleet operations and threat warning.

Ground-based radar, Space-Based Infrared System and Defense Support Program satellites monitor ballistic missile launches around the world to guard against a surprise missile attack on North America. Space surveillance radars provide vital information on the location of satellites and space debris for the nation and the world. Maintaining space superiority is an emerging capability required to protect U.S. space assets.

Remember when VP Pence visited several countries in Latin America a few months ago?

Lots of back story items going on here. China landed in Latin America, the world knew it and did nothing. Obama? Yep…nothing and Trump is working to catch up and applying some counter-measures? This trade war thing is beginning to make some sense with China….

No Need for New ‘Imperial Powers’

Latin America experts in the Obama White House watched China’s rise in the region warily. But the administration raised little fuss publicly, sharing its concerns with leaders mostly in private.

Besides, former officials say, Washington did not have much of a counteroffer.

“I wished the whole time I was working in Latin America that any administration had as well thought-out, resourced and planned a policy as the pivot to Asia for Latin America,” said John Feeley, who recently resigned as the American ambassador to Panama after a nearly three-decade career. “Since the end of the 1980s, there really has never been a comprehensive hemispheric long-term strategy.”

While President Barack Obama was widely hailed in the region for restoring diplomatic relations with Cuba in late 2014, Washington’s agenda never ceased being dominated by two issues that have long generated resentment in Latin America: the war on drugs and illegal immigration.

***

Meanwhile, Patagonia has a Chinese military base, for 50 years, for free.

The 450-ton device, with its hulking dish embracing the open skies, is the centerpiece of a $50 million satellite and space mission control station built by the Chinese military.

The isolated base is one of the most striking symbols of Beijing’s long push to transform Latin America and shape its future for generations to come — often in ways that directly undermine the United States’ political, economic and strategic power in the region.

The antenna is the centerpiece of a $50 million station built by the Chinese military.CreditMauricio Lima for The New York Times

The station began operating in March, playing a pivotal role in China’s audacious expedition to the far side of the moon — an endeavor that Argentine officials say they are elated to support.

But the way the base was negotiated — in secret, at a time when Argentina desperately needed investment — and concerns that it could enhance China’s intelligence gathering capabilities in the hemisphere have set off a debate in Argentina about the risks and benefits of being pulled into China’s orbit.

“Beijing has transformed the dynamics of the region, from the agendas of its leaders and businessmen to the structure of its economies, the content of its politics and even its security dynamics,” said R. Evan Ellis, a professor of Latin American studies at the United States Army War College.

Just weeks after the space station began operating in Patagonia, the United States made an announcement that raised eyebrows here in Argentina.

The Pentagon is funding a $1.3 million emergency response center in Neuquén — the same province where the Chinese base is, and the first such American project in all of Argentina. Local officials and residents wondered whether the move was a tit-for-tat response to China’s new presence in this remote part of the country. Read the full article here from the NYT’s, great work.

Foreign Espionage Silicon Valley and Presidio

One of the more corrupt locations in the country is San Francisco. Within the Bay Area is a former military base now turned all elite real estate known as Presidio. Within Presidio is the Presidio Trust. Yikes, taxpayer dollars pay out big bonuses there. The largest Federal bonus was paid to Bart Ferrell, a Human Resources Manager, who processes the payroll for the Presidio Trust.

Presidio Trust endorses museum, hotel and theaters for the ...

What the heck is going on in the Bay Area? Point to Senator Feinstein for those answers. But here is a BIG clue. Dianne sits on the Senate Intelligence Committee…..sheesh….as you read below, it becomes evident of the expulsion of several Russians….but no Chinese?

As you read through this chilling summary, consider the Hillary Russian conspiracy/collusion operation with Skulkovo.

The Clintons also strengthened their coffers. Three key transactions compose their pro-Kremlin graft.

• “The Ex-Im Bank would welcome an application for financing from Rosavia to support its purchase of Boeing aircraft,” Hillary said in Moscow on October 13, 2009. Three days later, according to the Washington Post, “Boeing formally submitted its bid for the Russian deal.” Kremlin-owned Rostekhnologii decided on June 1, 2010, to buy up to 50 Boeing 737s for Aeroflot, Russia’s national airline. Price: $3.7 billion.

That August 17, Boeing gave the Clinton Foundation $900,000 to “help support the reconstruction of Haiti’s public-education system” after a severe earthquake the previous January.

• Hillary pushed Skolkovo, “a high-tech corridor in Russia modeled after our own Silicon Valley,” as she explained in Moscow in October 2009. Her State Department colleagues encouraged 22 top American venture capitalists to tour Skolkovo in May 2010.

State convinced Cisco, Google, and Intel, among others, to open shop in Skolkovo. By 2012, 28 “Key Partners” from the U.S., Europe, and Russia supported this project.

But the U.S. Army Foreign Military Studies Program warned in 2013: “Skolkovo is arguably an overt alternative to clandestine industrial espionage.” Lucia Ziobro, a top FBI agent in Boston, explained in 2014: “The FBI believes the true motives of the Russian partners, who are often funded by their government, is to gain access to classified, sensitive, and emerging technology from the companies.”

'Silicon Valley' season 3 opening sequence - Business Insider

How Silicon Valley Became a Den of Spies

The West Coast is a growing target of foreign espionage. And it’s not ready to fight back.

SAN FRANCISCO—In the fall of 1989, during the Cold War’s wan and washed-out final months, the Berlin Wall was crumbling—and so was San Francisco. The powerful Loma Prieta earthquake, the most destructive to hit the region in more than 80 years, felled entire apartment buildings. Freeway overpasses shuddered and collapsed, swallowing cars like a sandpit. Sixty-three people were killed and thousands injured. And local Soviet spies, just like many other denizens of the Bay Area, applied for their share of the nearly $3.5 billion in relief funds allocated by President George H.W. Bush.

FBI counterintelligence saw an opening, recalled Rick Smith, who worked on the Bureau’s San Francisco-based Soviet squad from 1972 to 1992. When they discovered that a known Soviet spy, operating under diplomatic cover, had filed a claim, Smith and several other bureau officials posed as federal employees disbursing relief funds to meet with the spy. The goal was to compromise him with repeated payments, then to turn him. “We can offer your full claim,” Smith told the man. “Come meet us again.” He agreed.

But the second time, the suspected intel officer wasn’t alone. FBI surveillance teams reported that he was being accompanied by a Russian diplomat known to the FBI as the head of Soviet counterintelligence in San Francisco. The operation, Smith knew, was over—the presence of the Soviet spy boss meant that the FBI’s target had reported the meeting to his superiors—but they had to go through with the meeting anyway. The two Soviet intelligence operatives walked into the office room. The undercover FBI agents, who knew the whole affair had turned farcical, greeted the Soviet counterintelligence chief.

“What,” he replied, “You didn’t expect me to come?”

We tend to think of espionage in the United States as an East Coast phenomenon: shadowy foreign spies working out of embassies in Washington, or at missions to the United Nations in New York; dead drops in suburban Virginia woodlands, and surreptitious meetings on park benches in Manhattan’s gray dusk.

But foreign spies have been showing up uninvited, to San Francisco and Silicon Valley for a very long time. According to former U.S. intelligence officials, that’s true today more than ever. In fact, they warn—especially because of increasing Russian and Chinese aggressiveness, and the local concentration of world-leading science and technology firms—there’s a full-on epidemic of espionage on the West Coast right now. And even more worrisome, many of its targets are unprepared to deal with the growing threat.

Unlike on the East Coast, foreign intel operations here aren’t as focused on the hunt for diplomatic secrets, political intelligence or war plans. The open, experimental, cosmopolitan work and business culture of Silicon Valley in particular has encouraged a newer, “softer,” “nontraditional” type of espionage, said former intelligence officials—efforts that mostly target trade secrets and technology. “It’s a very subtle form of intelligence collection that is more business connected and oriented,” one told me. But this economic espionage is also ubiquitous. Spies “are very much part of the everyday environment” here, said this person. Another former intelligence official told me that, at one point recently, a full 20 percent of all the FBI’s active counterintelligence-related intellectual property cases had originated in the Bay Area. (The FBI declined to comment for this story.)

Political espionage happens here, too. China, for example, is certainly out to steal U.S. technology secrets, noted former intelligence officials, but it also is heavily invested in traditional political intelligence gathering, influence and perception-management operations in California. Former intelligence officials told me that Chinese intelligence once recruited a staff member at a California office of U.S. Senator Dianne Feinstein, and the source reported back to China about local politics. (A spokesperson for Feinstein said the office doesn’t comment on personnel matters or investigations, but noted that no Feinstein staffer in California has ever had a security clearance.) At the Aspen Security Forum last week, FBI director Chris Wray acknowledged the threat Chinese spying in particular poses, saying, “China from a counterintelligence perspective represents the broadest, most pervasive, most threatening challenge we face as a country.”

Making it even more complicated, said multiple former U.S. intel officials, many foreign intel “collectors” in the Bay Area are not spies in the traditional sense of the term. They aren’t based out of embassies or consulates, and may be associated with a state-owned business or research institute rather than an intelligence agency. Chinese officials, in particular, often cajole or outright threaten Chinese nationals (or U.S. citizens with family members in China) working or studying locally to provide them with valuable technological information.

“You get into situations where you have really good, really bright, conscientious people, twisted by their home government,” said a chief security officer at a major cloud storage company whose company maintains sensitive government contracts. U.S.-based Chinese employees of this company have had Chinese government officials attempt to “leverage” these individuals’ family members in China, this person told me. The company now requires employees working on certain projects to be U.S. citizens.

And yet, it’s not clear that the Bay Area—historically famous for its liberalism, and now infamous for its madcap capitalism—is prepared to handle this escalation and these new tactics. Tech firms, especially start-ups, lack incentives to report potential espionage to U.S. officials; and businesses and universities are often ignorant about the espionage threat, or so attuned to local political sensitivities they may fear being accused of stereotyping if they attempt to institute more stringent defensive security and screening measures.

As Silicon Valley continues to take over the world, the local spy war will only get hotter—and the consequences will resonate far beyond Northern California. This story is based on extensive conversations with more than half a dozen former intelligence community officials with direct knowledge of, or experience with, U.S. counterintelligence activities in the Bay Area. All requested anonymity to discuss sensitive matters more openly. A few other individuals, all of whom worked counterintelligence in the Bay Area from the early 1970s through the mid-2000s, agreed to be interviewed on the record.

As one former senior intelligence official put it: “San Francisco is a trailblazer—you see the changes there in foreign counterintelligence first. Trends emerge there.” If we want to understand a world where Russian and Chinese are ramping up their spy games against the United States, then we need to pay attention to what’s happening in San Francisco.

***

Russian intelligence has had an intensive interest in San Francisco stretching back to the beginning of the Cold War. In those days, the Russians were primarily gathering information on local military installations, said former officials, including the Presidio, the strategically located former military base set on a wind-swept northern tip of the San Francisco peninsula, overlooking the Golden Gate Bridge.

Since then, Russian operations have become bolder, with one notable exception: the immediate post-Cold War period. “The only time there was a collective sigh regarding Russia, like maybe things have changed, was under Gorbachev,” said LaRae Quy, who worked on Russian and Chinese counterintelligence in the Bay Area from 1985 to 2002. “We even put in a big ‘Going Out Of Business’ sign in the Palo Alto squad room.”

But this optimism quickly faded when Putin was elected in 2000, recalled Quy, who retired in 2006. “Russia has been steadily escalating since then.”

As the Bay Area transformed itself into a tech hub, Russia adapted its efforts accordingly, with Russian spies increasingly focused on obtaining information on valuable, sensitive or potentially duel-use technologies—those with both civilian and military applications—being developed or financed by companies or venture-capital firms based in the region. Russia’s espionage activities have traditionally been centered on its San Francisco Consulate, which was forcibly closed by the Trump administration in early September 2017.

But even with the consulate shuttered, there are alternative vehicles for Russian intelligence-gathering in Silicon Valley. One potential mechanism, said three former intelligence officials, is Rusnano USA, the sole U.S. subsidiary of Rusnano, a Russian government-owned venture capital firm primarily focused on nanotechnology. Rusnano USA, which was founded in 2011, is located in Menlo Park, near Stanford University. “Some of the [potential intelligence-gathering] activities Rusnano USA was involved in were not only related to the acquisition of technology, but also inserting people into venture capital groups, in developing those relationships in Silicon Valley that allowed them to get their tentacles into everything,” one former intelligence official told me. “And Rusnano USA was kind of the mechanism for that.”

Rusnano’s interests, said this former official, have extended to technology with both civilian and potential military applications. U.S. intelligence officials were very concerned about contacts between Rusnano USA employees and suspected Russian intelligence officers based at Russia’s San Francisco Consulate and elsewhere, this person said. “The Russians treated [Rusnano USA] as an intelligence platform, from which they launched operations,” said another former U.S. intelligence official. (Rusnano USA and the Russian Embassy in Washington, did not respond to requests for comment.)

Russia also employs older, tried-and-true methods locally. Intel officials have suspected that Russian spies were enlisting local high-end Russian and Eastern European prostitutes, in a classic Russian “honeypot” maneuver, to gather information from (and on) Bay Area tech and venture-capital executives. Sex workers targeting executives at high-end bars and nightclubs such as the Rosewood Sand Hill, an ultra-luxury hotel located near many of Silicon Valley’s top financial firms—infamous for its raucous, hook-up oriented Thursday nights—the Redwood Room, a tony bar located in the Clift Hotel in downtown San Francisco, and other spots have been identified as potentially reporting back to Russian intel officers, said another former official. “If I were a Russian intelligence officer, and I knew that these high-end girls were dragging CEOs of major companies back to their rooms, I’d be paying them for info too,” said this person. “It’s that whole idea of concentric rings: You don’t need to be on the inside, you just need somebody on the inside that you have access to.”

***

Russia’s interference in the 2016 presidential election has given Putin’s regime an outsized role in the national conversation on espionage. But talk to former intel officials, and many will say that China poses an equal, if not greater, long-term threat. “The Chinese just have vast resources,” said Kathleen Puckett, who worked counterintelligence in the Bay Area from 1979 to 2007. “They have all the time in the world, and all the patience in the world. Which is what you need more than anything.” (China’s Embassy in Washington, did not respond to requests for comment.)

Because of California’s economic and political importance, as well as its large, well-established, and influential émigré and Chinese-American communities, the People’s Republic places great weight on its intelligence activities here, said multiple former intelligence officials. Indeed, two told me that California is the only U.S. state to which the Ministry of State Security—China’s main foreign intelligence agency—has had a dedicated unit, focused on political intelligence and influence operations. (China has had a similar unit for Washington.)

And if California is elevated among Chinese interests, San Francisco is like “nirvana” to the MSS, said one former official, because of the potential to target community leaders and local politicians who may later become mayors, governors or congressmen. Their efforts are becoming increasingly sophisticated.

Sometimes these recruitment efforts have been successful. According to four former intelligence officials, in the 2000s, a staffer in Senator Dianne Feinstein’s San Francisco field office was reporting back to the MSS. While this person, who was a liaison to the local Chinese community, was fired, charges were never filed against him. (One former official reasoned this was because the staffer was providing political intelligence and not classified information—making prosecution far more difficult.) The suspected informant was “run” by officials based at China’s San Francisco Consulate, said another former intelligence official. The spy’s handler “probably got an award back in China” for his work, noted this former official, dryly.

Or take the case of Rose Pak. Pak, who died in September 2016, was for decades one of San Francisco’s preeminent political power brokers. Though she never held elective office, she was famous for making and unmaking mayors, city councilmen (or “supervisors,” as they’re known in San Francisco), and pushing city contracts to her allies and constituents in Chinatown.

According to four former intelligence officials, there were widespread concerns that Pak had been co-opted by Chinese intelligence, and was wielding influence over San Francisco politics in ways purposefully beneficial to the Chinese government. Another worry, U.S. officials said, was Pak’s role in organizing numerous junkets to China, sometimes led by Pak in person and attended (often multiple times) by many prominent Bay Area politicians, including former San Francisco Mayor Ed Lee, who died while in office in 2017. Political junkets are used by Chinese intelligence for surveillance (“every single hotel room is bugged,” one former official told me) and collection purposes, as well as for spotting and assessing potential recruits, said former intel officials. (There is no indication that Pak herself participated in, or had knowledge of, specific intelligence-gathering efforts.) Concerns about Pak’s links to the Chinese Communist Party occasionally percolated into local political debate, but the intelligence community’s identification of Pak as a likely agent of influence for Beijing is being reported here for the first time.

Occasionally, Chinese intelligence activities in San Francisco burst into plain view. Consider the story—and it is an incredible one, also told here for the first time—of the 2008 Olympic Torch Run. San Francisco was the only U.S. city to host the Olympic torch as it made its way, tortuously, to Beijing. And Chinese officials were very concerned about disruptions to the run by protesters, as well as in managing the image China projected to the rest of the world in the run-up to the games.

So they decided to leave nothing to chance. According to three former intelligence officials, Chinese MSS and Ministry of Public Security (MPS) officers flew in to San Francisco from abroad for the occasion, joining suspected MSS officers based in the Bay Area. (At the time, the diplomat responsible for Overseas Chinese Affairs at China’s San Francisco Consulate was a suspected MSS officer, said two of these former officials.) U.S. officials watched as Chinese intelligence officers filmed Tibetan monks on their march across the Golden Gate Bridge, and known Chinese spies surveilled a pro-Tibet rally downtown featuring Desmond Tutu and Richard Gere. Chinese spies also recorded participants in a Falun Gong rally in Union Square, and shot footage of protestors at the torch run itself.

Most brazenly, said former intelligence agents, Chinese officials bussed in 6,000-8,000 J-Visa holding students—threatening them with the loss of Chinese government funding—from across California to disrupt Falun Gong, Tibetan, Uighur and pro-democracy protesters. (They even provided these students with a box lunch.) “I’m not sure they would have pulled out these stops in any other city, but San Francisco is special” to China, said a former senior U.S. official.

Counterintelligence officers possessed advance knowledge about some aspects of this operation and observed Chinese intelligence officers, who often wore earpieces connected to a radio, managing the movements of counterprotesters, directing blocs of pro-PRC students to intimidate, disrupt and overwhelm anti-Beijing protesters across the parade route. Chinese intelligence officers would “communicate with each other, and say, ‘We’ve got three Tibetan monks about to do a reading on Pier 39—I need you to move bloc A and bloc B to that location so we can drown them out,’” recalled another former official. “So they’d move these groups around to prevent any protests along the Embarcadero.”

“We got pissed off,” said the same former intelligence official, because the Chinese “were interfering with the free expression of opinion” at the torch relay—their operation was, in essence, an effort by a hostile foreign intelligence service to forcibly suppress First Amendment activities in a major American city.

Disagreements between the FBI and the State Department, which counseled a more restrained approach, prevented U.S. intelligence personnel from interfering directly in Chinese activities during the torch run itself, said this former intel official. (The State Department said it does not comment on intelligence matters.) The same source noted that U.S. intelligence officials did, however, pass information about the torch run to their Australian counterparts—the torch was later scheduled to pass through Canberra—which denied visas to some of the Chinese intelligence officers responsible for the melee in San Francisco.

Chinese intelligence has long focused on surveilling, and attempting to control, Chinese nationals studying abroad. One well-documented mechanism for this effort has been the use of Chinese Students and Scholars Associations groups on university campuses. The connectivity between individual campus CSSAs and local Chinese diplomatic facilities varies. Some groups are unreceptive to the intercession or influence of Chinese government officials, but many consider themselves to be under the direct “guidance” of their local consulate or embassy, receiving funds from these institutions. “Intelligence officers in diplomatic facilities are the primary point of contact for students in CSSAs,” said one former official.

But some of these links between these student groups and Chinese officials are covert, and even coercive. In one case in the mid-2000s in the Midwest, a student affiliated with a CSSA reported another Chinese student’s contact with the FBI to an MSS officer operating under diplomatic cover in Chicago, said a former intelligence official. The student was quickly flown out of the country. And, roughly half a decade ago in the Bay Area, counterintelligence officials believed that a graduate student affiliated with the Berkeley CSSA was working for the MSS, and reporting on the activities of other Chinese students on campus, said another former official.

***

When it comes to economic espionage in particular, Chinese intelligence employs a more decentralized strategy than Russia does, former intelligence officials told me. China draws from a much larger population pool to achieve its objectives—using opportunistic businessmen, ardent nationalists, students, travelers and others alike. One former intelligence official likened China’s approach to an “Oklahoma land rush”—an attempt to grab as much targeted proprietary technology or IP as possible, as quickly as possible, through as many channels as possible.

Chinese intelligence also undertakes very intentional efforts to recruit insiders placed within organizations whose technologies they are interested in, said the same former intelligence official. “They are very good at softly recruiting people, and taking advantage of vulnerabilities”—including via threats—“and they are very patient in putting different parts of it together. We’ve seen them repeatedly save money and time that the U.S. spends on research and development.”

The July 2018 arrest of Silicon Valley-based Apple employee Xiaolang Zhang, who allegedly stole proprietary information about Apple’s self-driving car program to benefit his new employer, a China-based competitor, appears to fit this pattern. (Zhang was charged with theft of trade secrets and has not been accused of any espionage-related crimes. He maintains his innocence.)

The case of Walter Liew, a Bay Area local who was found guilty in 2014 of selling a highly valuable proprietary pigmentation formula owned by DuPont to a state-owned Chinese conglomerate, is a clearer example.

Liew was found guilty of violating the Economic Espionage Act,a landmark 1996 federal law that strengthened penalties for trade theft benefiting a foreign government. San Francisco has played an outsized role in cases involving this law. In fact, the first conviction under the act occurred in San Francisco, in 2006; as did the first sentencing under the law, in 2008; as did the first jury conviction—of Liew himself—in 2014. All three cases involved China.

The Chinese have pursued this strategy “brilliantly” for years, said Puckett. “They put all their efforts into espionage, and get everything for free.”

Chinese cyberespionage operations have also targeted a number of Silicon Valley-based technology giants. During a number of attacks, two former intelligence officials told me, Chinese intelligence immediately sought the files of U.S. companies’ legal counsel or other legal documentation, to access Foreign Intelligence Surveillance Act warrants or National Security Letters previously issued to these institutions. In other words, the paramount Chinese interest was finding out the extent of the U.S. officials’ knowledge about China’s own intelligence operatives—and in adjusting their behavior accordingly. “If in fact the person in question was Chinese intelligence,” said this former official, “they could then alter their approach.” This strategy began being observed during a hack of Google, said two former officials, that occurred about a decade ago.

While China and Russia demand the lion’s share of counterintelligence resources in the Bay Area, a number of friendly intelligence services are also active in Silicon Valley, said former intelligence officials. South Korea, according to one, has become “formidable” in the realm of economic espionage, with particular sophistication in cyberespionage. U.S. officials have had to issue “stern warnings” to South Korea to “stop hacking” within the United States, said this person. (The South Korean Embassy in Washington, D.C., did not respond to requests for comment.)

Israel is also active in the Bay Area—but it’s complicated. According to one former intelligence official, Israel has “a culture that facilitates and encourages acquisition of targeted companies”—in other words, it will use information it has gathered locally to cajole or incentivize private Israeli firms to purchase specific start-ups or other Silicon Valley-based tech companies. Throughout the 2000s, said former officials, French intelligence employed a similar strategy.

In an email response, a spokesperson for the Israeli Embassy in Washington, D.C., wrote that “the allegations are totally untrue and downright ridiculous. Israel does not conduct espionage in the United States.” A spokesperson for the French Embassy declined to comment.

There is disagreement, however, within the U.S. intelligence community about the amount of resources that should be devoted to what is, in essence, a “soft” form of spying by U.S. allies. “I get they try to get advantages from economic espionage,” said another former senior intelligence official, “but is French espionage worth that much emotional discharge, given what the Russians are up to?”

***

There’s another big challenge to doing counterintelligence work in the Bay Area, say these officials: getting the cooperation of local private-sector actors, especially in tech. Indeed, said former intelligence officials, not only do many cases of economic espionage not reach the prosecution stage here, they often go unreported entirely.

This has been a longstanding source of friction in the Valley. “The biggest problem we had—really, seriously—with a lot of these companies is that they wouldn’t prosecute,” said Larae Quy, the former Palo Alto-based FBI counterintelligence agent who retired in 2006. “They would have an employee sell technology to, say, the Russians or the Chinese, and rather than let their stockholders or investors know about it, they just let it walk. So, we’ve caught the guy, or we have information and we’d like to take it to the next level, and they don’t want to push it because of the bad press that gets out. It’s the most frustrating thing in the world.”

Silicon Valley firms continue to downplay, or outright conceal, the extent to which the theft of trade secrets and other acts of economic espionage occur, said multiple former officials. “Coming forward and saying you didn’t have controls in place—that totally impacts shareholder or investor value,” noted one former intelligence official. “Especially when you’re dealing with startups or mid-level companies that are looking for funding, that’s a big deal. You’re basically announcing to the world, especially if you’re potentially going forward with a public trial, that you were not able to protect your information.”

The open, start-up culture in the Bay Area has also complicated U.S. counterintelligence efforts, said former officials, because Russian and Chinese operatives have an easier time infiltrating organizations without any security systems or hierarchies in place. These services like penetrating young companies and start-ups, noted one former official, because “it’s always better to get in at ground floor” when seeking to pilfer valuable information or technology.

The exorbitant cost of living in Silicon Valley, however, means that opportunities for tech employees—and potential spies or co-optees—to “get in at the ground floor” are becoming increasingly uncommon. The tech industry, chasing talent and lower overheard, is now spread more widely across the country than ever before. And this diffusion will create new vulnerabilities. Consequently, places like Chapel Hill, North Carolina and Boulder, Colorado—both midsized cities with thriving tech industries—will likely see an uptick in counterintelligence cases. (One former intelligence official noted that the FBI’s office in Austin, Texas, has built up its counterintelligence capacities.)

But spies will never leave Silicon Valley. As the region’s global clout grows, so will its magnet-like attraction for the world’s spooks. As one former U.S. intelligence official put it, spies are pulled toward the Bay Area “like moths to the light.” And the region will help define the struggle for global preeminence—especially between the United States and China—for decades to come.