China is Buying America with and without CFIUS

Statistics found here.

When China is not buying America, they are busy in other parts of the globe buying places like Europe. That is how China is expanding, including stealing intelligence, espionage and hacking. The parts of Britain not owned by Russia are being gobbled up by China. Russia has a long plan and China has a long plan, not too sure about the United States, Britain or other allies.

There has been many discussions in Congress to reform CFIUS, Committee on Foreign Investment in the United States. The most widely noticed scandal with CFIUS was the Uranium One deal.

U.S. watchdog expands scrutiny to more Chinese deals ... photo

Anyway, John Carlin recently spoke with the National Law Journal about bipartisan legislation introduced in November in the U.S. Senate and House of Representatives by U.S. Sen. John Cornyn, R-Texas, and U.S. Rep. Robert Pittenger, R-North Carolina, respectively, to overhaul the CFIUS review process. CFIUS reviews, which are voluntary, are meant to protect the nation from business transactions that pose a national security or strategic risk to the United States. The panel has the authority to require the transaction’s parties to undertake risk mitigation, such as carving out a specific location or element of the deal.

The panel can also recommend that the president block a deal entirely. President Donald Trump, for example, in September blocked the sale of Oregon-based Lattice Semiconductor Corp. to a Chinese company. A deal by Anthony Scaramucci, briefly a White House communications director, to sell his stake in SkyBridge Capital to Chinese company HNA Group Co., which is partly government-owned, appears to be in jeopardy after not yet clearing its nearly yearlong CFIUS review, according to reports in financial media including Bloomberg News in mid-December.Treasury Secretary Steven Mnuchin, who chairs the panel, has urged toughening CFIUS reviews.

While leading the DOJ’s National Security Division, Carlin oversaw the indictment in 2014 of five Chinese military members for economic espionage for hacks against several big U.S. companies, among them United States Steel, Westinghouse, Alcoa Inc. and SolarWorld from 2006 through 2014. The division also investigated the cyberattack on Sony Pictures Entertainment in late 2014 that the U.S. government determined originated in North Korea; and brought charges with the FBI against seven Iranians working for computer companies under contract to the Iranian government and military that conducted cyberattacks between 2011 and 2013 against 46 financial institutions including Wells Fargo and JPMorgan Chase & Co. More here.

The CFIUS review process also appears to be affecting efforts by China Oceanwide Holdings Group Co. Ltd. to acquire Genworth Financial Inc.

BusinessInsider: In 2016, General Electric sold its appliances business to Qingdao-based Haier. China’s Zoomlion made an unsolicited bid for heavy-lifting-equipment maker Terex Corporation, and property and investment firm Dalian Wanda announced a deal to buy a majority stake in Hollywood’s Legendary Entertainment.

On Friday, a Chinese-led investor group announced it would buy the Chicago Stock Exchange. And then there’s ChemChina’s record-breaking deal for the Swiss seeds and pesticides group Syngenta, valued at $48 billion according to Dealogic.

There have already been 82 Chinese outbound mergers-and-acquisitions deals announced this year, amounting to $73 billion in value, according to Dealogic. That’s up from 55 deals worth $6.2 billion in the same period last year.

Last year was a record-breaker for Chinese outbound deals, with 607 deals valued at $112.5 billion in total. Just over one month into 2016, and China is more than halfway to breaking that record.

So what’s going on?

One interpretation is that Chinese companies are simply hungry for growth as that country’s economy slows, and they’re feeding themselves by buying other companies.

“With the slowdown of the economy, Chinese corporates are increasingly looking to inorganic avenues to supplement their growth,” Vikas Seth, head of emerging markets in the investment-banking and capital-markets department at Credit Suisse, told Business Insider.

Last year, investment bankers earned $558 million in revenue from Chinese outbound M&A deals, according to Dealogic. This year, that number is at $121 million to date.

But there are, of course, a number of challenge these deals will face — especially in the US.

M&A deals in the US are subject to scrutiny by the Committee on Foreign Investment in the United States, or CFIUS. It recently prevented the $3.3 billion sale of Philips’ lighting business to a group of buyers in Asia.

feb 5 total china m&a deal value
The 82 Chinese outbound deals announced so far in 2016 are worth more than half of 2015’s total Chinese outbound-deal value.
Andy Kiersz/Business Insider

“I would be very surprised if CFIUS did not have an interest in taking a look at this deal,” said Anne Salladin of law firm Stroock & Stroock, referring to the Chicago Stock Exchange deal.

China and Russia Using Same Aggressive Military Playbook

So, we cannot deny that Russia has been quite aggressive against the United States and our allies that go beyond the conflict in Syria and hacking. Russian spy ships cruise our coastlines, Russian fighter jets buzz our aircraft and Russian mercenaries from the Wagner Group attack our forces. Russia also encroaches on other countries and successfully annexes them such as Crimea and Ukraine.

So, what about China?

Photos show scale of construction in disputed area of ... photo

Well there are those disputed Spratley Island, claimed by several countries where China has taken full control. Now those islands which are part of one the largest maritime shipping channels in the world are weaponized and fortified by China with cruise missiles and surface to air weapons platforms. China is well known for hacking, successful industrial espionage and intellectual property theft.

The placement of the defensive weapons also comes on the heels of China’s recent South China Sea installation of military jamming equipment, which disrupts communications and radar systems. By all accounts, the new coastal defense systems represent a significant addition to Beijing’s military portfolio in one of the most contested regions in the world.

The land-based anti-ship cruise missiles, designated as YJ-12B, allow China to strike surface vessels within 295 nautical miles of the reefs. Meanwhile, the long-range surface-to-air missiles designated as HQ-9B, have an expected range of targeting aircraft, drones and cruise missiles within 160 nautical miles.

The defensive weapons have also appeared in satellite images of Woody Island, China’s military headquarters in the nearby Paracel Islands. More here.

As the Chinese have a military base just one mile from the American base in Djibouti, at least ten nasty encounters by the Chinese against American aircraft have been recorded. So, the Pentagon has filed a demarche.

In a press briefing Thursday, Pentagon Chief Spokesperson Dana White told reporters that the “very serious incidents” had resulted in “two minor injuries,” noting that Chinese laser use “poses a true threat to our airmen.” White said the U.S. has asked China to investigate laser use in the area. “It’s a serious matter. And so we’re taking it very seriously,” White explained. “We expect China to investigate it thoroughly.”

China’s ‘neighbouring base’ in Djibouti worries Pentagon ... photo

Camp Lemonnier is the only permanent American base in Africa and is home to around 4,000 troops. Opened in 2001, the installation has become a vital staging point for U.S. counter-terrorism operations, especially as a regional hub for American drone missions launched from a network of other nearby bases. Initially an 88-acre base, an agreement was signed with the Djibouti government in 2006 to expand the facility to 500 acres.

Chinese military observers told the Post that China’s laser use may be trying to scare off birds near its airfield or disrupting spy drones flying above, rather than targeting foreign pilots. Analyst Zhou Chenming told the newspaper, “The Chinese and U.S. bases in Djibouti are really close, so one could disturb the other if the two sides don’t have a proper communication mechanism.”

*** But hold on…Tucker Carlson asked a handful of key questions to Senator Marco Rubio. The answers were terrifying.

Col. Kang Defects from North Korea, Manhunt Underway

Mr. Kang is likely under protection of the West and has offered key intelligence that has aided the United States, Japan and South Korea in the talks with the Kim regime.

One of North Korea’s most senior intelligence officials, who played a major role in building Pyongyang’s nuclear weapons program, has disappeared and is believed to have defected to France or Britain, according to sources. South Korean media identified the missing official as “Mr. Kang”, and said he is a colonel in North Korea’s State Security Department (SSD), also known as Ministry of State Security. Mr. Kang, who is in his mid-50s, enjoyed a life of privilege in North Korea, because he is related to Kang Pan-sok (1892-1932), a leading North Korean communist activist and mother to the country’s late founder, Kim Il-sung.

According to South Korean reports, Kang was in charge of North Korea’s counter-espionage operations in Russia and Southeast Asia, including China. He is also believed to have facilitated secret visits to Pyongyang by foreign nuclear scientists, who helped build North Korea’s nuclear weapons program. In recent years, Kang was reportedly based in Shenyang, the largest Chinese city near the North Korean border, which is home to a sizeable ethnic Korean population. According to reports, Kang led Unit 121, an elite North Korean hacker group based in Shenyang, with the aim of carrying out cyber-attacks without implicating North Korea. The South Korean-based DailyNK website said on Wednesday that Kang had been based at the Zhongpu International Hotel in Shenyang (until recently named Chilbosan Hotel), which has historically been operated through a joint Chinese-North Korean business venture and is known to host numerous North Korean government officials.

Chilbosan Hotel Shenyang (Shenyang) photo

But according to DailyNK, Kang disappeared from Shenyang in February and is now believed to have defected, possibly “to France or Great Britain”. The Seoul-based website said Kang took “a lot of foreign currency with him” as well as “a machine capable of printing American dollars”. Following Kang’s disappearance, the government in Pyongyang launched a worldwide manhunt for him, sending at least 10 agents to assassinate him before he is given political asylum in the West, said DailyNK. Pang’s family, including his wife and children, are believed to still be in Pyongyang.

***

While it is reported that North Korea has released 3 Americans from a labor camp to detention at a hotel from observation and deprogramming. There is no word on full release however, there is more going on with behind the scenes and that includes this defection along with the unit this Colonel worked for while living and stationed in China.

***

The North Korean hackers hit the systems of the Israeli energy company to attempt to penetrate the best electronic protection systems, South Korea’s newspaper Naver reported. According to the company’s experts, the North Korean cyber actors have real capabilities to damage the infrastructure of the United States, Japan and other countries.

Last year, experts warned that the North Korean cyber army could be far more dangerous to global security than its nuclear missiles. “North Korean cyberattacks and other malicious cyber activities pose a risk to critical infrastructure in countries around the world and to the global economy,” the statement said.

Since 2011, Pyongyang has been scaling up its cyber capacities. The North Korean regime is suspected to be exploiting its cyber weapons for political purposes to intimidate its opponents as well as to steal crypto-currency.

North Korean hackers are involved in major cyber offensives
In 2013, the three largest broadcasting companies and two banking institutions of South Korea suffered a massive attack against their systems. According to Shinhan Bank and Nonghyup Bank representatives, about 32,000 computers were infected while internet banking and ATMs stopped working. While Pyongyang still denies any involvement, cybersecurity experts pointed to North Korean group Lazarus.

In August 2014, North Korea hacked the Channel 4 to prevent the production of a drama depicting the fictional story of a nuclear scientist kidnapped in the country.

However one of the most advanced attacks was the intrusion into the network of Sony Corporation in September 2014. The malware destroyed 70% of information stored in the company’s computers. According to Jim Lewis, senior fellow at the Center for Strategic and International Studies, the attack turned out to be the worst of its type on a company on U.S. soil.

North Korean hackers raise funds for regime
International sanctions forced Kim Jong-un to look for alternative and illegal sources of financing. By late 2015, the North Korean hackers shifted their attention to the global financial system, according to researchers at BAE Systems, FireEye and Symantec.

In 2016, they were about to commit the most astonishing bank robbery in history. The cybercriminals were close to stealing a billion dollars from the Federal Reserve of New York and only a misprint in the word “foundation” kept them from it.

North Korean state-backed hackers have been also accused of the WannaCry ransomware attack that affected hundreds of thousands of computers worldwide in 2017. Taking into account large amounts of stolen money, it becomes clear that despite the growing political and economic pressure Pyongyang will be able to stay afloat for long.

“Winter is coming”
According to the commander of the US forces in South Korea, General Brooks, the North Korean military forces are currently capable of carrying out the most efficient and well-prepared cyber-attacks in the world.

Robert Hannigan, former director of the Center for Government Communication of Great Britain says that as of June 2017, North Korea had 1,700 state-sponsored hackers and more than 5,000 support staff personnel. They all operate under the Main Intelligence Department of North Korean Armed Forces, known as Unit 586. The so-called Bureau 121 is the main unit conducting cyberattacks abroad. The US Department of Homeland Security refers to this structure as Hidden Cobra, while private companies gave the common name Lazarus to all North Korean hackers. But no one exactly knows how many different subdivisions the North Korea’s cyber-army has.

Earlier this year, cybersecurity firm McAfee reported that hackers have targeted organizations involved in the 2018 Pyeongchang Winter Olympics, which are set to start this week.  The malicious actors attempted to obtain passwords and sensitive financial data. Speculations have risen that the North could be responsible amid anti-North Korean demonstrations in the Korean Republic and increasingly hostile rhetoric between Pyongyang and Washington.

Some analysts believe that the ongoing talks between Pyongyang and Seoul are Kim Jong-un ruse aimed to distract attention from the North Korea’s nuclear program and its malicious activities in cyberspace. But even if talks go smoothly, Pyongyang will never give up further development of its cyber weapons.

North Korea’s advanced cyber warfare capabilities could be truly scaring and risk escalating the crisis. As international bodies consider enforcing sanctions, Pyongyang continues its campaign of outright theft. Korean Olympic detente won’t last forever.

Next time when Kim Jong-Un feels trapped or insulted his cyber army will be ready to wreak havoc.

 

Approval Process for Cyberwarfare Challenged

Cyber is a real battlefield and yet it gets almost zero ink in the media. The reason is due in part to exposing vulnerabilities, forced ransoms and stolen data.

NotPetya could be the beginnings of a new kind of ... photo

Just a couple of years ago: Chet Nagle, a former CIA agent and current vice president of M-CAM, penned an article in the Daily Caller, stating, “At FBI headquarters in July, the head of FBI counterintelligence, Randall Coleman, said there has been a 53% increase in the theft of American trade secrets, thefts that have cost hundreds of billions of dollars in the past year. In an FBI survey of 165 private companies, half of them said they were victims of economic espionage or theft of trade secrets — 95% of those cases involved individuals associated with the Chinese government.”

The threats all appear to have a foreign genesis and the United States does not have a real cyber policy due in part to debates over whether cyber attacks are acts of war. Can the United States fight back with her own cyber weapons? Not really, kinda, maybe.

Tracking the theft is left to the FBI, while responding is left to the U.S. Cyber Command. Army Lt. Gen. Paul Nakasone is the head of Cyber Command facing strategic threats from Russia, China, North Korea and Iran. During his confirmation hearings, Nakasone was grilled on how he would position the agencies to confront mounting Russian aggression in cyberspace, whether through attempted interference in U.S. elections or targeting the electric grid and other critical industrial systems.

Members of the White House’s National Security Council are pushing to rescind Presidential Policy Directive 20, an important policy memorandum that currently guides the approval process for government-backed cyberattacks, three current U.S. officials familiar with the matter tell CyberScoop.

The effort is driven in part by a desire from some NSC staff to create a more streamlined channel for military leaders to get their offensive cyber operations greenlit, insiders familiar with the matter said. The sources spoke under the condition of anonymity to freely discuss sensitive national security matters.

The move comes as lawmakers openly question whether U.S. Cyber Command, the nation’s premier cyber warfare unit, is hamstrung from responding to Russian meddling due to bureaucratic red tape. CyberScoop previously reported that multiple congressional committees are considering policies that could empower the military’s cyber mission.

But the push for change faces resistance from the intelligence community and several other federal agencies involved in cybersecurity.

Senior U.S. intelligence officials have expressed concerns over what rescinding the directive will mean for their own active computer spying missions. These covert operations, which are typically pursued by intelligence agencies like the CIA or NSA, could be exposed by the launch of “louder” disruptive-style attacks from the military. The presence of multiple hacking teams simultaneously targeting a single network often makes it easier for them all to be discovered by the victim.

Prior reporting by CyberScoop has shown that a long-running turf war exists between different federal agencies regarding the proper use of hacking tools in order to protect the homeland.

Even before Trump came to office though, the framework in question was considered a source of frustration inside the Pentagon.

Signed by President Barack Obama in 2012, the directive’s critics say that it was written in a confusing manner that leaves open-ended questions. In addition, critics tell CyberScoop that too many federal agencies are allowed to weigh in on proposed cyber operations, causing “even reasonable” plans to be delayed or outright rejected.

Insiders who are resistant to eliminating the directive admit that PPD-20 is flawed, but fear change because they’ve not seen a replacement plan.

“Better the devil you know, or something like that,” a former U.S. official said. “This is such a crucial decision because whatever comes next will dictate how arguments are settled inside government … you have the military on one side and the IC on the other.”

The NSC, CIA and Office of the Director of National Intelligence declined to comment. The NSA referred CyberScoop to U.S. Cyber Command, who in turn did not respond to a request for comment.

Currently, PPD-20 requires U.S. government agencies to run approvals for offensive operations through a chain of command that stretches across the federal government. The process is largely focused on controlling those operations that go beyond the confines of everyday digital espionage, or computer exploitation, to simply collect information.

According to PPD-20, if an operation is considered “of significant consequence,” it requires the direct blessing of the president in addition to the interagency group. Hacking operations that, for example, shut down a power grid or cause equipment to explode would fit into such a description. But experts say it also includes less flashy tactics like deleting data or corrupting software in a destructive manner.

“This directive pertains to cyber operations, including those that support or enable kinetic, information, or other types of operations,” PPD-20 reads. “The United States has an abiding interest in developing and maintaining use of cyberspace as an integral part of U.S. national capabilities to collect intelligence and to deter, deny, or defeat any adversary.”

After coming under scrutiny last month, outgoing NSA Director Adm. Michael Rogers told lawmakers that there’s an “ongoing policy discussion” about redrawing the regulations looming over military cyber operations. Unlike conventional military activities, the internet makes it difficult for policymakers to draw clear cut boundaries. This challenges also runs up against longstanding laws that underpin, and therefore divide, the work of soldiers and spies.

Historically, intelligence agencies — empowered by Title 50 of the U.S. Code — have led the way on U.S.-backed hacking that occur in countries like Iran or China; where armed conflict is absent. Military operations fall under the purview of Title 10 of the U.S. Code.

It’s not clear whether giving military leaders more leeway to conduct hacking operations will ultimately make those units more effective at their missions. The details surrounding these activities are always classified, which inhibits the public from having a substantive policy debate.

Ultimately, the decision to eliminate PPD-20 falls solely to the executive branch. Sources tell CyberScoop no final decision has been made.

What makes PPD-20 difficult to analyze is the fact that it remains a classified document, despite it being leaked by NSA whistleblower Edward Snowden. The classification means current officials are barred from publicly commenting on it.

Thomas Rid, a professor of strategic studies at Johns Hopkins University, said that Snowden’s PPD-20 leak was notable because it revealed the U.S. government’s thought process behind “the rise of unwanted norms caused by escalatory cyberattacks.”

“Reading between the lines, the framework acknowledges the negative effect on global cyber norms that events like Stuxnet can cause because of escalation,” said Rid.

Rid also believes the directive was “naïvely constructed,” relying too much on the idea that cyberattacks only impact other machines, and not people.

“When you look at what’s happened in 2016, and really since then, it makes the people who wrote PPD-20 seem like they don’t understand the current threat environment where Russia, and to some degree Iran, are combining active measures with cyber to change public perception,” he told CyberScoop. “Russia is basically kicking the U.S.’ ass.”

Russia’s Response to the West, Cyber War

The Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the United Kingdom’s (UK) National Cyber Security Centre (NCSC) released a joint Technical Alert (TA) about malicious cyber activity carried out by the Russian Government. The U.S. Government refers to malicious cyber activity by the Russian government as GRIZZLY STEPPE.

NCCIC encourages users and administrators to review the GRIZZLY STEPPE – Russian Malicious Cyber Activity page, which links to TA18-106A – Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices, for more information.

*** GRIZZLY STEPPE – Russian Malicious Cyber Activity ... photo

Senator Tom Cotton: Our nation’s communications networks benefit us in ways unimaginable at the start of the digital age.  But a potential danger lurks: hidden “backdoors” in network equipment.  A hostile foreign power could use these backdoors to spy on Americans or attack our critical infrastructure by injecting viruses or launching denial-of-service attacks.  These backdoors can be designed into routers, switches, and virtually any other type of telecommunications equipment that, together, make up our networks.

This highlights the importance of our networks’ supply chain—that is, the process by which telecommunications equipment is manufactured, sold, distributed, and installed.  Whether the threat involves hacking into our nation’s communications networks or conducting industrial or political espionage at the behest of a foreign government, the integrity of the supply chain has worried U.S. government officials for years.

In 2012, the House Permanent Select Committee on Intelligence released a bipartisan report on the national security threats posed by certain foreign manufacturers.  This past year, Congress barred the Department of Defense from buying certain equipment and services from Chinese companies Huawei and ZTE on account of concerns about those companies’ connections to that country’s government.  And Congress recently banned all federal agencies from using products or services made by Kaspersky Lab, a company with alleged ties to the Russian government.

We’re committed to protecting our national security, and this proposal is a prudent step to accomplish that goal.

But the supply-chain threat persists.  Just this February, FBI Director Christopher Wray testified about “the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks.”  These risks include the ability to “maliciously modify or steal information” and “conduct undetected espionage.”  As the supply chain for our networks increasingly stretches beyond U.S. borders, this danger has become all too real.

Given the national security risks, we believe it’s time for more concerted federal action.  Among other things, that means making sure that our government doesn’t make the problem worse by spending the American people’s money on products and services from any company that poses a national security threat to our communications networks.

The Federal Communications Commission is a good place to start.  It regulates America’s communications networks.  And it administers the Universal Service Fund, an almost $9 billion-per-year program designed to ensure that all Americans have access to phone and broadband services.  The money in the Fund comes from fees paid by the American people on their phone bills.  About $4.7 billion annually is spent expanding high-speed Internet access in rural communities; $2.7 billion helps connect schools and libraries to the Internet; $1.3 billion assists in making phone and broadband services more affordable to low-income Americans; and about $300 million supports communications services for rural health-care facilities.  These are important programs.  But there’s no reason one dime of this funding should go to suppliers that raise national security concerns.  There are plenty of other providers we can use to help bridge the digital divide.

That’s why the FCC will vote on April 17 on Chairman Pai’s recent proposal to bar the use of universal service funding to buy equipment or services from any company that poses a national security threat to the integrity of our communications networks or the communications supply chain.  If approved, the proposal would also seek public input on how we should identify suspect firms and which types of telecommunications equipment or services should fall within the prohibition.  Everyone concerned about this issue will have a chance to weigh in.

Bottom line:  We’re committed to protecting our national security, and this proposal is a prudent step to accomplish that goal.  The FCC, Congress, and all government agencies must work together to safeguard the integrity of our communications supply chain.  We strongly urge the full Commission to approve this proposal and for other agencies to follow the lead.