Category Archives: China aggression

Foreign Espionage Spying on Cell Phones in Washington DC

Posted on by

There was an investigation and the report is complete…but who has it, where is it? Between the FBI, Secret Service, DHS, Capitol Police as well as other agencies…why the suspense? Why is it still going on?

Mysterious unidentified spying cell towers found across ...

In related reading, this site published in November of 2017: Surveillance: China’s Big Brother, America’s Also?

U.S. Suspects Cellphone Spying Devices in Washington

THE ASSOCIATED PRESS (FRANK BAJAK)

(AP) — For the first time, the U.S. government has publicly acknowledged the existence in Washington of what appear to be rogue devices that foreign spies and criminals could be using to track individual cellphones and intercept calls and messages.

The use of what are known as cellphone-site simulators by foreign powers has long been a concern, but American intelligence and law enforcement agencies — which use such eavesdropping equipment themselves — have been silent on the issue until now.

In a March 26 letter to Oregon Sen. Ron Wyden, the Department of Homeland Security acknowledged that last year it identified suspected unauthorized cell-site simulators in the nation’s capital. The agency said it had not determined the type of devices in use or who might have been operating them. Nor did it say how many it detected or where.

The agency’s response, obtained by The Associated Press from Wyden’s office, suggests little has been done about such equipment, known popularly as Stingrays after a brand common among U.S. police departments. The Federal Communications Commission, which regulates the nation’s airwaves, formed a task force on the subject four years ago, but it never produced a report and no longer meets regularly.

The devices work by tricking mobile devices into locking onto them instead of legitimate cell towers, revealing the exact location of a particular cellphone. More sophisticated versions can eavesdrop on calls by forcing phones to step down to older, unencrypted 2G wireless technology. Some attempt to plant malware.

They can cost anywhere from $1,000 to about $200,000. They are commonly the size of a briefcase; some are as small as a cellphone. They can be placed in a car next to a government building. The most powerful can be deployed in low-flying aircraft.

Thousands of members of the military, the NSA, the CIA, the FBI and the rest of the national-security apparatus live and work in the Washington area. The surveillance-savvy among them encrypt their phone and data communications and employ electronic countermeasures. But unsuspecting citizens could fall prey.

Wyden, a Democrat, wrote DHS in November requesting information about unauthorized use of the cell-site simulators.

The reply from DHS official Christopher Krebs noted that DHS had observed “anomalous activity” consistent with Stingrays in the Washington area. A DHS official who spoke on condition of anonymity because the letter has not been publicly released added that the devices were detected in a 90-day trial that began in January 2017 with equipment from a Las Vegas-based DHS contractor, ESD America .

Krebs, the top official in the department’s National Protection and Programs Directorate, noted in the letter that DHS lacks the equipment and funding to detect Stingrays even though their use by foreign governments “may threaten U.S. national and economic security.” The department did report its findings to “federal partners” Krebs did not name. That presumably includes the FBI.

The CEO of ESD America, Les Goldsmith, said his company has a relationship with DHS but would not comment further.

Legislators have been raising alarms about the use of Stingrays in the capital since at least 2014, when Goldsmith and other security-company researchers conducted public sweeps that located suspected unauthorized devices near the White House, the Supreme Court, the Commerce Department and the Pentagon, among other locations.

The executive branch, however, has shied away from even discussing the subject.

Aaron Turner, president of the mobile security consultancy Integricell, was among the experts who conducted the 2014 sweeps, in part to try to drum up business. Little has changed since, he said.

Like other major world capitals, he said, Washington is awash in unauthorized interception devices. Foreign embassies have free rein because they are on sovereign soil.

Every embassy “worth their salt” has a cell tower simulator installed, Turner said. They use them “to track interesting people that come toward their embassies.” The Russians’ equipment is so powerful it can track targets a mile away, he said.

Shutting down rogue Stingrays is an expensive proposition that would require wireless network upgrades the industry has been loath to pay for, security experts say. It could also lead to conflict with U.S. intelligence and law enforcement.

In addition to federal agencies, police departments use them in at least 25 states and the District of Columbia, according to the American Civil Liberties Union.

Wyden said in a statement Tuesday that “leaving security to the phone companies has proven to be disastrous.” He added that the FCC has refused to hold the industry accountable “despite repeated warnings and clear evidence that our phone networks are being exploited by foreign governments and hackers.”

After the 2014 news reports about Stingrays in Washington, Rep. Alan Grayson, D-Fla, wrote the FCC in alarm. In a reply, then-FCC chairman Tom Wheeler said the agency had created a task force to combat illicit and unauthorized use of the devices. In that letter, the FCC did not say it had identified such use itself, but cited media reports of the security sweeps.

That task force appears to have accomplished little. A former adviser to Wheeler, Gigi Sohn, said there was no political will to tackle the issue against opposition from the intelligence community and local police forces that were using the devices “willy-nilly.”

“To the extent that there is a major problem here, it’s largely due to the FCC not doing its job,” said Laura Moy of the Center on Privacy and Technology at Georgetown University. The agency, she said, should be requiring wireless carriers to protect their networks from such security threats and “ensuring that anyone transmitting over licensed spectrum actually has a license to do it.”

FCC spokesman Neil Grace, however, said the agency’s only role is “certifying” such devices to ensure they don’t interfere with other wireless communications, much the way it does with phones and Wi-Fi routers.

___

Links:

DHS letter to Sen. Ron Wyden: http://apne.ws/eJ7JipM

DHS enclosure in letter to Sen. Ron Wyden: http://apne.ws/dBMPqWw

 

Cyberwar: The new Forever Battle, Indicators of Compromise

Posted on by

The United States is in the midst of the most resounding policy shift on cyber conflict, one with profound implications for national security and the future of the internet. The just-released U.S. Cyber Command “vision” accurately diagnoses the current state of cyber conflict and outlines an appropriate new operational model for the command: since cyber forces are in “persistent engagement” with one another, U.S. Cyber Command must dive into the fight, actively contesting adversaries farther forward and with more agility and operational partnerships.

The vision, however, ignores many of the risks and how to best address them. Most importantly, the vision does not even recognize the risk that more active defense – in systems and networks in other, potentially friendly nations – persistently, year after year, might not work and significantly increases the chances and consequences of miscalculations and mistakes. Even if they are stabilizing, such actions may be incompatible with the larger U.S. goals of an open and free Internet. More here including the critique of the report.

US Cyber Command gets unified military command status ...

*** Meanwhile we know all too well about Russia and China’s cyber espionage, yet when proof surfaces by hacking into their documents for evidence….both countries begin another denial session. And Trump invited Putin to a bi-lateral meeting at the White House? Any bi-lateral meeting should take place outside the United States in a neutral location like Vanuatu or the Canary Islands….

TheTimes: Russian attempts to fuel dissent and spread disinformation have been exposed by a cache of leaked documents that show what the Kremlin is prepared to pay for hacking, propaganda and rent-a-mob rallies.

Hacked emails sent by Moscow-linked figures outline a dirty-tricks campaign in Ukraine, which was invaded on the orders of President Putin in 2014. Experts said that they exposed the dangers faced by Britain and its allies because Russia used the same weapons of disinformation, bribery and distortion to attack the West.

Bob Seely, a Tory MP and expert on Russian warfare, said his analysis of the leaks, which comprise thousands of emails and a password-protected document related to the conflict in Ukraine, revealed a “shopping list of subversion”.

“There is overwhelming evidence that the tools and techniques of Russian covert conflict are being used in and against the UK, the US and the EU,” he added. “In the wake of the Skripal poisoning it’s more important than ever that we understand these methods.”

The cost and extent of tactics were disclosed in a third tranche of the so-called Surkov leaks, named after Vladislav Surkov, a Kremlin spin-master said by some to be Mr Putin’s Rasputin.

Two previous tranches, published online by Ukrainian Cyber Alliance, a hacker activist collective, were said to include emails from an account linked to Mr Surkov. He has been closely involved with the management of Donetsk and Luhansk People’s Republics, two Russian-controlled “statelets” in Ukraine established by pro-Moscow separatists.

The latest publication appears to contain emails found in accounts linked to Inal Ardzinba, Mr Surkov’s first deputy, and to a Ukrainian Communist party leader. They suggest that the Kremlin paid local groups and individuals in Ukraine that were willing to advance its aim to fracture the country.

One set of correspondence from October 2014, which appears to have been sent by a Russian politician to Mr Ardzinba, contained proposals to fund cyberoperations, including hacking email accounts for between $100 and $300. A wider plan to “troll opponents”, “demotivate enemies” on social media, and amass the personal data of targeted individuals in Ukraine’s second largest city, Kharkiv, was priced at $130,500.

The Russian foreign ministry has denied in the past that Mr Ardzinba has had anything to do with propaganda in Ukraine. According to Mr Seely, the leaks appear to reveal plans to plant new historical and philosophical ideas. The emails also include an event and two books that would claim that an area of Ukraine had Russian heritage.

Other proposals included the orchestration of anti-Ukraine, pro-Russia rallies. These involved the transport of “sportsmen” trained in martial arts to agitate at the rallies, bribes to local media to feature the protests and bribes to police to turn a blind eye. A month of rallies in Kharkiv was priced at $19,200. It included 100 participants, three organisers and two lawyers. It is unclear if the rallies took place, though others orchestrated by the Kremlin did happen, the research said. Moves to get 30 ex-communist figures elected to local government were floated in June 2015, at $120,460, the leaks said.

The Kremlin has claimed in the past that the Surkov leaks are fabricated and in the information war between Ukraine and Russia falsehoods may have been planted. However, the authors of correspondence in the first two tranches confirmed their authenticity. They were supported by the Atlantic Council, an international affairs think tank, after an analysis of metadata.

In their analysis of the third tranche, Mr Seely and his co-researcher Alya Shandra, managing editor of an English-language Ukrainian news website, say the leaks are “very likely to be authentic”. Ms Shandra and Mr Seely plan to publish their report with the Royal United Services Institute.

Peter Quentin, a research fellow at the Royal United Services Institute, said: “There is no reason to believe these leaks are any less credible than the previous tranches. This third tranche certainly seems to fit with the trend of well-documented subversion by Russian activists in the region.”

China and Russia Military Collaboration Against the West

Posted on by
Imagine the conversations in meetings between respective military officers of these two countries. As the United States has very little in the way of remote espionage in China and due to the expulsion of U.S. diplomatic personnel from Russia, the U.S. has even less intelligence officers in and around Russia….so, what could be coming that we may soon miss?
CHINA’S EVOLVING OVERSEAS ACCESS
China is expanding its access to foreign ports to pre-position the necessary logistics support to regularize and sustain deployments in the “far seas,” waters as distant as the Indian Ocean, Mediterranean Sea, and Atlantic Ocean. In late November, China publicly confirmed its intention to build military supporting facilities in Djibouti “to help the navy and army further participate in United Nations peacekeeping operations (PKO), carry out escort missions in the waters near Somalia and the Gulf of Aden, and provide humanitarian assistance.” This Chinese initiative both reflects and amplifies China’s growing geopolitical clout, extending the reach of its influence and armed forces.
China’s expanding international economic interests are increasing demands for the PLAN to operate
in more distant seas to protect Chinese citizens, investments, and critical sea lines of communication
(SLOC).
China most likely will seek to establish additional naval logistics hubs in countries with which it has a
longstanding friendly relationship and similar strategic interests, such as Pakistan, and a precedent for hosting foreign militaries. China’s overseas naval logistics aspiration may be constrained
by the willingness of countries to support a PLAN presence in one of their ports.
So far, China has not constructed U.S. – style overseas military bases in the Indian Ocean. China’s leaders may judge instead that a mixture of preferred access to overseas commercial ports and a limited number of exclusive PLAN logistic facilities—probably collocated with commercial ports—
most closely aligns with China’s future overseas logistics needs to support its evolving naval requirements.
Preferred access would give the PLAN favored status in using a commercial port for resupply,
replenishment, and maintenance purposes. A logistics facility would represent an arrangement in
which China leases out portions of a commercial port solely for PLAN logistics operations.
Such a logistics presence may support both civilian and military operations. China’s current naval logistics footprint in the Indian Ocean is unable to support major combat operations in South Asia. A greater overseas naval logistics footprint would better position the PLAN to expand its participation in non-war military missions, such as non-combatant evacuation operations (NEO), search-and-rescue (SAR), humanitarian assistance/disaster relief (HA/DR), and sea lines of communication (SLOC) security. To some extent, a more robust overseas logistics presence may also enable China to expand its support to PKO, force protection missions, and counterterrorism initiatives.
For example, in 2015, the PLAN’s naval escort task forces performing counterpiracy escort duties in the Gulf of Aden were able to utilize Djibouti and Oman for basic resupply and replenishment. The 156 page report is here.
*** http://www.combataircraft.net/wp-content/uploads/sites/5/2016/03/CA-Mar-12-Pic-12-1.jpgElectronic attack J-16
A dedicated electronic warfare (EW) version of the Shenyang J-16 fighter completed its maiden flight on December 18 last year. The first images of the aircraft — sometimes described as the J-16D or even J-16G — reveal several changes compared to the standard J-16 fighter-bomber: most obviously, two large EW pods on the wingtips that are very similar in appearance to the AN/ALQ-218 tactical jamming receivers used by the Boeing EA-18G Growler. The aircraft also features a new, shorter radome and the standard 30mm cannon and the optical sensor in front of the starboard side of the windshield have been removed. In addition, several conformal dielectric EW arrays can be seen around the fuselage, front section (behind the radome), and intakes. Photo
In the wake of Russia’s demonstrations of advanced electromagnetic spectrum and communications jamming capabilities, most recently displayed in their incursion into Ukraine, China also is upping its game in this space, demonstrating similar capabilities in the Pacific.

The U.S. Department of Defense, in an annual report to Congress on China’s military and security developments, assessed that the country is placing greater importance upon EW, on par with traditional domains of warfare such as air, ground and maritime.

“The [People’s Liberation Army] sees EW as an important force multiplier, and would likely employ it in support of all combat arms and services during a conflict,” the 2016 report asserts. “The PLA’s EW units have conducted jamming and anti-jamming operations, testing the military’s understanding of EW weapons, equipment, and performance. This helped improve the military’s confidence in conducting force-on-force, real-equipment confrontation operations in simulated EW environments.”

According to the report, China’s EW weapons include “jamming equipment against multiple communication and radar systems and GPS satellite systems. EW systems are also being deployed with other sea- and air-based platforms intended for both offensive and defensive operations.”More here.

***
Collaboration on Satellites
….uh huh…. Joint military operation locations:
Before Russia and China began their recent series of bilateral exercises, the key tie between Moscow and Beijing was arms sales and military technology cooperation — totaling about $26 billion from 1992 to 2006 — according to estimates cited in the report.

Moscow sold Beijing, “export versions of the Su-27 and Su-30 fighter, the S-300 SAM defense system, Sovermennyy-class guided missile destroyer, and Kilo-class diesel-electric submarine,” the report said, citing data from the Stockholm International Peace Research Institute.
Fears of China copying Russian systems led to a drop off in arms sales between the two countries – especially higher end weapon systems. Chinese arms manufactures are notorious for taking, modifying and reproducing weapon designsMore here.

Russia and China are planning to merge their satellite tracking systems, RT.com is reporting.

The giant system will be able to cover most of an area including China, Kazakhstan, Kyrgyzstan, Russia, Tajikistan, Uzbekistan, India and Pakistan. according to RT, the Russian-funded news outlet.

The two nations will reportedly negotiate terms of the merger in May during a conference in China.

Russia and China will be able to share data on positions of navigation satellite groups and to improve efficiency in a real-time environment, RT reported.

The merger was initiated by Chinese officials.

“If the project is implemented, it will allow for an improvement in accuracy for both systems,” a spokesman for the Russian Federal Space Agency, Roscosmos was quoted.

Japan and India are getting set for their own regional navigation satellite systems, RT reported. The system is expected to be operational by the end of the year.

 

4 Days of Food Left…Panic? National Grid Hacked

Posted on by

If there is no transportation, there is no food, medicine or basic supplies….what country is ready to deal with this?

British cities would be uninhabitable within days and the country is only a few meals from anarchy if the National Grid was taken down in a cyber attack or solar storm, disaster and security experts have warned.

Modern life is so reliant on electricity that a prolonged blackout would quickly lead to a loss of water, fuel, banking, transport and communications that would leave the country “in the Stone Age”.

Russia plot to cut off UK with hackers taking down ... photo

The warning comes weeks after the Defence Secretary, Gavin Williamson, said Russia had been spying on the UK’s energy infrastructure and could cause “thousands and thousands and thousands” of deaths if it crippled the power supply.

***

The U.S. government has just released an important cybersecurity alert that confirms Russian government cyberattacks targeting energy and other critical infrastructure sectors in the United States.

While there has recently been a significant rise in cyberattacks in these industries, up to now we’ve only been able to speculate on who the actors are, or what their motives may be. In this case the threat actor and their strategic intent has been clearly confirmed, something the U.S. government rarely does publicly.

In addition, the US-CERT alert provides descriptions of each stage of the attack, detailed indicators of compromise (IOCs), and a long list of detection and prevention measures. Many of the attack tactics are like Dragonfly 2.0, so much so that one might call this an expanded playbook for Dragonfly. The Nozomi Networks solution ships today with an analysis toolkit that identifies the presence of Dragonfly 2.0 IOCs.

This article is intended to help you gain perspective on this recent alert, provide additional guidance on what security measures to take, and describe how the Nozomi Networks solution can help.

Russian-Cyberattacks-on-Infrastructure

U.S. energy facilities, like this one, are one of the critical infrastructure targets of the Russian cyberattacks.

Multi-Stage Campaigns Provide Opportunities for Early Detection

The US-CERT alert characterizes this attack as a multi-stage cyber intrusion campaign where Russian cyber actors conducted spear phishing and gained remote access into targeted industrial networks. After obtaining access, the threat vectors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).

This pattern of behavior is typical of APTs (Advanced Persistent Threats). APTs occur over an extended period, meaning there is an opportunity to detect and stop them before damage is done. With the right technology monitoring the industrial network, it is much harder for them to go unobserved before their final attack.

In this case the Russian cyberattacks started by infecting staging targets, which are peripheral organizations, such as trusted third-party suppliers, as pivot points for attacking the final intended targets.

The attackers used a multitude of tactics involving information relevant to industrial control professionals for initial infection of the staging targets. Examples include:

  • Altering trade publication websites
  • Sending emails containing resumes for ICS personnel as infected Microsoft Word attachments
  • Analyzing publicly available photos that inadvertently contained information about industrial systems

The credentials of staging targets’ staff were in turn used to send spear phishing emails to the staff of the intended targets. They received malicious .docx files, which communicated with a command and control (C2) server to steal their credentials.

The SMB (Server Message Block) network protocol was used throughout the spear phishing phases to communicate with external servers, as was described for the Dragonfly 2.0 attacks.This is a distinctive tactic. SMB is usually only used to communicate within LANs, not for outbound communications. Now that this is known, asset owners should ensure their firewalls are locked down for outbound service restrictions.

The credentials of the intended targets were used to access victim’s networks. From there, the malware established multiple local administrator accounts, each with a specific purpose. The goals ranged from creation of additional accounts to cleanup activity. For the report, click here.

***

What Is Known

Forensic analysis shows that the threat actors sought information on network and organizational design and control system capabilities within the organization. In one instance, the report says, the threat actors downloaded a small photo from a publicly accessible human resource page, which, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background. The threat actors also compromised third-party suppliers to download source code for several intended targets’ websites. They also attempted to remotely access corporate web-based email and virtual private network (VPN) connections.

Once inside the intended target’s network, the threat actors used privileged credentials to access domain controllers via remote desktop protocols (RDP) and then used the batch scripts to enumerate hosts and users, as well as to capture screenshots of systems across the network.

The threat is inside. US-CERT on March 15 warned that threat actors associated with the Russian government had infiltrated ICS and SCADA systems at power plants using a variety of tactics. This image is a DHS reconstruction of a screenshot fragment of a human machine interface (HMI) that the threat actors accessed. Source: US-CERT

The threat is inside. US-CERT on March 15 warned that threat actors associated with the Russian government had infiltrated ICS and SCADA systems at power plants using a variety of tactics. This image is a DHS reconstruction of a screenshot fragment of a human machine interface (HMI) that the threat actors accessed. Source: US-CERT

Along with publishing an extensive list of indicators of compromise, the DHS and FBI recommended that network administrators review IP addresses, domain names, file hashes, network signatures, and a consolidated set of YARA rules for malware associated with the intrusion authored by the National Cybersecurity and Communications Integration Center. YARA is an open-source and multiplatform tool that provides a mechanism to exploit code similarities between malware samples within a family.

When Biden and Kerry Concocted a Shady Equity Firm

Posted on by

Keep this post in your bookmarks as we enter into the 2020 general election….

Primer:

1. China plants industrial espionage operatives in the U.S. that steal government contract secrets and sell them back to China. FBI caught at least one.

2. Through cyber espionage, China has stolen much of the F-35 technology, more than 50 terabytes.

3. John Kerry and Joe Biden did exactly the same thing as Hillary…sold access for money while exploiting it all as diplomatic missions with the title(s) of bi-lateral agreements.

4. Subpoena former Treasury Secretary Jack Lew and ask him about the CFIUS approvals of Chinese back enterprises. We may surely need to go back to former Treasury Secretary, Tim Geithner, did he set the table for all this with Obama’s approval creating that ‘Asia Pivot‘?

5. What does Congress know about foreign investments and when do they know it? They get reports, but who is asking questions, anyone?

http://commonsensenation.net/wp-content/uploads/2018/03/Biden.jpg photo

NYP: Joe Biden and John Kerry have been pillars of the Washington establishment for more than 30 years. Biden is one of the most popular politicians in our nation’s capital.

His demeanor, sense of humor, and even his friendly gaffes have allowed him to form close relationships with both Democrats and Republicans. His public image is built around his “Lunch Bucket Joe” persona. As he reminds the American people on regular occasions, he has little wealth to show for his career, despite having reached the vice presidency.

One of his closest political allies in Washington is former senator and former Secretary of State John Kerry. “Lunch Bucket Joe” he ain’t; Kerry is more patrician than earthy. But the two men became close while serving for several decades together in the US Senate. The two “often talked on matters of foreign policy,” says Jules Witcover in his Biden biography.

So their sons going into business together in June 2009 was not exactly a bolt out of the blue.

But with whom their sons cut lucrative deals while the elder two were steering the ship of state is more of a surprise.

What Hunter Biden, the son of America’s vice president, and Christopher Heinz, the stepson of the chairman of the Senate Committee on Foreign Relations (later to be secretary of state), were creating was an international private equity firm. It was anchored by the Heinz family alternative investment fund, Rosemont Capital. The new firm would be populated by political loyalists and positioned to strike profitable deals overseas with foreign governments and officials with whom the US government was negotiating.

Hunter Biden, Vice President Joe Biden’s youngest son, had gone through a series of jobs since graduating from Yale Law School in 1996, including the hedge-fund business.

By the summer of 2009, the 39-year-old Hunter joined forces with the son of another powerful figure in American politics, Chris Heinz. Senator John Heinz of Pennsylvania had tragically died in a 1991 airplane crash when Chris was 18. Chris, his brothers, and his mother inherited a large chunk of the family’s vast ketchup fortune, including a network of investment funds and a Pennsylvania estate, among other properties. In May 1995, his mother, Teresa, married Senator John Kerry of Massachusetts. That same year, Chris graduated from Yale, and then went on to get his MBA from Harvard Business School.

Joining them in the Rosemont venture was Devon Archer, a longtime Heinz and Kerry friend.

The three friends established a series of related LLCs. The trunk of the tree was Rosemont Capital, the alternative investment fund of the Heinz Family Office. Rosemont Farm is the name of the Heinz family’s 90-acre estate outside Fox Chapel, Pennsylvania.

The small fund grew quickly. According to an email revealed as part of a Securities and Exchange Commission investigation, Rosemont described themselves as “a $2.4 billion private equity firm co-owned by Hunter Biden and Chris Heinz,” with Devon Archer as “Managing Partner.”

The partners attached several branches to the Rosemont Capital trunk, including Rosemont Seneca Partners, LLC, Rosemont Seneca Technology Partners, and Rosemont Realty.

Of the various deals in which these Rosemont entities were involved, one of the largest and most troubling concerns was Rosemont Seneca Partners.

Rather than set up shop in New York City, the financial capital of the world, Rosemont Seneca leased space in Washington, DC. They occupied an all-brick building on Wisconsin Avenue, the main thoroughfare of exclusive Georgetown. Their offices would be less than a mile from John and Teresa Kerry’s 23-room Georgetown mansion, and just two miles from both Joe Biden’s office in the White House and his residence at the Naval Observatory.

Over the next seven years, as both Joe Biden and John Kerry negotiated sensitive and high-stakes deals with foreign governments, Rosemont entities secured a series of exclusive deals often with those same foreign governments.

Some of the deals they secured may remain hidden. These Rosemont entities are, after all, within a private equity firm and as such are not required to report or disclose their financial dealings publicly.

Some of their transactions are nevertheless traceable by investigating world capital markets. A troubling pattern emerges from this research, showing how profitable deals were struck with foreign governments on the heels of crucial diplomatic missions carried out by their powerful fathers. Often those foreign entities gained favorable policy actions from the United States government just as the sons were securing favorable financial deals from those same entities.

Nowhere is that more true than in their commercial dealings with Chinese government-backed enterprises.

Rosemont Seneca joined forces in doing business in China with another politically connected consultancy called the Thornton Group. The Massachusetts-based firm is headed by James Bulger, the nephew of the notorious mob hitman James “Whitey” Bulger. Whitey was the leader of the Winter Hill Gang, part of the South Boston mafia. Under indictment for 19 murders, he disappeared. He was later arrested, tried, and convicted.

James Bulger’s father, Whitey’s younger brother, Billy Bulger, serves on the board of directors of the Thornton Group. He was the longtime leader of the Massachusetts state Senate and, with their long overlap by state and by party, a political ally of Massachusetts Senator John Kerry.

Less than a year after opening Rosemont Seneca’s doors, Hunter Biden and Devon Archer were in China, having secured access at the highest levels. Thornton Group’s account of the meeting on their Chinese-language website was telling: Chinese executives “extended their warm welcome” to the “Thornton Group, with its US partner Rosemont Seneca chairman Hunter Biden (second son of the now Vice President Joe Biden).”

The purpose of the meetings was to “explore the possibility of commercial cooperation and opportunity.” Curiously, details about the meeting do not appear on their English-language website.

Also, according to the Thornton Group, the three Americans met with the largest and most powerful government fund leaders in China — even though Rosemont was both new and small.

The timing of this meeting was also curious. It occurred just hours before Hunter Biden’s father, the vice president, met with Chinese President Hu in Washington as part of the Nuclear Security Summit.

There was a second known meeting with many of the same Chinese financial titans in Taiwan in May 2011. For a small firm like Rosemont Seneca with no track record, it was an impressive level of access to China’s largest financial players. And it was just two weeks after Joe Biden had opened up the US-China strategic dialogue with Chinese officials in Washington.

On one of the first days of December 2013, Hunter Biden was jetting across the Pacific Ocean aboard Air Force Two with his father and daughter Finnegan. The vice president was heading to Asia on an extended official trip. Tensions in the region were on the rise.

The American delegation was visiting Japan, China, and South Korea. But it was the visit to China that had the most potential to generate conflict and controversy. The Obama administration had instituted the “Asia Pivot” in its international strategy, shifting attention away from Europe and toward Asia, where China was flexing its muscles.

For Hunter Biden, the trip coincided with a major deal that Rosemont Seneca was striking with the state-owned Bank of China. From his perspective, the timing couldn’t have been better.

Vice President Biden, Hunter Biden and Finnegan arrived to a red carpet and a delegation of Chinese officials. Greeted by Chinese children carrying flowers, the delegation was then whisked to a meeting with Vice President Li Yuanchao and talks with President Xi Jinping.

Hunter and Finnegan Biden joined the vice president for tea with US Ambassador Gary Locke at the Liu Xian Guan Teahouse in the Dongcheng District in Beijing. Where Hunter Biden spent the rest of his time on the trip remains largely a mystery. There are actually more reports of his daughter Finnegan’s activities than his.

What was not reported was the deal that Hunter was securing. Rosemont Seneca Partners had been negotiating an exclusive deal with Chinese officials, which they signed approximately 10 days after Hunter visited China with his father. The most powerful financial institution in China, the government’s Bank of China, was setting up a joint venture with Rosemont Seneca.

The Bank of China is an enormously powerful financial institution. But the Bank of China is very different from the Bank of America. The Bank of China is government-owned, which means that its role as a bank blurs into its role as a tool of the government. The Bank of China provides capital for “China’s economic statecraft,” as scholar James Reilly puts it. Bank loans and deals often occur within the context of a government goal.

Rosemont Seneca and the Bank of China created a $1 billion investment fund called Bohai Harvest RST (BHR), a name that reflected who was involved. Bohai (or Bo Hai), the innermost gulf of the Yellow Sea, was a reference to the Chinese stake in the company. The “RS” referred to Rosemont Seneca. The “T” was Thornton.

The fund enjoyed an unusual and special status in China. BHR touted its “unique Sino-US shareholding structure” and “the global resources and network” that allowed it to secure investment “opportunities.” Funds were backed by the Chinese government.

In short, the Chinese government was literally funding a business that it co-owned along with the sons of two of America’s most powerful decision makers.

The partnership between American princelings and the Chinese government was just a beginning. The actual investment deals that this partnership made were even more problematic. Many of them would have serious national security implications for the United States.

In 2015, BHR joined forces with the automotive subsidiary of the Chinese state-owned military aviation contractor Aviation Industry Corporation of China (AVIC) to buy American “dual-use” parts manufacturer Henniges.

AVIC is a major military contractor in China. It operates “under the direct control of the State Council” and produces a wide array of fighter and bomber aircraft, transports, and drones — primarily designed to compete with the United States.

The company also has a long history of stealing Western technology and applying it to military systems. The year before BHR joined with AVIC, the Wall Street Journal reported that the aviation company had stolen technologies related to the US F-35 stealth fighter and incorporated them in their own stealth fighter, the J-31. AVIC has also been accused of stealing US drone systems and using them to produce their own.

In September 2015, when AVIC bought 51 percent of American precision-parts manufacturer Henniges, the other 49 percent was purchased by the Biden-and-Kerry-linked BHR.

Henniges is recognized as a world leader in anti-vibration technologies in the automotive industry and for its precise, state-of-the-art manufacturing capabilities. Anti-vibration technologies are considered “dual-use” because they can have a military application, according to both the State Department and Department of Commerce.

The technology is also on the restricted Commerce Control List used by the federal government to limit the exports of certain technologies. For that reason, the Henniges deal would require the approval of the Committee on Foreign Investment in the United States (CFIUS), which reviews sensitive business transactions that may have a national security implication.

According to BHR internal documents, the Henniges deal included “arduous and often-times challenging negotiations.” The CFIUS review in 2015 included representatives from numerous government agencies including John Kerry’s State Department.

The deal was approved in 2015.

Excerpted with permission from “Secret Empires: How the American Political Class Hides Corruption and Enriches Family and Friends,” by Peter Schweizer, published by Harper Collins. The book goes on sale March 20.