The DoJ Hacked, DHS Files Compromised

Hackers leaked DHS staff records, 200GB of files are in their hands

A hacker accessed an employee’s email account at the Department of Justice and stole 200GB of files including records of 9,000 DHS staffers and 20,000 FBI employees.

SecurityAffairs: Yesterday, the data related a Department of Homeland Security (DHS) staff directory were leaked online, a Twitter account shared the link to an archive containing 9,355 names.

The responsible for the data leakage first contacted Motherboard to share the precious archive.

Each record of the DHS Staff Directory includes name, title, email address, and phone number.

Going deep in the archive it is possible to note that it includes information of DHS security specialists, program analysts, InfoSec and IT and also 100 employees with a title “Intelligence”.

The same Twitter account has announced later the imminent release of an additional data dump containing 20,000 FBI employees.

DHS firewall

Are the records authentic?

Motherboard that obtained the archive reached the operations center of the FBI, and in one case the individual who pick up the phone presented himself with the same name associated with that number in the archive. A similar circumstance occurred with a DHS employee, Motherboard so confirmed that the information is legit.

Which is the source of data?

According to Motherboard, a hacker accessed an employee’s email account at the Department of Justice. As proof, the hacker sent the email message to Motherboard’s contributor Joseph Cox directly from the compromised account.

“A hacker, who wishes to remain anonymous, plans to dump the apparent names, job titles, email addresses and phone numbers of over 20,000 supposed Federal Bureau of Investigation (FBI) employees, as well as over 9,000 alleged Department of Homeland Security (DHS) employees, Motherboard has learned.” wrote Cox in a blog post.

“The hacker also claims to have downloaded hundreds of gigabytes of data from a Department of Justice (DOJ) computer, although that data has not been published.”

The hacker first tried to use the compromised credentials to access a DOJ staff portal, but without success, then he called the department directly and obtained the access through social engineering techniques.

The hacker accessed the DoJ intranet where the database is hosted, then he downloaded around the, out of 1TB that he had access to.

“I HAD access to it, I couldn’t take all of the 1TB,” the hacker told to MotherBoard.

The hackers confirmed his intention to release the rest of the data in the near future.Which is the motivation behind the attack?

It is not clear at the moment why the hacker released the archive, surely it’s not financially motivated. The hacker only left the following message when has leaked the data-

“This is for Palestine, Ramallah, West Bank, Gaza, This is for the child that is searching for an answer…” which are the verses of “Long Live Palestine”

The only certainty right now is that similar incidents are becoming too frequent, apparently the government staff is not properly trained on the main cyber threats or the hacking technique. Similar incidents show the lack of knowledge on the most basic security measures.
Whenever a hacker leaks so sensitive data, I think the number of his peers who had access to the same information with the intent to use them in other attacks or resell them, perhaps to a foreign government.

Pierluigi Paganini

*** As a reminder, in 2014 a much more dangerous hack intrusion happened at the DHS:

The Department of Homeland Security (DHS) alerted critical infrastructure operators to recent breaches within the sector – including the hack of a U.S. public utility that was vulnerable to brute-force attacks.

This week, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a subgroup of DHS, revealed information about the incidents in a newsletter (PDF).

According to ICS-CERT, industrial control systems were compromised in two, new incidents: one, involving the hack of an unnamed public utility, and another scenario where a control system server was remotely accessed by a “sophisticated threat actor.”

After investigating the public utility hack, ICS-CERT found that the system’s authentication mechanism was susceptible to brute-force attacks – where saboteurs routinely run through a list of passwords or characters to gain access to targeted systems. The control system used a simple password mechanism, the newsletter revealed.

In

What do Banks Say About the Recession?

What do economists have in their forecasts?

It is important to watch other countries performance like China, Greece and Brazil:

Bank Of America Admits The U.S. May Already Be In A Recession

Zerohedge: Almost one year ago, in March 2015, we explained how “The Fed’s Artificial Steepening Of The Yield Curve” has resulted in many unexpected consequences, the most important of which has been the erroneous interpretation of the yield curve as a leading recessionary signal. As said back then, “the artificially steep yield curve is a reflection of policy intent not economic reality…. Where the yield curve in the all-important belly of the 5s10s might have deeply inverted in the past just prior to recession, there is no justification to expect the same attainment of absolute levels where artificial monetary intrusion has pushed the curve much, much steeper.”

One week ago, it was as if a light bulb went off over Wall Street’s head, when first Deutsche Bank’s Dominic Konstam realized the significance of the above excerpt, and admitted that far from the 4% recession odds that the Fed’s hopeless FRB/US DSGE computer model spews out when looking at the “normal” yield curve, when normalizing for the Fed’s intervention odds of a recession in the next 12 months soar to 50%!

In a special report published earlier this week, we noted that today’s near-zero interest rate regime does not allow the yield curve to freely invert or even flatten too much because of certain structural limits. For example, liabilities-driven investors who in the past could receive long rates below the fed funds rate can no longer do so once rates are floored at zero. Investment fund managers are also restricted by mandates from buying negative yielding assets that lead to mark-to-market losses on their portfolios. Pension investors, who must target returns based on liability assumptions, have been driven into high yielding non-core rate assets as their discount rates are stubbornly and unrealistically high compared to Treasury yields. These factors keep the curve artificially steep even though both short and long rates have been clearly trending downward over the years.

An “artificially steep yield curve” – almost as if that’s exactly the phrase we used before. What DB did then is the logical next step: to adjust the artificial yield curve and exclude the Fed’s intervention. 

To address the artificial steepness of the curve we corrected the 3m10y spread for the level of the rates. Specifically we regressed the spread against the short rate, leaving the residual which by definition removes for the bias of the rate level and is centered at zero. Using this new curve as model input, we found the probability of a recession in the next 12 months is 46 percent, considerably higher than the original Fed model has predicted.

But wait, there’s more, because while the short-end remains anchored, with every 25 bps tightening in the 10Y yield, recession odds rise by another 6%.

As it may be useful for investors, we attempt to handicap the relationship between the yield curve and future recessions captured in our model. Holding the 3m rate constant, every 25 bps rally in 10s (implying an equal flattening in 3m10y) raises the recession probability by 6 percent. If 10yr yields rally to 1.50%, our model predicts a 59 percent chance of recession in the next 12 months; at 1.00% 10s, the probability is 71 percent.

 

At Friday’s close, recession odds are well over 50% according to DB’s model.

Or perhaps far higher, because shortly after DB admitted what we said in early 2015, namely that everyone who was looking at the yield curve as is was wrong, Bank of America’s Ruslan Bikbov did the exact same analysis and ended up with a far more disturbing conclusion:

The US Treasury curve is still steep by historical standards. Taken at face value, this may suggest recession odds are small. However, we argue this logic is flawed because the curve is structurally steep when the Fed Funds rate is close to zero. When adjusted for the proximity of rates to zero, the curve may already be inverted and therefore may already be priced for a recession.

And numerically: “Implied recession odds are as high as 64% if the adjusted OIS curve is used

Laughably, this comes from the same bank whose chief economist Ethan Harris recently “predicted” US GDP for the next decade and forecast there will be no recession until 2027… the same Ethan Harris as profiled in “Perma-bears” 1 – BofA Economist 0.

* * *

Below are the full wonkish details from BofA for all those Wall Street strategists who still hold on to the erroneous creed that recession odds are non-existent if simply looking at the unadjusted yield curve.

A leading recession indicator

We received numerous questions on the shape of the US yield curve and its relationship to recession odds. With the sharp weakening of US manufacturing data in recent months, recession risks are on everybody’s mind, while the curve has the reputation of one of the most powerful leading recession indicators. The basic fact is likely well known to our clients: each US recession since the mid 1950s (when Treasury bond data become available) was preceded by an inverted or extremely flat curve within one year before a recession start (Chart 8). This is, of course, intuitive because a flat curve reflects lower growth and/or inflation expectations. Some of our clients and market commentators pointed to this fact and the relative steepness of the curve to argue that current recession risks are rather low. Indeed, the 3m10s curve at 155bp is still far from being flat (Chart 8).

Mind the zero bound

However, we believe that a simple mechanical extrapolation of the past link between the curve and recession odds is flawed. In particular, curve-based models calibrated to pre-2009 data are likely to underestimate recession odds today. This is because with the Fed Funds at only 38bp risks for plausible Fed Funds paths are asymmetric. Although tighter policy paths are unconstrained, the room for further cuts is likely limited resulting in a steepening bias for the curve. To see this, imagine an extreme situation where the policy rate is at zero and negative rates are not feasible. In such a scenario the curve simply cannot invert, and must be necessarily biased steeper relative to its historical distribution.

Granted, we cannot rule out the possibility of negative rates in the US, but it is safe to say the Fed’s reaction function must be highly asymmetric around zero. Because negative rates entail significant risks for the financial stability of money market funds and the banking sector, the negative growth/inflation shock required for a cut below zero should be larger than positive shocks required for a hike of a comparable size. In addition, negative rates should be floored by the storage cost of currency, another reason for asymmetric risks around zero. In any case, the market currently sees only a small chance of negative rates in the US (Chart 9). The end result is structural steepness of the curve at near-zero Fed Funds levels.

Don’t wait for the curve to invert

Even a casual look at other countries with near-zero policy rates confirms that the curve does not need to flatten significantly for a recession to occur. Consider Japan, a country with the longest zero-rate history. Japan had a recession in 1991-1993, which was preceded by an inverted curve, consistent with past US experience (Chart 10). But note the call rate was at 8% when the curve inverted. Since 1995, the call rate has not exceeded 50bp. Over that period, Japan had four official (announced by the Committee for Business Cycle Indicators) recessions, none of which was preceded by an inverted curve (Chart 10).

A number of other G10 countries adopted near-zero rate policy regimes since 2008 and experienced recessions since then. Some of these recession episodes are analyzed in Table 3. We use two methods to identify recessions: technical definition (at least two consecutive quarters of negative growth) and recession dates reported by Economic Cycle Research Institute (ECRI), which employs methodology similar to that of the NBER in the US. For each recession episode, we report the range of the 3m10s government curve and the policy rate observed for a year immediately before the beginning of a recession.

Again, an inverted curve did not emerge to signal an imminent recession. In fact, in some cases the curve ahead of recessions was steeper than in the US today. As an illustration, Chart 11 shows the historical German curve. Consistent with typical US experience, the curve flattened to extreme levels ahead of each of the pre-2009 recessions. However, Germany also had a technical recession in Q4 2012-Q1 2013 when the ECB rate depo rate was at zero. Not surprisingly, the curve remained steep before that recession. In fact, the curve did not flatten below 120bp in the one-year period ahead of the recession.

Adjusting the curve for zero-rate effects

Although the curve cannot be taken at face value in a near-zero rate regime, we believe it may still provide useful information about recession odds if adjusted for the zero bound effect. The idea is to estimate a model-implied curve that could be prevalent today if negative rates were just as feasible as positive. The curve adjusted in such a way may be directly compared to its historical distribution. As a result, it may be a better recession signal than the observed curve.

Turning to technical details, we model forward rates with a truncated (at zero) normal distribution, calibrated by matching its mean and standard deviation to forward rates and at-the-money option prices. We then compute adjusted forwards as the mean of the corresponding distribution without truncation (hence, using a symmetric distribution around the mean and allowing for negative rates). Although the choice of the truncated normal distribution is somewhat arbitrary, it provides a simple tool to model the core of our argument. Because very long-dated options are not liquid, we analyze 3m5s rather than 3m10s (normally used in academic literature) Treasury curve for this analysis. We found only a small deterioration in R2 statistics for recession forecasting probit models when the 3m5s curve is used instead of 3m10s. Consistent with intuition, the 3m5s curve adjusted in such a way has been significantly flatter than actually observed curve (Chart 12).

Technical factors contributed to Treasury curve steepness

Further, the Treasury curve may be currently skewed steeper by technical factors. Treasury bonds in the belly of the curve dramatically cheapened in the past few months, which is evident from extremely tight levels of swap and OIS/Treasury spreads. As a result, the Treasury curve now looks very steep to OIS. While the 3m5s Treasury curve is at 92bp, the corresponding OIS curve is only at 56bp (Chart 13). The likely reason for this is reserve selling of foreign central banks who need to support national currencies against the recent USD appreciation. International reserves of world central banks declined by about $1tn since September 2015. At the same time, the ability of dealers to absorb the supply has declined in recent years due to regulatory pressures on balance sheets.

Conventionally, academic literature on recession forecasting uses Treasury curve data. But the Treasury curve may not be the best measure of market expectations, presumably the key component of the curve predictive power. Because of the technical nature of the recent Treasury cheapening, the OIS curve should be a better measure of market expectations, and therefore may be more relevant for  assessing recession risks.

 

The curve may be priced for a recession

Applying our methodology to the OIS curve, we found that the adjusted 3m5s OIS curve at -30bp is already inverted. This suggests that the curve already could be priced for a recession (Chart 12). Granted, our methodology signaled a false alarm in 2012 when the curve was also inverted but a recession did not follow (Chart 12). However, at that time the curve flattened to extreme levels because of the forward guidance, an unprecedented event in the history of US monetary policy. In contrast, this time the curve flattened following the Fed hike, which looks more like a typical curve inversion episode. In fact, the Fed was hiking in all previous historical episodes where the curve inverted ahead of US recessions (Chart 8). From this point of view, the current curve flattening may be more worrisome.

Implied recession odds

Our economics team sees only about a 20% probability of a recession in the next year. They argue that the two most important causal factors in recession–aggressive Fed tightening in a battle against above-target inflation and very high oil prices–are not evident today. They also argue that both “real” and financial bubbles are small. The only sector that overexpanded in the recovery is the tiny oil and gas sector (about 2% of the economy at the peak) and the high yield sector overshot fundamentals, but it is much less important than the housing and equity market bubbles of the last two cycles.

Nonetheless, clearly markets are worried and an indicator we have developed confirms their concerns. To quantify implications from the inversion of the adjusted curve, we follow academic literature to compute model-implied recession probabilities from a standard probit regression based on the curve. We acknowledge this type of a model is highly simplistic and does not take into account all the complexities of today economic environment. Still, model probabilities may be interesting to know given the curve’s track record.

We estimated a standard probit model to pre-2009 sample when zero rates were not an issue. We then computed implied probability of a recession within next 12 months with different assumptions about the proper curve to be used in the current regime (Table 4). The model implies about 32% recession odds if the Treasury curve is taken at face value. Just using OIS instead of Treasury rates brings this probability to about 42%. Implied recession odds are as high as 64% if the adjusted OIS curve is used (Table 4).

China’s Best Method of Industrial Espionage

Obscure Chinese Firm Dives Into $22 Trillion U.S. Market

Bloomberg: When Cromwell Coulson heard that an obscure Chinese real estate firm had agreed to buy the Chicago Stock Exchange, he was shocked.

“My first reaction was, ‘Wow, that’s who they’re selling to?”’ said Coulson, the chief executive officer of OTC Markets Group Inc. in New York. “These new buyers have no connection to Chicago’s existing business. They’re completely disconnected from the current business of supporting the Chicago trading community. So wow, that’s out of left field.”

While the world has gotten used to seeing Chinese companies snap up overseas businesses, the purchase of a 134-year-old U.S. stock market by Chongqing Casin Enterprise Group — a little-known property and investment firm from southwestern China — raises a whole host of questions. For starters, why does a provincial Chinese business with no apparent ties to the securities industry have any interest in buying one of America’s smallest equity exchanges? And will U.S. regulators sign off?

So far, Casin Group’s intentions are unclear, with calls to the company’s Chongqing headquarters going unanswered on Friday. If the deal does pass muster with American regulators, it would mark the first-ever Chinese purchase of a U.S. equity exchange, giving Casin Group a foothold in a $22 trillion market where even the smallest bourses have room to grow if they can provide the best price for a stock at any given moment.

The Chicago Stock Exchange — a subsidiary of CHX Holdings Inc. — is minority-owned by a group including E*Trade Financial Corp., Bank of America Corp., Goldman Sachs Group Inc. and JPMorgan Chase & Co., according to the company. The minority shareholders are also selling their stake, Chicago Stock Exchange Chief Executive Officer John Kerin said in a phone interview.

The deal values the exchange at less than $100 million, according to a person familiar with the matter, who asked to not be identified because the terms weren’t disclosed publicly. Mark O’Connor, a spokesman for the exchange, declined to comment on the size of the transaction.

Overseas Shopping

Casin Group’s offer, announced on Friday in a statement from the Chicago exchange, comes amid an unprecedented overseas shopping spree by Chinese companies. Businesses from Asia’s largest economy have announced $70 billion of cross-border acquisitions and investments this year, on track to break last year’s record of $123 billion, according to data compiled by Bloomberg.

While many of those deals had obvious business rationales, the reasons for Casin Group’s bid are less clear. The company, founded in the 1990s through a privatization of state-owned assets, initially focused on developing real estate projects in Chongqing, before expanding into the environmental and financial industries. While the firm owns stakes in banks and insurers, it has no previous experience owning an exchange.

Chinese Growth

Lu Shengju, the majority owner and chairman of Casin Group, wants to help bring Chinese companies to U.S. markets, according to the statement from Chicago’s bourse.

“We have reviewed CHX’s plans to improve market share through new growth initiatives and fully support them,” Lu, a torch bearer during the Beijing Olympic games in 2008, said in the statement, which didn’t disclose terms of the deal. “Together, we have a unique opportunity to help develop financial markets in China over the longer term and to bring exciting Chinese growth companies to U.S. investors.”

The Chicago Stock Exchange could serve as a venue for Chinese companies to list, said Dale Rosenthal, a clinical assistant professor of finance at the University of Illinois at Chicago.

“Because they’re an exchange, they can list stock,” Rosenthal said. “It has the potential to raise Chicago’s profile in China.”

Casin Group is no stranger to investing in outside businesses, including overseas targets. Three years ago, the firm increased its stake in Shenzhen-listed Guoxing Property to 30 percent, becoming the biggest shareholder. Guoxing, now 60 percent owned by Casin Group, has soared 170 percent in the past two months, versus a 19 percent drop in the CSI 300 Index, data compiled by Bloomberg show. Casin Group bought a 25 percent stake in Singapore-based Great Eastern Life Assurance in 2013.

“It’s interesting to see the Chinese increase their footprint in the U.S.,” said Ramon Camacho, a principal at RSM US LLP, an audit, tax and consulting company based in Chicago. “These investors are looking for a platform to showcase and bring to market Chinese companies.”

The company’s bid for the Chicago bourse could face political opposition, with American regulators and politicians taking a skeptical approach toward foreign investments in industries deemed important to national interests. When Germany’s Deutsche Boerse AG wanted to buy the owner of the New York Stock Exchange in 2011, U.S. Senator Charles Schumer, a Democrat from New York, raised obstacles. The deal was finally scrapped on monopoly concerns.

Heavy Scrutiny

Some Chinese companies have come under heavy scrutiny as they tried to enter U.S. markets. Huawei Technologies Co., China’s largest phone-network equipment maker, was barred by the U.S. in 2011 from participating in building a nationwide emergency network.

The U.S. Securities and Exchange Commission would have to approve the deal, because the exchange is a self-regulatory organization. The new owners will have to show they intend to follow all of the regulations imposed on stock exchanges, whose listing and trading rules also must be approved by the SEC.

Additionally, the takeover would probably be reviewed by the Committee on Foreign Investment in the U.S., said Anne Salladin, a lawyer at Stroock & Stroock & Lavan LLP in Washington. CFIUS, a panel of government officials led by the Treasury Department that examines purchases of American businesses by foreign investors, can recommend the president block transactions it believes compromise national security. It can also impose changes to address any concerns.

“It’s a Chinese investment, and it’s in a potentially sensitive sector: financial infrastructure,” Salladin said.

CFIUS has been closely scrutinizing purchases of American businesses by Chinese buyers. Last month, Royal Philips NV abandoned its plan to sell its lighting-components unit to a Chinese-led investment group following opposition from CFIUS.

“If you have a U.S. stock exchange that’s primarily satisfying Chinese companies, the regulators are gonna look very closely at it,” Coulson said. “If your core business is listing Chinese companies in the U.S., that’s going to pick up a lot of regulatory scrutiny and caution.”

China Industrial Espionage:

This new book is the first full account, inside or outside government, of China’s efforts to acquire foreign technology.

Based on primary sources and meticulously researched, the book lays bare China’s efforts to prosper technologically through others’ achievements. For decades, China has operated an elaborate system to spot foreign technologies, acquire them by all conceivable means, and convert them into weapons and competitive goods—without compensating the owners. The director of the US National Security Agency recently called it “the greatest transfer of wealth in history.”

Written by two of America’s leading government analysts and an expert on Chinese cyber networks, this book describes these transfer processes comprehensively and in detail, providing the breadth and depth missing in other works. Drawing upon previously unexploited Chinese language sources, the authors begin by placing the new research within historical context, before examining the People’s Republic of China’s policy support for economic espionage, clandestine technology transfers, theft through cyberspace and its impact on the future of the US.

This book will be of much interest to students of Chinese politics, Asian security studies, US defence, US foreign policy and IR in general.

***

China’s long history of spying on business

CNN: The United States indicted five members of China’s People’s Liberation Army Monday, accusing them of hacking into American companies and pilfering closely-guarded trade secrets.  The charges — rejected by Beijing as “purely ungrounded and with ulterior purpose” — are a dramatic escalation in a squabble between the two countries over spying. But they will surprise few Americans working in sensitive industries.

While many countries engage in industrial espionage, China has long been among the most aggressive collectors of economic secrets — both online and off, experts say.

“I can tell you they [China] are the most pervasive,” Kevin Mandia, founder of cybersecurity firm Mandiant, told CNN. “The indictment is about taking intellectual property … it’s the theft of trade secrets, it’s economic espionage.” Full article here.

Epic Chinese Hacking is Forecasted

 

In 2015: Washington (CNN) A highly trained group of Chinese hackers is targeting defense, commercial and political organizations worldwide, pulling off sophisticated heists of sensitive information, according to new research out Wednesday.

Though Chinese cyberespionage has been well-documented, researchers from Dell SecureWorks Counter Threat Unit — a division of Dell tech company — say this group, nicknamed Emissary Panda by another research firm, has pulled off cyberattacks at a level of sophistication and specialization rarely seen before among Chinese hackers. More here.

Security Firm Warns of
New Chinese Cyber Attacks

FreeBeacon: China’s cyber attacks against U.S. government and private sector databases are part of a major intelligence-gathering operation and are likely to continue, according to a new report by a cyber security firm.

Chinese hackers stole health care data pertaining to some 80 million Americans last year, and the Office of Personnel Management cyber attacks netted sensitive records on 22 million federal workers, according to an annual threat report made public Wednesday by CrowdStrike, a cyber security and intelligence company. The company is widely consulted by both government and private sector organizations.

The gathering of personal data by the Chinese represents a new trend in Beijing’s aggressive cyber attacks.

“This targeting underscores that intrusion operations associated with nation-states pose a significant risk to all data, no matter how uninteresting it may seem,” the report said.

The 49-page “2015 Global Threat Report” also states that the U.S.-China agreement not to conduct commercial cyber theft has had little impact on Beijing’s cyber operations.

“Beneath the surface, however, China has not appeared to change its intentions where cyber is concerned,” the report said.

Any reduction in Chinese cyber attacks this year likely will be temporary, and an apparent reduction may result from the use of more clandestine methods for conducting attacks following a major military reorganization.

The military changes “will likely increase [China’s] reliance on its civilian intelligence agencies and associated contractors, all of which generally employ better tradecraft,” the report said.

“If observed campaigns in late 2015 were any indication, it is unlikely China will completely cease its cyber operations, and 2016 will show the new direction it is headed,” the report said.

More cyber attacks seeking personal data could take place in the future, and organizations that hold such data “should remain alert to the possibility of similar activity going into 2016,” the report said.

China’s cyber spies usually use cyber intrusions to steal strategic information, such as intellectual property, business operations data, and sensitive government documents.

Stolen personal data, on the other hand, “is typically used to facilitate identity theft or other types of financially motivated crimes,” the report said.

However, the compromised personal information from health insurance companies Anthem, Premera, and CareFirst last year could be used by the government or state-run companies.

The large data theft also appears to be part of Chinese efforts to “build out profiles on individuals to support future operations.”

The federal government data breaches were more damaging and included sensitive background investigation information on federal employees, the report said.

“Without doubt, access to this degree of [personally identifiable information] for both successful and unsuccessful applicants represents a treasure trove of information that may be exploited for counterintelligence purposes,” the report said.

The Chinese can now exploit millions of stolen records for intelligence operations.

“Knowledge acquired during these operations could be used to create more individualized, and therefore more effective, spear phishing campaigns, or also in more traditional, real-world espionage activity,” the report said, noting that the background investigation data “would be particularly useful to traditional [human intelligence] operations as it contains details of a very personal nature about current and former government employees, as well as private sector employees working on government contracts.”

The Chinese government, through the Ministry of Public Security, has launched a major domestic campaign to crack down on online dissent. The Ministry is conducting cyber operations against people and websites that post information opposed by communist authorities, including use of an offensive cyber security force called the “Great Cannon,” a supplement to the Great Firewall designed to block online users from accessing unapproved content.

In Russia, hackers linked to the government used malicious software for intelligence-gathering and for political coercion, such as against Ukraine. Moscow hackers also have conducted cyber reconnaissance—preparation of the cyber battlefield—in Europe and elsewhere.

“In February, widespread spear phishing … was detected and analyzed,” the report said. “These attacks targeted numerous entities in government, defense, and non-governmental organizations (NGOs) in the U.S., Europe, Asia, and South America.”

Russian hackers used stolen emails from a hack against the U.S. strategic consulting firm Stratfor, the report said, a tactic not typical of Russian hacking in the past.

International pressure on Moscow over its military activities, such as the annexation of Ukraine’s Crimea “portend increased intelligence collection by Russia-based adversaries particularly against regional targets and global energy companies,” the report said.

A Russian cyber intelligence operation, dubbed Berserk Bear, targeted oil and gas companies in the Middle East. Another operation, called Fancy Bear, targeted Chinese defense firms.

One Russian hacker group called CyberBerkut operating in Ukraine appears linked to Russian intelligence services.

North Korean cyber activities last year principally involved intelligence-gathering operations directed against South Korea.

Pressure from China could prompt Pyongyang to take a more aggressive cyber posture. And North Korean cyber activities also could expand into criminal activities to raise money for the regime, the report said.

Iran is expected to step up cyber attacks against Saudi Arabia. Regional tensions “increase the likelihood that Iran would use its proven cyber capabilities in 2016, targeting Saudi Arabia and regional governments that are becoming involved in the two countries’ dispute by choosing to align with Saudi Arabia.”

The report names more than 70 cyber adversaries and divides them into three types of attackers: Target intruders, such as nation states, cyber criminals, and “hacktivists.”

For cyber crime, attacks on banks and the use of ransom schemes increased during 2015.

“Phishing emails continued to dominate crimeware distribution throughout the year as the primary mechanism used for the aforementioned banking Trojans and ransomware threats,” the report said.

So-called hacktivist activities including politically motivated cyber attacks by groups like the Syrian Electronic Army and pro-ISIS hackers.

Several pro-Iranian hacker groups also were active last year, including Parastoo, Remember EMAD, and SOBH Cyber Jihad.

The group Remember EMAD—named after the Hezbollah terrorist Imad Mughniyah who was killed in a Damascus car bomb in 2009—claimed to have penetrated Pentagon networks and then threatened to release stolen data. No data was ever released.

ISIS hacking was very active last year and included campaigns of web defacement, the release of personal data—known as “doxing”—and the hijacking of social media accounts.

New Sanctions Confirm Iran/China/North Korea Missile Partners

The State Department knew it, the White House knew it, the National Security Council knew it, the CIA knew it and yet, Barack Obama approved the Iran deal even while China, North Korea and Iran collaborated on missile construction, materials, tests and scientists.

Going back to 2007, even Condoleeza Rice earnestly challenged China on the matter.

The Keys to Iran’s Missiles are in China and North Korea

The latest revelations about Iran’s ballistic missile program make it clear that sanctions on Tehran are pointless unless they’re imposed on China and the DPRK, too.
On Monday, Tehran condemned sanctions imposed by the U.S. Treasury Department over the weekend. “The U.S. sanctions against Iran’s ballistic missile program,” said Iranian Foreign Ministry spokesman Hossein Jaber Ansari, “have no legal or moral legitimacy.”

Gordon Chang, DailyBeast:

Earlier, Iranian President Hassan Rouhani issued a threat: “Any action will be met by a reaction.”

In fact, action and reaction—sequencing, in diplomatic speak—was always part of the picture.

The Obama administration undoubtedly knew of Iranian violations before signing the landmark nuclear arrangement with Tehran in July.

Treasury’s measures follow by more than three months Iran’s Oct. 10 launch of a nuclear-capable ballistic missile in violation of Security Council Resolution 1929.

On Sunday, a prisoner “swap” was announced by Tehran, then confirmed by Washington, in which four Iranian-Americans including Washington Post correspondent Jason Rezaian were let out of Iran’s prisons. Hours later, Treasury imposed its measures on 11 designated entities and individuals “involved in procurement on behalf of Iran’s ballistic missile program.”

The sanctions, delayed from the end of December to facilitate the prisoner swap, prohibit Americans and others from engaging in business dealings with the named entities and individuals, and orders U.S. banks to freeze their assets.

The U.S. prohibitions target two Iranian procurement networks, one based in China and the United Arab Emirates and the other involving Pyongyang’s notorious Korea Mining Development Trading Corp, better known as KOMID.

The dealings between Iran and North Korea, as The Daily Beast has noted, have been extensive and spanned three decades.

Several Iranian officials vowed on Friday to expand Tehran’s missile capabilities, a direct challenge to the United States which has threatened to impose new sanctions even as the vast bulk of its measures against Iran are due to be lifted under a nuclear deal. “As long as the United States supports Israel we will expand our missile capabilities,” Brigadier General Hossein Salami,second-in-command of the Revolutionary Guards, was quoted as saying by the Fars news agency. “We don’t have enough space to store our missiles. All our depots and underground facilities are full,” he added.
Several Iranian officials vowed on Friday to expand Tehran’s missile capabilities, a direct challenge to the United States which has threatened to impose new sanctions even as the vast bulk of its measures against Iran are due to be lifted under a nuclear deal. “As long as the United States supports Israel we will expand our missile capabilities,” Brigadier General Hossein Salami,second-in-command of the Revolutionary Guards, was quoted as saying by the Fars news agency. “We don’t have enough space to store our missiles. All our depots and underground facilities are full,” he added.
Several Iranian officials vowed on Friday to expand Tehran’s missile capabilities, a direct challenge to the United States which has threatened to impose new sanctions even as the vast bulk of its measures against Iran are due to be lifted under a nuclear deal. “As long as the United States supports Israel we will expand our missile capabilities,” Brigadier General Hossein Salami,second-in-command of the Revolutionary Guards, was quoted as saying by the Fars news agency. “We don’t have enough space to store our missiles. All our depots and underground facilities are full,” he added.

Some analysts believe that during this time there have been significant contributions of Iranian technology, but Bruce Bechtol, author of North Korea and Regional Security in the Kim Jong-un Era, disagrees. “The North Koreans are providing the expertise, the components, and the on-site development,” he told The Daily Beast over the weekend. “The Iranians are providing the money.”

Treasury’s explanatory comments tend to confirm the view that the transfer of technology has been one-way, noting that technicians from Iran’s Shahid Hemmat Industrial Group “traveled to North Korea to work on an 80-ton rocket booster being developed by the North Korean government.”

As Bechtol predicts, “The Iranians, of course, will insist that this is an ‘Iranian developed system,’” but it is not. The booster, he notes, looks like it is for the Taepodong series, the North’s longest-range launchers, or more ominously, a new family of missiles. The Taepodong missile, repainted, is the Unha-3 rocket.

This launcher “could allow Iran to achieve accurate global targeting of U.S. and Western military facilities in addition to large cities.”

Rick Fisher of the International Assessment and Strategy Center told The Daily Beast that this launcher “could allow Iran to achieve accurate global targeting of U.S. and Western military facilities in addition to large cities.” Bechtol thinks it won’t be long before the “rocket booster”—actually the first stage of an intercontinental missile—will be produced both in North Korea and Iran.

That missile, in short, will pose a grave threat to the American homeland.

Treasury’s sanctions might slow North Korea-Iran missile cooperation, but as former Pentagon analyst Robert Collins, who is based in South Korea, suggests, Pyongyang has already figured out ways around obstacles like this. “The North Koreans have become experts at planning alternative routes for moving monies, moving equipment, and moving contacts,” he told The Daily Beast after the Treasury imposed the measures. They employ “a ‘dumping Peter to use Paul’ system designed to circumvent anticipated sanctions.” Pyongyang has become “very adept at counter-sanction planning.”

Henry Sokolski of the Nonproliferation Policy Education Center believes Sunday’s measures will not be the last, as he noted in an email to The Daily Beast.

What is surprising is that Treasury essentially admitted that it was aware of proscribed Iranian activities before both the signing, on July 14, of the Joint Comprehensive Plan of Action, better known as the Iranian nuclear deal, and its Oct. 18 “Adoption Day.” The 80-ton booster, after all, is designed for a missile useful only for carrying a nuclear warhead.

“The newest sanctions from the Treasury Department prove—without a doubt—that the State Department and the Treasury Department knew, as the agreement with Iran was in negotiation, that the North Koreans and Iranians were cooperating on new, advanced ballistic missile technology,” Bechtol writes.

In fact, work on the 80-ton booster has been publicly known for more than two years.

Treasury’s statement declares that “Iranian missile technicians” had gone to North Korea “within the past several years” in connection with the big booster.

The sanctions, therefore, look like an afterthought, and Washington appears unserious. If the U.S. really wants to end the missile threat, it will have to impose much more severe measures not just on Iran and North Korea but also on parties helping them.

Who is helping the two rogue states? WikiLeaks released an American cable showing that Chinese officials, despite pleas from then-Secretary of State Condoleezza Rice, refused to stop shipments of North Korean missile parts passing through the Beijing Capital International Airport on their way to Iran.

That was 2007. Fisher, in his message to The Daily Beast on Monday, points out that Chinese entities are still involved in this deadly trade.

And so, it appears, is the Chinese central government. In all probability, the Iranian technicians in the last two years reached Pyongyang using the same route Tehran’s nuclear staff have routinely taken on their way to North Korea, through the airport in Beijing.

GATES: Don’t expect the nuclear agreement to lead to a more moderate Iran

Former US defense secretary Robert Gates isn’t optimistic that the landmark July 2015 nuclear deal with Iran will lead the country to halt any of its disruptive policies in the Middle East or its support for terrorist groups.
In an interview with Business Insider, Gates, who spent nearly 27 years in the CIA and was the only cabinet secretary to have served under Barack Obama and George W. Bush, said that he didn’t believe the nuclear deal would have a moderating impact on Iranian behavior or lead Tehran to become a more responsible international actor.
“The notion that betting that this regime is going to temper its behavior in the region because of this nuclear deal I think is mistaken,” Gates told Business Insider. “I think that will not happen.”

In the six months since the nuclear deal was reached, Iran has tested two nuclear-capable ballistic missiles in violation of UN Security Council resolutions, fired live missiles within 1,500 yards of a US aircraft carrier, and continued its support for the Assad regime in Syria and for Shiite militia groups in Iraq, Syria, and Lebanon. Full story here.