September 8, 2015
China Allegedly Hacked Top Former FBI Lawyer
Jeff Stein, Newsweek
Marion “Spike” Bowman, a top former FBI lawyer and U.S. counterintelligence official who heads an influential organization of retired American spies, says a hacker from China penetrated his home computer, beginning with an innocent-looking email last spring.
“It was an email supposedly from a woman in China, and I exchanged correspondence with her a couple of times,” says Bowman, who was deputy general counsel to three FBI directors between 1995 and 2006. “She sent me a document that a friend of hers had supposedly written, in English, and wanted my opinion on it,” he tells Newsweek. She also sent him her picture.
“I never got around to replying, so I never heard from her again,” says Bowman, who went on to become deputy director of the National Counterintelligence Executive, which is tasked with developing policies to thwart foreign spies and terrorists.
But then, a week ago, he says, he got another message from China via his email account at George Washington University, where he has lectured on national security law since 2003.
“It was apparently from a university in China asking me come to speak at a conference on the environment”—not even remotely one of his areas of expertise, Bowman says. He called the FBI.
After a forensic examination of his machine, the FBI told him “they had found a malware type that’s designed to find out what’s on my computer,” Bowman says. “It wasn’t anything to infect it.” Still, just being able to read the contents of a target’s computer can reveal lots of valuable information like emails and documents, contact files with phone numbers and other personal data, like home addresses.
“Somebody who really knows what they’re doing” can wreak havoc, he says.
The FBI didn’t tell him exactly who was behind the hack, he says, “but they think they identified the woman” in a picture she sent along with one of her emails last spring. “It was somebody that they knew,” Bowman says. “I didn’t inquire any further.”
Before joining the FBI, Bowman was a Navy lawyer assigned to advise SEAL teams on clandestine operations, among other sensitive matters. His portfolio at the FBI gave him intimate knowledge of the details of operations to counter threats from foreign spy agencies.
“I still carry lots of deep Cold War secrets in my head,” he says, although not on his computer. But he is still very active in national security circles as chairman of the board of directors of the Association of Former Intelligence Officers, an organization with several thousand members nationwide, about half of them former CIA personnel.
Bowman’s revelation follows several months of bad news about the vulnerability of government computers to foreign hackers, the latest being a report published Monday saying that Chinese and Russian intelligence agencies are “aggressively aggregating and cross-indexing hacked U.S. computer databases” to catch American spies working overseas. China-based hackers breached about 22 million files held by the federal Office of Personnel Management, officials say.
“At least one clandestine network of American engineers and scientists who provide technical assistance to U.S. undercover operatives and agents overseas has been compromised as a result” of the Russian and Chinese exploitation of the files, the Los Angeles Times reported, citing two U.S. officials.
The story, Bowman says, was “pretty much on target.”
*** It obviously is much worse than we know for the Obama administration to sign off on a sanction and or other consequence ahead of the Xi’s visit to the United States next week.
Top government officials are floating the idea of retaliating within the next week to Chinese cyberattacks, possibly by imposing targeted sanctions on some officials and firms, people familiar with the discussions say. But outside experts say it would be wiser to wait until after this month’s White House summit with Chinese President Xi Jinping.
“I heard from one person that it could be as early as next week,” Jim Lewis, director of the Center for Strategic and International Studies’ Strategic Technologies Program, told POLITICO. He added, “I still think it would be best to wait for the summit.”
Calls for U.S. retalation to Chinese hacking have risen to a furor since the China-linked breach of highly sensitive security clearance forms from 21.5 million current and former federal employees, disclosed in June.
But imposing sanctions before the late-September summit would risk derailing a serious conversation on cyber issues along with myriad other topics, including China’s economic troubles, Chinese belligerence in the South China Sea and cooperation on climate change.
Some China watchers even suspect that the White House is trying to improve its bargaining position in advance of the summit by floating the possibility of sanctions in a serious way.
“My sense is that they’re floating the idea to try to create some kind of leverage in the meetings,” said Adam Segal, a China scholar and director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations.
If the White House did impose sanctions before the meeting, it would be deeply embarrassing to the Chinese and to Xi personally and risk the Chinese doing something to downgrade the summit’s importance, Segal said. “I think if they’re going to do it before the summit, they’ve got to be prepared for the summit to really take a downward turn,” he said.
Business leaders are also dubious about imposing sanctions before Xi’s visit.
The White House should use the summit “as an opportunity to engage in effective dialogue on the cyber issue. If sanctions jeopardize that opportunity, we’d rather see them put it off,” the leader of a major industry organization said in an interview, speaking without attribution because he was speculating about government policy.
If the White House ultimately imposes targeted sanctions, the association leader added, the sanctions should be “based on transparent, credible evidence that’s legally sound.” They should also be designed with a clear path forward that, ultimately, leads to fewer China-linked cyberattacks, he said.
“Most business executives we’ve spoke with felt the indictments against Chinese PLA officers didn’t meet that test,” he added, referring to the May 2014 U.S. indictments of five hackers employed by China’s People’s Liberation Army. That was the Obama administration’s most significant diplomatic strike against Chinese hacking to date.
“[The indictments] didn’t seem to advance anything and they seemed to increase tension rather than reduce it around the issue,” the official said.
In the wake of the OPM hacks, some political leaders have called for much more belligerent responses to Chinese hacking. They include GOP White House contenders Mike Huckabee, who has urged the U.S. to hack back against the communist nation, and Wisconsin Gov. Scott Walker, who has suggested canceling the Obama-Xi summit entirely.
But even cyber hawks warned that aggressive action could backfire in advance of the summit.
“I think everything is going to basically be on hold until the Iran deal goes through and until after President Xi comes to meet with [President Obama],” said Rep. Dutch Ruppersberger (D-Md.), who was formerly ranking member on the House Intelligence Committee.
Ruppersberger added that “we have to eventually draw a line on cyberattacks,” and that the U.S. bargaining position relative to China may be improved now because of the tailspin in the Chinese stock market and other financial difficulties.
The White House has routinely declined to speak publicly about the possibility of sanctioning China for cyberattacks or any more forceful follow-up to the PLA indictments. Press secretary Josh Earnest has said several times that Obama plans to raise cyber concerns with Xi during their summit.
“There’s no doubt that the president will certainly raise, as he has in every previous meeting with his Chinese counterpart, concerns about China’s behavior in cyberspace,” Earnest said during an Aug. 26 news conference.
White House officials have determined they must respond to China’s hacking of OPM, but have been debating for months what the appropriate response should be and when to impose it, Lewis said.
The option of targeted cyber sanctions, which Obama created by executive order in April, has long been on the table along with additional indictments or some form of diplomatic protest, he said.
White House officials have fingered China for the OPM hack anonymously but have not done so, thus far, on the record.
A forceful response to the OPM hack and to Chinese theft of U.S. companies’ intellectual property and trade secrets has also been delayed by more pressing diplomatic priorities, Lewis said, including securing Chinese cooperation for a deal to halt Iran’s nuclear weapons program
“This administration has done more than any other on cybersecurity, but, in a lot of cases, it ends up being No. 2 because of the need to get agreement on other things,” Lewis said. “Cyber always ends up coming in second place, particularly when it comes to China.”