China did Not Hack OPM, Operative Just Signed In

Per ARS Technica: Not only were the database records of POM not encrypted, it simply did not matter. At least 14 million personnel files have been compromised and protecting social security numbers by encryption did not mater.

But even if the systems had been encrypted, it likely wouldn’t have mattered. Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified that encryption would “not have helped in this case” because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering. And because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network.

House Oversight Chairman Jason Chaffetz (R-Utah) told Archuleta and OPM Chief Information Officer Donna Seymour, “You failed utterly and totally.” He referred to OPM’s own inspector general reports and hammered Seymour in particular for the 11 major systems out of 47 that had not been properly certified as secure—which were not contractor systems but systems operated by OPM’s own IT department. “They were in your office, which is a horrible example to be setting,” Chaffetz told Seymour. In total, 65 percent of OPM’s data was stored on those uncertified systems.’

Even more chilling, a person or team just found a way to sign in as a root user.

Some of the contractors that have helped OPM with managing internal data have had security issues of their own—including potentially giving foreign governments direct access to data long before the recent reported breaches. A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project “was in Argentina and his co-worker was physically located in the [People’s Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is ‘so what’s new?'”

Given the scope and duration of the data breaches, it may be impossible for the US government to get a handle on the exact extent of the damage done just by the latest attack on OPM’s systems. If anything is clear, it is that the aging infrastructure of many civilian agencies in Washington magnify the problems the government faces in securing its networks, and OPM’s data breach may just be the biggest one that the government knows about to date.

Future consequences of lack of security of data systems is blackmail

Reuters: The same hackers breached several health insurance companies last summer and made off with the medical records of 11 million people, including members of Blue Cross/Blue Shield’s District of Columbia affiliate CareFirst.

Media pundits spent all week talking about how Deep Panda could compile all this information to craft a potential blackmail database on U.S. operatives for its patron, presumably China. But that’s ridiculous. Beijing is smarter than that.

Espionage is a long game, not a race, and countries are patient. Blackmail is a quick, brutal method of acquiring information in the short term.

It typically begins when foreign agents play on a target’s existing weakness — a penchant for gambling, for example, or deviant sexual behavior — enticing the target to indulge in it and then threatening exposure.

That’s a lot of work for a short-term gain. Blackmail targets are almost always found out, or turn on their blackmailers or end their lives. No, a better use for that database is as a reference to create the background for the perfect mole. Many additional details found here.

An additional security concern of real proporations is this cyber intrusion has affected Hill and Congressional staff.

In Part from the Hill: Officials had initially said the breach only encompassed 4.2 million federal employees, all within the executive branch. But the discovery of a second breach that compromised security clearance data has many expecting the breach to eventually expose up to 14 million people.

According to an email sent to House staff members shortly before midnight Tuesday and obtained by The Hill, many of them are at risk.

“It now appears likely that the service records of current House employees employed previously by ANY federal government entity (including the House, if an individual left the House and later returned to a House position) may have been compromised,” said the email said, sent by House Chief Administrative Officer Ed Cassidy.

When staffers leave Capitol Hill, or any federal agency, their retirement records are forwarded to the OPM.

“In addition, the background investigation files of individuals holding security clearances (whether currently active or not) may have been exposed,” the email added.

Senate staffers received a similar email from the Senate Sergeant at Arms several hours earlier on Tuesday, according to multiple reports.



Russia China Pact with Snowden in the Middle

Going beyond the major hack by China into the Office of Personnel Management that cultivated at least 14 million personnel files of government, intelligence and military, China is building a database of individuals in America. Would they share it with Russia? The wake of destruction is yet to be known and future predictions are impossible to imagine.

Russia is turning to China and likewise China is delighted for the relationship as proven by the Silk Road Economic objectives.

Putin’s vision of a ‘greater Europe’ from Lisbon to Vladivostok, made up of the European Union and the Russian-led Eurasian Economic Union, is being replaced by a ‘greater Asia’ from Shanghai to St. Petersburg.

China's silk road

In part:

The rupture between Russia and the West stemming from the 2014 crisis over Ukraine has wide-ranging geopolitical implications. Russia has reverted to its traditional position as a Eurasian power sitting between the East and the West, and it is tilting toward China in the face of political and economic pressure from the United States and Europe. This does not presage a new Sino-Russian bloc, but the epoch of post-communist Russia’s integration with the West is over. In the new epoch, Russia will seek to expand and deepen its relations with non-Western nations, focusing on Asia. Western leaders need to take this shift seriously.

Russia’s Pivot to Asia
Russia’s pivot to Asia predates the Ukraine crisis, but it has become more pronounced since then. This is in part because China is the largest economy outside of the coalition that has imposed sanctions on Russia as a result of the crisis.

What was originally Moscow’s “marriage of convenience” with Beijing has turned into a much closer partnership that includes cooperation on energy trade, infrastructure development, and defense.

Putin’s vision of a “greater Europe” from Lisbon to Vladivostok, made up of the European Union and the Russian-led Eurasian Economic Union, is being replaced by a “greater Asia” from Shanghai to St. Petersburg.

Russia is now more likely to back China in the steadily growing competition between Beijing and Washington, which will strengthen China’s hand.
Takeaways for Western Leaders
Russia’s confrontation with the United States will help mitigate Sino-Russian rivalries, mostly to China’s advantage. But this doesn’t mean Russia will be dominated by China—Moscow is likely to find a way to craft a special relationship with its partner.

With China’s economic might and Russia’s great-power expertise, the BRICS group (of which Russia is a part, along with Brazil, India, China, and South Africa) will increasingly challenge the G7 as a parallel center of global governance.

The Shanghai Cooperation Organization, due to include India and Pakistan this year, is on its way to becoming the principal development and security forum for continental Asia.

Through its enhanced relations with non-Western countries, Russia will actively promote a concept of world order that seeks to reduce U.S. global dominance and replace it with a broader great-power consensus. Much more detail here.

Enter Snowden

Confirmed: UK agents ‘moved over Snowden files’

Russia, China Decrypt Snowden Files

Russia and China have allegedly decrypted the top-secret cache of files stolen by whistleblower Edward Snowden, according to a report from The Sunday Times, to be published tomorrow.

The info has compelled British intelligence agency MI6 to withdraw some of its agents from active operations and other Western intelligence agencies are now actively involved in rescue operations. In a July 2013 email to a former U.S. Senator, Snowden stated that, “No intel­li­gence ser­vice—not even our own—has the capac­ity to com­pro­mise the secrets I con­tinue to pro­tect. While it has not been reported in the media, one of my spe­cial­iza­tions was to teach our peo­ple at DIA how to keep such infor­ma­tion from being com­pro­mised even in the high­est threat counter-intelligence envi­ron­ments (i.e. China).” Many in the intelligence agencies at the time greeted this claim with scepticism. Now, one senior British official said Snowden had “blood on his hands,” but another said there’s yet no evidence anyone was harmed. Snowden eventually fled to Russia via Hong Kong after downloading some 1.7 million documents from U.S. government computers and leaking them to journalists out of a desire to protect “privacy and basic liberties.” The revelations of mass spying outraged populations and governments around the world, at least temporarily damaged relations, and eventually led to changes in the mass surveillance policies of the NSA and British GCHQ.



Deep Panda, the Hacker of OPM Employee Files

Personnel records held at the Office of Personnel Management going back 35 years on people who worked for government as employees or contractors are for sale on the Darknet.

Government records stolen in a sweeping data breach that was reported last week are popping up for sale on the so-called “darknet,” according to a tech firm that monitors the private online network used by criminals and creeps throughout the world.

Credentials to log into the Office of Personnel Management are being offered just days after the announcement the agency’s records, including extremely personal information of 4.1 million federal government employees dating back to the 1980s, had been compromised, said Chris Roberts, founder and CTO of the Colorado-based OneWorldLabs (OWL), a search engine that checks the darknet daily for data that could compromise security for its corporate and government clients, including government IDs and passwords.

The FBI has identified the operation. The hackers likely used Chinese associates already inside government for access. In classified briefings to members of Congress in recent days, intelligence officials have described what appears to be a systematic Chinese effort to build databases that explain the inner workings of the United States government. The information includes friends and relatives, around the world, of diplomats, of White House officials and of officials from government agencies, like nuclear experts and trade negotiators. Read more here.

FBI Alert Reveals ‘Groups’ Behind OPM Hack

President says cyber attack threat ‘accelerating’

The FBI has disclosed that multiple hacker groups carried out the cyber attack that compromised the records of 4 million government workers in the networks of the Office of Personnel Management.

“The FBI has obtained information regarding cyber actors who have compromised and stolen sensitive business information and personally identifiable information (PII),” states a Flash alert dated June 5. “Information obtained from victims indicates that PII was a priority target.”

Security analysts familiar with the OPM breach, disclosed in a notice last week, said two groups of Chinese state-sponsored hackers appear to be behind the cyber attacks, including one linked to the Chinese military that has been dubbed “Deep Panda.”

Deep Panda is a highly sophisticated Chinese military hacker unit that has been gathering data on millions of Americans. The group was linked in the past to the hacking of the health care provider Anthem that compromised the personal data of some 80 million customers.

The FBI did not directly link its warning to the OPM hacking. But it said cyber investigators have “high confidence” about the threat posed by the cyber attackers based on its investigation into the data breach.

According to the alert, the stolen personal data “has been used in other instances to target or otherwise facilitate various malicious activities such as financial fraud though the FBI is not aware of such activity by these groups.”

The groups were not identified by name or by country.

However, the alert revealed that the software used by the hackers is called Sakula, which security analysts say was the Root Access Tool, or RAT, that was used by the Chinese in both the OPM and Anthem hacks.

Sakula software employs stolen, signed security certificates to gain unauthorized network access and analysts said the use of that technique requires cyber sophistication that is not known to be used outside of nation-state cyber forces.

The software allows remote users to gain computer network administrator access, which permits the theft of large amounts of data.

The FBI warned in the notice that any entity that discovers the Sakula malware and other signatures should seek cyber security assistance and notify the FBI.

“Any activity related to these groups detected on a network should be considered an indication of a compromise requiring extensive mitigation and contact with law enforcement,” the notice said.

The groups involved were observed “across a variety of intrusions leveraging a diverse selection of tools and techniques to attempt to gain initial access to a victim including using credentials acquired during previous intrusions.”

President Obama was asked after the G-7 summit in Germany on Tuesday about the Chinese role in the OPM cyber attacks and declined to name Beijing as the perpetrator.

“We haven’t publicly unveiled who we think may have engaged in these cyber attacks,” Obama said. “But I can tell you that we have known for a long time that there are significant vulnerabilities and that these vulnerabilities are going to accelerate as time goes by, both in systems within government and within the private sector.”

Obama said part of the problem is “very old systems” used in government computer networks.

“And we discovered this new breach in OPM precisely because we’ve initiated this process of inventorying and upgrading these old systems to address existing vulnerabilities,” he said.

“[W]e’re going to have to keep on doing it, because both state and non-state actors are sending everything they’ve got at trying to breach these systems,” the president said.

“In some cases, it’s non-state actors who are engaging in criminal activity and potential theft,” Obama said. “In the case of state actors, they’re probing for intelligence or, in some cases, trying to bring down systems in pursuit of their various foreign policy objectives. In either case, we’re going to have to be much more aggressive, much more attentive than we have been.”

The problem of cyber attacks is “going to accelerate,” he said. “And that means that we have to be as nimble, as aggressive, and as well-resourced as those who are trying to break into these systems.”

The administration has rejected calls by senior U.S. security officials to engage in more aggressive, offensive cyber retaliation against states such as China as a way to develop cyber deterrence.

The president and his advisers are said to fear that offensive cyber attacks will lead to a major conflict. Supporters of taking more aggressive responses to hacking have said demonstrations of U.S. cyber retaliatory strikes will deter future attacks.

The administration has favored using law enforcement and diplomatic policies to deal with the problem.

One private sector cyber security specialist familiar with the OPM hack said that in addition to the government’s personnel database, other major cyber attacks believed to be carried out by Chinese hackers include clandestine intrusions into the networks of a major telecommunications company and a major aviation industry firm.

The hackers’ use of several domain names in the OPM hacking also are similar to domains used by Chinese cyber attackers in the past. The domains were identified as and

Another signature linking the OPM hack to China was the hackers’ use of a program called Mimikatz that is used to gain high-level remote access to networks.

“Mimikatz is a classic of Deep Panda” in terms of tactics, techniques, and procedures, said a security analyst familiar with details of the attack. “This allows the actors to dump password hashes, perform pass the hash and ‘golden ticket’ attacks in the victim environment.”

The private security company CrowdStrike first identified Deep Panda and has called the group among the most sophisticated state-sponsored hackers.

China’s main military intelligence service that has been linked to cyber attacks is the Third Department of the General Staff, or 3PLA, which conducts cyber warfare.

CFR and Robina Foundation Behind Globalization

All foreign policy is coordinated between the U.S. State Department and the United Nations. We cannot know all the details and methods, yet below a summary of a major donor and power of influence is but one of many when it comes to the globalization of America and loss of sovereignty. All government agencies are subservient to the White House and the State Department.

“International Institutions and Global Governance Program

World Order in the 21st Century

A New Initiative of the Council on Foreign Relations

“The Council on Foreign Relations (CFR) has launched a comprehensive five-year program on international institutions and global governance. The purpose of this cross-cutting initiative is to explore the institutional requirements for world order in the twenty-first century. The undertaking recognizes that the architecture of global governance—largely reflecting the world as it existed in 1945—has not kept pace with fundamental changes in the international system, including but not limited to globalization. Existing multilateral arrangements thus provide an inadequate foundation for addressing today’s most pressing threats and opportunities and for advancing U.S. national and broader global interests. The program seeks to identify critical weaknesses in current frameworks for multilateral cooperation; propose specific reforms tailored to new global circumstances; and promote constructive U.S. leadership in building the capacities of existing organizations and in sponsoring new, more effective regional and global institutions and partnerships. This program is made possible by a generous grant from the Robina Foundation.”

The Board members of Robina are chilling. One such board member is SUSAN V. BERRESFORD, formerly of the Ford Foundation. Remember Stanley Ann Dunham, Obama’s mother worked at the Ford Foundation.

The mission of the Council of Foreign Relations in paid cooperation with the Robina Foundation, reads as such:

The International Institutions and Global Governance (IIGG) Program at the Council on Foreign Relations (CFR) is supported by a generous grant from the Robina Foundation. It aims to identify the institutional requirements for effective multilateral cooperation in the twenty-first century. The program is motivated by recognition that the architecture of global governance-largely reflecting the world as it existed in 1945-has not kept pace with fundamental changes in the international system. These shifts include the spread of transnational challenges, the rise of new powers, and the mounting influence of nonstate actors. Existing multilateral arrangements thus provide an inadequate foundation for addressing many of today’s most pressing threats and opportunities and for advancing U.S. national and broader global interests.

Given these trends, U.S. policymakers and other interested actors require rigorous, independent analysis of current structures of multilateral cooperation, and of the promises and pitfalls of alternative institutional arrangements. The IIGG program meets these needs by analyzing the strengths and weaknesses of existing multilateral institutions and proposing reforms tailored to new international circumstances.

Robina Foundation Awards CFR $10.3 Million Grant

to Expand Global Governance Program

January 20, 2012

The Robina Foundation has awarded the Council on Foreign Relations (CFR) a five-year, $10.3 million grant to expand its activities on international cooperation. This award is one of the largest operating grants in CFR’s history and will support its International Institutions and Global Governance (IIGG) Program.

The IIGG Program was founded in 2008 with a generous grant from Robina with the recognition that existing multilateral arrangements are inadequate to address the transnational challenges facing the United States. The program and its scholars’ work focuses on the institutional requirements needed for effective cooperation in the twenty-first century. “The Robina Foundation’s generous commitment to IIGG will allow CFR to deepen and strengthen its work examining multilateral institutions, and what they can do to enhance the world’s ability to contend with the most pressing global issues,” says CFR President Richard N. Haass.

In its first three years, the IIGG Program has tracked and mapped the landscape of international organizations through its multimedia interactive, the Global Governance Monitor. IIGG has also produced over twenty reports on priorities for institutional reform, and provided policymakers with concrete recommendations for more effective management of the world’s most pressing problems.

From Hillary Clinton herself, she reveals that the Council of Foreign Relations not only provides the government policy but CFR also controls most often media relating to foreign policy.

What is Missing from the TPP? Reward Offered

If The TPP is Such a Great Idea, Why Keep it a Secret?

The Obama Administration has been pressuring members of Congress to pass the bill that will give President Obama the “fast track”  authority to negotiate the Trans-Pacific Partnership(TPP) agreement without any debate in Congress.  Fast track authority would not allow for any amendments and the bill would remain secret until just before it is voted on.

“President Obama is currently pressing members of Congress to pass Fast-Track authority for a trade and investment agreement called the Trans-Pacific Partnership (TPP). If Fast Track passes, it means that Congress must approve or deny the TPP with minimal debate and no amendments. Astonishingly, our lawmakers have not seen the agreement they are being asked to expedite.” Nation of Change

This trade agreement, like previous international trade agreements, like NAFTA, is not a partisan issue.  On just about every other piece of legislation that the Obama Administration has introduced to Congress, the Republican majority has stood fast against it.  However, in this instance, Congress appears to be strangely united in its efforts to pass a secret bill that they have not even been allowed to read.  More important details here.

WikiLeaks issues call for $100,000 bounty on monster trade treaty

Today WikiLeaks has launched a campaign to crowd-source a $100,000 reward for America’s Most Wanted Secret: the Trans-Pacific Partnership Agreement (TPP). One chapter is found here.

Over the last two years WikiLeaks has published three chapters of this super-secret global deal, despite unprecedented efforts by negotiating governments to keep it under wraps. US Senator Elizabeth Warren has said

“[They] can’t make this deal public because if the American people saw what was in it, they would be opposed to it.”

The remaining 26 chapters of the deal are closely held by negotiators and the big corporations that have been given privilleged access. Today, WikiLeaks is taking steps to bring about the public’s rightful access to the missing chapters of this monster trade pact.

The TPP is the largest agreement of its kind in history: a multi-trillion dollar international treaty being negotiated in secret by the US, Japan, Mexico, Canada, Australia and 7 other countries. The treaty aims to create a new international legal regime that will allow transnational corporations to bypass domestic courts, evade environmental protections, police the internet on behalf of the content industry, limit the availability of affordable generic medicines, and drastically curtail each country’s legislative sovereignty.

The TPP bounty also heralds the launch of WikiLeaks new competition system, which allows the public to pledge prizes towards each of the world’s most wanted leaks. For example, members of the public can now pledge on the missing chapters of the TPP.

WikiLeaks founder Julian Assange said,

“The transparency clock has run out on the TPP. No more secrecy. No more excuses. Let’s open the TPP once and for all.”

Note: The TPP is also noteworthy as the icebreaker agreement for the giant proposed ’T-treaty triad’ of TPP-TISA-TTIP which extends TPP style rules to 53 nations, 1.6 billion people and 2/3rds of the global economy.