Category Archives: China

Russian State, Non-State Cyber Intrusions Sway Voting/Political Decisions

Posted on by

In October, before the U.S. presidential election, a Russian man suspected of carrying out cyberattacks against U.S. targets was arrested in Prague and was also wanted by Interpol. What information could have been gained in this case that has provided additional evidence to government officials for further investigations? Anyone remember in 2012 when the Russian hacked LinkedIn?

Everyone appears to be in denial about the ability and reasons that Russia and or their non-state actors swayed the U.S. campaign and voting process. No one official has ever claimed actual votes were altered, but rather the argument is actual affectation of information, attitudes and decisions by candidates and voters. There is a distinct difference and words matter.

Russia is artful when it comes to practicing hybrid warfare, cyber is but one tactic, the other successful tactic is propaganda. It works.

APT 28, Russia (Advanced Persistent Threat) has been seen to have moved on from the United States political season and turned towards Germany’s political season in recent days. This is not likely to affect vote tally results but rather polling attitudes going into consideration of votes for candidates.

This site has been writing about hacking and cyber intrusions for more than two years. While government agency officials have pointed with evidence that Russia played a significant role, it is also important to remember there are thousands of outside government cyber experts that are hired by government to protect against cyber intrusions and to investigate and report that of which is otherwise unknown by government due to being in the private sector. These are generally known as ‘White Hats’. White Hats in their forensic work look for types of penetration, commonality in code or language, trace IP addresses, concepts, malware, login files, brute force, where stolen data later appeared, partitions and code based platforms.

Let’s examine some facts and history.

It was also proven last year that as part of the Russian aggression with the Ukraine, that power grid was hacked by Russian operations. Due to major sanctions applied to Russia for at least the annexation of Crimea and the invasion of Ukraine and the continued threat to East Europe and NATO, the Russian Defense Ministry launched a more aggressive cyber command. Beyond hacking the non-classified but still a protected system at the White House in 2015, there are others of note.

In the past year, researchers have also linked Russian hackers believed to be working for the government to other spying campaigns, including against NATO, the Ukrainian government, energy companies in Poland, and an academic at an American university who was targeted because he studies Ukraine.

On Tuesday, CNN reported that according to U.S. officials, Russian hackers had penetrated portions of the White House computer network by gaining access from another “perch,” at the State Department, where intruders had gotten inside the unclassified email system.

The intrusion reported by CNN is not “a new incident,” a spokesman for the National Security Council said. Rather, it was acknowledged by the White House last year after intruders accessed an unclassified network used by the Executive Office of the President. More here.

From 2014, long before the presidential election cycle was set into motion:

As reported by Heritage, according to FBI Director James Comey, “There are two kinds of big companies in the United States. There are those who’ve been hacked…and those who don’t know they’ve been hacked.”[1]

A recent survey by the Ponemon Institute showed the average cost of cyber crime for U.S. retail stores more than doubled from 2013 to an annual average of $8.6 million per company in 2014.[2] The annual average cost per company of successful cyber attacks increased to $20.8 million in financial services, $14.5 million in the technology sector, and $12.7 million in communications industries.

This paper lists known cyber attacks on private U.S. companies since the beginning of 2014. (A companion paper discussed cyber breaches in the federal government.)[3] By its very nature, a list of this sort is incomplete. The scope of many attacks is not fully known. For example, in July, the U.S. Computer Emergency Readiness Team issued an advisory that more than 1,000 U.S. businesses have been affected by the Backoff malware, which targets point-of-sale (POS) systems used by most retail industries.[4] These attacks targeted administrative and customer data and, in some cases, financial data.

This list includes only cyber attacks that have been made known to the public. Most companies encounter multiple cyber attacks every day, many unknown to the public and many unknown to the companies themselves.

The data breaches below are listed chronologically by month of public notice.

January

  • Target (retail). In January, Target announced an additional 70 million individuals’ contact information was taken during the December 2013 breach, in which 40 million customer’s credit and debit card information was stolen.[5]
  • Neiman Marcus (retail). Between July and October 2013, the credit card information of 350,000 individuals was stolen, and more than 9,000 of the credit cards have been used fraudulently since the attack.[6] Sophisticated code written by the hackers allowed them to move through company computers, undetected by company employees for months.
  • Michaels (retail). Between May 2013 and January 2014, the payment cards of 2.6 million Michaels customers were affected.[7] Attackers targeted the Michaels POS system to gain access to their systems.
  • Yahoo! Mail (communications). The e-mail service for 273 million users was reportedly hacked in January, although the specific number of accounts affected was not released.[8]

April

  • Aaron Brothers (retail). The credit and debit card information for roughly 400,000 customers of Aaron Brothers, a subsidiary of Michaels, was compromised by the same POS system malware.[9]
  • AT&T (communications). For two weeks AT&T was hacked from the inside by personnel who accessed user information, including social security information.[10]

May

  • eBay (retail). Cyber attacks in late February and early March led to the compromise of eBay employee log-ins, allowing access to the contact and log-in information for 233 million eBay customers.[11] eBay issued a statement asking all users to change their passwords.
  • Five Chinese hackers indicted. Five Chinese nationals were indicted for computer hacking and economic espionage of U.S. companies between 2006 and 2014. The targeted companies included Westinghouse Electric (energy and utilities), U.S. subsidiaries of SolarWorld AG (industrial), United States Steel (industrial), Allegheny Technologies (technology), United Steel Workers Union (services), and Alcoa (industrial).[12]
  • Unnamed public works (energy and utilities). According to the Department of Homeland Security, an unnamed public utility’s control systems were accessed by hackers through a brute-force attack[13] on employee’s log-in passwords.[14]

June

  • Feedly (communications). Feedly’s 15 million users were temporarily affected by three distributed denial-of-service attacks.[15]
  • Evernote (technology). In the same week as the Feedly cyber attack, Evernote and its 100 million users faced a similar denial-of-service attack.[16]
  • P.F. Chang’s China Bistro (restaurant). Between September 2013 and June 2014, credit and debit card information from 33 P.F. Chang’s restaurants was compromised and reportedly sold online.[17]

August

  • U.S. Investigations Services (services). U.S. Investigations Services, a subcontractor for federal employee background checks, suffered a data breach in August, which led to the theft of employee personnel information.[18] Although no specific origin of attack was reported, the company believes the attack was state-sponsored.
  • Community Health Services (health care). At Community Health Service (CHS), the personal data for 4.5 million patients were compromised between April and June.[19] CHS warns that any patient who visited any of its 206 hospital locations over the past five years may have had his or her data compromised. The sophisticated malware used in the attack reportedly originated in China. The FBI warns that other health care firms may also have been attacked.
  • UPS (services). Between January and August, customer information from more than 60 UPS stores was compromised, including financial data,[20] reportedly as a result of the Backoff malware attacks.
  • Defense Industries (defense). Su Bin, a 49-year-old Chinese national, was indicted for hacking defense companies such as Boeing.[21] Between 2009 and 2013, Bin reportedly worked with two other hackers in an attempt to steal manufacturing plans for defense programs, such as the F-35 and F-22 fighter jets.

September

  • Home Depot (retail). Cyber criminals reportedly used malware to compromise the credit card information for roughly 56 million shoppers in Home Depot’s 2,000 U.S. and Canadian outlets.[22]
  • Google (communications). Reportedly, 5 million Gmail usernames and passwords were compromised.[23] About 100,000 were released on a Russian forum site.
  • Apple iCloud (technology). Hackers reportedly used passwords hacked with brute-force tactics and third-party applications to access Apple user’s online data storage, leading to the subsequent posting of celebrities’ private photos online.[24] It is uncertain whether users or Apple were at fault for the attack.
  • Goodwill Industries International (retail). Between February 2013 and August 2014, information for roughly 868,000 credit and debit cards was reportedly stolen from 330 Goodwill stores.[25] Malware infected the chain store through infected third-party vendors.
  • SuperValu (retail). SuperValu was attacked between June and July, and suffered another malware attack between late August and September.[26] The first theft included customer and payment card information from some of its Cub Foods, Farm Fresh, Shop ‘n Save, and Shoppers stores. The second attack reportedly involved only payment card data.
  • Bartell Hotels (hotel). The information for up to 55,000 customers was reportedly stolen between February and May.[27]
  • U.S. Transportation Command contractors (transportation). A Senate report revealed that networks of the U.S. Transportation Command’s contractors were successfully breached 50 times between June 2012 and May 2013.[28] At least 20 of the breaches were attributed to attacks originating from China.

October

  • J.P. Morgan Chase (financial). An attack in June was not noticed until August.[29] The contact information for 76 million households and 7 million small businesses was compromised. The hackers may have originated in Russia and may have ties to the Russian government.
  • Dairy Queen International (restaurant). Credit and debit card information from 395 Dairy Queen and Orange Julius stores was compromised by the Backoff malware.[30]
  • Snapsave (communications). Reportedly, the photos of 200,000 users were hacked from Snapsave, a third-party app for saving photos from Snapchat, an instant photo-sharing app.[31]

Securing Information

As cyber attacks on retail, technology, and industrial companies increase so does the importance of cybersecurity. From brute-force attacks on networks to malware compromising credit card information to disgruntled employees sabotaging their companies’ networks from the inside, companies and their customers need to secure their data. To improve the private sector’s ability to defend itself, Congress should:

  • Create a safe legal environment for sharing information. As the leaders of technological growth, private companies are in most ways at the forefront of cyber security. Much like government agencies, companies must share information that concerns cyber threats and attack among themselves and with appropriate private-public organizations.[32] Congress needs to create a safe environment in which companies can voluntarily share information without fear of legal or regulatory backlash.
  • Work with international partners. As with the Backoff malware attacks, attacks can affect hundreds if not thousands of individual networks. These infected networks can then infect companies outside the U.S. and vice versa. U.S. and foreign companies and governments need to work together to increase overall cybersecurity and to enable action against individual cyber criminals and known state-sponsored cyber aggressors.[33]
  • Encourage cyber insurance. Successful cyber attacks are inevitable because no security is perfect. With the number of breaches growing daily, a cybersecurity insurance market is developing to mitigate the cost of breaches. Congress and the Administration should encourage the proper allocation of liability and the establishment of a cyber insurance system to mitigate faulty cyber practices and human error.[34]

***

Denial or refusing the argument and examination of evidence is malfeasance and exacerbating a cyber criminal act.

 

 

 

 

Trump Plans/Prepares for a 2 Ocean War

Posted on by

Maybe new keels are soon to be laid and a draft could be in the future of the military.

As for the Army, the numbers are noted below but do not include the other branches of service.

ArmyTimes: Endstrength for March was 479,172 soldiers, which is 154 fewer troopers than were on active duty when the Army halted the post-Cold War drawdown in 1999 with 479,424 soldiers, the smallest force since 1940, when the active component numbered 269,023 soldiers.

Barring unexpected delays, the Army is well-positioned to achieve, or exceed, its budgeted end-strength of 475,000 soldiers by Sept. 30, the end of fiscal 2016.

Without congressional or Defense Department intervention, the drawdown will continue for two more years, with end strength hitting 460,000 soldiers in 2017, and 450,000 in 2018.

The United States Navy is a powerhouse. The fleet consists of roughly 430 ships in active service or reserve. The vessels run the gamut from the massive Nimitz-class aircraft carrier, which stretches more than 1,000 feet, to the Los Angeles-class submarine that slithers 900 feet below the ocean surface. The graphic below shows all the commissioned and noncommissioned ships of every size as of April 2015. The ships are organized by size, from the humongous aircraft carriers at the top to the smaller ships at the bottom.

2015-u-s-navy-fleet

 

Donald Trump wants to increase America’s military force in the Asia-Pacific

DONALD Trump’s administration has given its strongest indication yet that the United States will increase America’s military force against China.

Rudy Giuliani, the president-elect’s frontrunner for secretary of state, has revealed Mr Trump intends to prioritise building a “gigantic” military force to overthrow China’s ambitions in the Pacific.

Speaking to global business leaders in Washington yesterday, Mr Giuliani said the United States would raise its number of troops to 550,000, instead of shrinking it to 420,000.

He also said they intended to take their navy up to 350 ships, instead of going down to 247. It currently has around 280.

“At 350, China can’t match us in the Pacific. At 247 ships, we can’t fight a two-ocean war; we gave up the Pacific. If you face them with a military that is modern, gigantic, overwhelming and unbelievably good at conventional and asymmetric warfare, they may challenge it, but I doubt it.”

He said the expansion would allow the US to fight a “two-ocean war”.

This presents a more assertive foreign policy than the world ever heard from Mr Trump in the lead-up to election with regards to China.

While the South China Sea remains one of the world’s most tense geopolitical regions, the celebrity billionaire was careful to keep his remarks on it to a minimum in the lead-up to the US election.

Experts have told news.com.au Mr Trump has always been set on building the US’s military presence.

“It’s likely that America will have a lot more military muscle under his presidency,” said Macquarie University Security Studies analyst Adam Lockyer. “While we can’t get ahead of ourselves, much of that will likely go into the Asia-Pacific region, because China’s a major challenger.

“On one hand they’re paying less diplomatic and critical attention to the region, but on the other they’re building more military presence in the region.”

That said, Mr Giuliani’s remarks suggest Mr Trump’s administration will be more hawkish than expected.

It was expected that Mr Trump would retreat from the disputed region, in line with his pledge to prioritise domestic issues and retreat from foreign affairs.

“Trump has a far more isolationist outlook than Clinton or Obama, but at the same time, if he had his own way, he’d be far more focused on domestic policy and domestic security, including things like terrorism and immigration,” Dr Lockyer said.

Judging by this announcement, the Trump administration may take a more hawkish approach after all.

WILL THIS ACTUALLY HAPPEN?

The Trump administration will face significant financial hurdles if it does take on this ambitious military program.

Asia-Pacific security expert Jingdong Yuan from the Centre For International Security Studies told news.com.au said it was achievable. He said Mr Trump will be able to work with the Republican-controlled Congress to do away with the sequester process that automatically cut $500 billion in defence over a decade.

But it could be relatively difficult for the incoming government to direct too much of its financial focus to defence.

“US defence spending as a percentage of GDP and government spending is at a historical low, especially after the wars in Afghanistan and Iraq,” said Dr Yuan.

“At the same time, entitlement spending, such as social security and medicare cannot be cut, and increase year by year, and federal government deficits of over $18-19 trillion make it difficult to spend more in discretionary areas such as defence.

“So Trump need to find the money to support his ambitious military programs. We will see.”

He also said that neither the United States nor China are being realistic when it comes down to it.

“Beijing and Washington will have to work on their differences while at the same time work together on things they both agree.

“This is a very complex relationship and neither America’s will to remain predominant nor China’s desire for a Sino-centric order in Asia are realistic.

“Indeed, if they both pursue these extreme goals, conflict will become more likely and it will be deeply destabilising for the region — Australia included.”

WHAT DOES ALL THIS MEAN FOR AUSTRALIA?

Defence Industries Minister Christopher Pyne says the planned expansion would create “remarkable opportunities” for Australia’s defence industry.

In a speech to be given at a Submarine Institute of Australia conference today, Mr Pyne will announce that the US expansion could offer a historic opportunity for Australia’s defence industry.

“To give you an understanding of the scale of this increase, it ­includes 50,000 more army troops, 70 new naval warships, 100 air force planes and a dozen new marine battalions,” Mr Pyne will say. “This represents around half a trillion US dollar increase to the US defence budget over the next decade.

“This result could bring with it remarkable opportunities for the Australian defence industry and, thanks to the foresight of the Turnbull government, Australia is well positioned to grasp those opportunities.”

Yesterday, Mr Pyne told The Australian the country will take a “similar focus” to the United States in terms of its defence policy.

“At a time when the US is expanding capability, we are similarly focused. As we have demonstrated throughout the year, the government is putting defence at the very centre of our national policy agenda.”

Mr Giuliani acknowledged the Trump administration hopes to engage with China on economic issues, such as trade.

Yesterday, he told The Wall Street Journal the team wants to reset relations with both China and Russia.

But Mr Trump intends to label China a “currency manipulator” after taking office, which economic analysts say will likely contribute to rising tensions between the two countries.

Chinese media has taken a hostile response to Mr Trump’s more outlandish comments on the country during his campaign.

In May this year, the then-presidential candidate accused China of “raping” the United States economically, and vowed to impose a 45 per cent tariff on Chinese imports.

An article published in the country’s nationalistic newspaper The Global Times this week warned the Chinese government will be forced to “take a tit-for-tat approach” if the president-elect persisted with the trade war.

“If Trump wrecks Sino-US trade, a number of US industries will be impaired. Finally the new president will be condemned for his recklessness, ignorance and incompetence and bear all the consequences.”

This trade war may also present problems for Australia. China and the United States are our first and third largest trading partners respectively, and such an action could trigger a trade war if Beijing were to retaliate, which would directly impact these relationships.

All this said, Dr Yuan says it’s still too soon to panic over what the Trump administration may or may not do.

“The election fog is still here and we need time and information to get more realistic and accurate assessments,” he said.

“I remain cautiously optimistic.”

****

At issue with China is the waterway dispute instigated by China.

 CNN

Foreign Spies on our College Campuses

Posted on by

International Espionage on Campus

Bishop/CB: The idyllic American university campus conjures the image of a safe and open academic environment where students spend four or more years learning new ideas and preparing for future careers.  Professors challenge eager students to open their minds to old and new perspectives in science, mathematics, business, and of course, the arts and humanities.  Universities nurture an atmosphere where academics and scientists can engage in groundbreaking research, make advances in technology, and publish on novel theories and discoveries.

For many students, college may be the first time they are living on their own, allowing them to explore not only academic freedom but personal freedom. For parents coping with their children leaving home, some comfort is found in the expectation that while students are on campus the university will be actively taking measures to protect them from physical harm and risks that could affect their future.  Parents don’t realize that for some students, college may be the first time students are exposed to the clandestine world of international espionage.

Espionage knows no boundaries.  Foreign intelligence officers and spies lurk wherever there is information of value to be had or people with access to it. Information does not have to be a government secret for a foreign intelligence service to want to steal it.  Nation states play the Great Game to gain an advantage, whether political or economic, over their adversaries.  And there is plenty of information of value on American college campuses to attract the attention of adversary nations.  From advanced research in sciences and technology to professors with access to U.S. government officials, American universities are a target-rich environment for intelligence collection, intellectual property theft, and the illicit transfer of research and technology.   The welcoming nature of American universities—from unlocked entrances to university facilities, minimal investigation into the backgrounds of students enrolling in classes, and open admission to conferences, seminars, and other campus events—creates the perfect opportunity for undercover foreign intelligence officers or their human sources to slip onto campus and search for students who have potential for entering sensitive positions in the U.S. government or landing jobs with American companies engaged in the development and production of emerging and advanced technologies.

While the threat of espionage may not be apparent to parents and students, American universities have little excuse for not knowing about it.  Federal law enforcement agencies like the FBI regularly attempt to advise universities of the potential espionage threats on campus, and the media also has reported extensively on them.  The risks are real, knowable, and preventable, and universities that ignore the threats could face potentially devastating consequences to their reputations, relationships, and financial well being.  For students who do not fully appreciate the risk and get wrapped up on the wrong side of the clandestine world, the impact on their futures can be tremendous and irreversible.  Espionage on campus and the often-related illicit transfer of research and technology from school laboratories also contribute to immediate and long-term decline of U.S. national security interests and the competitive advantage the United States possesses in sciences and technology.  The university campus has been part of the Great Game chessboard for years. This is nothing new and not much has changed.

In 1930s Great Britain, five college students with communist sympathies came under the spell of espionage at the University of Cambridge.  Donald MacLean, Guy Burgess, Anthony Blunt, John Cairncross, and Kim Philby were in their undergraduate years when the NKVD, the Soviet precursor to the KGB, recruited them to serve the communist cause.  At the time, none of the students had access to information of value or persons of interest, but the NKVD believed these men, who came from the right social class, would find their way into positions of influence and access. They all did.

MacLean landed key positions in the UK’s foreign office, the equivalent of the U.S. Department of State.  Burgess held positions with the foreign office, the BBC, and MI6.  Blunt spent some time in MI5, served as the Surveyor of the King’s Pictures, and used his standing in academic and social circles to spot other potential Soviet spies. Cairncross made the rounds at MI6 and Bletchley Park, the precursor to the UK’s Government Communication Headquarters (GCHQ).  Kim Philby was the prize of the five.  While starting his espionage as a freelance journalist in the Spanish Civil War, which gave him access to pro-Franco forces—the ideological enemies of the Soviet Union—Philby returned to the UK and entered MI6.  There, he steadily rose through the ranks, eventually overseeing MI6’s counterintelligence operations against the Soviet Union. The Cambridge spies, most notably Philby, are still considered to be some of the most damaging spies in UK espionage history. The notoriety of these men is well known in England, and their association with the University of Cambridge as the Cambridge Ring or Cambridge Five will forever be remembered.

American universities have not been immune to the espionage efforts of foreign intelligence services.  In 1984, a student-spy working for the Cuban intelligence service and studying at Johns Hopkins University “spotted” Ana Montes as a potential Cuban recruit.  After being introduced to Cuban intelligence officers, Montes agreed to spy for Cuba while still a graduate student at Johns Hopkins.  She later became an intelligence analyst at the Defense Intelligence Agency (DIA), focusing on Cuban issues.  She was arrested in 2001 and sentenced to 20 years in prison.

Other known espionage or technology/research theft cases affecting the American university community include:

  • In 2002, Qingqiang Yin, a former Cornell University researcher was arrested before boarding a flight to Shanghai from New York.  He was carrying numerous bacteria samples and yeast cultures belonging to the university.  The FBI investigation revealed Yin was seeking a job with a research facility in China and offered to bring the bacteria and yeast cultures to China for commercial enzyme production.  He was sentenced to 12 months’ imprisonment for conspiracy to defraud the U.S. government.
  • In 2006, Carlos Alvarez, a psychology professor at Florida International University, admitted during a plea hearing that he had been a Cuban spy for nearly 30 years, gathering and transmitting information about Cuban exile groups to Cuban intelligence agents.  His wife Elsa, also a professor, admitted knowing of her husband’s conduct.  They were sentenced to five and three years’ imprisonment, respectively.  
  • In 2012, the FBI arrested 12 deep-cover Russian SVR intelligence officers who were engaged in espionage against various American targets.  One of the SVR officers was Cynthia Murphy, a.k.a. Lydia Guryeva, who while studying for a master’s degree at Columbia University, was tasked by the SVR to develop relationships with classmates and professors who have or will acquire access to secret information and to report on their backgrounds and characteristics, providing assessments on their vulnerability for recruitment as spies. The SVR also directed Guryeva to collect information on students seeking employment with the CIA.  After pleading guilty to failing to register as an agent of a foreign government, the United States returned Guryeva (and the other deep-cover officers) to Russia in exchange for prisoners held there. 
  •  
  • In 2013, Hua Jun Zhao, a Chinese research assistant at the Medical College of Wisconsin, was arrested and charged with economic espionage after stealing cancer research compounds and shipping them to China, where he allegedly planned to take them to a Chinese university for further development.  He pleaded guilty to the lesser charge of illegally downloading research data and was sentenced to time served (four-and-a-half months).
  •    Image result for Hua Jun Zhao
  • Since 2004, the Chinese government has opened numerous Confucius Institutes at universities across the world, including approximately 64 institutes at American universities.  While the stated mission of the institutes is to promote the study of Chinese language and culture abroad, concerns have been raised about the ulterior motives of these institutes.  Allegations have also surfaced that the institutes may be Trojan Horses used by the Chinese government to conduct espionage activities. Regardless of the public evidence available on the alleged intelligence function of these institutes, from this former intelligence officer’s perspective, they are the perfect front for penetrating American universities and targeting their students.  

Again, these are only examples of the espionage threats facing American universities.  These incidents and others have been well documented in the public domain, and American universities dedicated to risk management should know about them, if not for their own protection, then for the benefit of their donors and students and U.S. national security.

Today’s American university receives funding from a variety of sources, including alumni, businesses, philanthropic organizations, and federal and state governments.  Research grants from the public and private sectors are a significant source of income for universities, and donors want the university to reap the benefits of their contributions.  No donor wants to see years of research and funding illegally diverted to a foreign government or competitor.  A university that does not take this risk seriously could begin to see expected research grants and contributions being provided to other schools or facilities, especially when the U.S. government is the funding source.

Universities should also consider the disruption a law enforcement investigation into espionage on campus can have on its day-to-day operations, reputation, and ability to maintain investor (philanthropic) confidence.  The media will undoubtedly provide thorough coverage of an espionage investigation, the accuracy of which is not guaranteed.

Investigators will be removing and combing through files and records.  Computers may be seized, and electronic files of all kinds will be requested.  Interviews of those with knowledge of the incident or perpetrators will be required, and if a public trial takes place, there will be more disruption and publicity.  A university wanting to maintain or salvage its reputation after the uncovering of espionage on its campus will find it advantageous if it can truthfully state it has been cooperating with law enforcement on the investigation rather than have a story surface that the university was one of the obstacles law enforcement had to overcome in order to put an end to the espionage. Having the university’s name negatively associated with a foreign espionage investigation is not the kind of publicity a university will find easy to overcome.
For students, the consequences of becoming entangled in espionage could be severe.   Students make easy targets, and their idealism and naiveté can often get in the way of their judgment.  Once a student is recruited as a spy, his opportunities for reversing course without consequence are limited.  One only needs to look at the choices made by Glenn Duffie Shriver, an American just out of college and living in China, who was slowly manipulated by Chinese intelligence to seek employment with the CIA.  Shriver was arrested and sentenced to four years’ imprisonment after pleading guilty to conspiracy to commit unlawful conveyance of national defense information.  Shriver was released from prison in 2013, but he will be forever remembered as a Chinese spy.  Not a great resume builder.

From a national security perspective, espionage on campus also contributes to the perpetual and long-term decline of the United States’ competitive advantage over its adversaries.  The technology and research lost to other countries through espionage and theft robs the American economy of the commercial and economic benefits it would have derived in terms of jobs, profits, and scientific and technological advancement.  The stolen knowledge increases the commercial and economic standing of the countries that committed the theft to the detriment of the United States.  If the stolen technologies and research have military, defense, or security applications, then the losses also contribute to the threats the United States faces from countries and adversaries who seek to challenge or harm its national security interests.

Universities are a soft target for espionage and offer potentially lucrative rewards for our adversaries’ intelligence targeting efforts.  Every loss resulting from espionage or foreign theft at an American university is a gain for the adversaries of the United States. These risks and potential consequences transcend the inerrant concept of the open, academic environment.

Friday’s Web Outage, Gonna Be Worse due to Selling Access

Posted on by

Hackers Sell $7,500 IoT Cannon To Bring Down The Web Again

Forbes: Think Friday’s massive outage was bad? Worse is expected, as hackers are selling access to a huge army of hacked Internet of Things (IoT) devices designed to launch attacks capable of severely disrupting web connections, FORBES has learned. The finding was revealed just days after compromised cameras and other IoT machines were used in an attack that took down Twitter, Amazon Web Services, Netflix, Spotify and other major web companies.

In what is a first for the security company, RSA discovered in early October hackers advertising access to a huge IoT botnet on an underground criminal forum, though the company declined to say which one. (F-Secure chief research officer Mikko Hypponen said on Twitter after publication that it was the Tor-based Alpha Bay market). “This is the first time we’ve seen an IoT botnet up for rent or sale, especially one boasting that amount of firepower. It’s definitely a worrying trend seeing the DDoS capabilities grow,” said Daniel Cohen, head of RSA’s FraudAction business unit.

The seller claimed they could generate 1 terabit per second of traffic. That would almost equal the world record DDoS attack, which hit French hosting provider OVH earlier this month at just over 1 terabit. For $4,600, anyone could buy 50,000 bots (hacked computers under the control of hackers), whilst 100,000 cost $7,500. Together, those bots can combine resources to overwhelm targets with data, in what’s known as a distributed denial of service (DDoS) attack.

Cohen said he didn’t know if the botnet for hire was related to Mirai, the epic network of weaponized IoT computers used to swamp DYN – a domain name system (DNS) provider and the chief target of Friday’s attack – with traffic. But FORBES was able to find a forum post on Alpha Bay from the seller, who went by the name loldongs, which noted they had created a Mirai-based botnet. The original post was on 4 October, just a few days after the Mirai source code was made available to everyone. In a later post, in response to another user’s request, loldongs claimed: “I can take down OVH easily.”

Internet of Things botnet sold on undeground hacker forum

RSA uncovered a botnet for hire, made up of IoT devices like connected cameras and fridges. It could generate an astonishing amount of power, the company warned.

Statement By Secretary Johnson On Recent Cyber Incident

Release Date:
October 24, 2016

For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010

The Department of Homeland Security is closely monitoring events arising from the distributed denial of service attack on Dyn on Friday, October 21. Later that day, the Department convened a conference call of about 18 major communication service providers to share information about the incident. At this time, we believe the attack has been mitigated. We have shared relevant information with our partners and through our Automated Indicator Sharing program.

We are aware of one type of malware potentially used in this incident. This malware is referred to as Mirai and compromises Internet of Things devices, such as surveillance cameras and entertainment systems connected to the Internet. The NCCIC is working with law enforcement, the private sector and the research community to develop ways to mitigate against this and other related malware.

The Department has also been working to develop a set of strategic principles for securing the Internet of Things, which we plan to release in the coming weeks.

Rosoboronexport, Putin and Iran, N. Korea and Syria

Posted on by

On November 4, 2000, the Rosoboronexport Unitary enterprise was set up by Decree №1834 of the Russian President, Vladimir Putin, as the sole state intermediary agency for Russia’s military exports/imports.

In 2015: WASHINGTON (Reuters) – The United States has imposed sanctions on Russian and Chinese companies, including Russian state-owned arms exporter Rosoboronexport, for violating a U.S. law restricting weapons trade with Iran, North Korea and Syria.

The U.S. State Department published a notice of the sanctions in the Federal Register on Wednesday. They were later condemned by the Russian Foreign Ministry.

Moscow will take countermeasures in response to new U.S. sanctions, Interfax reported late on Wednesday, citing a commentary on the Russian Foreign Ministry’s website.

The State Department’s notice did not specify how each company had run afoul of the United States’ Iran, North Korea, and Syria Nonproliferation Act, but the act prohibits the trade with those three countries of goods, services, or technology used to make weapons of mass destruction or cruise or ballistic missiles.

Russia has supported Syrian President Bashar al-Assad in a 4 1/2-year-old civil war that has killed more than 200,000 people and displaced millions, including by supplying him with military gear.

Iran and North Korea are under United Nations arms embargoes.

The sanctions announced on Wednesday prohibit the U.S. government from procuring goods or services from the listed entities, as well as selling them defense-related goods and services. Additionally, no new licenses will be granted to export certain controlled goods to the listed entities, and any existing such licenses will be suspended.

Many of the entities targeted on Wednesday already faced multiple rounds of U.S. sanctions.

One of the individuals listed was Chinese businessman Li Fangwei, also known as Karl Lee. He has already been sanctioned for allegedly supplying Iran’s ballistic missile program in violation of an embargo. He denied the allegations in a 2013 interview with Reuters.

The companies sanctioned also included China’s BST Technology and Trade Co, which had previously been sanctioned by the United States in 2013, the Russian Aircraft Corp, and two North Korean firms. The Sudanese Armed Forces were also listed in the notice, as well as the overseas arm of Iran’s Islamic Revolutionary Guard Corps, called the Qods Force, and its commander, Qassem Soleimani.

Related reading: Rosoboronexport Naval Inventory

Related reading: Rosoboronexport Ground Force Inventory

**** It gets worse and U.S. voters need to take notice as to why any relationship with Moscow is sitting on the knife’s edge.

 

(Paris)– France should reconsider allowing Rosoboronexport, Russia’s state-owned arms trading company, to participate in Euronaval, a major international arms show being held outside of Paris from October 17 to 21, 2016, human rights groups EuroMed Rights and Human Rights Watch said today. The arms show is sponsored by the French Defense Ministry.

FRANCE SYRIA statement photo Russia Rosoboronexport 15 Oct 2016
The office building of Rosoboronexport company in Moscow, Russia, March 1, 2016.

© 2016 Reuters

Human rights organizations have called for the United Nations Security Council to impose an arms embargo on Syria, and for Rosoboronexport in particular to stop supplying arms to Syria in light of compelling evidence that the Syrian government is responsible for war crimes and crimes against humanity.

“France is leading the call on ending violations in Syria but at the same time allowing Russia, which is complicit in those violations, to promote its weapons and land new deals,” said Michel Tubiana, president of EuroMed Rights. “It’s not acceptable to do business as usual with a company arming a government engaged in systematic atrocities against its own people.”

More than 90 exhibitors from 70 countries are expected to attend the Euronaval arms show, including Rosoboronexport. Rosoboronexport said in October, 2015, that it is continuing to supply arms to the Syrian government despite its record of serious international human rights and humanitarian law violations.

Under international law, providing weapons to Syria while its forces are known to be committing war crimes and crimes against humanity may translate into aiding and abetting the commission of those crimes. Any arms supplier could bear potential criminal liability as an accessory to those crimes and could face prosecution. In addition to Rosoboronexport, all other suppliers of arms to Syria should be subject to scrutiny.

The Russian government began conducting military operations in Syria on September 30, 2015. Since then, Russian-Syrian airstrikes have hit civilian objects and caused civilian casualties, Syrian-Russian joint military operations have extensively used internationally banned cluster munitions, and there has been an increase in the use of incendiary weapons in Syria. Since September 19, 2016, Russian-Syrian forces have bombarded opposition-controlled parts of the city of Aleppo. The attacks included the use of indiscriminate barrel bombs, cluster munitions, and incendiary weapons, and damaged or partially destroyed at least five hospitals in six separate attacks.

In November 2015, the Rosoboronexport chief executive officer, Anatoly Isaikin, indicated that Russia’s military involvement in Syria was “good testimony for Russian armaments.” Media reports indicate that Russian airstrikes in Syria actually have contributed to buyer interest in weaponry from Rosoboronexport and could result in billions of dollars in new contracts.

Given its role in Syria, Rosoboronexport should not be allowed to promote itself and seek new contracts at Euronaval, the organizations said. Should Rosoboronexport be permitted to participate in the arms show, all arms show participants, including official delegations and private arms brokers, should decline to negotiate any new deals with Rosoboronexport.

**** Need more?

From UANI:

“Russia has offered Iran its latest Antey-2500 missiles, the head of Russian state defense conglomerate Rostec said on Monday according to media reports, after a deal to supply less powerful S-300 missiles was dropped under Western pressure. Sergei Chemezov said Tehran was now considering the offer, TASS news agency reported. Russia scrapped a contract to supply Iran with S-300 surface-to-air missiles under Western pressure in 2010, and Iran later filed a $4-billion international arbitration suit against Russia in Geneva, but the two countries remain allies.” (Reuters, “Russian offers Iran latest anti-aircraft missiles: TASS,”

2/23/15)

“Russia’s government-run weapons manufacturer is supplying equipment for Iran’s missile program, intelligence documents recently presented to the US Congress indicate. According to intelligence estimates, this does not represent official cooperation between Moscow and Tehran, but rather demonstrates the inability of the Russian government to prevent state firms from engaging in illegal trade with the Islamic Republic. The Russian firm in question is Rosoboronexport, which supplied Iran with defensive missile systems in 2006 and continues to maintain business ties with Iran in the missile sector.” (YnetNews, “Russian manufacturer selling missile equipment to Iran,” 6/11/12)

“For two years, the United States regarded Rosoboronexport, Russia’s official weapons exporter, as an international pariah for selling arms to Iran and Syria. Then, in 2010, the U.S. suddenly lifted sanctions against it. By June of this year, the reversal was complete: the Pentagon awarded the company a no-bid contract worth upwards of $1 billion… Rosoboronexport, whose annual revenues have grown to nearly $9 billion, had only recently been removed from the list of companies sanctioned by the U.S. State Department for violating U.S. laws prohibiting the sale of weapons to Iran and Syria. Among the suspected sales were surface-to-air missiles to Iran. But after sanctions were lifted, the Army went full steam ahead with plans to sole-source a $375 million contract to the Russian arms agency, now arguing that it was the only legitimate vendor of Russian armaments.” (Wired, “Russian Firm Got No-Bid Pentagon Contract After Selling Arms to Iran,” 8/31/11)

“Russia’s state arms export agency said Monday that it is supplying Iran with defensive weapons, including surface-to-air missiles, but did not say whether they include the sophisticated long-range S-300 missiles…Rosoboronexport said in a statement that ‘only weapons of a defensive nature are being supplied to Iran, including anti-aircraft weaponry.’ It added that, previously, Tor-M1 air-defense systems were supplied to Iran.” (AssociatedPress, “Russia giving Iran only defensive weapons,” 12/22/08)

“Rosoboronexport contracted with Iran late July to modernize 30 Su-24 front bombers which may bear tactic nuclear weapons. The contract is to be executed by Sukhoi.” (Kommersant, “Sanctions Imposed on Russian Companies Linked to Iran,” 08/05/2006)

In summary:

MOSCOW — The United States imposed sanctions against Russian state arms export agency Rosoboronexport and four Russian defense industry enterprises — including the MiG aircraft corporation — for alleged violations of a nonproliferation and missile technology control regime.

The State Department announced the sanctions in a notice posted on the Federal Register. Twenty-three firms across the world, including entities based in China, Turkey and the United Arab Emirates, had violated the Iran, North Korea and Syria Nonproliferation Act (INKSNA), it said.

“These entities were sanctioned based on credible information that they have been involved in the transfer or purchase to or from Iran, North Korea or Syria of goods, services or technology listed on multilateral export control lists, US national control lists, or other items that could make a material contribution to the development of weapons of mass destruction or missile proliferation,” said US Embassy Moscow spokesman Will Stevens.

The move prevents any US company or government agency from doing business with the sanctioned Russian defense entities, which include Russia’s state arms export agency Rosoboronexport.

Rosoboronexport is the doorway between Russia’s defense industry and foreign export customers. The agency claimed to have delivered $13.2 billion in military exports last year, and at the MAKS airshow last week said Russia’s export backlog amounts to $40 billion.

The famous MiG aircraft company was among those Russian companies singled out in the latest sanctions action — which closely coincided with the Department of Commerce announcing a new round of economic sanctions in response to the ongoing conflict in Ukraine.

The other three companies on today’s list were high-precision weapons maker Instrument Design Bureau (KBP) Tula; a rocket and missile design bureau near Moscow known as NPO Mishinostroyenia — the same bureau that designed the USSR’s SS-19 ICBM; and the Katod company in Novosibirsk.

Katod manufactures, among other things, night vision goggles that were sold in the US; the sanctions cut the company off from that market.

In comments carried by the TASS news agency on Wednesday, Katod CEO Vladimir Loktionov mocked the sanctions against his company as a sign that Russian night-vision technology intimidated US competitors.

“So, Russia doesn’t just pump oil, it can also do something that can compete with American companies,” Loktionov said, brushing off any impact the sanctions might have by claiming the majority of its customers are in the Moscow-led Eurasian Economic Union or one of the BRICS nations.

Russia’s Foreign Ministry was furious with the sanctions — both from the State and Commerce departments — responding in a statement later on Wednesday that the US is trying “to punish us for the rigorous pursuit of [our] national interests, and for the free choice of the inhabitants of Crimea and Sevastopol,” to join Russia last year.