Category Archives: China

Wenxia Man, Chinese Spy Found Guilty Stealing Aircraft Secrets

Posted on by

Illegally Export Fighter Jet Engines and Unmanned Aerial Vehicle to China

Wenxia Man, aka Wency Man, 45, of San Diego, was sentenced today to 50 months in prison for conspiring to export and cause the export of fighter jet engines, an unmanned aerial vehicle – commonly known as a drone – and related technical data to the People’s Republic of China in violation of the Arms Export Control Act.

The sentence was announced by Assistant Attorney General for National Security John P. Carlin, U.S. Attorney Wifredo A. Ferrer of the Southern District of Florida, Special Agent in Charge Mark Selby of the U.S. Immigration and Customs Enforcement’s Homeland Security Investigations (ICE-HSI) in Miami and Special Agent in Charge John F. Khin of the Department of Defense’s Defense Criminal Investigative Service (DCIS).

On June 9, 2016, Man was convicted by a federal jury in the Southern District of Florida of one count of conspiring to export and cause the export of defense articles without the required license.

According to evidence presented at trial, between approximately March 2011 and June 2013, Man conspired with Xinsheng Zhang, who was located in China, to illegally acquire and export to China defense articles including: Pratt & Whitney F135-PW-100 engines used in the F-35 Joint Strike Fighter; Pratt & Whitney F119-PW-100 turbofan engines used in the F-22 Raptor fighter jet; General Electric F110-GE-132 engines designed for the F-16 fighter jet; the General Atomics MQ-9 Reaper/Predator B Unmanned Aerial Vehicle, capable of firing Hellfire Missiles; and technical data for each of these defense articles. During the course of the investigation, when talking to an undercover HSI agent, Man referred to Zhang as a “technology spy” who worked on behalf of the Chinese military to copy items obtained from other countries and stated that he was particularly interested in stealth technology.

HSI and DCIS investigated the case. Assistant U.S. Attorney Michael Walleisa of the Southern District of Florida and Trial Attorney Thea D. R. Kendler of the National Security Division’s Counterintelligence and Export Control Section prosecuted the case.

 Photo: balicad24.com 

Announcement by the Justice Department

Related reading: 5 Weapons China Stole & Copied from the US

Related reading: Chinese cyber spies may be watching you, experts warn

In part from FreeBeacon:

Michael Walleisa, assistant U.S. Attorney for the Southern District of Florida, asked the judge to impose the maximum sentence of 78 months for the weapons conspiracy conviction.

“There is hardly a more serious case than a case such as this that involves some of our most sophisticated fighter jet engines and unmanned weaponized aerial drones,” Walleisa said in a sentencing memorandum.

“The potential for harm to the safety of our fighter pilots, military personnel, and national security which would occur had the defendant been successful is immeasurable, particularly where, as here the clear intent of the co-conspirators was to enable the People’s Republic of China to reverse engineer the defense articles and manufacture fighter jets and UAV’s.”

The conspiracy revealed that China was seeking to “increase its military capabilities and might to the potential detriment of the United States,” Walleisa said.

The U.S. government imposed an arms embargo on China in 1990 following the Chinese military’s massacre of unarmed pro-democracy protesters in Beijing’s Tiananmen Square a year earlier.

Between 2011 and 2013, Man and Zhang worked together to solicit three sets of General Electric and Pratt and Whitney turbofan engines for the F-35, F-22, and F-16 jets, as well as a General Atomics Reaper drone and technical details of the equipment. The Chinese were prepared to pay $50 million for the embargoed items.

Authorities launched an investigation of the case after Man contacted a defense industry source who alerted U.S. Immigration and Customs Enforcement’s Homeland Security Investigations unit in Miami. The Pentagon’s Defense Criminal Investigative Service also investigated the case.

Man used a company called AFM Microelectronics, Inc. in trying to buy the military equipment. She disclosed to an undercover federal agent in 2012 that the jet engines were meant for the Chinese government and that she knew it was illegal to export them, according to court papers.

China is engaged in a major military buildup that includes two new advanced stealth jet fighters that U.S. intelligence agencies say benefitted from stolen American aircraft technology.

The attempt to buy embargoed jet fighter engines highlights what military analysts say is China’s major technology shortfall—its inability to manufacture high-quality jet engines. Turbofan engines require extremely precise machine work and parts because of the high speeds of their spinning engine fans.

Zhang was described by the government in court papers as a “technology spy” working for China’s military-industrial complex. The Chinese government buys arms and military technology from Russia and other states “so that China can obtain sophisticated technology without having to conduct its own research,” the indictment in the case states.

The name of the Chinese entity was not disclosed. China’s government defense industry group is SASTIND, an acronym for State Administration for Science, Technology and Industry for National Defense.

Zhang sought to buy the operating system and aircraft control system for the MQ-9 Reaper as well as the unmanned aerial vehicle itself and the technical design data for the aircraft. The drone sought was an armed version capable of firing Hellfire missiles.

Man, 45, was convicted of one count of conspiracy to export defense goods with a license.

At sentencing on Friday, U.S. District Judge Beth Bloom told the court that Man hoped to get a $1 million commission on the illegal export and that she wanted to help China compete with the United States militarily.

“I’m innocent,” Man told the judge, the South Florida Sun-Sentinel newspaper reported. “This is my country, too.” She plans to appeal the conviction that was reached after a jury trial in June.

Michael Pillsbury, a China specialist at the Hudson Institute, said the Man case highlights China’s large-scale technology theft program.

“The scope and the ambition of their technology intelligence collection is breathtaking,” said Pillsbury. “They’re not after petty secrets.”

The Man case is similar to an earlier Chinese technology acquisition operation headed by Chi Mak, another naturalized Chinese citizen. In 2007, Mak, an electrical engineer at the U.S. firm Power Paragon, was convicted of conspiracy to export sensitive electronics defense technology to China.

Mak was a long-term technology spy who operated for 20 years. U.S. officials believe Mak provided China with secrets to the Aegis battle management system, the heart of current Navy warships.

China has deployed a similar version of the Aegis ship, known as the Type 052D warship.

 

The Russians Hacked the NSA? Ah…What?

Posted on by

This is bad bad bad….and panic has struck Washington DC ….payment is to be in Bitcoins…

Graphics of files below courtesy of Arstechnica.

    

More here in further detail.

*****

Most outside experts who examined the posts, by a group calling itself the “Shadow Brokers,” said they contained what appeared to be genuine samples of the code — though somewhat outdated — used in the production of the NSA’s custom-built malware. Most of the code was designed to break through network firewalls and get inside the computer systems of competitors like Russia, China and Iran. That, in turn, allows the NSA to place “implants” in the system, which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack.  More here.

NSA and the No Good, Very Bad Monday

LawFare: Monday was a tough day for those in the business of computer espionage. Russia, still using the alias Guccifer2.0, dumped even more DNC documents. And on Twitter, Mikko Hypponen noted an announcement on Github that had gone overlooked for two days, a group is hosting an auction for code from the “Equation Group,” which is more commonly known as the NSA. The auctioneer’s pitch is simple, brutal, and to the point:

How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.

This release included two encrypted files, and the password to one was provided as proof while the other remains encrypted. The attackers claim that they will provide the password to the second file to the winner of a Bitcoin auction.

The public auction part is nonsense. Despite prevailing misconceptions on cryptocurrency, Bitcoin’s innate traceability means that no one could really expect to launder even $1M out of a high profile Bitcoin wallet like this one without risking detection, let alone the $500M being requested for a full public release. The auction is the equivalent of a criminal asking to be paid in new, marked, sequential bills. Because the actors here are certainly not amateurs, the auction is presumably a bit of “Doctor Evil” theater—the only bids will be $20 investments from Twitter jokesters.

But the proof itself appears to be very real. The proof file is 134 MB of data compressed, expanding out to a 301 MB archive. This archive appears to contain a large fraction of the NSA’s implant framework for firewalls, including what appears to be several versions of different implants, server side utility scripts, and eight apparent exploits for a variety of targets.

The exploits themselves appear to target Fortinet, Cisco, Shaanxi Networkcloud Information Technology (sxnc.com.cn) Firewalls, and similar network security systems. I will leave it to others to analyze the reliability, versions supported, and other details. But nothing I’ve found in either the exploits or elsewhere is newer than 2013.

Because of the sheer volume and quality, it is overwhelmingly likely that this data is authentic. And it does not appear to be information taken from compromised targets. Instead, the exploits, binaries with help strings, server configuration scripts, 5 separate versions of one implant framework, and all sort of other features indicate that this is analyst-side code—the kind that probably never leaves the NSA.

It is also unlikely that this data is from the Snowden cache. Those documents focused on PowerPoint slides and shared data, not detailed exploits. Besides NSA, the only plausible candidate for ownership is GCHQ—and the implications of stealing Top Secret data from GCHQ and modifying it to frame the NSA would themselves be startling.

All this is to say that there is relatively high confidence that these files contain genuine NSA material.

From an operational standpoint, this is not a catastrophic leak. Nothing here reveals some special “NSA magic.” Instead, this is evidence of good craftsmanship in a widely modular framework designed for ease of use. The immediate consequence is probably a lot of hours of work down the drain.

But the big picture is a far scarier one. Somebody managed to steal 301 MB of data from a TS//SCI system at some point between 2013 and today. Possibly, even probably, it occurred in 2013. But the theft also could have occurred yesterday with a simple utility run to scrub all newer documents. Relying on the file timestamps—which are easy to modify—the most likely date of acquisition was June 11, 2013 (see Update, however). That is two weeks after Snowden fled to Hong Kong and six days after the first Guardian publication. That would make sense, since in the immediate response to the leaks, as the NSA furiously ran down possible sources, it may have accidentally or deliberately eliminated this adversary’s access.

As with other recent cyber conflicts, the  espionage aspect is troubling but not entirely new. It’s very, very bad that someone was able to go rummaging through a TS//SCI system—or even an unclassified Internet staging system where the NSA operator unwisely uploaded all this data—and to steal 300 MB of data. But whoever stole this data now wants the world to know—and that has much graver implications. The list of suspects is short: Russia or China. And in the context of the recent conflict between the US and Russia over election interference, safe money is on the former.

Right now, I’d imagine that the folks at NSA are having rather unpleasant conversations about what the other encrypted file might contain, and what other secrets this attacker may have gained access to. Even if they were aware of the attack that resulted in this leak, there’s no way of knowing what is in the other archive. Is there evidence of another non-Snowden insider who went silent three years ago? Was a TS//SCI system remotely compromised? Was there some kind of massive screw-up at an agency which prides itself on world class OPSEC? Some combination of the three?

And—most chillingly—what else might be released before this war of leaks is over?

 

Update:  Thanks to @botherder for pointing out that a couple files have a newer date:  One file has a date of June 17th, 2013; another has a date of July 5th, 2013; three setup strips are dated September 4th, 2013; and two have dates of October 18th 2013.  One of those files (which I’m currently investigating) is the database of allocated Ethernet MAC addresses, which may be able to identify a later minimum date of compromise.  If the latter date of October 18th, 2013 is correct, this is even more worrysome, as this suggests that the compromise happened four months after the initial Snowden revelations—a period of time when the NSA’s systems should have been the most secure.

Update 2: Looking at the dates again, it now does seem somewhat likely that this was data copied on June 11th, 2013 with a few updates with a compromise after October 18th.  This does make it more likely that this was taken from a set of files deliberately moved onto a system on the Internet used for attacking others.  To my mind, this is actually an even scarier possibility than the NSA internal system compromise: This scenario would have the NSA, after the Snowden revelations, practicing some incredibly awful operational security.  Why should the NSA include five different versions of the same implant on a system used to attack other systems on the Internet?  Let alone implants which still have all the debugging strings, internal function names, and absolutely no obfuscation?

Update 3: Kaspersky confirms that the particular use of RC6 matches the unique design present in other Equation Group malcode.  XORcat apparently confirmed that the Cisco exploit works and, due to the versions it can attack, was a zero day at the time.  This exploit would generally work to take over a firewall from the inside of a target network since it did require limited access that is almost always blocked from the outside.

*****

In part from the WashingtonPost:

A cache of hacking tools with code names such as Epicbanana, Buzzdirection and Egregiousblunder appeared mysteriously online over the weekend, setting the security world abuzz with speculation over whether the material was legitimate.

The file appeared to be real, according to former NSA personnel who worked in the agency’s hacking division, known as Tailored Access Operations (TAO).

“Without a doubt, they’re the keys to the kingdom,” said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”

Said a second former TAO hacker who saw the file: “From what I saw, there was no doubt in my mind that it was legitimate.”

“Faking this information would be monumentally difficult, there is just such a sheer volume of meaningful stuff,” Nicholas Weaver, a computer security researcher at the University of California at Berkeley, said in an interview. “Much of this code should never leave the NSA.”

The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox.

At the same time, other spy services, like Russia’s, are doing the same thing to the United States.

It is not unprecedented for a TAO operator to accidentally upload a large file of tools to a redirector, one of the former employees said. “What’s unprecedented is to not realize you made a mistake,” he said. “You would recognize, ‘Oops, I uploaded that set’ and delete it.”

Critics of the NSA have suspected that the agency, when it discovers a software vulnerability, frequently does not disclose it, thereby putting at risk the cybersecurity of anyone using that product. The file disclosure shows why it’s important to tell software-makers when flaws are detected, rather than keeping them secret, one of the former agency employees said, because now the information is public, available for anyone to employ to hack widely used Internet infrastructure. Read the full article here.

The Authority of the Internet is Turned Over in 2 Months

Posted on by

This is surrender of the one place in the world where there is some freedom, the internet. The transfer date is September 30, 2016. Is this a big deal? Yes…..China and Russia don’t have a 1st amendment and it appears only one senator is waging the war to stop the transfer, Ted Cruz.

“From the very first days of the internet, the American government has maintained domain names and ensured equal access to everyone with no censorship whatsoever,” Cruz says in the video. “Obama wants to give that power away.”

That move poses a “great threat” to national security, Cruz said. Starting on the transfer date of Sept. 30, ICANN control could allow foreign governments to prohibit speech that they don’t agree with, he added.

Cruz has added an amendment to the Senate’s Highway Bill that would require an up-or-down vote on the administration’s plan to give ICANN control over names and numbers. And Cruz’s Protecting Internet Freedom Act, proposed with Republican Rep. Sean Duffy (Wis.), would prevent the transfer of authority to the global group. More from The Blaze.

*****

Twenty-five advocacy groups and some individuals have told leaders in the Senate and the House of Representatives that key issues about the transition are “not expected to be fully resolved until summer 2017.”

“Without robust safeguards, Internet governance could fall under the sway of governments hostile to freedoms protected by the First Amendment,” wrote the groups, which include TechFreedom, Heritage Action for America and Taxpayers Protection Alliance. “Ominously, governments will gain a formal voting role in ICANN for the first time when the new bylaws are implemented.” Read more here from PCWorld.

America to hand off Internet in under two months

WashingtonExaminer: The Department of Commerce is set to hand off the final vestiges of American control over the Internet to international authorities in less than two months, officials have confirmed.

The department will finalize the transition effective October 1, Assistant Secretary Lawrence Strickling wrote on Tuesday, barring what he called “any significant impediment.”

The move means the Internet Assigned Numbers Authority, which is responsible for interpreting numerical addresses on the Web to a readable language, will move from U.S. control to the Internet Corporation for Assigned Names and Numbers, a multistakeholder body that includes countries like China and Russia.

Critics of the move, most prominently Texas Republican Sen. Ted Cruz, have pointed out the agency could be used by totalitarian governments to shut down the Web around the globe, either in whole or in part.

Opponents similarly made the case that Congress has passed legislation to prohibit the federal government from using tax dollars to allow the transition, and pointed out that the feds are constitutionally prohibited from transferring federal property without approval from Congress. A coalition of 25 advocacy groups like Americans for Tax Reform, the Competitive Enterprise Institute, and Heritage Action sent a letter to Congress making those points last week.

While those issues could, in theory, lead to a legal challenge being filed in the days following the transfer, the administration has expressed a desire to finish it before the president leaves office, a position that Strickling reiterated.

“This multistakeholder model is the key reason why the Internet has grown and thrived as a dynamic platform for innovation, economic growth and free expression,” Strickling wrote. “We appreciate the hard work and dedication of all the stakeholders involved in this effort and look forward to their continuing engagement.”

China Expanding Militarization of Disputed Islands

Posted on by

Into the equation comes Vietnam.

BI: Vietnam has discreetly fortified several of its islands in the disputed South China Sea with new mobile rocket launchers capable of striking China’s runways and military installations across the vital trade route, according to Western officials.

Diplomats and military officers told Reuters that intelligence shows Hanoi has shipped the launchers from the Vietnamese mainland into position on five bases in the Spratly islands in recent months, a move likely to raise tensions with Beijing.

The launchers have been hidden from aerial surveillance and they have yet to be armed, but could be made operational with rocket artillery rounds within two or three days, according to the three sources. More here from BusinessInsider.

Photos suggest China built reinforced hangars on disputed islands: CSIS

Reuters: Satellite photographs taken in late July show China appears to have built reinforced aircraft hangars on its holdings in disputed South China Sea islands, a Washington-based research group said.

The hangars on Fiery Cross, Subi and Mischief Reefs in the Spratly islands have room for any fighter jet in the Chinese air force, the Center for Strategic and International Studies (CSIS) said in a report on the photographs.

The images have emerged about a month after an international court in The Hague ruled against China’s claims in the resource-rich area, a decision rejected by Beijing. China claims most of the South China Sea, through which $5 trillion in ship-borne trade passes every year. The Philippines, Vietnam, Malaysia, Taiwan and Brunei have overlapping claims.

Related reading: U.S. publicly challenges China’s moves in disputed islands

The United States has urged China and other claimants not to militarize their holdings in the South China Sea.

CSIS said that apart from a brief visit to Fiery Cross Reef by a military transport plane earlier in the year, “there is no evidence that Beijing has deployed military aircraft to these outposts.”

The rapid construction of the hangars, however, “indicates that this is likely to change.”

A U.S. defense official, speaking on condition of anonymity, said it was unlikely the hangers would be used for civilian purposes.

“It’s not like the hangers are for mail planes, they are likely for jets,” the official said.

The official added, however, that the Chinese move was seen as skirting around the line rather than crossing it, and there would be increased concern if China actually moved in military aircraft and started using a reef as a forward operating base.

China has repeatedly denied doing so and has in turn criticized U.S. patrols and exercises for ramping up tensions.

“China has indisputable sovereignty over the Spratly islands and nearby waters,” China’s Defence Ministry said in a faxed response to a request for comment on Tuesday.

“China has said many times, construction on the Spratly islands and reefs is multipurpose, mixed, and with the exception of necessary military defensive requirements, are more for serving all forms of civil needs.”

The hangars all show signs of structural strengthening, CSIS said. The new images were first reported by the New York Times.

Other facilities including unidentified towers and hexagonal structures have also been built on the islets in recent months, CSIS said.

Ties around the region have been strained in the lead-up to and since The Hague ruling.

China has sent bombers and fighter jets on combat patrols near the contested South China Sea islands, state media reported on Saturday. Japan has complained about what it has said were multiple intrusions into its territorial waters around another group of islands in the East China Sea.

Beijing Defiant After Ruling on S. China Sea Claims

Posted on by

Hague Court Strikes Down Beijing’s South China Sea Claims

In a victory for the Philippines, an international tribunal ruled China’s expansive claims in the South China Sea are illegal, setting the stage for more tension in one of the world’s flashpoints.

  US Navy Base Japan

ForeignPolicy: An international tribunal delivered a stinging rebuke to China on Tuesday, ruling unanimously that Beijing has no historic title to the huge swathe of the South China Sea that it claims.

The decision by the Permanent Court of Arbitration in The Hague represents the first explicit, legal repudiation of China’s claims to the waters of the South China Sea, a territorial land grab that has in recent years soured relations between Beijing and many of its neighbors, especially the Philippines. China refused to recognize the tribunal and has repeatedly said that it will ignore the decision, which is binding and not subject to appeal.

Related reading: Ramifications of Hague Decision

The much-awaited decision will almost certainly further inflame tensions in the South China Sea, which has seen frequent clashes between Chinese coast guard ships and fishermen and vessels from other countries. The United States has over the past year sought to uphold international law and freedom of navigation in one of the world’s busiest waterways by dispatching navy ships to sail through waters that Beijing has tried to fence off.

As expected, Beijing dismissed the ruling. China’s state-run Xinhua news agency said the “law-abusing tribunal” had handed down an”ill-founded award.”

Related reading: Full text: China calls Hague Tribunal verdict ‘null and void’, says it’s not ‘binding’

China’s defense ministry said its troops would “unswervingly safeguard state sovereignty, security, maritime rights and interests,” according to state broadcaster CCTV.

Photo: MOFA  Read the full statement of China’s Defense Minister here.

Wary of China’s reaction to the verdict, the Philippines called for “restraint.”

“Our experts are studying this award with the care and thoroughness that this significant arbitral outcome deserves,” Foreign Affairs Secretary Perfecto Yasay told reporters.

“We call on all those concerned to exercise restraint and sobriety. The Philippines strongly affirms its respect for this milestone decision,” he said.

In the wake of the ruling by the panel, which China has spent months trying to discredit, experts said Beijing could respond in a variety of ways. It could send more fighter jets to bases it is building on the disputed islets, or it could declare an air defense identification zone in part of the South China Sea, much as it did in 2013 in the East China Sea.

China could also ratchet up the fight with the Philippines by carrying out dredging and reclamation work at Scarborough Shoal, one of the features close to the Philippine coast and a reef at the center of the spat between the two countries. Or China could even try to blockade Philippine marines currently stationed at one of the tiny atolls, potentially threatening a showdown with the United States, which has a mutual defense treaty with Manila.

“The only person who knows what China’s response will be is Xi Jinping. It’s going to be his decision and nobody else’s,” said Gregory Poling, director of the Asia Maritime Transparency Initiative and a fellow at the Center for Strategic and International Studies, and an expert on the South China Sea disputes.

The ruling, capstone to a 2013 complaint brought by the Philippines, considered three broad issues. Does China, as it maintains through its proclamation of a so-called “nine dash line,” have “historic rights” to the waters around the Spratly Islands, hundreds of miles from the Chinese coast? Do those tiny reefs and rocks actually amount to islands, which would give their owner exclusive claim to the economic resources nearby? And has China, in its rush to dredge coral atolls to build artificial islands and fence off the area from the Philippines, violated the U.N. Convention on the Law of the Sea?

The panel found that while Chinese fishermen have in the past plied the waters around the Spratlys, that does not amount to any sort of legal claim to the resources there today.

“There was no legal basis for China to claim historic rights to resources,” the panel ruled, “within the sea areas falling within the ‘nine-dash line’.”

The tribunal also determined that none of the features in the Spratly Islands — with names like Mischief Reef and Fiery Cross Reef — amount to actual islands. That means that, regardless of which country has sovereignty over those rocks and atolls (a question the Hague panel did not consider), they do not grant any legal entitlement to a 200-mile wide exclusive economic zone in the surrounding waters.

Finally, the panel found that China had violated the Philippines’ rights in the waters off its coast, by, for example, interfering with Manila’s ability to drill for oil or fish in seas that by law belong to the Philippines.

“The Tribunal therefore concluded that China had violated the Philippines’ sovereign rights with respect to its exclusive economic zone and continental shelf,” the panel noted in its nearly-500 page ruling.

The tribunal also determined that China had violated environmental provisions of the international law of the sea by tearing up coral reefs to build artificial islands. And the panel also found in the past three years China has aggravated the dispute with the Philippines due to its land reclamation campaign and aggressive and illegal behavior by Chinese ships.

The panel concluded that both countries, since they ratified the Law of the Sea Treaty, are bound to comply with Tuesday’s decision.