Category Archives: China

Server-Gate or Deep Throat Part 2?

Posted on by

Hillary says often that the State Department gave her permission to use a private server and email. Think about that, who at State did that? She was HEAD of the State Dept, so did she give herself permission? C’mon….

Then there is the excuse that everyone does it so it must be okay right?

State Department’s Cybersecurity Weakened Under Hillary Clinton

From 2011 to 2014, the State Department’s poor cybersecurity was identified by the inspector general as a “significant deficiency.”

WASHINGTON (AP) — The State Department was among the worst agencies in the federal government at protecting its computer networks while Hillary Rodham Clinton was secretary from 2009 to 2013, a situation that continued to deteriorate as John Kerry took office and Russian hackers breached the department’s email system, according to independent audits and interviews.

The State Department’s compliance with federal cybersecurity standards was below average when Clinton took over but grew worse in each year of her tenure, according to an annual report card compiled by the White House based on audits by agency watchdogs. Network security continued to slip after Kerry replaced Clinton in February 2013, and remains substandard, according to the State Department inspector general.

In each year from 2011 to 2014, the State Department’s poor cybersecurity was identified by the inspector general as a “significant deficiency” that put the department’s information at risk. The latest assessment is due to be published in a few weeks.

Clinton, the front-runner for the Democratic presidential nomination, has been criticized for her use of a private email server for official business while she was secretary of state. Her private email address also was the recipient of malware linked to Russia, and her server was hit with malware from China, South Korea and Germany. The FBI is investigating whether her home server was breached.

State Department officials don’t dispute the compliance shortcomings identified in years of internal audits, but argue that the audits paint a distorted picture of their cybersecurity, which they depict as solid and improving. They strongly disagree with the White House ranking that puts them behind most other government agencies. Senior department officials in charge of cybersecurity would speak only on condition of anonymity. More here.

With Jake Tapper, Hillary laughed at this scandal…a weird moment in that interview.

Observer: Hillary Clinton emerged from Tuesday night’s inaugural Democratic debate in Las Vegas the clear leader in her party’s field. As Democrats attempt to hold onto the White House in 2016, polling demonstrated a revitalized Hillary campaign, which had been in the doldrums for months due to the ongoing scandal about her misuse of email as Secretary of State.

Mounting talk of Vice President Joe Biden entering the race–to take the place of an ailing Hillary–has dissipated in the wake of the debate, where Ms. Clinton dismissed the email issues as Republican-driven political theater. That Senator Bernie Sanders vigorously backed Ms. Clinton on the point helped her cause, as did her brusque dismissal of Lincoln Chafee’s efforts to raise the issue again, which got raucous applause from the crowd.

It’s evident the Democratic base agrees with Ms. Clinton that her emails are just GOP theatrics. President Obama reflected the sentiment in an interview with 60 Minutes airing two days before the debate, during which he allowed that Secretary Clinton had “made a mistake” with her email but it “is not a situation in which America’s national security was endangered.”

Though the White House soon walked back on some of the president’s statements, which seemed to many to be inappropriate West Wing commentary regarding an ongoing FBI investigation, it’s apparent that the Clinton campaign and the Obama team have united around a message: this issue is fundamentally contrived by Republicans, and is certainly not a threat of any kind to national security.

Democrats unsurprisingly find this take congenial, but it’s less clear if other Americans consider it persuasive. Naturally, Republicans view Ms. Clinton’s email activities with a great deal of suspicion, but recent polls show even independents have concerns regarding EmailGate and Ms. Clinton’s honesty. While the Clinton camp is now confident the email problems will likely not bar her party’s nomination next summer, the issue may loom larger in the race for the White House next fall.

There’s also the matter of exactly what the FBI is investigating. Recent revelations hint that the compromising of classified information on Ms. Clinton’s “private” email and server was more serious than originally believed. While earlier reports indicated only a small percentage of the sensitive information that “spilled over” onto Ms. Clinton’s personal email was highly classified at the Top Secret level, that may be only a small portion of what was potentially compromised.

Particularly disturbing is the report that one of the “personal” emails Ms. Clinton forwarded included the name of a top CIA asset in Libya, who was identified as such. The source of this information was Tyler Drumheller, a retired senior CIA operations officer, who served as a sort of one-man private spy agency for Sid Blumenthal, the Clintons’ close family friend and factotum whose sometimes long-winded emails, particularly regarding Libya, have generated much of the controversy behind EmailGate.

Mr. Drumheller became a fleeting hero to liberals with his resistance to George W. Bush’s White House over skewed intelligence behind the 2003 invasion of Iraq, but he was never particularly popular at CIA and he left Langley under something of a cloud. His emails to Mr. Blumenthal, which were forwarded to Ms. Clinton, were filled with espionage-flavored information about events in Libya. In many cases, Mr. Drumheller’s reports were formatted to look exactly like actual CIA reports, including attribution to named foreign intelligence agencies. How much of this was factual versus Mr. Drumheller embellishing his connections is unclear.

What is abundantly clear is that the true name of an identified CIA asset is a highly classified fact and intentionally revealing it is a Federal crime, which Mr. Drumheller, a career spy, had to know. Why he compromised this person who was secretly helping the United States – possibly endangering his life in the process — may never be known because Mr. Drumheller conveniently died of cancer in early August.

Libya may have a great deal to worry about since new information continues to show just how slipshod Ms. Clinton’s security measures were for her “private” server. That Ms. Clinton’s server experienced multiple cyber-attacks from abroad, including by Russians, does not inspire confidence that any classified information stored in her emails remained in American hands.

To make matters worse, a recent investigation by the Associated Press demonstrates that even relatively low-skill hackers could have hacked Hillary’s unencrypted server, which was left vulnerable to exposure on the open Internet to a degree that cyber-warriors find difficult to believe. “Were they drunk?” a senior NSA official asked me after reading the AP report. “Anybody could have been inside that server – anybody,” he added.

Since the communications of any Secretary of State are highly sought after by dozens of intelligence agencies worldwide – a reality expressed by Secretary John Kerry recently when he said it’s “very likely” the Russians and Chinese are reading his email, a view that any veteran spy would endorse – Ms. Clinton putting her emails at such risk means they have to be assumed to be compromised. If the more skilled state-connected hackers in Russia can fool even NSA these days, they could have gotten into Hillary’s unprotected server without breaking a sweat.

This makes Mr. Obama’s quip that EmailGate represents no threat to American national security all the more puzzling in its dishonesty. Unsurprisingly, some at the FBI are not pleased the president made this pronouncement before the Bureau completed its investigation. “We got the message,” an FBI agent at the Washington Field Office, which is spearheading the EmailGate case, explained: “Obama’s not subtle sometimes.”

In 2012, while the FBI was investigating CIA director David Petraeus for mishandling classified information, Mr. Obama similarly dismissed the national security implications of the case at a press conference. Although FBI director James Comey pressed for serious charges against Mr. Petraeus, the White House demurred and the Department of Justice allowed him to plead guilty to a misdemeanor, sentenced to probation with no jail time.

Some at the FBI were displeased by this leniency and felt Mr. Obama showed his hand to the public early, compromising the Bureau’s investigation. Is the same happening with Ms. Clinton? It’s too soon to say, though the anger of some at the FBI has seeped into the media already. Comments to tabloids reflect the widespread frustration and fear among federal law enforcement and intelligence circles that Mr. Obama will let Ms. Clinton skate free from EmailGate.

For now, the FBI is pursuing its investigation with diligence, bringing other intelligence agencies into the case, and recent reports indicate that specific provisions of the Espionage Act are being re-read carefully, particularly regarding “gross negligence” – which may be the most appropriate charge that Ms. Clinton or members of her inner circle could face.

It will be weeks, even months, before the FBI’s investigation concludes and the Department of Justice has to decide whether any of the events surrounding EmailGate reach the threshold of prosecution. Many in the FBI and the Intelligence Community suspect the fix is already inside the West Wing to prevent that from happening, but it’s still early in this investigation.

It can be expected that if the White House blocks Hillary’s prosecution during the election campaign, leaks will commence with a vengeance. “Is there another Mark Felt out there, waiting?” asked a retired senior FBI official. “There usually is,” he added with a wry smile, citing the top Bureau official who, frustrated by the antics of the Nixon White House, became the notorious “Deep Throat”who leaked the dirty backstory to Watergate to the Washington, DC, media.

Mr. Obama and the Clinton camp should be advised to be careful about who they throw under the bus in this town.

Obama vs. China President Xi, Hacking

Posted on by

A new unit of the People’s Liberation Army was identified last week by cyber security researchers as Unit 78020 based in Kunming, in Yunnan Province.
The unit’s operations have been tracked for five years and have included targeted attacks on states in the region that are challenging Beijing’s strategic program of seeking to control the sea through building up small islands and reefs and then deploying military forces on them.
“Unit 78020 conducts cyber espionage against Southeast Asian military, diplomatic, and economic targets,” according to a security report on the unit that included a satellite photo of the unit’s Kunming compound.
“The targets include government entities in Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nepal, the Philippines, Singapore, Thailand, and Vietnam as well as international bodies such as United Nations Development Program (UNDP) and the Association of Southeast Asian Nations (ASEAN).” More details here.

Chinese president Xi Jinping is supposed to have dinner this evening with U.S. president Barack Obama. Wonder if the name Ge Xing will come up?Ge Xing is the subject of a joint report published this morning by ThreatConnect and Defense Group Inc., computer and national security service providers respectively. Ge is alleged to be a member of the People’s Liberation Army unit 78020, a state-sponsored hacking team whose mission is to collect intelligence from political and military sources to advance China’s interests in the South China Sea, a key strategic and economic region in Asia with plenty of ties to the U.S.

The report connects PLA 78020 to the Naikon advanced persistent threat group, a state-sponsored outfit that has followed the APT playbook to the letter to infiltrate and steal sensitive data and intellectual property from military, diplomatic and enterprise targets in a number of Asian countries, as well as the United Nations Development Programme and the Association of Southeast Asian Nations (ASEAN).

Control over the South China Sea is a focal point for China; through this region flows trillions of dollars of commerce and China has not been shy about claiming its share of the territory. The report states that China uses its offensive hacking capabilities to gather intelligence on adversaries’ military and diplomatic intentions in the regions, and has leveraged the information to strengthen its position.“The South China Sea is seen as a key geopolitical area for China,” said Dan Alderman, deputy director of DGI. “With Naikon, we see their activity as a big element of a larger emphasis on the region and the Technical Reconnaissance Bureau fitting into a multisector effort to influence that region.”The report is just the latest chess piece hovering over Jinping’s U.S. visit this week, which began in earnest yesterday with a visit to Seattle and meetings with giant technology firms such as Microsoft, Apple and Google, among others.

Those companies want to tap into the growing Chinese technology market and the government there is using its leverage to get them to support stringent Internet controls imposed by the Chinese government. A letter sent to American technology companies this summer, a New York Times report last week, said that China would ask American firms to store Chinese user data in China. China also reportedly asked U.S.-built software and devices sold in China to be “secure and controllable,” which likely means the Chinese would want backdoor access to these products, or access to private encryption keys.Jinping, meanwhile, tried to distance himself from the fray when he said in a Wall Street Journal interview: “Cyber theft of commercial secrets and hacking attacks against government networks are both illegal; such acts are criminal offences and should be punished according to law and relevant international conventions.”Journal reporter Josh Chin connected with Ge Xing over the phone and Ge confirmed a number of the dots connected in the report before hanging up on the reporter and threatening to report him to the police.

While that never happened, the infrastructure connected to Ge and this slice of the Naikon APT group, was quickly shut down and taken offline. In May, researchers at Kaspersky Lab published a report on Naikon and documented five years of activity attributed to the APT group. It describes a high volume of geo-politically motivated attacks with a high rate of success infiltrating influential organizations in the region. The group uses advanced hacking tools, most of which were developed externally and include a full-featured backdoor and exploit builder.Like most APT groups, they craft tailored spear phishing messages to infiltrate organizations, in this case a Word or Office document carrying an exploit for CVE-2012-0158, a favorite target for APT groups. The vulnerability is a buffer overflow in the ActiveX controls of a Windows library, MSCOMCTL.OCX. The exploit installs a remote administration tool, or RAT, on the compromised machine that opens a backdoor through which stolen data is moved out and additional malware and instructions can be moved in.Chin’s article describes a similar attack initiated by Ge, who is portrayed not only as a soldier, but as an academic.

The researchers determined through a variety of avenues that Ge is an active member of the military, having published research as a member of the military, in addition to numerous postings to social media as an officer and via his access to secure locations believed to be headquarters to the PLA unit’s technical reconnaissance bureau.“Doing this kind of biopsy, if you will, of this threat through direct analysis of the technical and non-technical evidence allows us to paint a picture of the rest of this group’s activity,” said Rich Barger, CIO and cofounder of ThreatConnect. “We’ve had hundreds of hashes, hundreds of domains, and thousands of IPs [related to PLA unit 78020].

Only looking at this from a technical lens only gives you so much. When you bring in a regional, cultural and even language aspect to it, you can derive more context that gets folded over and over into the technical findings and continues to refine additional meaning that we can apply to the broader group itself.”The report also highlights a number of operational security mistakes Ge made to inadvertently give himself away, such as using the same handle within the group’s infrastructure, even embedding certain names in families of malware attributed to them. All of this combined with similar mistakes made across the command and control infrastructure and evidence pulled from posts on social media proved to be enough to tie Ge to the Naikon group and elite PLA unit that is making gains in the region.“If you look at where China is and how assertive they are in region, it might be a reflection of some of the gains and wins this group has made,” Barger said. “You don’t influence what they’re influencing in the region if you don’t have the intel support capabilities fueling that operational machine.”

 

Hotel Chains Credit Cards Hacked

Posted on by

Not the first case for hotel chains not protecting guest records.

FromHotelManagement: A U.S. appeals court said the Federal Trade Commission has authority to regulate corporate cyber security, and may pursue a lawsuit accusing hotel operator Wyndham Worldwide Corp of failing to properly safeguard consumers’ information.

The 3-0 decision by the 3rd U.S. Circuit Court of Appeals in Philadelphia on Monday upheld an April 2014 lower court ruling allowing the case to go forward. The FTC wants to hold Wyndham accountable for three breaches in 2008 and 2009 in which hackers broke into its computer system and stole credit card and other details from more than 619,000 consumers, leading to over $10.6 million in fraudulent charges.

The FTC originally sued Wyndham in 2012 over the lack of security that led to its massive hack. But before the case proceeded, Wyndham appealed to a higher court to dismiss it, arguing that the FTC didn’t have the authority to punish the hotel chain for its breach. The third circuit court’s new decision spells out that Wyndham’s breach is exactly the sort of “unfair or deceptive business practice” the FTC is empowered to stop, reports Wired.

BusinessInsider: In August, Visa alerted numerous financial institutions of a breach. Five different banks determined the commonality between the cards included in that alert was that they were used at Hilton properties — including Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts, Krebs reports.

Hilton Hotels investigates customer credit card security hack

FNC: Hilton Hotels announced that it is looking into a possible security breach that occurred at gift shops, restaurants, bars, and other stores located on Hilton owned properties across the U.S.

According to cyber-security expert Brian Krebs, Visa sent confidential alerts to several financial institutions warning of a security breach at various retail locations earlier this year from April 21 to July 27. While the alerts named individual card numbers that had allegedly been compromised, per Visa’s policy, the notifications did not name the breached retail location. But sources at five different banks have now determined that the hacks all had one thing in common–they occurred at Hilton property point-of-sale registers.

Currently, the breach does not appear to have comprised the guest reservation systems at the associated properties. The company released the following statement regarding the incident:

“Hilton Worldwide is strongly committed to protecting our customers’ credit card information. We have many systems in place and work with some of the top experts in the field to address data security.  Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace.  We take any potential issue very seriously, and we are looking into this matter.”

The breach includes other Hilton brand name properties including Embassy Suites, Doubletree, Hampton Inn and Suites, and Waldorf Astoria Hotels & Resorts. The hotel group is advising customers who may have made purchases at Hilton properties during the time indicated to carefully scan bank records for any unusual activity and contact their bank immediately.

According to USA Today, evidence from the investigation indicates that the hack may have affected credit card transactions as far back as Nov. 2014 and security breaches could possibly be ongoing.

OPM Hack, Lies Came First, Truth Creeps out Slowly

Posted on by

We are conditioned to hearing the lies first from the administration stemming from an event affecting the homeland security and the citizens within. It takes months, sometimes years for the truth to be known, and it must be said, suspicions still remain. Stinks huh?

Such is the case with the Office of Personnel Management hack that took place several months ago. The numbers and depth of the hack are getting published that are closer to the truth….. the truth has no agenda but achieving the whole truth takes enduring tenacity.

Unconfirmed chatter but apparently during the diplomatic and business visit by China President Xi, Barack Obama will not address the hacking except perhaps is a side meeting with lower level staffers. The mission by the White House is to defer to the corporations such as Boeing and Microsoft to target the matter of hacking with China.

OPM Now Admits 5.6 Million Fed’s Fingerprints were Stolen by Hackers

Wired: by Andy Greenberg > When hackers steal your password, you change it. When hackers steal your fingerprints, they’ve got an unchangeable credential that lets them spoof your identity for life. When they steal 5.6 million of those irrevocable biometric identifiers from U.S. federal employees—many with secret clearances—well, that’s very bad.

On Wednesday, the Office of Personnel Management admitted that the number of federal employees’ fingerprints compromised in the massive breach of its servers revealed over the summer has grown from 1.1 million to 5.6 million. OPM, which serves as a sort of human resources department for the federal government, didn’t respond to WIRED’s request for comment on who exactly those fingerprints belong to within the federal government. But OPM had previously confirmed that the data of 21.5 million federal employees was potentially compromised by the hack—which likely originated in China—and that those victims included intelligence and military employees with security clearances.

The revelation comes at a particularly ironic time: During the U.S. visit of Chinese president Xi Jinping, who said at a public appearance in Seattle that the Chinese government doesn’t condone hacking of U.S. targets, and pledged to partner with the U.S. to curb cybercrime.

“As part of the government’s ongoing work to notify individuals affected by the theft of background investigation records, the Office of Personnel Management and the Department of Defense have been analyzing impacted data to verify its quality and completeness,” reads OPM’s statement posted to its website. “During that process, OPM and [the Department of Defense] identified archived records containing additional fingerprint data not previously analyzed. Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million.”

OPM adds that it’s mailing letters to all affected victims, and notes that it’s also offering them free credit monitoring. But that identity theft protection, which cost $133 million in likely misspent tax dollars, doesn’t begin to address the national security implications of having the fingerprints of high-level federal officials in the hands of hackers who are potentially employed by a foreign government.

OPM downplayed the significance of that biometric breach in its statement, adding that “federal experts believe that, as of now, the ability to misuse fingerprint data is limited.” When WIRED asked about those limitations, however, an OPM spokesperson wrote only that “law enforcement and intelligence communities are best positioned to give the most fulsome answer.”

The agency’s statement does admit that hackers’ ability to exploit the stolen fingerprints “could change over time as technology evolves,” perhaps as more biometric authentication features are built into federal government security systems. And it says it’s assembled an interagency working group that includes officials from the Pentagon, FBI, DHS, and intelligence agencies to review the problem. “This group will also seek to develop potential ways to prevent such misuse,” the statement reads. “If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach.”

The increased number of stolen fingerprints represents only the latest in a series of calamitous revelations from OPM about the hacker intrusion that led to the resignation of the agency’s director Katherine Archuleta in July. Aside from the 21.5 million social security numbers taken by attackers and the newly confessed 5.6 million fingerprints, the agency has also confirmed that hackers gained access to many victims’ SF-86 forms, security clearance questionnaires that include highly personal information such as previous drug use or extramarital affairs that could be used for blackmail.

“The American people have no reason to believe that they’ve heard the full story and every reason to believe that Washington assumes they are too stupid or preoccupied to care about cyber security,” Senator Ben Sasse wrote today in an email.

For the hackers who cracked OPM’s vault of highly private information, it’s the gift to foreign intelligence that keeps on giving.

 

Hey Vegas, Seen this Clintonista at a Casino Lately?

Posted on by

Primer:

Charlie Trie’s and Ng Lap Seng’s Laundered Contributions to the DNC Introduction
Former Little Rock, Arkansas, restaurateur Yah Lin “Charlie” Trie and Macau-based businessman Ng Lap Seng collaborated in a scheme to contribute hundreds of thousands of dollars in foreign funds to the DNC. Ng wired over one million dollars from accounts he maintains in Macau and Hong Kong to accounts maintained by or accessible to Trie in Little Rock and Washington, D.C. Although Trie held himself out as an international trader (and, in fact, actively sought to develop an international trading business he called Daihatsu International Trading Corporation), he was never successful. Trie’s bank records and tax returns reveal that he received little or no income from sources other than Ng Lap Seng.
Although he failed to establish a successful, income-generating international trading business, Trie, his wife and his businesses managed to contribute a total of $220,000 to the DNC between 1994 and 1996. Trie and Ng also reimbursed the contributions made by a number of other DNC contributors who were recruited by Trie in order to further disguise the ultimate source of the contributions. As Trie earned little money through his own business activities, the Committee concludes that Trie used the foreign-source funds wired from Ng to make his (and his wife’s and businesses’) DNC contributions and to reimburse the conduit contributors. The Justice Department indicted Trie for these illegal activities on January 28, 1998. More here.

Over this past weekend:

Chinese Businessman Arrested For Sneaking $4.5M in Cash into US

Previously accused of illegally funneling money to DNC in ’Donorgate’

FreeBeacon: A Chinese businessman accused of illegally funneling foreign money to the Democratic National Committee ahead of Bill Clinton’s reelection in 1996 has been arrested for sneaking upwards of $4.5 million into the United States.

The New York Post reported that 68-year-old Ng Lap Seng, a real estate developer, and interpreter Jeff Yin were arrested Saturday for smuggling millions in cash from China to U.S. airports over two years, Manhattan federal court records indicate.

Ng smuggled the total of more than $4.5 million in cash into the U.S. over roughly 10 trips between China and the states between 2013 and 2015, according to the criminal complaint.

The businessman and his interpreter were scooped up by authorities after they told Customs and Border Patrol that the $400,000 in cash they had on hand was for gambling and purchasing paintings and then brought the money to Queens, N.Y.

It is unclear what has happened to the rest of the money.

Though never ultimately charged, Ng played a role in the “Donorgate” scandal before the 1996 elections that resulted in Clinton ally Charlie Trie pleading guilty to violating campaign finance laws in 1999.

Ng transferred approximately $1.4 million to Trie, also a Chinese businessman, who then gave the funds to the DNC before Bill Clinton’s reelection.