Category Archives: China

Chinatown had Ordered Murders

Posted on by

Raymond Chow Kwok-cheung (traditional Chinese: 周國祥; simplified Chinese: 周国祥; pinyin: Zhōu Guóxiáng; Jyutping: zau1 gwok3 coeng4); born 1960), nicknamed “Shrimp Boy“, is a Hong Kong-born ex-felon with ties to a San Francisco Chinatown street gang and an organized crime syndicate, including the American branch of the Hong Kong-based triad Wo Hop To[1] and the Hop Sing Boys.

In 2006, Chow became the leader of the Ghee Kung Tong, a Chinese fraternal association based in San Francisco, California. In 2014, Chow along with 28 other defendants including former California State Senator Leland Yee, were indicted for racketeering, money laundering, and a host of other alleged criminal activities. Leland Yee pled guilty to racketeering in July of 2015 for conspiring with his campaign fundraiser to defeat donation limits through money laundering. Despite initial press releases, Chow was not indicted in a racketeering conspiracy with Leland Yee. Chow was indicted in a racketeering conspiracy which alleged that he oversaw a criminal faction of the Ghee Kung Tong. Chow is the only co-defendant of 29 to publicly profess his innocence and ask for an expedited jury trial. He is scheduled for trial in November of 2015.

Prosecutor: Chinatown crime defendant ordered murder

SAN FRANCISCO (AP) — A defendant in a San Francisco crime probe ordered the murder of a rival and was at the center of a criminal organization in Chinatown that laundered money and trafficked in guns and drugs, a prosecutor said during an opening statement on Monday.

Federal prosecutor Waqar Hasib recreated the scene when Allen Leung, the head of the Chinese fraternal group, the Ghee Kung Tong, was shot in February 2006, calling the slaying a “cold-blooded, gangland-style hit” ordered by defendant Raymond “Shrimp Boy” Chow.

Chow was the focus of a lengthy organized crime investigation in Chinatown that ended up snaring a corrupt California senator and more than two dozen others. He has pleaded not guilty to murder, racketeering and money-laundering charges that could put him away for life.

Hasib said Chow was the sun at the center of a criminal universe.

Chow repeatedly accepted money from an undercover FBI agent posing as a member of the mafia despite denying he had any involvement in the agent’s money laundering and other crimes, Hasib said.

Jurors will hear a chilling recording of Chow talking to the agent about another murder Chow has been charged with and hear testimony from one of Chow’s co-defendants that Chow had ordered Leung’s murder, Hasib said.

Federal investigators say Chow took over the Ghee Kung Tong in 2006 after having Leung killed.

“This case is about this group of people engaging in this pattern of criminal activity,” Hasib said. “But most importantly, this case is about the person who is at the center of that, around whom all of that criminal activity revolved, around whom all those people revolved.”

Chow’s attorneys, led by veteran San Francisco lawyer Tony Serra, are expected to make their opening statement later Monday.

They have argued in court papers that the government’s multiyear probe was a costly fishing expedition that induced innocent people into crime.

Legal observers say the racketeering conviction of state Sen. Leland Yee in July has largely validated the government’s probe and lowered the stakes for prosecutors in Chow’s trial.

Federal agents say that one of Chow’s associates was Keith Jackson, a former San Francisco school board president and well-known political consultant who raised money for Yee’s unsuccessful mayoral run in 2011 and bid for secretary of state.

Jackson led investigators to Yee, who acknowledged as part of his plea deal that he accepted thousands of dollars in exchange for favors and discussed helping an undercover FBI agent buy automatic weapons from the Philippines.

Yee is scheduled to be sentenced in December and faces a maximum of 20 years in prison. Jackson pleaded guilty to the same racketeering charge as Yee and is also scheduled to be sentenced in December.

“The government has gotten what it wanted to get out of this investigation by already putting down Leland Yee,” said Peter Keane, a professor at Golden Gate University School of Law in San Francisco and a former public defender. “He was their trophy.”

The investigation also sent a message to other politicians and Chinatown power brokers, said Rory Little, a law professor at the University of California, Hastings and a former federal prosecutor.

“‘Even Chinatown can be penetrated by government investigations, so stay on the up and up,'” he said. “‘And if you’re a state senator, don’t assume you’re safe.'”

The judge overseeing Chow’s trial, Charles Breyer, said it could continue into February.

Per FBI: Foreign Telecoms Likely Hacked Hillary Emails

Posted on by

The Justice Department officials also used the words “reckless”, “stunning,” and “unbelievable” in discussing the controversy swirling around Clinton’s use of a private, nongovernment email account.

FBN Exclusive: DOJ Officials Fear Foreign Telecoms Hacked Clinton Emails, Server

FBN: Officials close to the matter at the Department of Justice are concerned the emails Hillary Clinton sent from her personal devices while overseas on business as U.S. Secretary of State were breached by foreign telecoms in the countries she visited—a list which includes China.

“Her emails could have easily been hacked into by telecoms in these countries. They got the emails first, and then routed them back to her home server. They could have hacked into both,” one Justice Department official close to the matter says.

Another Justice Department official adds: “Those telecommunications companies over there often have government workers in there. That telecom in that foreign country could then follow the trail of emails back to her server in the U.S. and break into the server” remotely over the Internet. At various points in this process, there were multiple entry points to hack into Clinton’s server to steal information, as well as eavesdrop, the Justice Department officials say.

This is the first indication that officials at the Justice Department are concerned that foreign telecom workers may have broken into Clinton’s emails and home server. The Federal Bureau of Investigation is currently investigating the national security issues surrounding Clinton’s emails and server.

The Justice Department officials also used the words “reckless”, “stunning,” and “unbelievable” in discussing the controversy swirling around Clinton’s use of a private, nongovernment email account, as well as her use of a personal Blackberry (BBRY), an Apple (AAPL) iPad, and home server while U.S. Secretary of State. The officials did not indicate they have any knowledge of a breach at this point.

As for the effort to designate Clinton’s emails as classified or unclassified, the Justice Department officials agreed that, as one put it: “Every email she sent is classified because she herself is classified, because she is both Secretary of State and a former first lady.”

In addition, there’s a growing belief among cyber security experts at web security places like Venafi and Data Clone Labs that Clinton’s emails were unprotected in the first three months of her tenure in 2009 as the nation’s top diplomat, based on Internet scans of her server Venafi conducted at that time.

“For the first three months of Secretary Clinton’s term in office, from early January to late March, access to her home server was not encrypted or authenticated with a digital certificate,” Kevin Bocek, vice president of security strategy and threat intelligence at Venafi tells FOX Business. “That opens the risk that Clinton’s user name and password were exposed and captured, particularly in places she traveled to at this time, like China or Egypt. And that raises issues of national security,” adding “Attackers could have eavesdropped on communications, particularly in places like China, where the Internet and telecom infrastructure are built to do that.”

Digital certificates are the bedrock of Internet security. They verify the Web authenticity and legitimacy of an email server, and they let the recipient of an email know that an email is from a trusted source. Essentially, digital certificates are electronic passports attached to an email that verifies that a user sending an email is who he or she claims to be.

Because it appears Clinton’s server did not have a digital certificate in the first three months of 2009, “a direct attack on her server was likely at this time, and the odds are fairly high it was successful,” says Ira Victor, director of the digital forensic practice at Data Clone Labs.

In and around January 13, 2009, the day of Clinton’s Senate confirmation hearings, the clintonemail.com domain name was registered. An estimated 62,320 emails were sent and received on Clinton’s private email account during her tenure as U.S. Secretary of State. Later, 31,830 emails were erased from her private server because they were deemed personal.

Although Clinton previously has argued that there was no classified material on her home server in Chappaqua, N.Y., the U.S. Department of State has deemed 403 emails as classified, with three designated “top secret” (the State Dept. itself has been the subject of cyber hacking).

Clinton has maintained her home server did have “numerous safeguards,” but it’s unclear specifically what security measures were installed, and what those layers were. In September, Clinton apologized on ABC News for using a home server to manage her U.S. Department of State electronic correspondence.

Although Clinton and her team have indicated her emails were not hacked, not knowing about a breach is different from being hacked, cyber analysts tell FOX Business. Her campaign staffers did not return calls or emails for comment. “Even the NSA, the CIA, and Fortune 500 companies know they cannot make that claim that they have not been hacked. Everyone can be hacked,” says Bocek.

FOX News recently reported that an intelligence source familiar with the FBI’s probe into Clinton’s server said that the FBI is now focused on whether there were violations of the federal Espionage Act pertaining to “gross negligence” in the safeguarding of national defense information. Sets of emails released show that Clinton and top aides continuously sent information about foreign governments and sensitive conversations with world leaders, among other things, FOX News reported.

Secure communications and devices are routine in the federal government. For example, President Barack Obama received a secure Blackberry from the National Security Agency after he was elected, a former top NSA official tells FOX Business.

“I could not recall that I ever heard that a secure Blackberry was provided to Hillary Clinton.  No one else can either,” the former NSA official says, adding, “There is no way her calls were properly secured if she used her [personal] Blackberry.” Blackberry declined comment.

The former NSA official says the same issue is at play for Clinton’s iPad. “While there have been recent advances in securing iPhones and iPads, these were not available, in my opinion, when she was Secretary of State and there would have to be a record that she sought permission to use them with encryption,” the former NSA official says.

When traveling overseas, U.S. secretaries of states use secure phones that ensure end-to-end encryption, and in some cases, mutual authentication of the parties calling, the former NSA official said. Communications are conducted via secured satellite, digital networks or Internet telephony.

“I think I can say, with some confidence, that once any decent foreign intelligence service discovered she was using her personal phone and iPad, she would be targeted and it would be a high priority operation,” the former NSA official said, adding, “if the calls were unencrypted, it would be no challenge at all while she was overseas — they just have to get to the nearest cell tower.”

The first three months of her tenure as Secretary of State would have been an ideal time for hackers to break in, cyber security experts say.

Specifically, experts point to work done by cyber security experts at Venafi, which has revealed a three-month gap in security for Clinton’s home server after the Palo Alto, Calif. firm’s team had conducted routine, “non-intrusive Internet scanning” in January 2009.

Venafi’s Bocek tells FOX Business that he and his team had picked up Clinton’s domain, clintonemail.com, at that time, and found that her home server had not been issued a digital certificate. That means email traffic to and from her server was unprotected from early January to late March 2009. During that time, Clinton traveled as U.S. Secretary of State to China, Indonesia, South Korea, Japan, Egypt, Palestine, Israel, Belgium, Switzerland, and Turkey.

“It also means anyone accessing her home server, including Clinton and other people, would have unencrypted access, including from devices and via web browsers,” says Bocek. “This means that during the first three months of Secretary Clinton’s term in office, web browser, smartphone, and tablet communications would not have been encrypted.”

Digital certificates are vital to Internet security. All “online banking, shopping, and confidential government communications wouldn’t be possible without the trust established by digital certificates,” says Bocek. “Computers in airplanes, cars, smartphones, all electronic communications, indeed trade around the world depend on the security from digital certificates.”

The Office of Management and Budget has now mandated that all federal web servers must use digital certificates by the end of 2016, Bocek notes.

If cyber hackers broke into Clinton’s server, they also could have easily tricked it into handing over usernames, passwords, or other sensitive information, Bocek noted.

“The concern is that log-on credentials could have been compromised during this time, especially given travel to China and elsewhere,” Bocek says opening the door to more lapses. “As we’ve seen with so many other breaches, to long-term, under-the-radar compromise by adversaries, hacks that Clinton and her team may not be aware of.”

Bocek adds: “Essentially, the cyber hacker would have looked to Clinton’s server like it was Secretary Clinton emailing.”

Digital forensic analyst Victor agrees. “It’s highly likely her emails sent during this time via her devices and on her server were not encrypted. More significantly, her log-on credentials, her user name and passwords, were almost certainly not encrypted,” says Victor, who has testified in cyber security cases as an expert forensic witness. “So that means emails from Clinton’s aides, like Huma Abedin, or anyone who had email accounts on her server, their communications were also likely unencrypted.”

Victor adds: “It’s highly likely all of their user names and passwords were being exposed on a regular basis to potential cyber attackers, with the high risk they were stolen by, for instance, government employees who could get the passwords for everyone Clinton was communicating with.”

Victor explains how Clinton’s emails from her devices could have been hacked, and malware could have been planted on her server. “Say Clinton emailed from her device during her Beijing trip in that 2009 period. Her emails would first get routed through the local, state-controlled Chinese telecom. The Chinese telecom captures those bits of emails that are broken up into electronic packets by the device she uses,” Victor explains.

Any device Clinton emailed from, Victor says, was constantly “polling and authenticating communications” between her device and her server. But all of the back-and-forth communication goes through, say, the Chinese telecom. When the device is polling her server with non-secure communications, it’s giving attackers repeat opportunities to breach.”

He continues: “If the connection was not protected, a state actor at the China telecom transmitting her email back to her server in the U.S. could breach both the device and the server at that point.”

Martin C. Libicki, a senior management scientist and cyber expert at Rand Corp., says that security on Clinton’s devices could have been higher than feared. But he says that, while the Blackberry device does have strong encryption, once Clinton zoomed emails from her Blackberry through the foreign telecom networks during those first three months of her tenure, “it was much easier to hack both the device and the server then.”

Venafi’s team, which included analysts Hari Nair and Gavin Hill, found Clinton and/or her team did eventually purchase digital certificates for the server and the clintonemail.com domain name starting in March 2009.

Victor added: “But the question that needed to be asked then was, once the certificate was installed, did Clinton and her team warn anyone she had emailed during those first three months about the poor security during that time, did they warn them to reset their security passwords on all their devices?”

Govt Warns: Raise Your Shield

Posted on by

When one considers all the major hacking events including the Office of Personnel Management, this is truly a warning.

Sounds like they are telling us we are on our own but the advise is good and must be heeded.

NEWS RELEASE

National Counterintelligence and Security Center
Releases Social Media Deception Awareness Videos

Videos are second in a series released in the wake of the OPM records breach
FOR IMMEDIATE RELEASE                                                                      
ODNI News Release No. 21-15
October 23, 2015

Today the ODNI’s National Counterintelligence and Security Center released the second in a four-part series of videos from its “Know the Risk—Raise Your Shield” campaign.

The latest campaign videos focus on social media deception, and are intended to help build public awareness of the inherent dangers that the use of social media—Facebook, Twitter, etc.—could present when appropriate protective measures are not taken.  There are two videos: a shorter attention-grabber and a second longer video which provides details about social media deception, how government officials or the public can recognize threats and what steps can be taken to minimize the risk of being deceived.

“The information the social media deception videos and overall campaign convey will increase individuals’ awareness of the dangers in cyberspace and provide common-sense tools to protect themselves from bad actors, be they criminals or foreign intelligence entities,” said NCSC Director Bill Evanina.

The NCSC launched the campaign last month in the wake of the Office of Personnel Management records breach to help those individuals, government or otherwise, whose personal information has been compromised.  The launch videos focused on “Spear Phishing Attacks,” while the final sets of videos—to be released in November and December, respectively—will focus on human targeting and awareness for travelers.  Each release contains a 30-45-second overview video and a more in-depth two minute video.

The NCSC provides effective leadership and support to the counterintelligence and security activities of the U.S. Intelligence Community, the U.S. government, and U.S. private sector entities who are at risk of intelligence collection or attack by foreign adversaries.

Server-Gate or Deep Throat Part 2?

Posted on by

Hillary says often that the State Department gave her permission to use a private server and email. Think about that, who at State did that? She was HEAD of the State Dept, so did she give herself permission? C’mon….

Then there is the excuse that everyone does it so it must be okay right?

State Department’s Cybersecurity Weakened Under Hillary Clinton

From 2011 to 2014, the State Department’s poor cybersecurity was identified by the inspector general as a “significant deficiency.”

WASHINGTON (AP) — The State Department was among the worst agencies in the federal government at protecting its computer networks while Hillary Rodham Clinton was secretary from 2009 to 2013, a situation that continued to deteriorate as John Kerry took office and Russian hackers breached the department’s email system, according to independent audits and interviews.

The State Department’s compliance with federal cybersecurity standards was below average when Clinton took over but grew worse in each year of her tenure, according to an annual report card compiled by the White House based on audits by agency watchdogs. Network security continued to slip after Kerry replaced Clinton in February 2013, and remains substandard, according to the State Department inspector general.

In each year from 2011 to 2014, the State Department’s poor cybersecurity was identified by the inspector general as a “significant deficiency” that put the department’s information at risk. The latest assessment is due to be published in a few weeks.

Clinton, the front-runner for the Democratic presidential nomination, has been criticized for her use of a private email server for official business while she was secretary of state. Her private email address also was the recipient of malware linked to Russia, and her server was hit with malware from China, South Korea and Germany. The FBI is investigating whether her home server was breached.

State Department officials don’t dispute the compliance shortcomings identified in years of internal audits, but argue that the audits paint a distorted picture of their cybersecurity, which they depict as solid and improving. They strongly disagree with the White House ranking that puts them behind most other government agencies. Senior department officials in charge of cybersecurity would speak only on condition of anonymity. More here.

With Jake Tapper, Hillary laughed at this scandal…a weird moment in that interview.

Observer: Hillary Clinton emerged from Tuesday night’s inaugural Democratic debate in Las Vegas the clear leader in her party’s field. As Democrats attempt to hold onto the White House in 2016, polling demonstrated a revitalized Hillary campaign, which had been in the doldrums for months due to the ongoing scandal about her misuse of email as Secretary of State.

Mounting talk of Vice President Joe Biden entering the race–to take the place of an ailing Hillary–has dissipated in the wake of the debate, where Ms. Clinton dismissed the email issues as Republican-driven political theater. That Senator Bernie Sanders vigorously backed Ms. Clinton on the point helped her cause, as did her brusque dismissal of Lincoln Chafee’s efforts to raise the issue again, which got raucous applause from the crowd.

It’s evident the Democratic base agrees with Ms. Clinton that her emails are just GOP theatrics. President Obama reflected the sentiment in an interview with 60 Minutes airing two days before the debate, during which he allowed that Secretary Clinton had “made a mistake” with her email but it “is not a situation in which America’s national security was endangered.”

Though the White House soon walked back on some of the president’s statements, which seemed to many to be inappropriate West Wing commentary regarding an ongoing FBI investigation, it’s apparent that the Clinton campaign and the Obama team have united around a message: this issue is fundamentally contrived by Republicans, and is certainly not a threat of any kind to national security.

Democrats unsurprisingly find this take congenial, but it’s less clear if other Americans consider it persuasive. Naturally, Republicans view Ms. Clinton’s email activities with a great deal of suspicion, but recent polls show even independents have concerns regarding EmailGate and Ms. Clinton’s honesty. While the Clinton camp is now confident the email problems will likely not bar her party’s nomination next summer, the issue may loom larger in the race for the White House next fall.

There’s also the matter of exactly what the FBI is investigating. Recent revelations hint that the compromising of classified information on Ms. Clinton’s “private” email and server was more serious than originally believed. While earlier reports indicated only a small percentage of the sensitive information that “spilled over” onto Ms. Clinton’s personal email was highly classified at the Top Secret level, that may be only a small portion of what was potentially compromised.

Particularly disturbing is the report that one of the “personal” emails Ms. Clinton forwarded included the name of a top CIA asset in Libya, who was identified as such. The source of this information was Tyler Drumheller, a retired senior CIA operations officer, who served as a sort of one-man private spy agency for Sid Blumenthal, the Clintons’ close family friend and factotum whose sometimes long-winded emails, particularly regarding Libya, have generated much of the controversy behind EmailGate.

Mr. Drumheller became a fleeting hero to liberals with his resistance to George W. Bush’s White House over skewed intelligence behind the 2003 invasion of Iraq, but he was never particularly popular at CIA and he left Langley under something of a cloud. His emails to Mr. Blumenthal, which were forwarded to Ms. Clinton, were filled with espionage-flavored information about events in Libya. In many cases, Mr. Drumheller’s reports were formatted to look exactly like actual CIA reports, including attribution to named foreign intelligence agencies. How much of this was factual versus Mr. Drumheller embellishing his connections is unclear.

What is abundantly clear is that the true name of an identified CIA asset is a highly classified fact and intentionally revealing it is a Federal crime, which Mr. Drumheller, a career spy, had to know. Why he compromised this person who was secretly helping the United States – possibly endangering his life in the process — may never be known because Mr. Drumheller conveniently died of cancer in early August.

Libya may have a great deal to worry about since new information continues to show just how slipshod Ms. Clinton’s security measures were for her “private” server. That Ms. Clinton’s server experienced multiple cyber-attacks from abroad, including by Russians, does not inspire confidence that any classified information stored in her emails remained in American hands.

To make matters worse, a recent investigation by the Associated Press demonstrates that even relatively low-skill hackers could have hacked Hillary’s unencrypted server, which was left vulnerable to exposure on the open Internet to a degree that cyber-warriors find difficult to believe. “Were they drunk?” a senior NSA official asked me after reading the AP report. “Anybody could have been inside that server – anybody,” he added.

Since the communications of any Secretary of State are highly sought after by dozens of intelligence agencies worldwide – a reality expressed by Secretary John Kerry recently when he said it’s “very likely” the Russians and Chinese are reading his email, a view that any veteran spy would endorse – Ms. Clinton putting her emails at such risk means they have to be assumed to be compromised. If the more skilled state-connected hackers in Russia can fool even NSA these days, they could have gotten into Hillary’s unprotected server without breaking a sweat.

This makes Mr. Obama’s quip that EmailGate represents no threat to American national security all the more puzzling in its dishonesty. Unsurprisingly, some at the FBI are not pleased the president made this pronouncement before the Bureau completed its investigation. “We got the message,” an FBI agent at the Washington Field Office, which is spearheading the EmailGate case, explained: “Obama’s not subtle sometimes.”

In 2012, while the FBI was investigating CIA director David Petraeus for mishandling classified information, Mr. Obama similarly dismissed the national security implications of the case at a press conference. Although FBI director James Comey pressed for serious charges against Mr. Petraeus, the White House demurred and the Department of Justice allowed him to plead guilty to a misdemeanor, sentenced to probation with no jail time.

Some at the FBI were displeased by this leniency and felt Mr. Obama showed his hand to the public early, compromising the Bureau’s investigation. Is the same happening with Ms. Clinton? It’s too soon to say, though the anger of some at the FBI has seeped into the media already. Comments to tabloids reflect the widespread frustration and fear among federal law enforcement and intelligence circles that Mr. Obama will let Ms. Clinton skate free from EmailGate.

For now, the FBI is pursuing its investigation with diligence, bringing other intelligence agencies into the case, and recent reports indicate that specific provisions of the Espionage Act are being re-read carefully, particularly regarding “gross negligence” – which may be the most appropriate charge that Ms. Clinton or members of her inner circle could face.

It will be weeks, even months, before the FBI’s investigation concludes and the Department of Justice has to decide whether any of the events surrounding EmailGate reach the threshold of prosecution. Many in the FBI and the Intelligence Community suspect the fix is already inside the West Wing to prevent that from happening, but it’s still early in this investigation.

It can be expected that if the White House blocks Hillary’s prosecution during the election campaign, leaks will commence with a vengeance. “Is there another Mark Felt out there, waiting?” asked a retired senior FBI official. “There usually is,” he added with a wry smile, citing the top Bureau official who, frustrated by the antics of the Nixon White House, became the notorious “Deep Throat”who leaked the dirty backstory to Watergate to the Washington, DC, media.

Mr. Obama and the Clinton camp should be advised to be careful about who they throw under the bus in this town.

Obama vs. China President Xi, Hacking

Posted on by

A new unit of the People’s Liberation Army was identified last week by cyber security researchers as Unit 78020 based in Kunming, in Yunnan Province.
The unit’s operations have been tracked for five years and have included targeted attacks on states in the region that are challenging Beijing’s strategic program of seeking to control the sea through building up small islands and reefs and then deploying military forces on them.
“Unit 78020 conducts cyber espionage against Southeast Asian military, diplomatic, and economic targets,” according to a security report on the unit that included a satellite photo of the unit’s Kunming compound.
“The targets include government entities in Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nepal, the Philippines, Singapore, Thailand, and Vietnam as well as international bodies such as United Nations Development Program (UNDP) and the Association of Southeast Asian Nations (ASEAN).” More details here.

Chinese president Xi Jinping is supposed to have dinner this evening with U.S. president Barack Obama. Wonder if the name Ge Xing will come up?Ge Xing is the subject of a joint report published this morning by ThreatConnect and Defense Group Inc., computer and national security service providers respectively. Ge is alleged to be a member of the People’s Liberation Army unit 78020, a state-sponsored hacking team whose mission is to collect intelligence from political and military sources to advance China’s interests in the South China Sea, a key strategic and economic region in Asia with plenty of ties to the U.S.

The report connects PLA 78020 to the Naikon advanced persistent threat group, a state-sponsored outfit that has followed the APT playbook to the letter to infiltrate and steal sensitive data and intellectual property from military, diplomatic and enterprise targets in a number of Asian countries, as well as the United Nations Development Programme and the Association of Southeast Asian Nations (ASEAN).

Control over the South China Sea is a focal point for China; through this region flows trillions of dollars of commerce and China has not been shy about claiming its share of the territory. The report states that China uses its offensive hacking capabilities to gather intelligence on adversaries’ military and diplomatic intentions in the regions, and has leveraged the information to strengthen its position.“The South China Sea is seen as a key geopolitical area for China,” said Dan Alderman, deputy director of DGI. “With Naikon, we see their activity as a big element of a larger emphasis on the region and the Technical Reconnaissance Bureau fitting into a multisector effort to influence that region.”The report is just the latest chess piece hovering over Jinping’s U.S. visit this week, which began in earnest yesterday with a visit to Seattle and meetings with giant technology firms such as Microsoft, Apple and Google, among others.

Those companies want to tap into the growing Chinese technology market and the government there is using its leverage to get them to support stringent Internet controls imposed by the Chinese government. A letter sent to American technology companies this summer, a New York Times report last week, said that China would ask American firms to store Chinese user data in China. China also reportedly asked U.S.-built software and devices sold in China to be “secure and controllable,” which likely means the Chinese would want backdoor access to these products, or access to private encryption keys.Jinping, meanwhile, tried to distance himself from the fray when he said in a Wall Street Journal interview: “Cyber theft of commercial secrets and hacking attacks against government networks are both illegal; such acts are criminal offences and should be punished according to law and relevant international conventions.”Journal reporter Josh Chin connected with Ge Xing over the phone and Ge confirmed a number of the dots connected in the report before hanging up on the reporter and threatening to report him to the police.

While that never happened, the infrastructure connected to Ge and this slice of the Naikon APT group, was quickly shut down and taken offline. In May, researchers at Kaspersky Lab published a report on Naikon and documented five years of activity attributed to the APT group. It describes a high volume of geo-politically motivated attacks with a high rate of success infiltrating influential organizations in the region. The group uses advanced hacking tools, most of which were developed externally and include a full-featured backdoor and exploit builder.Like most APT groups, they craft tailored spear phishing messages to infiltrate organizations, in this case a Word or Office document carrying an exploit for CVE-2012-0158, a favorite target for APT groups. The vulnerability is a buffer overflow in the ActiveX controls of a Windows library, MSCOMCTL.OCX. The exploit installs a remote administration tool, or RAT, on the compromised machine that opens a backdoor through which stolen data is moved out and additional malware and instructions can be moved in.Chin’s article describes a similar attack initiated by Ge, who is portrayed not only as a soldier, but as an academic.

The researchers determined through a variety of avenues that Ge is an active member of the military, having published research as a member of the military, in addition to numerous postings to social media as an officer and via his access to secure locations believed to be headquarters to the PLA unit’s technical reconnaissance bureau.“Doing this kind of biopsy, if you will, of this threat through direct analysis of the technical and non-technical evidence allows us to paint a picture of the rest of this group’s activity,” said Rich Barger, CIO and cofounder of ThreatConnect. “We’ve had hundreds of hashes, hundreds of domains, and thousands of IPs [related to PLA unit 78020].

Only looking at this from a technical lens only gives you so much. When you bring in a regional, cultural and even language aspect to it, you can derive more context that gets folded over and over into the technical findings and continues to refine additional meaning that we can apply to the broader group itself.”The report also highlights a number of operational security mistakes Ge made to inadvertently give himself away, such as using the same handle within the group’s infrastructure, even embedding certain names in families of malware attributed to them. All of this combined with similar mistakes made across the command and control infrastructure and evidence pulled from posts on social media proved to be enough to tie Ge to the Naikon group and elite PLA unit that is making gains in the region.“If you look at where China is and how assertive they are in region, it might be a reflection of some of the gains and wins this group has made,” Barger said. “You don’t influence what they’re influencing in the region if you don’t have the intel support capabilities fueling that operational machine.”