Category Archives: Cyber War

Chinese Spy Caught Stealing Military Documents

Posted on by

If you don’t think that our country is full of foreign spies and operatives engaged in industrial espionage, perhaps this case will change your mind. One has to ask why foreign nationals are employed by domestic corporations that are government contractors in the first place.

Long Yu Criminal Complaint

Related reading: Russian Spies and Espionage in NATO and USA

Chinese National Admits to Stealing Sensitive Military Program Documents from United Technologies

Yu Long, 38, a citizen of China and lawful permanent resident of the U.S., waived his right to be indicted and pleaded guilty today in New Haven federal court to charges related to his theft of numerous sensitive military program documents from United Technologies and transporting them to China.

The announcement was made by Acting Assistant Attorney General for National Security Mary B. McCord, U.S. Attorney Deirdre M. Daly of the District of Connecticut, Special Agent in Charge Patricia M. Ferrick of the New Haven Division of the Federal Bureau of Investigation, Special Agent in Charge Matthew Etre of Homeland Security Investigations (HSI) in Boston, Special Agent in Charge Craig W. Rupert of the Defense Criminal Investigative Service (DCIS) Northeast Field Office, and Special Agent in Charge Danielle Angley of the U.S. Air Force Office of Special Investigations.

“Long admitted to stealing and exploiting highly sensitive military technology and documents, knowing his theft would benefit China’s defense industry and deliberately contravene the embargo on U.S. Munitions List technology the United States has imposed on China,” said Acting Assistant Attorney General McCord. “Export laws exist as an important part of our national security framework and disrupting and prosecuting this kind of economic espionage is one of the National Security Division’s highest priorities.”

“In an effort to further his own career, this defendant stole an extraordinary amount of proprietary military program information from United Technologies and transported much of that stolen information to China,” said U.S. Attorney Deirdre M. Daly.  “His actions, which he knew would benefit China, not only violated his employment agreement and damaged the company, but have threatened our country’s national security interests.  U.S. companies continue to be targeted by those who seek to steal intellectual property, trade secrets and advanced defense technology – whether through a computer hack or cyber intrusion, or through a rogue employee.  Working closely with our nation’s defense contractors, we will relentlessly investigate and prosecute those who steal, or attempt to steal, trade secrets and sensitive military information, whether for their own personal gain or for the benefit of foreign actors.”

“This case highlights the complexity in which the FBI and law enforcement are being challenged to keep the integrity of our industry intellectual property intact,” said Patricia M. Ferrick, Special Agent in Charge of the New Haven Division of the Federal Bureau of Investigation.  “Investigating criminal activity of this nature will continue to be a priority.”

“These sophisticated technologies are highly sought after by our adversaries,” said Special Agent in Charge Matthew Etre of HSI Boston.  “They were developed to give the United States and its allies a distinct military advantage, which is why HSI and our law enforcement partners will continue to aggressively target the individuals who steal the ideas of others and sell these items.”

“Today’s plea demonstrates the commitment of the Defense Criminal Investigative Service (DCIS) and our federal law enforcement partners to identifying those who illegally export sensitive defense information to adversarial Foreign governments,” said Craig W. Rupert, Special Agent in Charge, DCIS, Northeast Field Office.  “DCIS will continue to safeguard sensitive technology and to shield America’s investment in national defense by disrupting efforts of groups and individuals who try to illegally acquire our national security assets.”

“This case was enabled by the outstanding teamwork of the FBI, DCIS, HSI, AFOSI and the U.S. Attorney’s office,” said Danielle Angley, Special Agent-in-Charge with the Air Force Office of Special Investigations.  “In addition, it demonstrates the focus of law enforcement agencies to protect our nation’s critical resources.”

According to court documents and statements made in court, from approximately May 2008 to May 2014, Long worked as a Senior Engineer/Scientist at United Technologies Research Center (UTRC) in Connecticut. Long’s employment at UTRC included work on F119 and F135 engines. The F119 engine is employed by the U.S. Air Force F-22 Raptor fighter aircraft, and the F135 engine is employed by the U.S. Air Force F-35 Lightning II fighter aircraft.

Beginning in 2013, Long expressed his intent to individuals outside UTRC to return to China to work on research projects at certain state-run universities in China using knowledge and materials he had acquired while employed at the UTRC. To that end, Long interacted with several state-run institutions in China, including the Chinese Academy of Science (CAS) and the Shenyang Institute of Automation (SIA), a state-run university in China affiliated with CAS.

During 2013 and 2014, Long was recruited by SIA and other state-run universities, during which he leveraged information that he had obtained while working at UTRC to seek employment in China, culminating in his travel to China in the possession of voluminous documents and data containing highly sensitive intellectual property, trade secrets and export controlled technology, which he had unlawfully stolen from UTRC.

In December 2013, after Long agreed in principle to join SIA, an SIA-CAS Director and an SIA-CAS Recruiter asked Long to provide documents from his work at UTRC and examples of projects on which he had worked to substantiate the claims Long made in his application, and interview with SIA.  Long agreed.

On Dec. 24, 2013, Long emailed several documents to the SIA-CAS Director, including a document that contained the cover page of an export controlled UTRC presentation on Distortion Modeling dated Sept. 30, 2011.

While negotiating with SIA, Long also continued to explore other opportunities at other state-run institutions in China. In one email, Long stated: “I have made my mind to return to China, so have prepared a research plan based on my industry experience and current projects.” In the research plan, Long stated: “In the past five years, I have been working with Pratt Whitney, also other UTC business units, like UTAS (including Hamilton Sundstrand and Goodrich), Sikorsky, CCS (including Carrier and Fire & Security), and Otis. These unique working experiences have provided me a great starting point to perform R&D and further spin off business in China. I believe my efforts will help China to mature its own aircraft engines.”

On May 30, 2014, Long left UTRC. In June 2014, Long traveled to China and began working for SIA. Beginning in July 2014, digital evidence and forensic analysis indicated that Long brought with him and accessed in China a UTRC external hard drive that had been issued to him and that he unlawfully retained.

In July 2014, Long was listed as the project leader on a lengthy research plan for CAS involving fourteen other individuals.  The plan was replete with references to how the proposed research and development would benefit China. The plan stated: “The three major engine companies in the world, i.e. GE, Pratt & Whitney in the US and Rolls-Royce in the UK, are all using this technology. . . Our nation lacks the ability to process high performance components, such as airplane wings, tail hooks on carrier aircrafts, and blisks . . . Because of the technology embargo imposed by western developed countries, it is very difficult for us to obtain more advanced design and manufacturing technology . . . This research project will increase our independent ability, efficiency and quality in key component manufacturing.”

On or about Aug. 12, 2014, the Document on Distortion Modeling – the same document from which Long had sent the cover page to the SIA-CAS Director on Dec. 24, 2013 – was accessed on the external hard drive. Travel records and forensic analysis confirmed that both Long and the external hard drive were in China when this file was accessed.

On Aug. 19, 2014, Long returned to the U.S. from China through John F. Kennedy International Airport in New York. During a secondary inspection screening by U.S. Customs and Border Protection (CBP) officers, Long was found in the possession of a largely completed application for work with a state-controlled aviation and aerospace research center in China. The application highlighted certain parts of Long’s work related to the F119 and F135 engines while at UTRC.

On or about Aug. 20, 2014, Long emailed an individual at a university in China, attaching an updated “achievement and future plan.” In the plan, Long discussed his work related to the F119 and F135 U.S. military fighter jet engines and stated that he also had knowledge of unpublished UTRC projects in which the U.S. Air Force had shown interest.

On Nov. 5, 2014, Long boarded a flight from Ithaca, New York to Newark Liberty International Airport in Newark, New Jersey, with a final destination of China. During Long’s layover in Newark, CBP officers inspected Long’s checked baggage and discovered that it contained sensitive, proprietary and export controlled documents from another defense contractor, Rolls Royce.

Further investigation determined that the U.S. Air Force had convened a consortium of major defense contractors, including Pratt and Rolls Royce, to work together to see whether they could collectively lower the costs of certain metals used. As part of those efforts, members of the consortium shared technical data, subject to restrictions on further dissemination. Rolls Royce reviewed the documents found in Long’s possession at Newark Liberty Airport and confirmed that it provided the documents to members of the consortium, which included Pratt. Rolls Royce further confirmed that Long was never an employee of Rolls Royce. A review of UTRC computer records indicated that Long had printed the documents while employed at UTRC.

Long was arrested on a federal criminal complaint on Nov. 7, 2014. A review of Long’s digital media seized at the time of his arrest revealed voluminous files protected by the International Traffic in Arms Regulations and Export Administration Regulations, and voluminous files proprietary to various U.S. companies. In short, the investigation revealed that Long took his laptop and the UTRC external hard drive with him to China in 2014, at which time there was a substantial body of highly sensitive, proprietary and export controlled materials present on that digital media. UTRC has confirmed that the hard drive that Long unlawfully retained and accessed in China contained not only documents and data from projects on which Long worked while employed at the company, but also from projects on which he did not work to which he would have had access.

Long pleaded guilty to one count of conspiracy to engage in the theft of trade secrets knowing that the offense would benefit a foreign government, foreign instrumentality or foreign agent, an offense that carries a maximum term of imprisonment of 15 years. He also pleaded guilty to one count of unlawful export and attempted export of defense articles from the U.S. in violation of the Arms Export Control Act, an offense that carries a maximum term of imprisonment of 20 years.

Long, who has been detained since his arrest, will be sentenced by U.S. District Judge Robert N. Chatigny in Hartford.  A sentencing date has not been scheduled.

This investigation is being led by the FBI in New Haven in coordination with Homeland Security Investigations in New Haven and Newark; the Defense Criminal Investigative Service in New Haven; the U.S. Air Force’s Office of Special Investigations in Boston, Massachusetts; and, the Department of Commerce’s Boston Office of Export Enforcement. U.S. Attorney Daly and Acting Assistant Attorney General McCord also thanked the FBI in Newark, Ithaca and Syracuse, New York, the U.S. Customs and Border Protection Service in New York and Newark, and the U.S. Attorney’s Offices for the Northern District of New York and the District of New Jersey, for their efforts and assistance in this matter.

This case is being prosecuted by Assistant U.S. Attorneys Tracy Lee Dayton and Stephen B. Reynolds of the District of Connecticut, and Trial Attorneys Brian Fleming and Julie Edelstein of the National Security Division’s Counterintelligence and Export Control Section.

Denying Russian Encroachment is Dereliction of Security

Posted on by

Hillary Clinton is no novice to security measures when it comes to global adversarial incursions. Her team of political operatives are not neophytes either.

By virtue of Hillary’s emails, inspector general’s reports and non-approved (unknown servers) and violations of data protection, Hillary’s team are guilty of malfeasance of duty and management. For proof, read the FBI search warrant of the Abedin/Weiner computers and hard-drive.

FBI Search warrant Huma

Have you considered why certain buildings in government have harden structures including sound proof windows, SCIFs, entry and exit procedures, security clearances and action protocol when transmitting information in hardcopy and electronically? This is due to thousands of foreign tasking of espionage of history that include Russia, China and North Korea to mention a few. Not all hacking is equal, there are viruses, malware, electronic theft and propaganda.

Schiller

A distinction should also be made between hacking and SIGINT, signals intelligence. SIGINT is the interception of data used by foreign powers which can and does include scooping and snooping. There are electronic signals, radars and weapons systems that are all part of the target base applied by foreign adversaries and allies. No part of the United States government or civilian enterprise is exempt or omitted by outside powers including outright spying and theft of industrial espionage, patent information and intelligence.

Beyond this, there is the whole model of propaganda, real and fake news. Under Barack Obama, the United States has been in a reactionary mode rather than installing and actively pursuing defensive and countermeasures when it comes to biased, misleading, filtered or altered influence causing ill legitimate attitudes, movements, synthesis and policy decisions. The master of this game is Russia.

The U.S. government spent more than a decade preparing responses to malicious hacking by a foreign power but had no clear strategy when Russia launched a disinformation campaign over the internet during the U.S. election campaign, current and former White House cyber security advisers said.

Far more effort has gone into plotting offensive hacking and preparing defenses against the less probable but more dramatic damage from electronic assaults on the power grid, financial system or direct manipulation of voting machines.

Over the last several years, U.S. intelligence agencies tracked Russia’s use of coordinated hacking and disinformation in Ukraine and elsewhere, the advisers and intelligence experts said, but there was little sustained, high-level government conversation about the risk of the propaganda coming to the United States.

A former White House official cautioned that any U.S. government attempt to counter the flow of foreign state-backed disinformation through deterrence would face major political, legal and moral obstacles.  

“You would have to have massive surveillance and curtailed freedom and that is a cost we have not been willing to accept,” said the former official, who spoke on condition of anonymity. “They (Russia) can control distribution of information in ways we don’t.”

Clinton Watts, a security consultant, former FBI agent and a fellow at the nonprofit Foreign Policy Research Institute, said the U.S. government no longer has an organization, such as the U.S. Information Agency, that provided counter-narratives during the Cold War.

He said that most major Russian disinformation campaigns in the United States and Europe have started at Russian-government funded media outlets, such as RT television or Sputnik News, before being amplified on Twitter by others.

A defense spending pill passed this month calls for the State Department to establish a “Global Engagement Center” to take on some of that work, but similar efforts to counter less sophisticated Islamic State narratives have fallen short.

The U.S. government formally accused Russia of a campaign of cyber attacks against U.S. political organizations in October, a month before the Nov. 8 election.

U.S. ‘STUCK’

James Lewis, a cyber security expert at the Center for Strategic & International Studies who has worked for the departments of State and Commerce and the U.S. military, said Washington needed to move beyond antiquated notions of projecting influence if it hoped to catch up with Russia.

“They have RT and all we know how to do is send a carrier battle group,” Lewis said. “We’re going to be stuck until we find a way deal with that.” More here including Alex Jones from Reuters.

Then there is Iran who has and continues to use propaganda to build internal reputation and power, the same as Putin of Russia himself.

When Iran detained our Navy personnel, consider the traction that was gained both positive and negative.

NR: The sight of members of the American military, disarmed and under Iranian control, is of enormous propaganda value in Iran’s ongoing war against the United States. To its allies in the Middle East, the photo demonstrates Iran’s strength – how many jihadist countries have had this many American servicemembers under their power? – and it demonstrates American weakness. Then there’s this: “This time, the Americans were cooperative in proving their innocence, and they quickly accepted their faults without resistance,” the analyst, Hamidreza Taraghi, said in a phone interview. “The Marines apologized for having strayed into Iranian waters.” Never fear, John Kerry made friends with the Iranians, and that made all the difference: Also playing a role was the strong relationship that has developed between Mr. Kerry and the Iranian foreign minister, Mohammad Javad Zarif, during negotiations on the nuclear deal, Mr. Taraghi said. “John Kerry and Zarif were on the phone during the past hours, and this helped the problem to be resolved quickly due to their direct contact,” he said. Nations that take illegal propaganda photos, crow about their seizure of American boats, confiscate part of their equipment, and then point to our allegedly admitted faults aren’t “easing tensions,” they’re flexing their muscles. I’m glad our sailors and boats are back in American hands — minus, apparently, their GPS equipment — but once again Iran has thumbed its nose at the U.S., demonstrating that it does what it wants — whether it’s testing missiles, launching rockets near U.S. warships, or taking, questioning, and photographing American sailors who (allegedly) stray into Iranian waters.

Not only does government need to harden security, but civilians must as well. That includes people, information, news, systems, software and brick and mortar structures. Separating fact from fiction, providing exact and true definitions and not conflating conditions is the charter and mission in the future.

 

Due to Russian Aggression, U.S. Troops Being Deployed

Posted on by

The matter of Crimea is for the most part settle, it is part of Russia but such is not the case for Ukraine, the Baltics, Poland or Romania. Russia continues the hybrid warfare game there. The Pentagon has signed off on orders to deploy U.S. troops to the region in January.

Per an inquiry by NBC news, it appears intelligence officials have more information on Russian interference into the U.S. election cycle than is being reported.

U.S. intelligence officials now believe with “a high level of confidence” that Russian President Vladimir Putin became personally involved in the covert Russian campaign to interfere in the U.S. presidential election, senior U.S. intelligence officials told NBC News.

Two senior officials with direct access to the information say new intelligence shows that Putin personally directed how hacked material from Democrats was leaked and otherwise used. The intelligence came from diplomatic sources and spies working for U.S. allies, the officials said.

There is in fact a clandestine spy and diplomatic network of relationships and collaboration of information. Such is likely the case as well when it comes to planned 2017 military and propaganda objectives of Russia in the region of Eastern Europe.

The U.S. Army told The Associated Press that the deployment was not accelerated and is taking place as had always been scheduled.

Hodges said the troops will arrive in the German port of Bremerhaven on Jan. 6 and will be immediately deployed to Poland, the Baltic states and Romania. Their transfer will be timed and treated as a test of “how fast the force can move from port to field,” he said.

“I’m confident in the very powerful signal, the message it will send (that) the United States, along with the rest of NATO, is committed to deterrence,” Hodges said.

He said the armored brigade has already moved out of its Colorado base and is loading on ships.

“I’m excited about what my country is doing and I’m excited about continuing to work with our ally, Poland,” Hodges said.

In a separate decision, the members of NATO at a July summit in Warsaw approved the deployment of four multinational battalions to Poland and the Baltic states to deter Russia. Germany will lead a multinational battalion in Lithuania, with similar battalions to be led by the United States in Poland, Britain in Estonia and Canada in Latvia.

Poland and the Baltic nations have been uneasy about increased Russian military operations in the region, especially after Russia’s 2014 annexation of Crimea from Ukraine, and have requested U.S. and NATO troops on their soil as a deterrent. The alliance and the U.S. insist the troop presence is not aimed against anyone, but Russia has threatened measures in response.   

Russia has sided with the Assad regime and Iran for several years and most recently has provided troops and bombing aircraft to take back Aleppo, Syria from the anti-Assad forces. The human atrocities and death toll in Aleppo and other parts of Syria can be described as none other than a modern day genocide while the West has sidelined itself. In recent talks for alleged evacuation of Syrians from Aleppo to Idlib, the United States was not invited to participate. Meanwhile, Islamic State maintains it’s own capital in Raqqa, Syria operates with impunity.

ISIS is currently manufacturing advanced weapons on an industrial scale and currently is in possession of surface to air missiles in the region of Palmyra, a historical site once liberated by anti-Assad forces.

It cannot be overlooked that a few months ago, Russia sold Iran S-300’s while the United States under Barack Obama and John Kerry infused the Iranian financial system with an estimated $1.7 billion.

The fall of Aleppo now puts Syria into the expanded hands of the Shiite Crescent of Iran which was fully accommodated by Russia. While Hezbollah and the Iranian Revolutionary Guard Corps has had a major military operation in Syria since 2014, it must be noted that the top most elite specialized unit of Iran known as the Saberin Unit will continue to operate in the Syria/Iraq region.

One cannot determine what President Trump will do to address the battlefields in Iraq, Syria, Afghanistan, Yemen, Somalia or Yemen if anything. As Trump has said he will re-do the Iran nuclear deal, such is already being challenged by Tehran which is setting up a wider base of military threats and hostilities.

President Trump would do well to attend the intelligence daily briefings as conditions do change in the region on a daily basis. Meanwhile, the Trump team has dispatched on Monday Georgia Congressman Jack Kingston to Moscow on the matter of lifting sanctions on Russia.

The Western sanctions that were imposed on Russia because of its armed intervention in Ukraine has become the top priority not only for the Kremlin but for foreign companies working in Moscow.

During the campaign, Trump indicated he would reconsider those sanctions and suggested he would get along fine with Russian President Vladimir Putin. More here.

In closing it should also be noted that diplomatic operations by Trump’s team are running parallel operations with existing Obama operations causing confusion and angst. It is apparent that due to Barack Obama’s disdain for the soon to be Trump administration, certain decisions and administrative international relations by the White House and the State Department are being applied before Obama transfers power and such is the case with the troops deployments in several regions of the globe including Afghanistan, Iraq and Eastern Europe.

Lastly, the Ukraine Defense Ministry was hit by a cyber attack by those pesky pro-Russian (old Soviets) forces.

 

 

Russian State, Non-State Cyber Intrusions Sway Voting/Political Decisions

Posted on by

In October, before the U.S. presidential election, a Russian man suspected of carrying out cyberattacks against U.S. targets was arrested in Prague and was also wanted by Interpol. What information could have been gained in this case that has provided additional evidence to government officials for further investigations? Anyone remember in 2012 when the Russian hacked LinkedIn?

Everyone appears to be in denial about the ability and reasons that Russia and or their non-state actors swayed the U.S. campaign and voting process. No one official has ever claimed actual votes were altered, but rather the argument is actual affectation of information, attitudes and decisions by candidates and voters. There is a distinct difference and words matter.

Russia is artful when it comes to practicing hybrid warfare, cyber is but one tactic, the other successful tactic is propaganda. It works.

APT 28, Russia (Advanced Persistent Threat) has been seen to have moved on from the United States political season and turned towards Germany’s political season in recent days. This is not likely to affect vote tally results but rather polling attitudes going into consideration of votes for candidates.

This site has been writing about hacking and cyber intrusions for more than two years. While government agency officials have pointed with evidence that Russia played a significant role, it is also important to remember there are thousands of outside government cyber experts that are hired by government to protect against cyber intrusions and to investigate and report that of which is otherwise unknown by government due to being in the private sector. These are generally known as ‘White Hats’. White Hats in their forensic work look for types of penetration, commonality in code or language, trace IP addresses, concepts, malware, login files, brute force, where stolen data later appeared, partitions and code based platforms.

Let’s examine some facts and history.

It was also proven last year that as part of the Russian aggression with the Ukraine, that power grid was hacked by Russian operations. Due to major sanctions applied to Russia for at least the annexation of Crimea and the invasion of Ukraine and the continued threat to East Europe and NATO, the Russian Defense Ministry launched a more aggressive cyber command. Beyond hacking the non-classified but still a protected system at the White House in 2015, there are others of note.

In the past year, researchers have also linked Russian hackers believed to be working for the government to other spying campaigns, including against NATO, the Ukrainian government, energy companies in Poland, and an academic at an American university who was targeted because he studies Ukraine.

On Tuesday, CNN reported that according to U.S. officials, Russian hackers had penetrated portions of the White House computer network by gaining access from another “perch,” at the State Department, where intruders had gotten inside the unclassified email system.

The intrusion reported by CNN is not “a new incident,” a spokesman for the National Security Council said. Rather, it was acknowledged by the White House last year after intruders accessed an unclassified network used by the Executive Office of the President. More here.

From 2014, long before the presidential election cycle was set into motion:

As reported by Heritage, according to FBI Director James Comey, “There are two kinds of big companies in the United States. There are those who’ve been hacked…and those who don’t know they’ve been hacked.”[1]

A recent survey by the Ponemon Institute showed the average cost of cyber crime for U.S. retail stores more than doubled from 2013 to an annual average of $8.6 million per company in 2014.[2] The annual average cost per company of successful cyber attacks increased to $20.8 million in financial services, $14.5 million in the technology sector, and $12.7 million in communications industries.

This paper lists known cyber attacks on private U.S. companies since the beginning of 2014. (A companion paper discussed cyber breaches in the federal government.)[3] By its very nature, a list of this sort is incomplete. The scope of many attacks is not fully known. For example, in July, the U.S. Computer Emergency Readiness Team issued an advisory that more than 1,000 U.S. businesses have been affected by the Backoff malware, which targets point-of-sale (POS) systems used by most retail industries.[4] These attacks targeted administrative and customer data and, in some cases, financial data.

This list includes only cyber attacks that have been made known to the public. Most companies encounter multiple cyber attacks every day, many unknown to the public and many unknown to the companies themselves.

The data breaches below are listed chronologically by month of public notice.

January

  • Target (retail). In January, Target announced an additional 70 million individuals’ contact information was taken during the December 2013 breach, in which 40 million customer’s credit and debit card information was stolen.[5]
  • Neiman Marcus (retail). Between July and October 2013, the credit card information of 350,000 individuals was stolen, and more than 9,000 of the credit cards have been used fraudulently since the attack.[6] Sophisticated code written by the hackers allowed them to move through company computers, undetected by company employees for months.
  • Michaels (retail). Between May 2013 and January 2014, the payment cards of 2.6 million Michaels customers were affected.[7] Attackers targeted the Michaels POS system to gain access to their systems.
  • Yahoo! Mail (communications). The e-mail service for 273 million users was reportedly hacked in January, although the specific number of accounts affected was not released.[8]

April

  • Aaron Brothers (retail). The credit and debit card information for roughly 400,000 customers of Aaron Brothers, a subsidiary of Michaels, was compromised by the same POS system malware.[9]
  • AT&T (communications). For two weeks AT&T was hacked from the inside by personnel who accessed user information, including social security information.[10]

May

  • eBay (retail). Cyber attacks in late February and early March led to the compromise of eBay employee log-ins, allowing access to the contact and log-in information for 233 million eBay customers.[11] eBay issued a statement asking all users to change their passwords.
  • Five Chinese hackers indicted. Five Chinese nationals were indicted for computer hacking and economic espionage of U.S. companies between 2006 and 2014. The targeted companies included Westinghouse Electric (energy and utilities), U.S. subsidiaries of SolarWorld AG (industrial), United States Steel (industrial), Allegheny Technologies (technology), United Steel Workers Union (services), and Alcoa (industrial).[12]
  • Unnamed public works (energy and utilities). According to the Department of Homeland Security, an unnamed public utility’s control systems were accessed by hackers through a brute-force attack[13] on employee’s log-in passwords.[14]

June

  • Feedly (communications). Feedly’s 15 million users were temporarily affected by three distributed denial-of-service attacks.[15]
  • Evernote (technology). In the same week as the Feedly cyber attack, Evernote and its 100 million users faced a similar denial-of-service attack.[16]
  • P.F. Chang’s China Bistro (restaurant). Between September 2013 and June 2014, credit and debit card information from 33 P.F. Chang’s restaurants was compromised and reportedly sold online.[17]

August

  • U.S. Investigations Services (services). U.S. Investigations Services, a subcontractor for federal employee background checks, suffered a data breach in August, which led to the theft of employee personnel information.[18] Although no specific origin of attack was reported, the company believes the attack was state-sponsored.
  • Community Health Services (health care). At Community Health Service (CHS), the personal data for 4.5 million patients were compromised between April and June.[19] CHS warns that any patient who visited any of its 206 hospital locations over the past five years may have had his or her data compromised. The sophisticated malware used in the attack reportedly originated in China. The FBI warns that other health care firms may also have been attacked.
  • UPS (services). Between January and August, customer information from more than 60 UPS stores was compromised, including financial data,[20] reportedly as a result of the Backoff malware attacks.
  • Defense Industries (defense). Su Bin, a 49-year-old Chinese national, was indicted for hacking defense companies such as Boeing.[21] Between 2009 and 2013, Bin reportedly worked with two other hackers in an attempt to steal manufacturing plans for defense programs, such as the F-35 and F-22 fighter jets.

September

  • Home Depot (retail). Cyber criminals reportedly used malware to compromise the credit card information for roughly 56 million shoppers in Home Depot’s 2,000 U.S. and Canadian outlets.[22]
  • Google (communications). Reportedly, 5 million Gmail usernames and passwords were compromised.[23] About 100,000 were released on a Russian forum site.
  • Apple iCloud (technology). Hackers reportedly used passwords hacked with brute-force tactics and third-party applications to access Apple user’s online data storage, leading to the subsequent posting of celebrities’ private photos online.[24] It is uncertain whether users or Apple were at fault for the attack.
  • Goodwill Industries International (retail). Between February 2013 and August 2014, information for roughly 868,000 credit and debit cards was reportedly stolen from 330 Goodwill stores.[25] Malware infected the chain store through infected third-party vendors.
  • SuperValu (retail). SuperValu was attacked between June and July, and suffered another malware attack between late August and September.[26] The first theft included customer and payment card information from some of its Cub Foods, Farm Fresh, Shop ‘n Save, and Shoppers stores. The second attack reportedly involved only payment card data.
  • Bartell Hotels (hotel). The information for up to 55,000 customers was reportedly stolen between February and May.[27]
  • U.S. Transportation Command contractors (transportation). A Senate report revealed that networks of the U.S. Transportation Command’s contractors were successfully breached 50 times between June 2012 and May 2013.[28] At least 20 of the breaches were attributed to attacks originating from China.

October

  • J.P. Morgan Chase (financial). An attack in June was not noticed until August.[29] The contact information for 76 million households and 7 million small businesses was compromised. The hackers may have originated in Russia and may have ties to the Russian government.
  • Dairy Queen International (restaurant). Credit and debit card information from 395 Dairy Queen and Orange Julius stores was compromised by the Backoff malware.[30]
  • Snapsave (communications). Reportedly, the photos of 200,000 users were hacked from Snapsave, a third-party app for saving photos from Snapchat, an instant photo-sharing app.[31]

Securing Information

As cyber attacks on retail, technology, and industrial companies increase so does the importance of cybersecurity. From brute-force attacks on networks to malware compromising credit card information to disgruntled employees sabotaging their companies’ networks from the inside, companies and their customers need to secure their data. To improve the private sector’s ability to defend itself, Congress should:

  • Create a safe legal environment for sharing information. As the leaders of technological growth, private companies are in most ways at the forefront of cyber security. Much like government agencies, companies must share information that concerns cyber threats and attack among themselves and with appropriate private-public organizations.[32] Congress needs to create a safe environment in which companies can voluntarily share information without fear of legal or regulatory backlash.
  • Work with international partners. As with the Backoff malware attacks, attacks can affect hundreds if not thousands of individual networks. These infected networks can then infect companies outside the U.S. and vice versa. U.S. and foreign companies and governments need to work together to increase overall cybersecurity and to enable action against individual cyber criminals and known state-sponsored cyber aggressors.[33]
  • Encourage cyber insurance. Successful cyber attacks are inevitable because no security is perfect. With the number of breaches growing daily, a cybersecurity insurance market is developing to mitigate the cost of breaches. Congress and the Administration should encourage the proper allocation of liability and the establishment of a cyber insurance system to mitigate faulty cyber practices and human error.[34]

***

Denial or refusing the argument and examination of evidence is malfeasance and exacerbating a cyber criminal act.

 

 

 

 

Secretary of State Tillson: Kremlin Order of Friendship

Posted on by

In 1994, Boris Yeltsin ordered by decree an award known as the ‘Order of Friendship’. Yeltsin emerged to power under the perestroika movement and under his reign, he terminated the Russian Constitution, the Parliament and widespread corruption spread through his term due mostly on industries dealing with oil commodities.

In 1989, Yeltsin visited Texas to better understand the fossil fuel industry and return to his motherland to stop the country from falling into economic collapse yet failed. Crime, protests and prices of basic needs saw inflationary prices such that the Soviet Union soon fell.

With the country in chaos and corruption spreading Yeltsin forged a relationship with Rex Tillerson of Exxon Mobile, the top candidate for Secretary of State in the new Trump administration. Yeltsin bestowed an award to Tillerson known as the ‘Order of Friendship’. Then came the deployment of the business partnerships.

Exxon’s landmark 2011 joint venture with Kremlin-controlled Rosneft calls for upwards of $500 billion in investment over the coming decades. The companies are planning an offshore drilling campaign in Russia’s frozen Chukchi Sea, Laptev Sea and Kara Sea, as well as the Black Sea. They’ll also be drilling onshore in western Siberia, where the Bazhenov and Achimov formations are thought to be many times bigger than the Bakken shale of North Dakota. In addition, Exxon and Rosneft are working to finalize designs for an LNG project in Russia’s far east.

As in any good bromance, they hang out in each others’ neighborhoods. To balance out the geographic breadth of the partnership, Rosneft has joined with Exxon to invest in 20 deepwater exploration blocks in the Gulf of Mexico, as well as onshore projects in Texas and Alberta, Canada. Exxon has also given Rosneft the option to acquire a 25% stake in the Port Thomson Unit, which is estimated to hold a quarter of the natural gas and condensate reserves on Alaska’s North Slope. Back in 2007, amid Putin’s moves to reassert state control over Russia’s energy industry, Exxon’s Sakhalin-1 JV with Gazprom was thought to be a target. But CEO Rex Tillerson made it clear back then that he wouldn’t be pushed around and that he expected Russia to abide by contracts. As the Financial Times reported at the time:

Mr Tillerson said Russia had moved past its phase of trying to regain control of resources. “They want foreign participation because they know there’s technology capability that they need access to and there’s know-how that they need access to.”

Future investment by Exxon would depend on that contract being honoured, he said. “As long as they say, ‘We don’t like that deal we signed back then, but we’ll honour it’, that doesn’t stand in the way of our investments – we can proceed.”

Although Exxon did eventually accede to Gazprom’s wishes that it, not Exxon, control the destination of gas from Sakhalin-1 (Exxon wanted to sell directly to China), what Exxon got in return for its flexibility was an even bigger deal with Rosneft — that big new LNG project being engineered now, which could end up costing $15 billion or more.

In signing agreements with Rosneft last June, Tillerson remarked, “Experience tells us that a good foundation is critical for success in the Arctic and elsewhere. ExxonMobil’s Sakhalin-1 project with Rosneft is an example where we have put this experience to work.”

Last summer Putin made it official; he awarded Tillerson Russia’s Order of Friendship. Friends, joined in their shared respect for just how hard it is to keep their oil and gas empires humming. Commiserating in the challenge of figuring out how to find growth when you’re already the biggest in the world.

Just as Putin is unlikely to give back Crimea, you can forget about a company as growth-hungry as Exxon willingly backing away from its Kremlin connections out of some perceived patriotic American duty. As Tillerson’s predecessor Lee Raymond famously said (quoted in Steve Coll’s book Private Empire: ExxonMobil and American Power): “I’m not a U.S. company and I don’t make decisions based on what’s good for the U.S.” More here from Forbes.

The U.S. military is quite concerned about Russia’s aggression in the Artic as the Russians are using the oil exploration as a dual use mission, the other being espionage while it appears Tillerson and Putin have come to an accommodation on joint operations. Will this affect national security? Already has and includes China.

The U.S. intelligence focus is chiefly aimed at Russia’s military buildup in the far north under President Vladimir Putin. The country’s Northern Fleet is based above the Arctic Circle at Murmansk.

The Russian government announced plans in March 2014 to reopen 10 former Soviet-era military bases along the Arctic seaboard, including 14 airfields, that were closed after the end of the Cold War. A shipyard in northern Russia also is constructing four nuclear-powered submarines.

Alaska Gov. Bill Walker complained that the Pentagon is closing bases and shedding troops while Moscow has begun rebuilding a military force that was eviscerated after the collapse of the Soviet Union.

“It’s the biggest buildup of the Russian military since the Cold War,” Walker told reporters during Obama’s visit to his state. “They’re reopening 10 bases and building four more, and they’re all in the Arctic, so here we are in the middle of the pond, feeling a little bit uncomfortable with the military drawdown.” More here from the LATimes.

In 2014: Russia’s state-run OAO Rosneft said a well drilled in the Kara Sea region of the Arctic Ocean with Exxon Mobil Corp. struck oil, showing the region has the potential to become one of the world’s most important crude-producing areas. The discovery sharpens the dispute between Russia and the U.S. over President Vladimir Putin’s actions in Ukraine. The well was drilled before the Oct. 10 deadline Exxon was granted by the U.S. government under sanctions barring American companies from working in Russia’s Arctic offshore. Rosneft and Exxon won’t be able to do more drilling, putting the exploration and development of the area on hold despite the find announced today. More here from Bloomberg.

Related reading: For Putin and Russia it is Articulus (Crisis)

In summary, going back to perestroika, perhaps Tillerson and Trump need to apply it beginning now. The implications going forward are huge and no one can predict the consequences due to all the moving parts. We do know the U.S. sanctions and those of Europe applied to the Russian oil company Rosneft have had some affect and should in part due to Crimea and Ukraine. The balance of the Baltic States stability remain in question due to the continued aggression by Russia in the region. Russia has sold off some ownership in Rosneft to raise capital, $11 billion worth of capital. It is most interesting Qatar is a financial player now in Rosneft. Qatar is the satellite Taliban headquarters and it was where the Taliban 5 were shipped to from Guantanamo Bay. A Qatari official said of the Gitmo detainees:

A Qatar official said the Taliban men, who have been granted Qatari residency permits, will not be treated like prisoners while in Doha and no U.S. officials will be involved in monitoring their movement while in the country.

“Under the deal they have to stay in Qatar for a year and then they will be allowed to travel outside the country… They can go back to Afghanistan if they want to,” the official said. More from Reuters in 2014.

It all got complicated real fast eh? Order of Friendship could take on a wider definition beginning in 2017 if Tillerson is confirmed as Secretary of State. What say you?