Category Archives: Cyber War

Awan Gets Wrist Slap, DWS Dances

Posted on by

The Washington Post submits this Pakistani IT scandal in the Democrat caucus in the House of Representatives is fabricated, yet WaPo never investigated or reported a word of the case.

This case is one of the most obscure, fraudulent secret cases in DC with only one media source doing good work, The Daily Caller.

AWAN BROTHERS BREAKING NEWS: Imran Awan Arrested At Dulles ...

Seems Awan took a little plea deal with a slap on the wrist and Debbie Wasserman Schultz dances in celebration. That is unless the Feds got something out of Awan to go after lil miss Debbie or the others. There are plenty of others.

*** Awan pleaded guilty Tuesday to federal bank fraud in a plea deal where prosecutors said they “uncovered no evidence” that Awan “violated federal law with respect to the House computer systems.”

During a hearing before U.S. District Judge Tanya S. Chutkan in Washington, Awan pleaded guilty to making a false statement on a loan application. As part of the deal, the prosecution dropped fraud charges against Awan’s wife, Hina Alvi. (This judge by the way, from Jamaica was appointed by Obama, read more on her here.)

The other swampiness continues….

Breitbart News Network photo

The case has generated interest from Republicans on Capitol Hill, who have suggested Awan could have been involved in a cyber breach operation. But prosecutors said Tuesday they investigated allegations of misconduct by Awan while on the job in Congress and determined federal charges were not warranted.

“Particularly, the government has found no evidence that your client illegally removed House data from the House network or from House members’ offices, stole the House Democratic Caucus server, stole or destroyed House information technology equipment, or improperly accessed or transferred government information, including classified or sensitive information,” the prosecution said in the plea deal.

Prosecutors said the government conducted a “thorough investigation of those allegations.” More here.

***

But hold on…there is missing computer and electronic devices. Is this another Hillary type case?

Over 40 offices in the House of Representatives may have fallen victim to an “IT security violation,” according to a secret memo from top congressional law enforcement to the Committee on House Administration.

The memo, written in part by Paul Irving, the House’s sergeant at arms, detailed the disappearance of a server for the House Democratic Caucus following its marking as evidence in a cybersecurity probe. Imran Awan, email server administrator to former DNC chair Debbie Wasserman Schultz, and members of his family had logged into the server more than 7,000 times between 2015 and 2016 without proper authorization.

Since then, the memo alleges, the caucus server holding emails from lawmakers has been replaced by a lookalike, but the original is gone.

*** More detail:

A secret memo marked “URGENT” detailed how the House Democratic Caucus’s server went “missing” soon after it became evidence in a cybersecurity probe. The secret memo also said more than “40 House offices may have been victims of IT security violations.”

In the memo, Congress’s top law enforcement official, Sergeant-at-Arms Paul Irving, along with Chief Administrative Officer Phil Kiko, wrote, “We have concluded that the employees [Democratic systems administrator Imran Awan and his family] are an ongoing and serious risk to the House of Representatives, possibly threatening the integrity of our information systems and thereby members’ capacity to serve constituents.”

The memo, addressed to the Committee on House Administration (CHA) and dated Feb. 3, 2017, was recently reviewed and transcribed by The Daily Caller News Foundation. The letter bolsters TheDCNF’s previous reporting about the missing server and evidence of fraud on Capitol Hill.

It details how the caucus server, run by then-caucus Chairman Rep. Xavier Becerra, was secretly copied by authorities after the House Inspector General (IG) identified suspicious activity on it, but the Awans’ physical access was not blocked.

But after, the report reads, the server appears to have been secretly replaced with one that looked similar.

The memo called for firing the Pakistani-born aides, revoking all their computer accounts, and changing the locks on any door they had access to.

Rep. Louie Gohmert — a Texas Republican on the House Committee on the Judiciary who has done oversight work on the case — said the missing server contained copies of Congress members’ emails.

“They put 40 members of Congress’s data on one server … That server, with that serial number, has disappeared,” he said.

Multiple sources connected to the investigation told TheDCNF that shortly after an IG report came out identifying the House Democratic Caucus server as key evidence in a criminal probe, the evidence was stolen.

“They [the Awans] deliberately turned over a fake server” to falsify evidence, one official close to the CHA alleged. “It was a breach. The data was completely out of [members’] possession.”

The six-page letter says:

• In September of 2016 … the CHA and [IG] briefed the former Chairman of the Democratic Caucus about suspicious activity related to their server that the [IG] identified. As a result, the former Chairman of the Democratic Caucus directed the CAO to copy the data from their server and two computers.
• The CHA directed the IG to refer the matter to the US Capitol Police. The USCP initiated an investigation that continues to this day.
• In late 2016, the former Chairman of the Democratic Caucus announced his intention to resign from Congress to assume a new position. The CAO and [sergeant-at-arms] worked with the Chairman to account for his inventory, including the one server.
• While reviewing the inventory, the CAO discovered that the serial number of the server did not match that of the one imaged in September. [Investigators] also discovered that the server in question [the replacement server] was still operating under the employee’s control, contrary to the explicit instructions of the former chairman to turn over all equipment and fully cooperate with the inquiry and investigation. [A House source said the “employee” was Abid Awan.]
• The USCP interviewed relevant staff regarding the missing server.
• On January 24, 2017, the CAO acquired the [replacement] server from the control of the employees and transferred that server to the USCP.

President Donald Trump referenced the Democratic Caucus’ missing server in a tweet. But because the letter to the CHA was kept secret, many news outlets have not grasped that the House’s top cop documented a “missing server” connected to the Democratic Caucus.

The timeline laid out in the letter also shows that Becerra — now California’s Democratic attorney general — failed to ensure that the Awans didn’t have access to House computer systems during the 2016 election, which was wrought with cybersecurity scandals.

An IG presentation from September 2016 shows that Becerra knew of problems months before the server disappeared.

“The Caucus Chief of Staff requested one of the shared employees to not provide IT services or access their computers,” it read. “This shared employee continued.” It’s unclear why that request was not granted or why it was a request rather than an order.

A House official close to the probe said the employee was Abid, who was not on Becerra or the Caucus’s payroll. The official said Becerra Chief of Staff Sean McCluskie apparently knew Abid was accessing Caucus servers. According to payroll records, Abid’s sister-in-law, Hina Alvi, was the Caucus’ systems administrator.

The Awans’ continued physical access to Becerra’s equipment after red flags emerged enabled the server to disappear after it became evidence, House officials close to the investigation told TheDCNF.

Becerra has refused to comment, citing an ongoing criminal investigation.

The February 2017 memo itemizes “numerous and egregious violations of House IT security” by members of the Awan family, including using Congress members’ usernames and “the unauthorized storage of sensitive House information outside the House.”

“These employees accessed user accounts and computers for offices that did not employ them, without the knowledge and permission of the impacted Member’s office,” it said, adding, “4 of the employees accessed the Democratic Caucus computers 5,735 times.” More than 100 office computers were open to access from people not on the office’s staff, it said.

Chris Gowen — a former aide to Hillary Clinton who is now serving as Imran’s attorney — told TheDCNF, “There is no missing server and never was.”

He didn’t provide any support for his claim, which is contrary to evidence Kiko and Irving presented to Congress.

The memo said the CHA possesses voluminous evidence, including, “Interview notes with House Members’ Chiefs of Staff,” and “Logon activity and computer access logs.” Prosecutors have not brought charges.

The Awans were banned from Congress’s computer network the day the letter was sent, and Kiko held a briefing to convey the message to chiefs of staff for members who employed them.

But Democrats claim they were never told about any of the cybersecurity issues itemized in the urgent memo. Rep. Jackie Speier — a California Democrat on the House Permanent Select Committee on Intelligence who employed Imran and his wife, Hina Alvi — said she never heard of any missing server.

Joaquin Castro of Texas — another Democratic intelligence committee member who employed one of the Awans — told TheDCNF that Kiko never told him of any cybersecurity issues whatsoever and that the Awan probe was instead described as a theft issue.

Indeed, the CHA issued only one public statement on the case and titled it the “House Theft Investigation” — wording that avoids cybersecurity words while political news coverage raged about other cybersecurity issues in the 2016 election.

Yet even the alleged theft has not resulted in criminal charges — even though the letter also says House authorities have “purchase orders and vouchers” that allegedly show procurement fraud, as well as testimony from a Democratic chief of staff to Rep. Yvette Clarke, who warned of procurement fraud.

The FBI arrested Imran at the airport in July 2017 for alleged bank fraud that occurred six months prior, and Democrats have since claimed that the case is about nothing but bank fraud. Bank fraud does not explain why the Awans were kicked off the House network concurrent with the urgent memo, which did not cite bank fraud.

A Democratic IT aide who alleged that Imran solicited a bribe from him told TheDCNF he believes members of Congress are playing dumb and covering the matter up. Wendy Anderson, a former chief of staff to New York Rep. Yvette Clarke, told House investigators that she suspected that her predecessor, Shelley Davis, was working with Abid on a theft scheme, but Clarke refused to fire Abid until outside investigators got involved, TheDCNF reported.

Eighteen months after the evidence was recounted in the urgent memo, prosecution appears to have stalled for reasons not publicly explained. Imran is in court July 3 for a possible plea deal in the bank fraud case. Gohmert said the FBI has refused to accept evidence demonstrating alleged House misconduct, and some witnesses with first-hand knowledge say the bureau has not interviewed them.

 

Iranian Regime Using Water as a Weapon and APT 33

Posted on by

The Iranian people have been protesting against the regime for quite some time and in some cases it has turned deadly, where military forces are firing on the protestors. What are the protests about? Their economy. Remember when the Obama White House gave Iran billions that apparently we owed from back debts and the regime was to use the money to infuse growth in the economy? Yeah, not so much. In fact the starving and unemployed citizens of Iran are demanding the regime get out of Syria and pay attention at home.

Related reading: Iran Calls for Calm After Water Protests, Clashes

Yet, water availability in Iran has been at a crisis point for a few years and getting worse.

Dozens of riot police on motorcycles faced off against farmers in the same town, Varzaneh, another video showed. Smoke swirled around the protesters and the person filming said tear gas was being fired. A second person reported clashes. Police in the city of Isfahan were not immediately available to comment.

“What’s called drought is more often the mismanagement of water,” said a journalist in Varzaneh, who asked not to be identified because of the sensitivity of the subject.

“And this lack of water has disrupted people’s income.”

Farmers accuse local politicians of allowing water to be diverted from their areas in return for bribes.

While the nationwide protests in December and January stemmed from anger over high prices and alleged corruption, in rural areas, lack of access to water was also a major cause, analysts say.

At least 25 people were killed and, according to one parliamentarian, up to 3,700 people were arrested, the biggest challenge yet for the government of president Hassan Rouhani, who was reelected last year. More here from Reuters.

Meanwhile, in Paris there are several Americans attending the annual National Council of Resistance of Iran (NCRI) – an umbrella bloc of opposition groups in exile that seek an end to Shi’ite Muslim clerical rule in Iran. There apparently was a bomb plot on Monday that was foiled, where an Iranian diplomat was arrested along with several others.

Since President Trump formally exited the JCPOA, the nuclear deal, Iran has some nefarious activities again in play and that includes hacking beyond punishing the Iranian citizens and bomb plots.

Since the 2009 Green Revolution in Iran, the Iranian Revolutionary Guard Corps has taken to hacking including by proxy.

The emergence of the Iranian Cyber Army (ICA) as an extension of the IRGC was an initial attempt by the Islamic Republic at conducting internationally focused operations. These operations were a departure from Gerdab’s focus on maintaining domestic moral values and defending government rhetoric. In 2011, the IRGC’s ICA formed the foundation of the Khaybar Center for Information Technology. According to a former IRGC cyber commander, the Khaybar Center was established in 2011 and has been linked to a number of attacks against the United States, Saudi Arabia, and Turkey.

Even today, the balance between ideology and cyber skills remains problematic. One example of the conflict between ideology and skill was Mohammad Hussein Tajik, a former cyber commander within the IRGC. According to Insikt Group’s source, Tajik’s father maintained a strong religious background and was a veteran of Iran’s ministry of intelligence. Yet Tajik was arrested and killed because the Iranian government feared that Tajik was not ideologically aligned and posed a betrayal and flight risk.

Today, based on ongoing contact between Insikt Group’s source and Iranian hackers, it is estimated that there are over 50 organizations vying for government-sponsored offensive cyber projects. Only the best teams succeed, are paid, and remain in business. The government does its best to compartmentalize — one job might be creating a remote code exploit (RCE) for a popular software application, while another job might be using the RCE and establishing persistent unauthorized access. Two different contractors (or more) are typically required to complete the government-defined objective.

Public knowledge has also established that Iranian academic institutions play a contractor-like role. Specific examples include Shahid Beheshti University (SBU) and the Imam Hossein University (IHU), which have comprehensive science and technology departments attracting some of the best academic talent in Iran. In fact, the SBU has a specific cyberspace research institute dedicated to such matters, and the IHU was founded by the IRGC.

For a full read on the report due to an interview with a previous Iranian hacker and significant research on state sponsored campaigns, go here.

Cyber security professionals in the United States have detected Iranian hackers breaking into defense contractors, aviation systems, energy companies, telecom operations and other tech companies in the United States. Iran is listed at APT 33, Advanced Persistent Threat and Saudi Arabia is just as vulnerable as the United States. In 2016, the Department of Justice indicted 7 Iranians on cyber attacks on dozens of U.S. banks, attempting to shut down the Bowman Avenue dam operation in New York and to disrupt other critical U.S. infrastructure sites. 45 major financial institutions were targeted including JP Morgan, Well Fargo and American Express. Read more detail here.

 

Question China and They Were Uninvited to RIMPAC

Posted on by

The U.S. Navy and allies are drilling in the Pacific Ocean as part of the massive Rim of the Pacific naval exercise. After years continuing to sail alongside China in RIMPAC, even as the peer competitor militarized man-made islands in the South China Sea, the U.S. decided enough is enough and rescinded the invitation. (Andrew Jarocki/Staff)

Twenty-six nations, 47 surface ships, five submarines, 18 national land forces, and more than 200 aircraft and 25,000 personnel will participate in the biennial Rim of the Pacific (RIMPAC) exercise scheduled June 27 to Aug. 2, in and around the Hawaiian Islands and Southern California. As the world’s largest international maritime exercise, RIMPAC provides a unique training opportunity designed to foster and sustain cooperative relationships that are critical to ensuring the safety of sea lanes and security on the world’s interconnected oceans. RIMPAC 2018 is the 26th exercise in the series that began in 1971. The theme of RIMPAC 2018 is “Capable, Adaptive, Partners.” Participating nations and forces will exercise a wide range of capabilities and demonstrate the inherent flexibility of maritime forces. These capabilities range from disaster relief and maritime security operations to sea control and complex warfighting. The relevant, realistic training program includes amphibious operations, gunnery, missile, anti-submarine and air defense exercises, as well as counter-piracy operations, mine clearance operations, explosive ordnance disposal, and diving and salvage operations. This year’s exercise includes forces from Australia, Brazil, Brunei, Canada, Chile, Colombia, France, Germany, India, Indonesia, Israel, Japan, Malaysia, Mexico, Netherlands, New Zealand, Peru, the Republic of Korea, the Republic of the Philippines, Singapore, Sri Lanka, Thailand, Tonga, the United Kingdom, the United States and Vietnam. This is the first time Brazil, Israel, Sri Lanka and Vietnam are participating in RIMPAC. Additional firsts include New Zealand serving as sea combat commander and Chile serving as combined force maritime component commander. This is the first time a non-founding RIMPAC nation (Chile) will hold a component commander leadership position. This year will also feature live firing of a Long Range Anti-Ship Missile (LRASM) from a U.S. Air Force aircraft, surface to ship missiles by the Japan Ground Self-Defense Force, and a Naval Strike Missile (NSM) from a launcher on the back of a Palletized Load System (PLS) by the U.S. Army. This marks the first time a land based unit will participate in the live fire event during RIMPAC. RIMPAC 18 will also include international band engagements and highlight fleet innovation during an Innovation Fair. Additionally, for the first time since RIMPAC 2002, U.S. 3rd Fleet’s Command Center will relocate from San Diego to Pearl Harbor to support command and control of all 3rd Fleet forces in 3rd Fleet’s area of responsibility to include forces operating forward in the Western Pacific. The Fleet Command Center will be established at a deployable joint command and control on Hospital Point for the first part of the exercise and then transition to USS Portland (LPD 27) for the remainder of the exercise. Hosted by Commander, U.S. Pacific Fleet, RIMPAC 2018 will be led by Commander, U.S. 3rd Fleet, Vice Adm. John D. Alexander, who will serve as combined task force (CTF) commander. Royal Canadian Navy Rear Adm. Bob Auchterlonie will serve as CTF deputy commander, and Japan Maritime Self-Defense Force Rear Adm. Hideyuki Oban as CTF vice commander. Fleet Marine Force will be led by U.S. Marine Corps Brig. Gen. Mark Hashimoto. Other key leaders of the multinational force will include Commodore Pablo Niemann of Armada de Chile, who will command the maritime component, and Air Commodore Craig Heap of the Royal Australian Air Force, who will command the air component. This robust constellation of allies and partners support sustained and favorable regional balances of power that safeguard security, prosperity and the free and open international order. RIMPAC 2018 contributes to the increased lethality, resiliency and agility needed by the joint and combined force to deter and defeat aggression by major powers across all domains and levels of conflict.

***

The location of the garrison, confirmed through satellite imagery here, can possibly support a brigade-sized intercontinental ballistic missile formation.

New Delhi: China has built a new garrison in its central Sichuan province for its intercontinental ballistic missiles (ICBM) which have the capacity to cover all of India, the Indian Ocean Region as well as large parts of continental America.

On 27 May, the 10th test of the Dongfeng-41 or DF-41 (East Wind-41) ICBM, with a reported range of 12,000-15,000 km, was conducted at the Taiyuan Space Launch Center in Shanxi province. China’s PLARF, or the People’s Liberation Army Rocket Force, formerly Second Artillery Corps (SAC), claimed it a success.

Vinayak Bhat/The Print

ThePrint has now identified a never-before revealed PLARF location, which may possibly be a DF-41 garrison, with the help of satellite imagery.

ThePrint had in April reported that PLARF had built a garrison in the southernmost Hainan province to store DF-31AG missile.

The location

This is the first time that the new Chinese garrison has been confirmed through satellite imagery (as of 7 May, 2018), although it has been covered by ground human intelligence before.

It is located 15 km east of Yibin town in Sichuan province, away from towns and cities but close to a highway to enable quick deployment. Construction is said to have begun three years ago.

The entire complex can possibly support a brigade-sized ballistic missile formation.

The ICBM is likely to be armed with 10 multiple independently targetable re-entry vehicle (MIRV) warheads each with 150kT yield.

Vinayak Bhat/The Print

This new garrison is typically built around a sports track with a football field in it. It also has two basketball grounds and an obstacle course adjoining the sports track.

There are two large highbay garages in the centre of the complex along with two smaller highway garages to the north of the facility. The smaller highbay garages were probably built for warhead assembly.

There are two locations where dugouts are observed. These could possibly be underground DES igloos.

Vinayak Bhat/The Print

There are about 15 triple storied C-shaped barracks, possibly for troops’ living accommodations.

Three large multi-storey buildings connected with each other could be administrative offices. A meteorological station with possible satellite link is also seen to the west side of the complex.

All buildings except central administrative buildings and high-bay garages are provided with slanted box gable roofs.

Vinayak Bhat/The Print

The entire garrison with its support buildings has a very high-walled security with four entrances. The main entrance is heavily guarded with around 200m approach under visual observation with the help of a large convex mirror.

It has typical layout of eight garages with six of them being interconnected. There are 30 smaller buildings (15 on either side of highbay garages) with different dimensions which are difficult to assess.

In the latest satellite image, a large tractor trailer of 22m is seen plying on the highway 400 metre south of the complex, suggesting that DF-41 truck erector launcher (TEL) of similar size can easily manoeuvre in this area.

The vehicle

 The DF-41 vehicle has most advanced technologies incorporated for the smooth ride of the missile. It is an eight-axle, 16-wheeled TEL with possibly a six-axle drive.

The steering mechanism of DF-41 TEL is very uniquely purposed to provide high-speed turning stability and smallest possible turning radius to the behemoth.

Power steering has been provided on the three-front steer axles and the rear three drive axles are probably mechanically coordinated with hydraulic power. Thus making the DF-41 TEL very easily manoeuvrable.

As for the 27 May ICBM test from the Taiyuan Space Launch Centre, it was first reported by Washington Free Beacon quoting Pentagon spokesman Marine Corps Lt. Col. Christopher Logan who said, “The US was aware of recent flight tests and we continue to monitor weapons development in China.”

The well-known defence magazine IHS Jane’s Defence Weekly claimed that after the latest launch, DF-41 had moved closer to commissioning and deployment. Chinese experts claim that DF-41 is the most advanced ICBM in the world.

New Citizenship Applications for Asgardia

Posted on by

For those that are as old as me may remember Ralph Cramden telling his wife Alice, to the moon. Well, that time is here. Except, Alice would be an Asgardian if she launched and landed on the moon. Send postcards when you can.

Space platform

Asgardia will be a fully fledged, independent nation inhabited on a low Earth orbit. It began with a satellite, Asgardia-1, that was launched in 2017, to be followed by an orbital satellite constellation launch in 2019-2020, and later by other satellite constellations and Space Arks, as well as by settlements on the Moon.

Who will be your leader? Well there is one already. And there is a Constitution.

There are already citizens. Asgardia Nation Citizens 203,865 Residents 218,396

Click here to see where they are from.

There is also an anthem for Asgardia.

FIRST IN HISTORY INAUGURATION OF THE HEAD OF THE FIRST SPACE NATION ASGARDIA

Asgardia’s first Head of Nation, Dr Igor Ashurbeyli, was inaugurated on the 25th of June at the Hofburg Palace with guests from over 40 countries from across the world.

In attendance were ambassadors of more than 10 countries, representatives of a number of major public organizations affiliated with UN structures, newly elected Asgardian Members of Parliament, astronauts, space industry managers, scientists, international lawyers, and media from all over the world.

Taking part in the ceremony was the Chairman of Parliament, Lembit Öpik, a former leader of the Welsh Assembly and Member of the British Parliament. The Head of the Supreme Court, Dr Yun Zhao, also took part—a well-known lawyer in the field of space law, a professor at Hong Kong University and a member of a number of arbitration courts.

After taking his oath of office, Dr Ashurbeyli announced that, within the next 25 years, Asgardia will have habitable space stations and stationary settlements on the Moon equipped with artificial gravity and protection from cosmic radiation which will effectively enable permanent human habitation in space. In the coming months, he also announced that Asgardia’s first Government administration will be formed, during which time a Cabinet of Ministers will be appointed, alongside the formation of the Prosecutor General’s Office, the National Audit Office and the Supreme Space Council.

Why Become an Asgardian

Shape the Future of Space LawLet your voice be heard! Join our discussion on a new legal platform for the exploration of space. Be part of the movement that will define the future of humanity’s off-planet expansion.

Connect with Forward – Thinking People

Our community is the perfect place to network and brainstorm with innovators, engineers, scientists, business people and investors. Asgardians can transform a dream into reality.

Protect Our Planet and Future Generations

Faced with threats such as sun storms and potentially dangerous asteroids, we need to prioritise our collective efforts to protect the Earth. Help us accelerate this process and find solutions.

 

Hey China, the U.S. Should Include the Cost of Espionage in Trade Deficit

Posted on by

Let’s begin here: FOR IMMEDIATE RELEASE

Thursday, June 21, 2018

Chinese National Arrested for Conspiring to Illegally Export U.S. Origin Goods Used in Anti-Submarine Warfare to China

Defendant allegedly illegally exported devices used to detect and monitor sound underwater

BOSTON – A Chinese national was arrested today and charged in connection with violating export laws by conspiring with employees of an entity affiliated with the People’s Liberation Army (PLA) to illegally export U.S. origin goods to China, as well as making false statements to obtain a visa to enter the United States and to become a lawful permanent resident under the EB-5 Immigrant Investor Visa Program.

Shuren Qin, 41, a Chinese national residing in Wellesley, Mass., was charged in a criminal complaint with one count of visa fraud and one count of conspiring to commit violations of U.S. export regulations. Qin was arrested today and will appear in federal court in Boston on June 22, 2018.

According to charging documents, Qin was born in the People’s Republic of China and became a lawful permanent resident of the United States in 2014. Qin operates several companies in China, which purport to import U.S. and European goods with applications in underwater or marine technologies into China.  It is alleged that Qin was in communication with and/or receiving taskings from entities affiliated with the PLA, including the Northwestern Polytechnical University (NWPU), a Chinese military research institute, to obtain items used for anti-submarine warfare. (..)

LCS Mission Packages: The Basics - USNI News photo

Okay, how about this one?

The submarine contractor breach, recently reported by the Washington Post, reflects this intense focus on bridging any technological advantage the US may have. It involved attacks in January and February that nabbed important data, albeit from an unclassified network. When taken together, though, the information would have amounted to a valuable snapshot of US cutting edge underwater weapons development, plus details on a number of related digital and mechanical systems.

The attack fits into a known pattern of Chinese hacking initiatives. “China will continue to use cyberespionage and bolster cyberattack capabilities to support [its] national security priorities,” US director of national intelligence Daniel Coats wrote in a February threat report. “The [Intelligence Community] and private-sector security experts continue to identify ongoing cyberactivity from China…Most detected Chinese cyberoperations against US private industry are focused on cleared defense contractors or IT and communications firms.”

This week, analysts from Symantec also published research on a series of attacks in the same category from November 2017 to April from a hacking group dubbed Thrip. Though Symantec does not go so far as to identify Thrip as Chinese state-sponsored hackers, it reports “with high confidence” that Thrip attacks trace back to computers inside the country. The group, which Symantec has tracked since 2013, has evolved to hide in plain site by mostly using prefab malware to infiltrate networks and then manipulating administrative controls and other legitimate system tools to bore deeper without setting off alarms. All of these off-the-shelf hacking tools and techniques have made Thrip harder to identify and track—which is likely the idea—but Symantec started to notice patterns in their anomaly detection scanners that ultimately gave these attacks away, and led the researchers to a unique backdoor that implicated Thrip.

The researchers found evidence of intrusions at some southeast Asian telecom firms, a US geospatial imagery company, a couple of private satellite companies including one from the US, and a US defense contractor. The breaches were all deliberate and targeted, and in the case of the satellite firms the hackers moved all the way through to reach the control systems of actual orbiting satellites, where they could have impacted a satellite’s trajectory or disrupted data flow. More here from Wired.

As if that is not enough to begin charging China, how about this?

U.S. military pilots flying aircraft over the East China Sea have been targeted by blinding laser attacks more than 20 times over the last 10 months, U.S. officials told The Japan Times, after a number of similar attacks in East Africa that the Pentagon has said Chinese military personnel were behind.

The U.S. Indo-Pacific Command said the attacks in the waterway, where the Chinese military has bolstered its operations, were first reported last September. The incidents were believed to have come from a range of sources, “both ashore and from fishing vessels,” spokeswoman Maj. Cassandra Gesecki said.

Indo-Pacific Command said it would not go into specifics about the incidents, but media reports quoting unidentified U.S. officials said some of the fishing boats were Chinese-flagged vessels. Officials wouldn’t definitively confirm that Chinese personnel were behind all of the incidents.

Beijing operates a “maritime militia” of Chinese fishing boats, which it trains and subsidizes with sophisticated gear such as GPS equipment. Such vessels have played an important role in China asserting its various territorial claims in the East and South China Seas.

Chinese personnel at the country’s first overseas military base in Djibouti had been using lasers to interfere with U.S. military aircraft at a nearby American base, activity that has resulted in injuries to U.S. pilots and prompted the U.S. to launch a formal diplomatic protest with Beijing.

However, unlike the Djibouti incidents, where military-grade lasers had been employed in some cases, the East China Sea incidents involved smaller, commercial-grade laser pointers popularly known as “cat grade” lasers because pet owners have known to use to play with their animals. Even so, these types of lasers have been known to temporarily blind pilots and, in some cases, cause eye damage.

“In light of these recent incidents, units operating in the area are conducting an assessment of their laser eye protection equipment,” Gesecki said.

While Chinese fishing vessels have long operated in the East China Sea, the country’s military has embarked on a military modernization program heavily promoted by President Xi Jinping, who has overseen a shift in focus toward creating a more potent fighting force. This has included projects such as building a second aircraft carrier, integrating stealth fighters into the air force and fielding an array of advanced missiles that can strike air and sea targets from long distances.

In a demonstration of its continued push to refine its power-projection capabilities and push further into the Western Pacific Ocean, the Chinese military in April conducted drills in the Pacific with its sole operating aircraft carrier.

The East China Sea is home to a long-running dispute between China and Japan over the Senkaku Islands, which are controlled by Japan but also claimed by China, which calls them the Diaoyu. Japanese defense chief Itsunori Onodera said in April that Chinese activity — including naval and coast guard patrols in the waters — “has expanded and accelerated” in recent years as it seeks to assert its territorial claims.

But the activity goes beyond military.

Beijing has also used its maritime militia to hassle Japanese fishermen and the Japan Coast Guard in a bid to better enforce its claims in the East China Sea, experts say.

If the Chinese military is not directly involved in the laser incidents, it could be directing — at some level — the maritime militia to target U.S. pilots.

Although the U.S. has not taking a position on the sovereignty of the Senkakus, it has repeatedly said that they fall under its treaty obligations to defend Japan’s territory if it is attacked.

In closing, remember:

On May 23, the US State Department announced that one embassy worker in Guangzhou experienced “subtle and vague, but abnormal, sensations of sound and pressure” before being diagnosed with symptoms similar to those found in the diplomatic personnel that were in Cuba, including mild traumatic brain injury.

The New York Times reported Wednesday that at least two more Americans in Guangzhou have experienced similar phenomena and also fallen ill. One of those embassy workers told the Times that he and his wife had heard mysterious sounds and experienced strange headaches and sleeplessness while in their apartment.

After the evacuation of the first diplomatic employee from Guangzhou was announced, the State Department issued a health alert via the US Consulate in Guangzhou telling people that “if you experience any unusual acute auditory or sensory phenomena accompanied by unusual sounds or piercing noises, do not attempt to locate their source. Instead, move to a location where the sounds are not present.”

On June 5, the office of US Secretary of State Mike Pompeo announced the establishment of a task force meant to respond to these mysterious incidents, which some have called “sonic attacks.” More here.