Category Archives: Cyber War

Facebook Scrubbed Data, Possible Obstruction of Investigation

Posted on by

Related reading: Facebook COO Sheryl Sandberg meets with lawmakers investigating Russia-linked Facebook ads

Blame ‘crowdtangle’ among others. As noted on their site: ‘the easiest way to keep track of what’s happening of social media. Other sites such as meltwater broadcasts that they are ‘influencers’ and then leaderboards are created such that real or hoax operations become a trending topic.

Lots of fake news gets blamed on bloggers posing as official media outlets while quoting unnamed sources and rightly so. Some of those blogs are concoctions of Moscow while others websites repeated fake stories stoking issues and divisions within the United States from Russia media outlets such as Sputnik News and RT.

Facebook is the location of choice for millions to park links and fake items resulting in Facebook often being referred to as Fakebook.

Moscow, along with out social media tech software in the United States created algorithms that counted ‘likes and ‘shares’ which then manifested unreliable stories and questionable sources. These analytic tools have become the norm across the world and consequentially having credibility and reliance on issues or stories has fallen.

It all boils down to communication, collaboration, branding, feedback and scoring results. You are the sheep, money is made from your activity on social media with every keystroke and you don’t get paid a dime….secret financial extortion, meaning without your knowledge unless you read ALL the mice type. Facebook is a master and frankly a player where you are being punked.

This is yet another form of cyber-warfare….

Facebook scrubbed potentially damning Russia data before researchers could analyze it further

  • Facebook scrubbed thousands of posts shared during the 2016 campaign by accounts linked to Russia.
  • The removals came as a Columbia University researcher was examining their reach.
  • Facebook says the posts were removed to fix a glitch.

BI: Facebook removed thousands of posts shared during the 2016 election by accounts linked to Russia after a Columbia University social media researcher, Jonathan Albright, used the company’s data analytics tool to examine the reach of the Russian accounts.

Albright, who discovered the content had reached a far broader audience than Facebook initially acknowledged, told The Washington Post on Wednesday that the data had allowed him “to at least reconstruct some of the pieces of the puzzle” of Russia’s election interference.

“Not everything, but it allowed us to make sense of some of this thing,” he said.

Facebook confirmed that the posts had been removed, but said it was because the company had fixed a glitch in the analytics tool — called CrowdTangle — that Albright had used.

“We identified and fixed a bug in CrowdTangle that allowed users to see cached information from inactive Facebook Pages,” said Andy Stone, a Facebook spokesman.

Facebook’s decision to remove the posts from public view raised questions about whether the company could be held liable for suppressing potential evidence, given its role in the wide-ranging investigation of Russia’s election interference.

Albright told Business Insider that “because this is clearly a legal and imminent justice-related matter, I can’t provide much critical insight at this stage.

“I feel like my 10 rounds with the $500 billion dollar tech juggernaut are over,” he said.

Legal experts and scholars on the subject say scrubbing the data Albright used for his research is Facebook’s prerogative as long as it isn’t knowingly removing content sought under a court order or by government request.

“If Facebook has no reason to think that it should retain the data (subpoena, court order), then it can make choices about what appears on its platform,” said Danielle Citron, a professor of law at the University of Maryland, where she teaches and writes about information privacy.

Citron said Facebook and other private tech companies have in the past argued, successfully, that they have free speech interests and enjoy immunity from liability for the content posted by their users — immunity that extends to their ability to remove it if it violates their terms of service.

Albert Gidari, the director of privacy at the Stanford Center for Internet and Society, said it’s likely that Facebook has kept copies of “anything at issue as part of its preservation obligation” in light of special counsel Robert Mueller’s search warrant and the House and Senate Intelligence Committee subpoenas.

Gidari said that because there hasn’t been any allegation against Facebook itself, the company has no obligation, absent a court order, to maintain information “that later may be evidence.”

But the question becomes more complicated when considering the ethical obligations of a company whose tools were exploited by a foreign adversary to try to influence a US election.

Gidari, for his part, said he doesn’t think “any platform has an independent or ethical obligation to run a research playground for third-party data analysts.”

But Tom Rubin, a lecturer at Stanford Law School, said that Facebook’s “credibility as a global social platform and its responsibility as an internet giant require it to fully embrace an independent, urgent and public review of the facts.”

“Facebook’s Russia predicament is of its own doing — it controls the platform, runs the ads, and profits mightily,” said Rubin, who previously served as the assistant US Attorney in New York heading investigations and prosecutions of computer crimes.

“The investigation here is as serious as it gets: illegal and hostile foreign influence on the US presidential election,” Rubin said. “The issue confronting Facebook is the extent to which it should commit to complete transparency, and the answer to that is straightforward.”

Citron agreed.

“For transparency’s sake and for our broader interest in our democracy, people should know the extent to which they have been played by the Russians and how a hostile state actor has interfered with, manipulated, and generally hacked our political process,” she said.

That is what Albright said was his mission when he downloaded the last 500 posts shared by six accounts that Facebook has confirmed were operating out of Russia. Those accounts — Blacktivists, Being Patriotic, Secured Borders,  Heart of Texas, LGBT United, and Muslims of America — were among the 470 pages Facebook shut down in September as part of its purge of “inauthentic accounts” linked to Russia’s Internet Research Agency.

The data Albright obtained using CrowdTangle showed that the Russians’ reach far exceeded the number of Facebook users they were able to access with advertisements alone — content including memes, links, and other miscellaneous postings was shared over 340 million times between the six accounts.

The other 464 accounts closed by Facebook have not yet been made public. If they are, an analysis of their combined posts would likely reveal that their content was shared an estimated billions of times during the election.

Iran Will Not Allow Inspections of Secret Nuclear Sites

Posted on by

Primer: The Iranian Resistance has been monitoring the Islamic Revolutionary Guard Corps-controlled entity tasked with building the nuclear bomb, the Organization of Defensive Innovation and Research (Sazman-e Pazhouheshhaye Novin-e Defa’i), known by its Persian acronym SPND, for nearly two decades. SPND is comprised of 7 subdivisions, each of which carries out a certain portion of nuclear weapons research.

The unit responsible for conducting research and building a trigger for a nuclear weapon is called the Center for Research and Expansion of Technologies for Explosion and Impact (Markaz-e Tahghighat va Tose’e Fanavari-e Enfejar va Zarbeh), known by its acronym METFAZ.

Since April 2017, when the NCRI found out about a new military location being used by SPND, the coalition has focused its attention on all the potential SPND sites that we suspected were tasked with building the bomb. The NCRI’s investigation inside Iran was conducted by the network associated with the Mujahedin-e Khalq (MEK), which was responsible for blowing the cover off the program, particularly since 2002. More here.

photo

***

In December 2015, the IAEA decided to “close” the file on outstanding concerns about possible military dimensions of Iran’s nuclear program.
Without ever admitting to weaponization activities, Iran convinced the international community to wipe the slate clean. The IAEA’s report on the possible military dimensions of Iran’s nuclear program left many questions unanswered. In addition to prohibiting on site inspections of suspected military sites, Iran can delay IAEA
inspections of suspected sites without facing consequences. The JCPOA creates a minimum of a 24 day delay possibly longer between a formal IAEA request to access
a suspicious site and the date Iran must allow access. As Mr. Tobey explains, “24 days … [is] ample time for Iran to hide or destroy evidence.” More here.

***

“Iran’s military sites are off limits,” he said. “All information about these sites are classified. Iran will never allow such visits. Don’t pay attention to such remarks that are only a dream.”

Iranian President Hassan Rouhani followed up later by saying the U.S. call was unlikely to be accepted by the U.N. nuclear watchdog.

So much for what John Kerry and Barack Obama pledged to America right?

***

Decertifying the nuclear deal without walking away gives the Trump administration an opening to confront the Islamic Republic’s foreign meddling.

Jonathan Schanzer
11 October 2017 The Atlantic

President Donald Trump is taking considerable heat for his expected announcement this week that he will “decertify” the 2015 Iran nuclear deal. Critics say he is heedlessly discarding a deal that has been working, and needlessly putting America on a collision course with Iran.

As it turns out, Trump is actually not poised to “rip up the deal.” By decertifying it, the president and his advisors are, in fact, signaling their intent to strengthen it, with the help of Congress, so that the deal advances U.S. national security interests. Those interests are key criteria for the certification process, which takes place every 90 days, as laid out in the Iran Nuclear Agreement Review Act (INARA) of 2015. Right now, with the Iranians hindering inspection of military sites, working feverishly on their ballistic missile program, and banking on the nuclear deal’s sunset clauses, which all but guarantee Tehran an advanced nuclear program in roughly a decade, it’s hard to argue the deal is working for the United States.

Decertification has the potential to change all of that. The move will plunge Iran and the other parties involved in the nuclear deal into a state of limbo. It will prompt all sides to consider what the deal is worth to them, and what further compromises they may be willing to make to satisfy the national interests of the United States, as laid out by the Trump administration.

Under President Barack Obama, whose foreign-policy legacy was anchored to the nuclear deal, the promise of deferring (not preventing) Iran’s nuclear ambitions superseded all else. As a result, the fear of Iran walking away paralyzed Washington and prevented the Obama White House from making even reasonable demands of Tehran. The credible threat of a U.S. response to Iranian aggression was effectively off the table. So was the imposition of meaningful new sanctions, for that matter.

The coming decertification announcement provides an opportunity to break this paralysis. Trump is effectively telling Tehran that he sets the terms for the nuclear deal because he is not tethered to its success the way Obama was. The administration will then have a chance to chart its own Iran policy. As the 60-day INARA review period plays out, Trump can regain U.S. leverage, establish new red lines on Iranian behavior, and (unlike his predecessor) actually enforce them. If he does it right, he can do all of this without exiting the deal.

In response to decertification, Iran’s leadership will undoubtedly threaten to walk away from the table. But it’s not that simple. There are benefits the Iranians have yet to reap from the deal—beyond the more than $100 billion in released oil funds—ranging from increased foreign investment to greater integration with the global economy after years of economic isolation. In other words, Iran can still cash in considerably, but not if it balks at Trump’s calls to fix the deal.

The Europeans, Russians, and Chinese, are also reluctant to go along with Trump’s certification gambit. Some are already howling with disapproval. But some are already voicing their willingness to work with the White House. As the primary investors in Iran’s recent economic rebound, they have little choice but to try to resolve American concerns.

Of course, even the Chinese, Russians, and Europeans understand that they have a daunting task ahead of them. Iran is on a collision course with the West, one that has little to do with the nuclear file. Rather, it is about what the nuclear deal negotiators chose to ignore: Iran’s aggression across the Middle East.

Iran has harassed American ships in the Persian Gulf, held American sailors at gunpoint, bankrolled the murderous Assad regime in Syria, supported the Houthi rebels in Yemen, and furnished the majority of Hezbollah’s operating budget. And those are just a few of the highlights.

Tehran’s broader efforts to dominate the Middle East are also intensifying. From the deployment of its Revolutionary Guard Corps to far-flung corners of the region to the conscripting of Shiite irregular proxies to fight or hold territory in Syria and Iraq, Iran’s footprint continues to grow.

For American policymakers, Iran’s bid for regional hegemony is just as troubling as its nuclear ambitions. Together, they represent a dual Iranian strategy that cannot be separated, despite the P5+1’s efforts to do so back in 2015. This is why Trump should build on his decertification announcement with the rollout of a new Iran policy that actively counters these activities.

As it happens, the timing is fortuitous. The administration is slated to complete and roll out its Iran Policy Review by October 31st. If the policy lives up to the hints dropped by senior officials, the United States will once again push back on Iran’s malign behavior. If done right, it will do so wherever possible, and by using every pressure point available.

Such a policy would include designating the Revolutionary Guards as a terrorist group (a move mandated by statute by October 31st), but also new tranches of Treasury sanctions on Iranian bad actors, and other economic pressure. The financial targets figure to be non-nuclear in nature, to ensure that the United States remains compliant with the nuclear deal. But the pressure should be palpable.

From there, Washington is also expected to actively target Hezbollah, Iran’s most powerful and active proxy. The Trump administration and Congress have already signaled they will take aim at Hezbollah’s economic interests, while also weakening their positions across the Middle East.

Beyond that, Washington can take further steps to strengthen America’s allies, such as the Sunni Arab states and Israel, who are also willing to challenge Iranian aggression. This could mean greater intelligence-sharing and bilateral cooperation, but could also include new hardware and military capabilities. More broadly, the United States must signal that Iranian threats to its allies will be seen as threats to the United States itself.

Admittedly, none of this will be easy. The Middle East is a dangerous region that doesn’t respond well to change. The same can be said for Washington in the Trump era. But whatever challenges loom will be the cost of shattering the paralysis in Washington that has reduced America’s Iran policy to a false binary of either hewing to the nuclear deal or war.

The choices to counter Iranian aggression before the nuclear deal were many. President George W. Bush understood this at the tail end of his presidency. President Obama even understood this at the beginning of his. But Obama then chose to limit his options through the nuclear deal. This has not served America well. It’s time to restore those options. Decertification and a new Iran policy, if done right, can potentially put America back in the driver’s seat after two years of going along for the ride.

WC-135 Dispatched to Investigate Europe for Radiation

Posted on by

Gotta look deep for information and there are two theories, one is Russia as the other is the medical industry. Humm….it goes something like this…. By the way, the dates could easily lineup.

Related reading: US sends specialist ‘nuke sniffer’ plane to the UK as ‘radiation spike’ sparks fears Putin has tested nuclear weapon in the Arctic

Primer:

The Washington Free Beacon quotes Pentagon officials saying the unmanned underwater vehicle, code named Kanyon by the Pentagon, was test-launched from the Sarov-class submarine on November 27th.

What Pentagon names Kanyon is what in Russia is known as the «Ocean Multipurpose System Status-6» – a top secret weapon system the world has never seen anything like before.  A year ago, Russian state-TV Channel One showed a glimpse of a graphic slide of the Status-6, later on said to be an unauthorized leak of a secret weapon development plan. 

The drawings on the slide could very well be a purpose leak aimed at telling the world what weapon-systems are under development. The TV news covered the meeting in Sochi where President Putin was told by high-ranking officers in the Strategic forces how Russia’s nuclear deterrence strategy is developing. Moscow are looking for ways to overcome the United States’ Anti-Ballistic Missile Defence system, and one answer is to go deep with the nukes. Highly suggested reading more here.

Mysterious Radiation Spike Across Europe

Nuclear scientists are struggling to determine the source of small amounts of nuclear radiation that bloomed over Europe throughout January.

France’s IRSN institute, the public body for radiological and nuclear risks, announced in a statement on February 13 that Iodine-131, a radionuclide of human origin, was detected in trace amounts at ground-level atmosphere in continental Europe. First detected in the second week of January over northern Norway, Iodine-131 presence was then detected over Finland, Poland, Germany, Czech Republic, France, and Spain. However, the levels have since returned to normal and scientists have yet to determine the source of the radiation.

Norway’s Radiation protection Authority (NRPA), which first detected the Iodine-131 over its northern Russian border, told Motherboard over the phone today that the levels present essentially no risk to human health. “I can assure you that the levels are low,” said a press a spokesperson.

But with a half-life of just eight days, the detection of Iodine-131 is proof of a recent release, said IRSN in its statement to the media.

Rumors are circulating, of course, that Russia has secretly tested a low-yield nuclear weapon in the Arctic, possibly in the Novaya Zemlya region—historically used for Russia’s nuclear tests. Iodine-131, discovered by two University of California researchers in 1938, is a radioisotope synonymous with the atomic bomb tests carried out by the US and Russia throughout the 1950s, and has recently presented threats from leaking during the Chernobyl nuclear power plant disaster and the 2011 Fukushima nuclear accident.

But Iodine-131 is also found in the medical industry, commonly used for treating thyroid-related illnesses and cancers. Astrid Liland, head of the section for emergency preparedness at the NRPA, told Motherboard in an email today, “Since only Iodine-131 was measured, and no other radioactive substances, we think it originates from a pharmaceutical company producing radioactive drugs.
Iodine-131 is used for treatment of cancer.”

Particulate Iodine-131 (value +/- uncertainty) in the atmosphere(µBq/m3). Image: IRSN

Britain’s Society for Radiological Protection (SRP) also told Motherboard that the exclusive presence of Iodine-131 suggests the source is not a nuclear incident, but rather a medical facility such as a hospital or a supplier of radio-pharmaceuticals. “The release was probably of recent origin. Further than this it is impossible to speculate,” the SRP’s Brian Gornall told Motherboard in an email.

Still, where exactly that pharma company could be located is unknown. “Due to rapidly changing winds, it is not possible to track exactly where it came from. It points to a release source somewhere in Eastern Europe,” Liland told Motherboard.

The Iodine cloud prompted the United States Air Force to send over a specialized particle-sniffing aircraft to investigate. As per reports on The Aviationist, a US Air Force WC-135 deployed to Royal Air Force base Mildenhall in the UK on February 17, equipped to test the atmosphere over Europe for radiation. The aircraft’s last intercontinental expedition was to analyse the atmosphere over the Korean Peninsula following an alleged North Korean nuclear test.

The deployment spurred on rumors of a nuclear test from Russia, but a spokesperson for the the Comprehensive Nuclear-Test-Ban Treaty Organization (CTBTO), an international body that monitors nuclear weapon tests, told Motherboard in an email today, “Although some readings of I-131 above minimal detection level have been observed since beginning of year in Europe nothing extraordinary has been measured.”

The IRSN said in its statement that the data has now been shared between the members of the informal European network called Ring of Five, a group of organizations that research radiation levels in the atmosphere.

Russia has Provided N Korea Additional Hacking Platforms

Posted on by

Hackers from North Korea are reported to have stolen a large cache of military documents from South Korea, including a plan to assassinate North Korea’s leader Kim Jong-un.

Rhee Cheol-hee, a South Korean lawmaker, said the information was from his country’s defence ministry.

The compromised documents include wartime contingency plans drawn up by the US and South Korea.

They also include reports to the allies’ senior commanders.

Plans for the South’s special forces were reportedly accessed, along with information on significant power plants and military facilities in the South.

Mr Rhee belongs to South Korea’s ruling party, and sits on its parliament’s defence committee. He said some 235 gigabytes of military documents had been stolen from the Defence Integrated Data Centre, and that 80% of them have yet to be identified.

The hack took place in September last year. In May, South Korea said a large amount of data had been stolen and that North Korea may have instigated the cyber attack – but gave no details of what was taken.

North Korea denied the claim. The isolated state is believed to have specially-trained hackers based overseas, including in China. More here.

Russia is always part of the rogue nation process, it is curious of the timing as you read on. TransTeleCom is owned by Russia’s state-run railway company and has fiber optic cables that follow all the country’s main train lines, including all the way up to the North Korean border.

photo

Related reading: North Korea gets new internet access via Russia

Reuters: North Korea has opened a second internet connection with the outside world, this time via Russia, a move which cyber security experts said could give Pyongyang greater capability to conduct cyber attacks.

Previously traffic was handled via China Unicom (0762.HK) under a deal dating back to 2010. TransTeleCom now appears to be handling roughly 60 percent of North Korean internet traffic, while Unicom transmits the remaining 40 percent or so, Dyn said.

The new external connection was first reported by 38 North, a project of the U.S.-Korea Institute at Johns Hopkins School of Advanced International Studies (SAIS).

TransTeleCom declined to confirm any new routing deal with the North Korean government or its communications arm. In a statement, it said: “TransTeleCom has historically had a junction of trunk networks with North Korea under an agreement with Korea Posts and Telecommunications Corp signed in 2009.”

North Korea’s internet access is estimated to be limited to somewhere between a few hundred and just over 1,000 connections. These connections are vital for coordinating the country’s cyber attacks, said Bryce Boland, chief technology officer for the Asia-Pacific region at FireEye, a cyber-security company.

Boland said the Russian connection would enhance North Korea’s ability to command future cyber attacks.

Having internet routes via both China and Russia reduces North Korea’s dependence on any one country at a time when it faces intense geo-political pressures, he said.

Many of the cyber attacks conducted on behalf of Pyongyang came from outside North Korea using hijacked computers, Boland said. Those ordering and controlling the attacks communicate to hackers and hijacked computers from within North Korea.

“This will improve the resiliency of their network and increase their ability to conduct command and control over those activities,” Boland said.

The Washington Post reported earlier that the U.S. Cyber Command has been carrying out denial of service attacks against hackers from North Korea designed to limit their access to the internet. (wapo.st/2yRbg8w)

In February 2005, the TTK became the largest party in terms of the European Internet Exchange London Internet Exchange (LINX). In July 2005, the TTK became the fifth operator in Russia, received the right to provide long-distance services (after Rostelecom, Tsentrinfokoma, Golden Telecom and MTT). “TransteleCom” JSC provides communications services in Kazakhstan and for a map of locations and services, go here.

Chinese Infusion of Spies in the U.S.

Posted on by

Related reading: CHINESE INTELLIGENCE SERVICES AND ESPIONAGE THREATS TO THE UNITED STATES

Related reading: 2015/ U.S. officials: Chinese secret agents in U.S. spikes

Related reading: 2014/ How the F.B.I. Cracked a Chinese Spy Ring

Dissident Reveals Secret Chinese Intelligence Plans Targeting U.S.

Guo Wengui calls China communist system a ‘kleptocracy,’ vows reform

China earlier this year ordered the dispatch of 27 intelligence officers to the United States as part of a larger campaign of subversion, according to a leading Chinese dissident.

Guo Wengui, a billionaire real estate mogul, disclosed what he said was an internal Communist Party document authorizing the Ministry of State Security to send the spies, described as “people’s police officers.”

Guo, who is being sought by the Chinese government in a bid to silence his disclosures of high-level corruption and intelligence activity, denounced the Beijing regime as corrupt and called for a “revolution” to reform the system.

“My only single goal that I set myself to try to achieve is to change China,” Guo said through an interpreter during a National Press Club meeting attended by news reporters and supporters of the exiled dissident.

“What they’re doing is against humanity,” he said. “What the U.S. ought to do is take action, instead of just talking to the Chinese kleptocracy.”

Guo last month requested political asylum in the United States in the face of a high-level Chinese government effort to force the United States to return him to China. China has charged him with several crimes. Guo has denied the charges.

Guo earlier charged that senior Chinese leader Wang Qishan, who controls most of China’s finances, is corrupt and has engaged in moving money and documents outside of China. Wang is leading China’s nationwide anti-corruption drive that critics say is cover for efforts by Xi to consolidate power.

The Chinese campaign against Guo has included high-level diplomatic and economic pressure on American government and business leaders to lobby for Guo’s repatriation.

China’s Minister of Public Security, Guo Shengkun, met with Attorney General Jeff Sessions on Wednesday where China’s demands for the return of fugitives was discussed.

A Justice Department spokesman said Sessions raised the issue of a Chinese-origin cyber attack against the Hudson Institute, a think tank that had canceled its plan to hold the press conference for Guo under pressure from China. The Justice spokesman, Wynn Hornbuckle, said China pledged their cooperation in investigating the incident.

Hornbuckle would not say if Guo Wengui was discussed during the law enforcement and cyber security talks.

David Tell, a Hudson spokesman, told the Washington Free Beacon, the denial of service cyber attack was traced by investigators to Shanghai.

According to an email obtained by the Free Beacon, a Hudson employee stated that he was asked to forward a message to institute leaders sent from a Chinese Embassy official on Sept. 29.

Chinese officials, according to the email, “want Hudson to cancel the Guo Wengui event because he is a criminal and tells lies, that China is about to enter a sensitive time with its Party Congress, that hosting him would hurt China-U.S. relations, and that this event would embarrass Hudson Institute and hurt our ties with the Chinese government.”

The intelligence document released Thursday is one of a number sensitive internal reports obtained by Guo who was once close to MSS Vice Minister Ma Jian, who was imprisoned last year on corruption charges, but who Guo has said was repressed politically because of his knowledge of corruption among Chinese leaders.

Guo said he had planned to disclose three internal Chinese government documents during the Hudson event. But instead he burned the documents after the event was canceled.

Guo said he maintains close ties to supporters within the Chinese government and security system and is able to obtain many internal documents.

According to Guo, for simply holding the top-secret document he distributed at the press conference, a person could be jailed in China for three to five years.

The document was issued by the National Security Council, a new Chinese government and Party entity headed by Chinese leader Xi Jinping.

The MSS operatives will work under cover at the Bank of China branch offices and at Chinese diplomatic facilities in the United States.

The document is labeled “top secret” and dated April 27. It was released by Guo at a press conference in Washington during which he appealed for the U.S. government to wake up to the threat posed by China and counter it.

Guo said the authenticity of the document was confirmed by the U.S. government.

The directive to the MSS was formally called “The Request for Instructions on the Working Plan of Secretly Dispatching and 27 People’s Police Officers, He Jianfeng and Others from the Ministry of State Security to the United States on Field Duty in 2017.”

“We approve in principle,” the report says, adding “please carefully organize and implement.”

According to the document the MSS should follow Chinese ideology set out by the late leader Deng Xiaoping, as well as the concepts outlined in speeches by Xi, the current leader.

The document is one of the first internal documents to reveal how China is expanding intelligence activities targeting what it calls “hostile forces” in the United States.

The MSS, according to the report, was told to “go according to the need of the strategic arrangements” of the Communist Party “against overseas hostile forces, strictly abide by our national principles of state security work on the United States, and use the opportunity of the rise of our comprehensive national strength and Sino-U.S. diplomatic relations tending to ease to further expand the scope and depth of the infiltration into the anti-China hostile forces in the United States.”

The MSS agents are to enter the United States secretly in phases and “use the cover of the executives of the state-owned enterprises in the United States, such as the Bank of China (New York) to carry out solid intelligence collection, to incite defection of relevant individuals, and to conduct counter-espionage, etc.”

The spies also were directed to focus on “extraordinarily significant criminal suspects, including Ling Wancheng, Guo Wengui, and Cheng Muyang, etc.”

Ling is the brother of Ling Jihua, a former high-ranking Chinese official who China has accused of illegal activities and who defected to the United States in 2016. Cheng is a real estate mogul in Canada who China also accused of illegal activities.

“If necessary, they should also actively support, cooperate with, and assist the personnel in the United States who conduct the United Front operations, diplomatic operations, and military intelligence operations to carry out related business,” the document states.

United Front work is what the Chinese government calls influence operations aimed at coopting Americans into supporting Beijing’s policies.

The directive urges the spies to “make contributions for further crushing overseas anti-China hostile forces.”

Lastly, MSS officials should seek to strengthen the organization and provide after actions reports to the senior Party organ.

“We have friends all over the world … those who provide the documents are among the most senior people, including the current Politburo standing committee,” Guo said. “My material is real. Otherwise, they wouldn’t be afraid of it.”

Guo said during his press conference that since the April directive, around 50 additional intelligence operatives were sent to the United States.

An FBI spokeswoman had no comment on the document. A Chinese Embassy spokesman did not respond to an email seeking comment.

On Saturday, China’s Public Security Ministry issued a statement denying China was behind the hack of a law firm representing Guo and the Hudson Institute. The ministry also disputed the authenticity of the document.

“An official of the Ministry of Public Security states that, China paid close attention to such allegations and launched immediate investigation,” the statement said. “But no evidence has been found that China and its government have been involved with these incidents.”

The ministry also called the documents revealed by Guo “utterly clumsily forged and full of obvious mistakes.” It did not elaborate but offered to cooperate in a U.S. investigation into the authenticity of the materials and cooperate in the probe of the cyber attacks.

According to Guo, China is engaged in a three-pronged campaign of subversion in the United States he labeled “Blue-Gold-Yellow,” with each color standing for a different line of attack.

Blue represents large-scale Chinese cyber and internet operations while gold represents China’s use of money and financial power. The yellow is part of a plan to use sex to undermine American society.

Another Chinese government subversion program was described by Guo using the code name the “Three Fs.” It involves China’s systematic programs targeting the United States with the goal to weaken the country, throw the country into turmoil and ultimately defeat America.

Asked about the major Communist Party meeting scheduled for later this month, Guo said: “I would like all members of the Chinese Communist Party to wake up and say no to this ruling clique.”

Guo disclosed that he was imprisoned in China after the 1989 pro-democracy protests in Tiananmen Square and spent 22 months in prison. Chinese police also shot his brother, who later died.

Since then, he has spent the intervening years as an entrepreneur preparing to expose corrupt Chinese leaders, a process he began in January.

China has retaliated by freezing some $17 billion in assets in China and by imprisoning business associates and relatives of Guo.

Radio France’s Chinese-language radio service reported recently that several Chinese have been harassed by authorities for discussing Guo’s disclosures about Wang’s corruption. The report called the activity “Guo Wengui-phobia.”

Chinese censors have cracked down on people online who used the phrases used by Guo, like “Wang-Seven-Three” and “73” for Wang Qishen. Also a person wearing the t-shirt with the word “all of this is only the beginning”—one of Guo’s catch phrases on social media was detained.

“Those who support Guo Wengui call out ‘put a pot on your head,’ a homophone for ‘support Guo,'” the French report said. “Those who desperately want to catch him want to ‘smash that pot,’ literally meaning ‘smash the pot,’ but the term means ‘to fail.'”

China also recently blocked the messaging app WhatsApp, after China tightened controls on WeChat, Weibo, and Baidu message boards that were sharing posts on Guo.

“Looking at social media, every time Guo Wengui has revealed the secrets of a corrupt official, there’s been a reaction on the streets of Beijing,” the report said. “In restaurants, bars, in the streets and alleyways, people see each other and, smiling, ask, ‘What did he say now?’ It’s become a tacit greeting.”