Category Archives: Cyber War

Chinese Infusion of Spies in the U.S.

Posted on by

Related reading: CHINESE INTELLIGENCE SERVICES AND ESPIONAGE THREATS TO THE UNITED STATES

Related reading: 2015/ U.S. officials: Chinese secret agents in U.S. spikes

Related reading: 2014/ How the F.B.I. Cracked a Chinese Spy Ring

Dissident Reveals Secret Chinese Intelligence Plans Targeting U.S.

Guo Wengui calls China communist system a ‘kleptocracy,’ vows reform

China earlier this year ordered the dispatch of 27 intelligence officers to the United States as part of a larger campaign of subversion, according to a leading Chinese dissident.

Guo Wengui, a billionaire real estate mogul, disclosed what he said was an internal Communist Party document authorizing the Ministry of State Security to send the spies, described as “people’s police officers.”

Guo, who is being sought by the Chinese government in a bid to silence his disclosures of high-level corruption and intelligence activity, denounced the Beijing regime as corrupt and called for a “revolution” to reform the system.

“My only single goal that I set myself to try to achieve is to change China,” Guo said through an interpreter during a National Press Club meeting attended by news reporters and supporters of the exiled dissident.

“What they’re doing is against humanity,” he said. “What the U.S. ought to do is take action, instead of just talking to the Chinese kleptocracy.”

Guo last month requested political asylum in the United States in the face of a high-level Chinese government effort to force the United States to return him to China. China has charged him with several crimes. Guo has denied the charges.

Guo earlier charged that senior Chinese leader Wang Qishan, who controls most of China’s finances, is corrupt and has engaged in moving money and documents outside of China. Wang is leading China’s nationwide anti-corruption drive that critics say is cover for efforts by Xi to consolidate power.

The Chinese campaign against Guo has included high-level diplomatic and economic pressure on American government and business leaders to lobby for Guo’s repatriation.

China’s Minister of Public Security, Guo Shengkun, met with Attorney General Jeff Sessions on Wednesday where China’s demands for the return of fugitives was discussed.

A Justice Department spokesman said Sessions raised the issue of a Chinese-origin cyber attack against the Hudson Institute, a think tank that had canceled its plan to hold the press conference for Guo under pressure from China. The Justice spokesman, Wynn Hornbuckle, said China pledged their cooperation in investigating the incident.

Hornbuckle would not say if Guo Wengui was discussed during the law enforcement and cyber security talks.

David Tell, a Hudson spokesman, told the Washington Free Beacon, the denial of service cyber attack was traced by investigators to Shanghai.

According to an email obtained by the Free Beacon, a Hudson employee stated that he was asked to forward a message to institute leaders sent from a Chinese Embassy official on Sept. 29.

Chinese officials, according to the email, “want Hudson to cancel the Guo Wengui event because he is a criminal and tells lies, that China is about to enter a sensitive time with its Party Congress, that hosting him would hurt China-U.S. relations, and that this event would embarrass Hudson Institute and hurt our ties with the Chinese government.”

The intelligence document released Thursday is one of a number sensitive internal reports obtained by Guo who was once close to MSS Vice Minister Ma Jian, who was imprisoned last year on corruption charges, but who Guo has said was repressed politically because of his knowledge of corruption among Chinese leaders.

Guo said he had planned to disclose three internal Chinese government documents during the Hudson event. But instead he burned the documents after the event was canceled.

Guo said he maintains close ties to supporters within the Chinese government and security system and is able to obtain many internal documents.

According to Guo, for simply holding the top-secret document he distributed at the press conference, a person could be jailed in China for three to five years.

The document was issued by the National Security Council, a new Chinese government and Party entity headed by Chinese leader Xi Jinping.

The MSS operatives will work under cover at the Bank of China branch offices and at Chinese diplomatic facilities in the United States.

The document is labeled “top secret” and dated April 27. It was released by Guo at a press conference in Washington during which he appealed for the U.S. government to wake up to the threat posed by China and counter it.

Guo said the authenticity of the document was confirmed by the U.S. government.

The directive to the MSS was formally called “The Request for Instructions on the Working Plan of Secretly Dispatching and 27 People’s Police Officers, He Jianfeng and Others from the Ministry of State Security to the United States on Field Duty in 2017.”

“We approve in principle,” the report says, adding “please carefully organize and implement.”

According to the document the MSS should follow Chinese ideology set out by the late leader Deng Xiaoping, as well as the concepts outlined in speeches by Xi, the current leader.

The document is one of the first internal documents to reveal how China is expanding intelligence activities targeting what it calls “hostile forces” in the United States.

The MSS, according to the report, was told to “go according to the need of the strategic arrangements” of the Communist Party “against overseas hostile forces, strictly abide by our national principles of state security work on the United States, and use the opportunity of the rise of our comprehensive national strength and Sino-U.S. diplomatic relations tending to ease to further expand the scope and depth of the infiltration into the anti-China hostile forces in the United States.”

The MSS agents are to enter the United States secretly in phases and “use the cover of the executives of the state-owned enterprises in the United States, such as the Bank of China (New York) to carry out solid intelligence collection, to incite defection of relevant individuals, and to conduct counter-espionage, etc.”

The spies also were directed to focus on “extraordinarily significant criminal suspects, including Ling Wancheng, Guo Wengui, and Cheng Muyang, etc.”

Ling is the brother of Ling Jihua, a former high-ranking Chinese official who China has accused of illegal activities and who defected to the United States in 2016. Cheng is a real estate mogul in Canada who China also accused of illegal activities.

“If necessary, they should also actively support, cooperate with, and assist the personnel in the United States who conduct the United Front operations, diplomatic operations, and military intelligence operations to carry out related business,” the document states.

United Front work is what the Chinese government calls influence operations aimed at coopting Americans into supporting Beijing’s policies.

The directive urges the spies to “make contributions for further crushing overseas anti-China hostile forces.”

Lastly, MSS officials should seek to strengthen the organization and provide after actions reports to the senior Party organ.

“We have friends all over the world … those who provide the documents are among the most senior people, including the current Politburo standing committee,” Guo said. “My material is real. Otherwise, they wouldn’t be afraid of it.”

Guo said during his press conference that since the April directive, around 50 additional intelligence operatives were sent to the United States.

An FBI spokeswoman had no comment on the document. A Chinese Embassy spokesman did not respond to an email seeking comment.

On Saturday, China’s Public Security Ministry issued a statement denying China was behind the hack of a law firm representing Guo and the Hudson Institute. The ministry also disputed the authenticity of the document.

“An official of the Ministry of Public Security states that, China paid close attention to such allegations and launched immediate investigation,” the statement said. “But no evidence has been found that China and its government have been involved with these incidents.”

The ministry also called the documents revealed by Guo “utterly clumsily forged and full of obvious mistakes.” It did not elaborate but offered to cooperate in a U.S. investigation into the authenticity of the materials and cooperate in the probe of the cyber attacks.

According to Guo, China is engaged in a three-pronged campaign of subversion in the United States he labeled “Blue-Gold-Yellow,” with each color standing for a different line of attack.

Blue represents large-scale Chinese cyber and internet operations while gold represents China’s use of money and financial power. The yellow is part of a plan to use sex to undermine American society.

Another Chinese government subversion program was described by Guo using the code name the “Three Fs.” It involves China’s systematic programs targeting the United States with the goal to weaken the country, throw the country into turmoil and ultimately defeat America.

Asked about the major Communist Party meeting scheduled for later this month, Guo said: “I would like all members of the Chinese Communist Party to wake up and say no to this ruling clique.”

Guo disclosed that he was imprisoned in China after the 1989 pro-democracy protests in Tiananmen Square and spent 22 months in prison. Chinese police also shot his brother, who later died.

Since then, he has spent the intervening years as an entrepreneur preparing to expose corrupt Chinese leaders, a process he began in January.

China has retaliated by freezing some $17 billion in assets in China and by imprisoning business associates and relatives of Guo.

Radio France’s Chinese-language radio service reported recently that several Chinese have been harassed by authorities for discussing Guo’s disclosures about Wang’s corruption. The report called the activity “Guo Wengui-phobia.”

Chinese censors have cracked down on people online who used the phrases used by Guo, like “Wang-Seven-Three” and “73” for Wang Qishen. Also a person wearing the t-shirt with the word “all of this is only the beginning”—one of Guo’s catch phrases on social media was detained.

“Those who support Guo Wengui call out ‘put a pot on your head,’ a homophone for ‘support Guo,'” the French report said. “Those who desperately want to catch him want to ‘smash that pot,’ literally meaning ‘smash the pot,’ but the term means ‘to fail.'”

China also recently blocked the messaging app WhatsApp, after China tightened controls on WeChat, Weibo, and Baidu message boards that were sharing posts on Guo.

“Looking at social media, every time Guo Wengui has revealed the secrets of a corrupt official, there’s been a reaction on the streets of Beijing,” the report said. “In restaurants, bars, in the streets and alleyways, people see each other and, smiling, ask, ‘What did he say now?’ It’s become a tacit greeting.”

Decertify the Iran Nuclear Deal or Not, Such Questions

Posted on by

We know that the Trump administration has already certified Iranian compliance once, yet now there is a question as to whether it will be certified again or the White House will move to terminate the whole JCPOA.

Is Iran complying with the ‘spirit’ of the agreement? Hardly, yet should it be ended completely? There are implications and Iran for sure is not a partner that can be trusted as it continues to export terror throughout the Middle East and has it hands in other regions of the globe including Latin America.

photo

Arab News reports in part:

Through its military forces, the Islamic Republic is actively engaged in intervening in the domestic affairs of other nations in the Middle East. For example, in Syria, Iranian leaders have admitted that their Islamic Revolutionary Guard Corps (IRGC) and its elite branch, the Quds Force, are fighting on the ground alongside Bashar Assad’s forces. In addition, Iran is providing financial, weapons, advisory and intelligence assistance to the Syrian regime apparatus.
Putting their direct military intervention aside, Iranian leaders have successfully formed powerful proxies and Shiite militias in Syria in order to serve the revolutionary and geopolitical interests of Iran’s Supreme Leader Ayatollah Ali Khamenei and his gilded circle.
The Iranian leaders’ plan is a long-term one — to make political realities out of these militias, ensuring Iran’s infiltration and domination of the nation in case Assad falls. In other words, Iran’s plan is to make itself a winner whether the Syrian president is toppled or remains in power, as Tehran would continue to have influence and control in the security, political and intelligence infrastructure of Syria. Furthermore, under the aegis of the IRGC, Iran’s leaders believe they have ensured their presence in Iraq for decades to come, as well as being capable of dictating Iraq’s future policies by setting up the People’s Mobilization Forces (PMF). The PMF is a conglomerate of more than 40 Iraqi militia groups, which act in favor of the Iranian regime’s interests and enjoy close ties with the head of the Quds Force, Qassem Soleimani. More here.

As for compliance to the JCPOA, how about violations? Seems there are indeed violations as reported by a segment of German Intelligence.

Iran tried to obtain illicit technology that could be used for military nuclear and ballistic missile programs, raising questions about a possible violation of the 2015 agreement intended to stop Tehran’s drive to become an atomic armed power, according to three German intelligence reports obtained by Fox News.

The new intelligence, detailing reports from September and October and disclosed just ahead of President Trump’s planned announcement Thursday on whether the U.S. will recertify the Iran deal, reveals that Iran’s regime made “32 procurement attempts … that definitely or with high likelihood were undertaken for the benefit of proliferation programs.”

According to the document, the 32 attempts took place in the German state of North Rhine-Westphalia. The report lists Iran as a nation that engages in proliferation, which is defined as “spreading atomic, biological or chemical weapons of mass destruction.”

Missile delivery systems are also included in the definition of illicit proliferation activity in the report.

The North Rhine-Westphalia agency accused Iran of using front companies in the United Arab Emirates, Turkey and China to circumvent international restrictions on its nuclear and missile programs.

The intelligence report, which covered the year 2016 — the Iran deal was implemented on Jan. 16, 2016 — calls further into question Iran’s compliance with the agreement, formally known as the Joint Comprehensive Plan of Action, or JCPOA.

In a second intelligence report obtained by Fox News, the German state of Hessen said Iran, Pakistan, North Korea and Sudan use “guest academics” for illegal activities related to nuclear and other weapons programs. “An example for this type of activity occurred in the sector of electronic technology in connection with the implementation of the enrichment of uranium,” the document reads.

The intelligence officials also cited an example of foreign intelligence services using “research exchanges at universities in the sector of biological and chemical procedures.”More here.

Most will say the JCPOA should be decertified or terminated. Yet, as a matter for consideration, if that action is taken rather than to work to amend the deal, such that if that fails then terminate, the United States’s reputation will be such that it cannot be trusted failing other attempts….just consider….frankly, this site is fine with termination given aggressive repercussions.

Perhaps Israel should get a voice this time around.

Not an Inch of the US is Safe, Consider This…

Posted on by

Equifax hacked, NSA hacked, active shooters, stolen identity, bad legislation being signed by presidents, townhalls being disrupted by activists, leaked classified material, nefarious people roaming Elm Street and violence on college campuses…..not a complete list but even top people in Washington DC are not protected either.

Check this out…

photo

John Kelly’s personal phone has been compromised for months

White House tech support discovered the suspected breach after Kelly turned his phone in to tech support staff this summer.

White House officials believe that chief of staff John Kelly’s personal cell phone was compromised, potentially as long ago as December, according to three U.S. government officials.

The discovery raises concerns that hackers or foreign governments may have had access to data on Kelly’s phone while he was secretary of the Department of Homeland Security and after he joined the West Wing.

Tech support staff discovered the suspected breach after Kelly turned his phone in to White House tech support this summer complaining that it wasn’t working or updating software properly.

Kelly told the staffers the phone hadn’t been working properly for months, according to the officials.

White House aides prepared a one-page September memo summarizing the incident, which was circulated through the administration.

A White House official, speaking for the administration, said Kelly hadn’t used the personal phone often since joining the administration. This person said Kelly relied on his government-issued phone for most communications.

The official, who did not dispute any of POLITICO’s reporting on the timeline of events or the existence of the memo, said Kelly no longer had possession of the device but declined to say where the phone is now.

Kelly has since begun using a different phone, one of the officials said, though he relies on his government phone when he’s inside the White House.

Several government officials said it was unclear when – or where – Kelly’s phone was first compromised. It is unclear what data may have been accessed, if any.

Kelly’s travel schedule prior to joining the administration in January is under review. The former Marine general retired in 2016 as chief of U.S. Southern Command.

Staffers reviewed the cell phone for several days and tried to decipher what had happened to it, the officials said. Many functions on the phone were not working.

The IT department concluded the phone had been compromised and should not be used further, according to the memo.

The document triggered concern throughout the West Wing about what information may have been exposed, one of the officials said.

The revelation comes amid an internal probe at the White House into personal email use. Senior officials, including Jared Kushner and Ivanka Trump, have at times used personal email for government business, POLITICO has reported.

Additional storage lockers were recently added in the West Wing for personal devices and aides have been warned to limit personal cell phone use in the building.

Bill Marczak, a senior research fellow with the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, said the worst-case scenario would be “full access,” where an attacker would be able to essentially control a device, including its microphone and camera.

“The [attackers] I would be most worried about are nation-states or other actors who may have access to resale of commercial spyware sold to nation-states,” he said.

“The average user won’t notice anything at all. Really the only way to pick up on that is to do forensics on the phone,” he added.

This article was reported in coordination with the Project On Government Oversight, a nonprofit investigative watchdog organization.

NSA Data Stolen via Russian Anti-Virus Software

Posted on by

photo

The Department of Homeland Security recently barred federal agencies from using Kaspersky Lab products due to security concerns but has been tight-lipped about what intelligence linked the popular, Moscow-based computer security firm to specific intelligence operations.

Kaspersky Lab denied any knowledge of any role in the attack, but decried “news coverage of unproven claims continu[ing] to perpetuate accusations about the company” in a written statement.

“As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight,” the company said. More here.

photo with more detail at this link

Russian hackers stole classified data from NSA contractor

Russian government hackers stole data about how the US penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed highly classified material and stashed it on his home computer, a new report said Thursday.

The hackers apparently targeted the contractor after identifying the files through the contractor’s use of an anti-virus software made by the Russia-based Kaspersky Lab, The Wall Street Journal reported, citing sources familiar with the hacking.

Experts told the paper the hack was one of the most serious security breaches in years, and that it provided insight into how Russian intelligence exploits commercial software products to spy on the US.

The incident occurred in 2015 but wasn’t discovered until spring of last year, the sources told the WSJ.

The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for that kind of spying and how it defends American networks, the sources said.

The information could help the Russians guard their own networks, making it more difficult for American spooks to surveil Russia.

The breach was believed to be the first time that Kaspersky software, which is sold in the US, was exploited by Russian hackers as they spied on the US.

The revelation comes as special counsel Robert Mueller is investigating Russian meddling in the US election and possible collusion with the Trump campaign.

The president has called Russian hacking a “hoax” and “fake news” and slammed Mueller’s probe as a “witch hunt.”

A spokesman for the NSA would not comment on the security breach.

“Whether the information is credible or not, NSA’s policy is never to comment on affiliate or personnel matters,” the spokseman told the paper.

In a statement, Kaspersky said it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”

The NSA contractor in the Kaspersky incident was not known, and the company he worked for was not identified.

Sources told The Journal he is believed to have taken home numerous documents and other materials from NSA headquarters, possibly to continue working beyond his normal office hours.

The man apparently did not knowingly work for a foreign government, but knew that removing classified information without authorization was a violation of NSA policies and potentially a criminal act, the sources said.

 

Russian Ad: Black Woman Brandishing a Rifle

Posted on by

Facebook is expected today to provide the US Congress with evidence concerning 2016 election ads purchased by Russia’s Internet Research Agency. Bots have become more visibly active in social media; their tendency has been to exacerbate conflict without much discernible interest in conflict’s outcome. US Senator Warner (D-Virginia), vice chair of the Senate Intelligence Committee, thinks social media have now become decidedly weaponized.

Congressional investigators could combine Facebook’s data with that which Twitter has pledged to provide. This includes data on 201 accounts suspected of having engaged in misinformation campaigns on Twitter, and $274,100 in spend on U.S. ads in 2016 by Russian government-linked news outlet Russia. More here.

photo

***

One of the 2016 election ads that Facebook sold to Russia-linked accounts showed the image of a black woman brandishing a rifle, an apparent attempt to stoke racial tensions in the U.S., according to The Washington Post.

The ad is among those that Facebook is handing over to Congress as part of the Russia investigation.

The Post reported that the ad showed the woman “dry firing” a rifle — meaning that she was pulling the trigger while the gun was unloaded.

None of the ads in the trove that Facebook is handing to Congress have been made public, though leaks have suggested that the ads were aimed at playing up divisive issues. More here from The Hill.

***

“For the ways my work was used to divide people rather than bring us together, I ask forgiveness and I will work to do better” Mark Zuckerberg posted to Facebook tonight on Yom Kippur, the Jewish day of atonement. Yet first Facebook must redeem itself by recognizing how its dewy-eyed trust in the world can be abused.

Zuckerberg has recently faced stern criticism from liberals over Facebook’s failure to block fake news and Russian interference in the 2016 U.S. election, while simultaneously having Facebook called “anti-Trump” by the President himself.

Today’s statement was met with mixed reactions, with some pointing out that Zuckerberg had listed himself as an atheist until late 2016 when he reaffirmed the Jewish faith in which he’d been raised.

“Oh former atheist Mark Zuckerberg, suddenly so religious now that he’s aiming for the world’s presidency. To make it very clear: no problem in being an atheist whatsoever; the problem is to use religion as a political tool” Brazilian ad platform Boo Box co-founder Marco Gomes tweeted.

“Forgiveness is denied by both. God and humanity, since you & Sheryl knew what was happening, condoned it, & then lied about both its existence and impact” tweeted Matt Ocko, partner at VC fund Data Collective. Journalists from the New York Times and Wall Street Journal cautiously shared Zuckerberg’s post without comment.

Facebook has shown significant progress in thwarting interference in elections in Germany and France, deleting malicious accounts and working closely with election commissions. But as more information about the extent of Russian meddling in the U.S. presidential race emerges, Zuckerberg has come under additional fire.

Source: Volkan Furuncu/Anadolu Agency + David Ramos/Getty Images

The company has repeatedly been warned of abuse and its inadequate responses, yet dismissed issues as edge-cases or bugs in its system. Back in 2015, Russian trolls attacked Ukrainian protesters with false reports of inappropriate content, causing their accounts to be taken down. Now news continues to unfold about Russians posting fake news and buying ads to stoke anti-immigrant sentiments in the US, discourage democrat voters, and further divide the country.

Matters worsened when Zuckerberg responded to Trump tweet that “Facebook was always anti-Trump” by saying “Trump says Facebook is against him. Liberals say we helped Trump. Both sides are upset about ideas and content they don’t like. That’s what running a platform for all ideas looks like.”

That response derided critics as close-minded and washed over Facebook’s troubles as being inevitable while highlighting Facebook’s positive impacts on the election. It also cowed to Trump’s go-to tactic of bullying his opponents in hopes of receiving softer treatment. Zuckerberg was baited into positioning Facebook as neutral despite Russian election interference coming to the aide of Trump’s campaign.

By saying criticism comes from all-sides with Facebook in the middle instead of directly rebuking the President’s statement, Zuckerberg puts Facebook in a tenuous situation. If its internal investigation into election interference reports the Russians aided Trump, the President can merely dismiss it as the “anti-Trump” sentiment he warned about. More here.