Obama vs. China President Xi, Hacking

A new unit of the People’s Liberation Army was identified last week by cyber security researchers as Unit 78020 based in Kunming, in Yunnan Province.
The unit’s operations have been tracked for five years and have included targeted attacks on states in the region that are challenging Beijing’s strategic program of seeking to control the sea through building up small islands and reefs and then deploying military forces on them.
“Unit 78020 conducts cyber espionage against Southeast Asian military, diplomatic, and economic targets,” according to a security report on the unit that included a satellite photo of the unit’s Kunming compound.
“The targets include government entities in Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nepal, the Philippines, Singapore, Thailand, and Vietnam as well as international bodies such as United Nations Development Program (UNDP) and the Association of Southeast Asian Nations (ASEAN).” More details here.

Chinese president Xi Jinping is supposed to have dinner this evening with U.S. president Barack Obama. Wonder if the name Ge Xing will come up?Ge Xing is the subject of a joint report published this morning by ThreatConnect and Defense Group Inc., computer and national security service providers respectively. Ge is alleged to be a member of the People’s Liberation Army unit 78020, a state-sponsored hacking team whose mission is to collect intelligence from political and military sources to advance China’s interests in the South China Sea, a key strategic and economic region in Asia with plenty of ties to the U.S.

The report connects PLA 78020 to the Naikon advanced persistent threat group, a state-sponsored outfit that has followed the APT playbook to the letter to infiltrate and steal sensitive data and intellectual property from military, diplomatic and enterprise targets in a number of Asian countries, as well as the United Nations Development Programme and the Association of Southeast Asian Nations (ASEAN).

Control over the South China Sea is a focal point for China; through this region flows trillions of dollars of commerce and China has not been shy about claiming its share of the territory. The report states that China uses its offensive hacking capabilities to gather intelligence on adversaries’ military and diplomatic intentions in the regions, and has leveraged the information to strengthen its position.“The South China Sea is seen as a key geopolitical area for China,” said Dan Alderman, deputy director of DGI. “With Naikon, we see their activity as a big element of a larger emphasis on the region and the Technical Reconnaissance Bureau fitting into a multisector effort to influence that region.”The report is just the latest chess piece hovering over Jinping’s U.S. visit this week, which began in earnest yesterday with a visit to Seattle and meetings with giant technology firms such as Microsoft, Apple and Google, among others.

Those companies want to tap into the growing Chinese technology market and the government there is using its leverage to get them to support stringent Internet controls imposed by the Chinese government. A letter sent to American technology companies this summer, a New York Times report last week, said that China would ask American firms to store Chinese user data in China. China also reportedly asked U.S.-built software and devices sold in China to be “secure and controllable,” which likely means the Chinese would want backdoor access to these products, or access to private encryption keys.Jinping, meanwhile, tried to distance himself from the fray when he said in a Wall Street Journal interview: “Cyber theft of commercial secrets and hacking attacks against government networks are both illegal; such acts are criminal offences and should be punished according to law and relevant international conventions.”Journal reporter Josh Chin connected with Ge Xing over the phone and Ge confirmed a number of the dots connected in the report before hanging up on the reporter and threatening to report him to the police.

While that never happened, the infrastructure connected to Ge and this slice of the Naikon APT group, was quickly shut down and taken offline. In May, researchers at Kaspersky Lab published a report on Naikon and documented five years of activity attributed to the APT group. It describes a high volume of geo-politically motivated attacks with a high rate of success infiltrating influential organizations in the region. The group uses advanced hacking tools, most of which were developed externally and include a full-featured backdoor and exploit builder.Like most APT groups, they craft tailored spear phishing messages to infiltrate organizations, in this case a Word or Office document carrying an exploit for CVE-2012-0158, a favorite target for APT groups. The vulnerability is a buffer overflow in the ActiveX controls of a Windows library, MSCOMCTL.OCX. The exploit installs a remote administration tool, or RAT, on the compromised machine that opens a backdoor through which stolen data is moved out and additional malware and instructions can be moved in.Chin’s article describes a similar attack initiated by Ge, who is portrayed not only as a soldier, but as an academic.

The researchers determined through a variety of avenues that Ge is an active member of the military, having published research as a member of the military, in addition to numerous postings to social media as an officer and via his access to secure locations believed to be headquarters to the PLA unit’s technical reconnaissance bureau.“Doing this kind of biopsy, if you will, of this threat through direct analysis of the technical and non-technical evidence allows us to paint a picture of the rest of this group’s activity,” said Rich Barger, CIO and cofounder of ThreatConnect. “We’ve had hundreds of hashes, hundreds of domains, and thousands of IPs [related to PLA unit 78020].

Only looking at this from a technical lens only gives you so much. When you bring in a regional, cultural and even language aspect to it, you can derive more context that gets folded over and over into the technical findings and continues to refine additional meaning that we can apply to the broader group itself.”The report also highlights a number of operational security mistakes Ge made to inadvertently give himself away, such as using the same handle within the group’s infrastructure, even embedding certain names in families of malware attributed to them. All of this combined with similar mistakes made across the command and control infrastructure and evidence pulled from posts on social media proved to be enough to tie Ge to the Naikon group and elite PLA unit that is making gains in the region.“If you look at where China is and how assertive they are in region, it might be a reflection of some of the gains and wins this group has made,” Barger said. “You don’t influence what they’re influencing in the region if you don’t have the intel support capabilities fueling that operational machine.”

 

How Does the Syrian War End?

For the United States, there is a ripple affect already and Congressma McCaul is but one legislator that has introduce a bill to stop the insurgency in the United States.

WASHINGTON, DC– Today, Congressman Michael McCaul, Chairman of the House Committee on Homeland Security, introduced the Refugee Resettlement Oversight and Security Act. If enacted into law, this legislation would give the American people’s representatives the chance to vote up or down on the President’s plan to resettle 10,000 Syrian refugees into the United States and improve the security vetting process.  Specifically, this bill will:

  • Require affirmative approval by both the House and Senate before any refugees are admitted to the U.S.
  • Allow Congress to block any inadequate refugee resettlement plan put forward by the President.
  • Require the Administration, when considering the admission of refugees from Iraq and Syria, to prioritize the resettlement of oppressed religious minorities.
  •  Ensure DHS, in coordination with DNI and FBI, provides new security assurances before admitting refugees into the country and for the Governmental Accountability Office to conduct a sweeping review of security gaps in the current refugee screening process.

McCaul: “Many Americans are understandably concerned about the threat posed by inadequate security screening procedures for refugee seeking entry into the United States.  ISIS themselves have stated their intention to take advantage of the crisis to infiltrate the west. We have to take this threat seriously.

This bill will rein in the Administration’s refugee resettlement plans and give Congress more control over the process by requiring the Administration to get affirmative approval from Congress through the enactment of a joint resolution before any refugees may be admitted into the United States.

These important security updates to the refugee process are necessary for not only the security of the United States, but for the safety of the refugees.”

Syria is a mess, Mr Obama. Tell me how this ends

“Tell me how this ends.” That was the remark David Petraeus, the US general who led the “surge” in Iraq, is said to have made on his first post-invasion visit to the country.

It proved an eerily prescient comment. The US soon found it was unable to end its war in Iraq on its own terms. For the Middle East, that war has not yet ended at all.

Tell me how this ends. The same charge might be levelled at Barack Obama over Syria. In the month in which Russia’s introduction of military hardware into the Syrian conflict has decisively changed its trajectory, America and its allies now look like the only group without a plan.

That’s the reality that lies behind the words of Barack Obama and Francois Hollande in New York. Despite their insistence that Bashar Al Assad must go – although perhaps not just yet – and that the regime cannot be pardoned, although it can perhaps be “worked with”, their actions send a much clearer message. No one in the West knows how this ends.

In Damascus, in Moscow, in Tehran and even in Raqqa, they know how this ends. Every one of those players in the Syrian civil war has a clear end in mind. They know their goal and they are seeking it, day after day.

The Assad regime knows exactly how this ends: with its survival. The regime, father and son, has been preparing for this moment for decades, preparing for a serious challenge to its authority.

In the years before Hafez Al Assad came to power in 1970, there were seven coups in Damascus. In the 45 years since, there have been none.

ISIL, too, have an end in mind, the carving out of a caliphate. They have not been preparing for it as long as the Assads, but they have been preparing: solidifying alliances through politics and marriage; gaining intelligence on their enemies; forging links with jihadis abroad and creating a vast online propaganda network that brings in men and money.

Both Russia and Iran also have an end in mind, and it is nothing less than the replacement of the US-Israel axis with one of their own. Already they are laying the groundwork.

Almost unremarked amid coverage of the theatrics at the United Nations in New York, was a small announcement by Iraq that it would now share intelligence with Syria, Iran and Russia.

Ostensibly, this communication is only about the fight against ISIL. But a Kremlin-backed network now runs from Tehran, through Baghdad and Damascus, and even, via Hizbollah, into Lebanon. A new axis is being formed, while America is distracted.

A turning point has been reached with the entry of Russia. And, once again, the western powers are divided, unable to agree among themselves what result they want and how best to achieve it.

This was exactly what happened the last time there was a turning point, just over two years ago, when the Assad regime used chemical weapons against civilians in Ghouta, a suburb of the capital.

Then, as now, the unwillingness of the United States to do anything – even in violation of its own “red lines” – had wide repercussions. Inaction carries consequences.

One of the reasons why the refugee crisis in Europe became acute over the summer was an intangible feeling among those inside Syria and in neighbouring countries that the war was not coming to an end soon, and so it would be better to restart their lives elsewhere, rather than remain in perpetual limbo. It is not far-fetched to imagine that the inaction of the West contributed to this feeling – and thus, in a roundabout way, European countries contributed to the migrant crisis becoming worse.

That, precisely, is what is wrong with the West’s analysis of the Syrian civil war. It is too complex. In particular, America’s strategy seeks to take into account too many factors: how will intervention play at home? Will they call this another Iraq? What about the nuclear deal with Iran? What about Russia’s role in Ukraine? What will Israel, Saudi Arabia and Turkey think?

There is much truth to the label of “philosopher-in-chief” often pinned on Mr Obama by his enemies. Seeking the perfect policy, with the fewest consequences, he has ended up enacting a policy of inaction – a policy which, of course, brings with it its own set of consequences.

America will come to deeply regret its mistakes in Syria, even more, perhaps, than its mistakes in Iraq. Allowing an old rival to re-enter the Middle East will make America’s ability to project power in Asia much harder. Vladimir Putin appears to understand the optics of power much better than Mr Obama. Weakness in one sphere makes it harder to project power in another.

All across Asia, America’s traditional allies will be warily eyeing Russia’s re-entry, looking hard at the consequences of their alliance with America and wondering: “Tell me how this ends.”

[email protected]

Hotel Chains Credit Cards Hacked

Not the first case for hotel chains not protecting guest records.

FromHotelManagement: A U.S. appeals court said the Federal Trade Commission has authority to regulate corporate cyber security, and may pursue a lawsuit accusing hotel operator Wyndham Worldwide Corp of failing to properly safeguard consumers’ information.

The 3-0 decision by the 3rd U.S. Circuit Court of Appeals in Philadelphia on Monday upheld an April 2014 lower court ruling allowing the case to go forward. The FTC wants to hold Wyndham accountable for three breaches in 2008 and 2009 in which hackers broke into its computer system and stole credit card and other details from more than 619,000 consumers, leading to over $10.6 million in fraudulent charges.

The FTC originally sued Wyndham in 2012 over the lack of security that led to its massive hack. But before the case proceeded, Wyndham appealed to a higher court to dismiss it, arguing that the FTC didn’t have the authority to punish the hotel chain for its breach. The third circuit court’s new decision spells out that Wyndham’s breach is exactly the sort of “unfair or deceptive business practice” the FTC is empowered to stop, reports Wired.

BusinessInsider: In August, Visa alerted numerous financial institutions of a breach. Five different banks determined the commonality between the cards included in that alert was that they were used at Hilton properties — including Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts, Krebs reports.

Hilton Hotels investigates customer credit card security hack

FNC: Hilton Hotels announced that it is looking into a possible security breach that occurred at gift shops, restaurants, bars, and other stores located on Hilton owned properties across the U.S.

According to cyber-security expert Brian Krebs, Visa sent confidential alerts to several financial institutions warning of a security breach at various retail locations earlier this year from April 21 to July 27. While the alerts named individual card numbers that had allegedly been compromised, per Visa’s policy, the notifications did not name the breached retail location. But sources at five different banks have now determined that the hacks all had one thing in common–they occurred at Hilton property point-of-sale registers.

Currently, the breach does not appear to have comprised the guest reservation systems at the associated properties. The company released the following statement regarding the incident:

“Hilton Worldwide is strongly committed to protecting our customers’ credit card information. We have many systems in place and work with some of the top experts in the field to address data security.  Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace.  We take any potential issue very seriously, and we are looking into this matter.”

The breach includes other Hilton brand name properties including Embassy Suites, Doubletree, Hampton Inn and Suites, and Waldorf Astoria Hotels & Resorts. The hotel group is advising customers who may have made purchases at Hilton properties during the time indicated to carefully scan bank records for any unusual activity and contact their bank immediately.

According to USA Today, evidence from the investigation indicates that the hack may have affected credit card transactions as far back as Nov. 2014 and security breaches could possibly be ongoing.

500,000 Migrants in Europe so Far in 2015

So far this year:

Geneva (AFP) – More than half a million migrants have crossed the Mediterranean to Europe so far this year — 383,000 of them arriving in Greece, the United Nations said on Tuesday.

At the same time, some 2,980 people have perished or disappeared trying to make the perilous journey, the UN’s refugee agency (UNHCR) said.

The agency put the number of migrant arrivals by sea at nearly 515,000 since January 1, noting that 54 percent of that group were Syrian.

Syrian nationals made up 71 percent of arrivals in Greece, UNHCR further said.

The four-year civil war in Syria has forced about four million people to flee the country and internally displaced more than seven million others.

The European Union is facing rising pressure to form a unified strategy for handling the influx of migrants.

Many European leaders, including in Greece, have also increasingly called for renewed efforts to forge a peace deal in Syria, describing that as the only permanent solution to the migrant crisis.

After Greece, Italy has received the most migrants in Europe since January 1, with 129,000 arrivals by sea.

BBC:

One way to measure where migrants have ended up is through asylum applications. Although not all of those arriving claim asylum, over half a million have done so, according to the EU statistics agency, Eurostat.

Germany continues to be the most popular destination for migrants arriving in Europe. It has received the highest number of new asylum applications, with almost 222,000 by the end of August.

Hungary has moved into second place, as more migrants have tried to make the journey overland through Greece and the Western Balkans. It had 96,350 applications by the end of July.

Map of asylum claims in 2015

Although Germany has had the most asylum applications in 2015, the surge of people arriving in Hungary meant it had the highest in proportion to its population.

Almost 665 refugees per 100,000 of Hungary’s local population claimed asylum in the first half of 2015. The figure for Germany was 190 and for the UK it was 23 applications for every 100,000 residents.

Asylum applications per 100,000 local population

Where do the migrants come from?

The conflict in Syria continues to be by far the biggest driver of the migration. But the ongoing violence in Afghanistan, abuses in Eritrea, as well as poverty in Kosovo are also leading people to look for new lives elsewhere.

Chart showing origin of asylum seekers

Resettlement plan

Tensions in the EU have been rising because of the disproportionate burden faced by some countries, particularly Greece, Italy and Hungary where migrants have been arriving by boat and overland.

At an emergency meeting in Brussels, EU ministers voted by a majority to relocate 120,000 refugees EU-wide, but for now the plan will only apply to 66,000 who are in Italy and Greece.

The other 54,000 were to be moved from Hungary, but now this number will be held “in reserve”, until the governments decide where they should go.

chart showing number of migrants EU countries will accept

The UK has opted out of any plans for a quota system and, according to Home Office figures, has accepted 216 Syrian refugees under the Vulnerable Persons Relocation scheme since it began in January 2014. Prime Minister David Cameron has said the UK will accept up to 20,000 refugees from Syria over the next five years.

Granting asylum

Although huge numbers have been applying for asylum, the number of people being given asylum is far lower.

In 2014, EU countries offered asylum to 184,665 refugees. In the same year, more than 570,000 migrants applied for asylum – although applying for asylum can be a lengthy procedure so many of those given refugee status may have applied in previous years.

Chart showing approved asylum applications

There were more than 25,000 asylum applications in the UK in the 12 months up to June 2015. Most applications are typically rejected and in 2014, more than 60% of initial decisions on asylum applications were refusals.

In the same period, 6,788 asylum seekers and their dependents were removed or departed voluntarily from the UK.

How do migrants get to Europe?

The International Organization for Migration (IOM) estimates that more than 350,000 migrants were detected at the EU’s borders between January and August 2015, compared with 280,000 detections for the whole of 2014. The figures do not include those who got in undetected.

The EU’s external border force, Frontex, monitors the different routes migrants use and numbers arriving at Europe’s borders.

A map showing movements of migrants in Europe
Image caption The eastern Mediterranean route has overtaken the central route as the most commonly used this year – with Syrians forming by far the largest migrant group

Most of those heading for Greece take the relatively short voyage from Turkey to the islands of Kos, Chios, Lesvos and Samos – often in flimsy rubber dinghies or small wooden boats.

How many migrant die?

The voyage from Libya to Italy is longer and more hazardous. According to the IOM, more than 2,500 migrants are reported to have died trying to make the crossing this year – altogether, 2,643 people have died in the Mediterranean in 2015.

Chart and map showing numbers who have died in the Mediterranean this year

The summer months are usually when most fatalities occur as it is the busiest time for migrants attempting to reach Europe.

But so far this year the deadliest month for migrants was April, which saw a boat carrying about 800 migrants capsize in the sea off Libya. Overcrowding is thought to have been one of the reasons for the disaster.

Migrant deaths in Mediterranean by month

Impact of the Syrian crisis

Asylum applications from Syrians in Europe have surged in 2015, fuelled by the country’s vicious civil war which began more than four years ago and shows no sign of ending.

The vast majority of refugees have fled to neighbouring countries such as Turkey, Lebanon and Jordan, and the number of Syrians there far outweighs those who have made the difficult journey to Europe.

Map: Syrian asylum claims in Europe and registered refugees in the Middle East

Migrants redistributed within Germany

Germany is currently the preferred destination for tens of thousands of migrants in central Europe. More than 800,000 people are expected to claim asylum there this year, four times the figure for 2014.

Germany has a quota system which redistributes asylum seekers around its federal states based on their tax income and existing population density.

Map: Distribution of asylum seekers across German states

A note on terminology: The BBC uses the term migrant to refer to all people on the move who have yet to complete the legal process of claiming asylum. This group includes people fleeing war-torn countries such as Syria, who are likely to be granted refugee status, as well as people who are seeking jobs and better lives, who governments are likely to rule are economic migrants.

 

Union Corruption Runs Far and Wide

For a listing of union members corruption, investigations and indictments, go here.

For a chilling read of an 84 page report on union corruption and how cases play into the RICO Act, go here.  There is a long history of criminal activity and it is an enterprise that still occurs and grows.

Report: Government Unions Take from the Poor to Give to the Rich

FreeBeacon: The government employees who now make up a majority of the nation’s union members are a far cry from the blue-collar archetype of old, according to a new report.

The Competitive Enterprise Institute will release a report on Tuesday morning documenting the changing nature of unionism in America, as white-collar professionals in the public sector overtake the private sector working class as the face of unionism.

“Public sector unions may claim they stand up for the little guy, but generally they aren’t representing blue collar workers against a better-educated, white-collar management,” said Carrie Sheffield, a scholar at the institute, in a release. “Government unions represent skilled, white-collar workers who enjoy big benefits and job security, courtesy of the taxpayer.”

Government workers are more likely to work behind a desk and enjoy civil service protections than the manufacturing workers who stood at the forefront of the labor movement at the start of the 20th century, according to the report. A majority of them have college educations.

“A larger share of public sector than private sector workers are employed in “management, professional, and related occupations.” In 2013, 56.2 percent of public sector workers and 37.8 percent of private sector workers were employed in these occupations,” the report says. “As the percentage of public sector union members increased between 1971 and 2004, the fraction of union members in the top third of the nation’s income distribution increased by 24 percent, while the proportion of unionists in the bottom third of the distribution declined by 45 percent. This is because better-educated and more affluent workers are more likely to belong to public rather than private sector unions.”

Sheffield said that these paychecks and costs have grown rapidly—retired New York City cops, the report notes, now outnumber active duty ones—in recent years and have the effect of pitting taxpayers, including the working class, against well-paid civil servants.

Pension debt and other unfunded compensation for government workers have led to several major municipal bankruptcies. Detroit, for example, declared bankruptcy when it was unable to meet nearly $20 billion in debt, about half of which was attributed to worker retirement benefits.

“Unfortunately for taxpayers, government unions donate huge amounts to elected officials who then vote on those expanding benefit packages—much to the detriment of cities like Detroit and Stockton, California, and states like Illinois and New Jersey that are on the brink of fiscal insolvency,” Sheffield said in a release.

The shift has created incentives to grow government and spur political involvement from public servants. The current system allows government unions to pump millions of dollars to candidates, who become the agents that the unions negotiate with at the bargaining table.

Sheffield recounts how early private sector union boosters were skeptical of government unions. President Franklin Delano Roosevelt, a champion of organized labor, once said that “Collective bargaining, as usually understood, cannot be transplanted into the public service.”

The institute says that lawmakers should enact reforms akin to that of Gov. Scott Walker in Wisconsin to return to the balance outlined by Roosevelt. Walker was able to become the first sitting governor to survive a recall vote by highlighting the high costs associated with union-negotiated benefits and its effect on his state’s working class. Sheffield said that lawmakers should do the same.

“Government unions are a powerful interest group that is uniquely privileged in being funded by taxpayers. Their members generally have higher levels of education than the average private sector worker, and enjoy greater compensation and job security. David taking on Goliath they are certainly not,” the report says.