Category Archives: NSA Spying

9 Iranians Charged in Hacking 176 Universities, Intellectual Property

Posted on by

Nine Iranians Charged With Conducting Massive Cyber Theft Campaign On Behalf Of The Islamic Revolutionary Guard Corps

Mabna Institute Hackers Penetrated Systems Belonging to Hundreds of Universities, Companies, and Other Victims to Steal Research, Academic Data, Proprietary Data, and Intellectual Property

Rod J. Rosenstein, the Deputy Attorney General of the United States, Geoffrey S. Berman, the United States Attorney for the Southern District of New York, William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Field Division of the Federal Bureau of Investigation (“FBI”), and John C. Demers, Assistant Attorney General for National Security, announced today the unsealing of an indictment charging GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI.  The defendants were each leaders, contractors, associates, hackers-for-hire, and affiliates of the Mabna Institute, an Iran-based company that was responsible for a coordinated campaign of cyber intrusions that began in at least 2013 into computer systems belonging to 144 U.S.-based universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the United States Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.  Through the activities of the defendants, the Mabna Institute conducted these intrusions to steal over 30 terabytes of academic data and intellectual property from universities, and email inboxes from employees of victim private sector companies, government victims, and non-governmental organizations.  The defendants conducted many of these intrusions on behalf of the Islamic Republic of Iran’s (“Iran”) Islamic Revolutionary Guard Corps (“IRGC”), one of several entities within the government of Iran responsible for gathering intelligence, as well as other Iranian government clients.  In addition to these criminal charges, today the Department of Treasury’s Office of Foreign Assets Control (OFAC) designated the Mabna Institute and the nine defendants for sanctions for the malicious cyber-enabled activity outlined in the Indictment.

Deputy Attorney General Rod J. Rosenstein said:  “These nine Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries.  For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps.  The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America’s ideas by infiltrating our computer systems and stealing intellectual property.  This case is important because it will disrupt the defendants’ hacking operations and deter similar crimes.”

Manhattan U.S. Attorney Geoffrey S. Berman said:  “Today, in one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice, we have unmasked criminals who normally hide behind the ones and zeros of computer code.  As alleged, this massive and brazen cyber-assault on the computer systems of hundreds of universities in 22 countries, including the United States, and dozens of private sector companies and governmental organizations was conducted on behalf of Iran’s Islamic Revolutionary Guard.  The hackers targeted innovations and intellectual property from our country’s greatest minds.  These defendants are now fugitives from American justice, no longer free to travel outside Iran without risk of arrest.  The only way they will see the outside world is through their computer screens, but stripped of their greatest asset – anonymity.”

FBI Assistant Director William F. Sweeney Jr. said:  “The numbers alone in this case are staggering, over 300 universities and 47 private sector companies both here in the United States and abroad were targeted to gain unauthorized access to online accounts and steal data.  An estimated 30 terabytes was removed from universities’ accounts since this attack began, which is roughly equivalent of 8 billion double-sided pages of text.  It is hard to quantify the value on the research and information that was taken from victims but it is estimated to be in the billions of dollars. The nine Iranians indicted today now find themselves wanted by the FBI and our partner law enforcement agencies around the globe – and like other cyber criminals they will soon learn their ability to freely move was just limited to the virtual world only.”

According to the allegations contained in the Indictment[1] unsealed today in Manhattan federal court:

Background on the Mabna Institute

GHOLAMREZA RAFATNEJAD and EHSAN MOHAMMADI, the defendants, founded the Mabna Institute in approximately 2013 to assist Iranian universities and scientific and research organizations in stealing access to non-Iranian scientific resources.  In furtherance of its mission, the Mabna Institute employed, contracted, and affiliated itself with hackers-for-hire and other contract personnel to conduct cyber intrusions to steal academic data, intellectual property, email inboxes and other proprietary data, including ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI.  The Mabna Institute contracted with both Iranian governmental and private entities to conduct hacking activities on their behalf, and specifically conducted the university spearphishing campaign on behalf of the IRGC.  The Mabna Institute is located at Tehran, Sheikh Bahaii Shomali, Koucheh Dawazdeh Metri Sevom, Plak 14, Vahed 2, Code Posti 1995873351.

University Hacking Campaign

The Mabna Institute, through the activities of the defendants, targeted over 100,000 accounts of professors around the world.  They successfully compromised approximately 8,000 professor email accounts across 144 U.S.-based universities, and 176 universities located in foreign countries, including Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey, and the United Kingdom.  The campaign started in approximately 2013, and has continued through at least December 2017, and broadly targeted all types of academic data and intellectual property from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.  Through the course of the conspiracy, U.S.-based universities spent over approximately $3.4 billion to procure and access such data and intellectual property.

The hacking campaign against universities was conducted across multiple stages.  First, the defendants conducted online reconnaissance of university professors, including to determine these professors’ research interests and the academic articles they had published.  Second, using the information collected during the reconnaissance phase, the defendants created and sent spearphishing emails to targeted professors, which were personalized and created so as to appear to be sent from a professor at another university.  In general, those spearphishing emails indicated that the purported sender had read an article the victim professor had recently published, and expressed an interest in several other articles, with links to those additional articles included in the spearphishing email.  If the targeted professor clicked on certain links in the email, the professor would be directed to a malicious Internet domain named to appear confusingly similar to the authentic domain of the recipient professor’s university.  The malicious domain contained a webpage designed to appear to be the login webpage for the victim professor’s university.  It was the defendants’ intent that the victim professor would be led to believe that he or she had inadvertently been logged out of his or her university’s computer system, prompting the victim professor for his or her login credentials.  If a professor then entered his or her login credentials, those credentials were then logged and captured by the hackers.

Finally, the members of the conspiracy used stolen account credentials to obtain unauthorized access to victim professor accounts, through which they then exfiltrated intellectual property, research, and other academic data and documents from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.  The defendants targeted data across all fields of research and academic disciplines, including science and technology, engineering, social sciences, medical, and other professional fields.  At least approximately 31.5 terabytes of academic data and intellectual property from compromised universities were stolen and exfiltrated to servers under the control of members of the conspiracy located in countries outside the United States.

In addition to stealing academic data and login credentials for university professors for the benefit of the Government of Iran, the defendants also sold the stolen data through two websites, Megapaper.ir (“Megapaper”) and Gigapaper.ir (“Gigapaper”).  Megapaper was operated by Falinoos Company (“Falinoos”), a company controlled by ABDOLLAH KARIMA, a/k/a “Vahid Karima,” the defendant, and Gigapaper was affiliated with KARIMA.  Megapaper sold stolen academic resources to customers within Iran, including Iran-based public universities and institutions, and Gigapaper sold a service to customers within Iran whereby purchasing customers could use compromised university professor accounts to directly access the online library systems of particular United States-based and foreign universities.

Prior to the unsealing of the Indictment, the FBI provided foreign law enforcement partners with detailed information regarding victims within their jurisdictions, so that victims in foreign countries could be notified and so that foreign partners could assist in remediation efforts.

Private Sector Hacking Victims

In addition to targeting and compromising universities, the Mabna Institute defendants targeted and compromised employee email accounts for at least approximately 36 United States-based private companies, and at least approximately 11 private companies based in Germany, Italy, Switzerland, Sweden, and the United Kingdom, and exfiltrated entire email mailboxes from compromised employees’ accounts.  Among the United States-based private sector victims were three academic publishers, two media and entertainment companies, one law firm, 11 technology companies, five consulting firms, four marketing firms, two banking and/or investment firms, two online car sales companies, one healthcare company, one employee benefits company, one industrial machinery company, one biotechnology company, one food and beverage company, and one stock images company.

In order to compromise accounts of private sector victims, members of the conspiracy used a technique known as “password spraying,” whereby they first collected lists of names and email accounts associated with the intended victim company through open source Internet searches.  Then, they attempted to gain access to those accounts with commonly-used passwords, such as frequently used default passwords, in order to attempt to obtain unauthorized access to as many accounts as possible.  Once they obtained access to the victim accounts, members of the conspiracy, among other things, exfiltrated entire email mailboxes from the victims.  In addition, in many cases, the defendants established automated forwarding rules for compromised accounts that would prospectively forward new outgoing and incoming email messages from the compromised accounts to email accounts controlled by the conspiracy.

In connection with the unsealing of the Indictment, today the FBI issued a FBI Liaison Alert System (FLASH) message, providing detailed information regarding the vulnerabilities targeted and the intrusion vectors used by the Mabna Institute in their campaign against private sector companies, to provide the public with information to assist in detecting and remediating the threat.

U.S. Government and NGO Hacking Victims

In the same time period as the university and private sector hacking campaigns described above, the Mabna Institute also conducted a computer hacking campaign against various governmental and non-governmental organizations within the United States.  During the course of that campaign, employee login credentials were stolen by members of the conspiracy through password spraying.  Among the victims were the following, all based in the United States:  the United States Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the State of Indiana Department of Education, the United Nations, and the United Nations Children’s Fund.  As with private sector victims, the defendants targeted for theft email inboxes of employees of these organizations.

*                *                *

GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI, the defendants, are citizens and residents of Iran.  Each is charged with one count of conspiracy to commit computer intrusions, which carries a maximum sentence of five years in prison; one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; two counts of unauthorized access of a computer, each of which carries a maximum sentence of five years in prison; two counts of wire fraud, each of which carries a maximum sentence of 20 years in prison; and one count of aggravated identity theft, which carries a mandatory sentence of two years in prison.  The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentencings of the defendants will be determined by the assigned judge.

Mr. Berman praised the outstanding investigative work of the FBI, the assistance of the United Kingdom’s National Crime Agency (NCA), and the support of the OFAC.  The case is being handled by the Office’s Complex Frauds and Cybercrime Unit.  Assistant United States Attorneys Timothy T. Howard, Jonathan Cohen, and Richard Cooper are in charge of the prosecution, with assistance provided by Heather Alpino and Jason McCullough of the National Security Division’s Counterintelligence and Export Control Section.

The charges contained in the Indictment are merely accusations and the defendants are presumed innocent unless and until proven guilty.

[1] As the introductory phrase signifies, the entirety of the text of the Indictment, and the description of the Indictment set forth herein, constitute only allegations, and every fact described should be treated as an allegation.

Attachment(s):
Download U.S. v. Rafatnejad et al Indictment
Topic(s):
Cyber Crime
Component(s):
USAO – New York, Southern
Press Release Number:
18-089

4 Days of Food Left…Panic? National Grid Hacked

Posted on by

If there is no transportation, there is no food, medicine or basic supplies….what country is ready to deal with this?

British cities would be uninhabitable within days and the country is only a few meals from anarchy if the National Grid was taken down in a cyber attack or solar storm, disaster and security experts have warned.

Modern life is so reliant on electricity that a prolonged blackout would quickly lead to a loss of water, fuel, banking, transport and communications that would leave the country “in the Stone Age”.

Russia plot to cut off UK with hackers taking down ... photo

The warning comes weeks after the Defence Secretary, Gavin Williamson, said Russia had been spying on the UK’s energy infrastructure and could cause “thousands and thousands and thousands” of deaths if it crippled the power supply.

***

The U.S. government has just released an important cybersecurity alert that confirms Russian government cyberattacks targeting energy and other critical infrastructure sectors in the United States.

While there has recently been a significant rise in cyberattacks in these industries, up to now we’ve only been able to speculate on who the actors are, or what their motives may be. In this case the threat actor and their strategic intent has been clearly confirmed, something the U.S. government rarely does publicly.

In addition, the US-CERT alert provides descriptions of each stage of the attack, detailed indicators of compromise (IOCs), and a long list of detection and prevention measures. Many of the attack tactics are like Dragonfly 2.0, so much so that one might call this an expanded playbook for Dragonfly. The Nozomi Networks solution ships today with an analysis toolkit that identifies the presence of Dragonfly 2.0 IOCs.

This article is intended to help you gain perspective on this recent alert, provide additional guidance on what security measures to take, and describe how the Nozomi Networks solution can help.

Russian-Cyberattacks-on-Infrastructure

U.S. energy facilities, like this one, are one of the critical infrastructure targets of the Russian cyberattacks.

Multi-Stage Campaigns Provide Opportunities for Early Detection

The US-CERT alert characterizes this attack as a multi-stage cyber intrusion campaign where Russian cyber actors conducted spear phishing and gained remote access into targeted industrial networks. After obtaining access, the threat vectors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).

This pattern of behavior is typical of APTs (Advanced Persistent Threats). APTs occur over an extended period, meaning there is an opportunity to detect and stop them before damage is done. With the right technology monitoring the industrial network, it is much harder for them to go unobserved before their final attack.

In this case the Russian cyberattacks started by infecting staging targets, which are peripheral organizations, such as trusted third-party suppliers, as pivot points for attacking the final intended targets.

The attackers used a multitude of tactics involving information relevant to industrial control professionals for initial infection of the staging targets. Examples include:

  • Altering trade publication websites
  • Sending emails containing resumes for ICS personnel as infected Microsoft Word attachments
  • Analyzing publicly available photos that inadvertently contained information about industrial systems

The credentials of staging targets’ staff were in turn used to send spear phishing emails to the staff of the intended targets. They received malicious .docx files, which communicated with a command and control (C2) server to steal their credentials.

The SMB (Server Message Block) network protocol was used throughout the spear phishing phases to communicate with external servers, as was described for the Dragonfly 2.0 attacks.This is a distinctive tactic. SMB is usually only used to communicate within LANs, not for outbound communications. Now that this is known, asset owners should ensure their firewalls are locked down for outbound service restrictions.

The credentials of the intended targets were used to access victim’s networks. From there, the malware established multiple local administrator accounts, each with a specific purpose. The goals ranged from creation of additional accounts to cleanup activity. For the report, click here.

***

What Is Known

Forensic analysis shows that the threat actors sought information on network and organizational design and control system capabilities within the organization. In one instance, the report says, the threat actors downloaded a small photo from a publicly accessible human resource page, which, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background. The threat actors also compromised third-party suppliers to download source code for several intended targets’ websites. They also attempted to remotely access corporate web-based email and virtual private network (VPN) connections.

Once inside the intended target’s network, the threat actors used privileged credentials to access domain controllers via remote desktop protocols (RDP) and then used the batch scripts to enumerate hosts and users, as well as to capture screenshots of systems across the network.

The threat is inside. US-CERT on March 15 warned that threat actors associated with the Russian government had infiltrated ICS and SCADA systems at power plants using a variety of tactics. This image is a DHS reconstruction of a screenshot fragment of a human machine interface (HMI) that the threat actors accessed. Source: US-CERT

The threat is inside. US-CERT on March 15 warned that threat actors associated with the Russian government had infiltrated ICS and SCADA systems at power plants using a variety of tactics. This image is a DHS reconstruction of a screenshot fragment of a human machine interface (HMI) that the threat actors accessed. Source: US-CERT

Along with publishing an extensive list of indicators of compromise, the DHS and FBI recommended that network administrators review IP addresses, domain names, file hashes, network signatures, and a consolidated set of YARA rules for malware associated with the intrusion authored by the National Cybersecurity and Communications Integration Center. YARA is an open-source and multiplatform tool that provides a mechanism to exploit code similarities between malware samples within a family.

When Biden and Kerry Concocted a Shady Equity Firm

Posted on by

Keep this post in your bookmarks as we enter into the 2020 general election….

Primer:

1. China plants industrial espionage operatives in the U.S. that steal government contract secrets and sell them back to China. FBI caught at least one.

2. Through cyber espionage, China has stolen much of the F-35 technology, more than 50 terabytes.

3. John Kerry and Joe Biden did exactly the same thing as Hillary…sold access for money while exploiting it all as diplomatic missions with the title(s) of bi-lateral agreements.

4. Subpoena former Treasury Secretary Jack Lew and ask him about the CFIUS approvals of Chinese back enterprises. We may surely need to go back to former Treasury Secretary, Tim Geithner, did he set the table for all this with Obama’s approval creating that ‘Asia Pivot‘?

5. What does Congress know about foreign investments and when do they know it? They get reports, but who is asking questions, anyone?

http://commonsensenation.net/wp-content/uploads/2018/03/Biden.jpg photo

NYP: Joe Biden and John Kerry have been pillars of the Washington establishment for more than 30 years. Biden is one of the most popular politicians in our nation’s capital.

His demeanor, sense of humor, and even his friendly gaffes have allowed him to form close relationships with both Democrats and Republicans. His public image is built around his “Lunch Bucket Joe” persona. As he reminds the American people on regular occasions, he has little wealth to show for his career, despite having reached the vice presidency.

One of his closest political allies in Washington is former senator and former Secretary of State John Kerry. “Lunch Bucket Joe” he ain’t; Kerry is more patrician than earthy. But the two men became close while serving for several decades together in the US Senate. The two “often talked on matters of foreign policy,” says Jules Witcover in his Biden biography.

So their sons going into business together in June 2009 was not exactly a bolt out of the blue.

But with whom their sons cut lucrative deals while the elder two were steering the ship of state is more of a surprise.

What Hunter Biden, the son of America’s vice president, and Christopher Heinz, the stepson of the chairman of the Senate Committee on Foreign Relations (later to be secretary of state), were creating was an international private equity firm. It was anchored by the Heinz family alternative investment fund, Rosemont Capital. The new firm would be populated by political loyalists and positioned to strike profitable deals overseas with foreign governments and officials with whom the US government was negotiating.

Hunter Biden, Vice President Joe Biden’s youngest son, had gone through a series of jobs since graduating from Yale Law School in 1996, including the hedge-fund business.

By the summer of 2009, the 39-year-old Hunter joined forces with the son of another powerful figure in American politics, Chris Heinz. Senator John Heinz of Pennsylvania had tragically died in a 1991 airplane crash when Chris was 18. Chris, his brothers, and his mother inherited a large chunk of the family’s vast ketchup fortune, including a network of investment funds and a Pennsylvania estate, among other properties. In May 1995, his mother, Teresa, married Senator John Kerry of Massachusetts. That same year, Chris graduated from Yale, and then went on to get his MBA from Harvard Business School.

Joining them in the Rosemont venture was Devon Archer, a longtime Heinz and Kerry friend.

The three friends established a series of related LLCs. The trunk of the tree was Rosemont Capital, the alternative investment fund of the Heinz Family Office. Rosemont Farm is the name of the Heinz family’s 90-acre estate outside Fox Chapel, Pennsylvania.

The small fund grew quickly. According to an email revealed as part of a Securities and Exchange Commission investigation, Rosemont described themselves as “a $2.4 billion private equity firm co-owned by Hunter Biden and Chris Heinz,” with Devon Archer as “Managing Partner.”

The partners attached several branches to the Rosemont Capital trunk, including Rosemont Seneca Partners, LLC, Rosemont Seneca Technology Partners, and Rosemont Realty.

Of the various deals in which these Rosemont entities were involved, one of the largest and most troubling concerns was Rosemont Seneca Partners.

Rather than set up shop in New York City, the financial capital of the world, Rosemont Seneca leased space in Washington, DC. They occupied an all-brick building on Wisconsin Avenue, the main thoroughfare of exclusive Georgetown. Their offices would be less than a mile from John and Teresa Kerry’s 23-room Georgetown mansion, and just two miles from both Joe Biden’s office in the White House and his residence at the Naval Observatory.

Over the next seven years, as both Joe Biden and John Kerry negotiated sensitive and high-stakes deals with foreign governments, Rosemont entities secured a series of exclusive deals often with those same foreign governments.

Some of the deals they secured may remain hidden. These Rosemont entities are, after all, within a private equity firm and as such are not required to report or disclose their financial dealings publicly.

Some of their transactions are nevertheless traceable by investigating world capital markets. A troubling pattern emerges from this research, showing how profitable deals were struck with foreign governments on the heels of crucial diplomatic missions carried out by their powerful fathers. Often those foreign entities gained favorable policy actions from the United States government just as the sons were securing favorable financial deals from those same entities.

Nowhere is that more true than in their commercial dealings with Chinese government-backed enterprises.

Rosemont Seneca joined forces in doing business in China with another politically connected consultancy called the Thornton Group. The Massachusetts-based firm is headed by James Bulger, the nephew of the notorious mob hitman James “Whitey” Bulger. Whitey was the leader of the Winter Hill Gang, part of the South Boston mafia. Under indictment for 19 murders, he disappeared. He was later arrested, tried, and convicted.

James Bulger’s father, Whitey’s younger brother, Billy Bulger, serves on the board of directors of the Thornton Group. He was the longtime leader of the Massachusetts state Senate and, with their long overlap by state and by party, a political ally of Massachusetts Senator John Kerry.

Less than a year after opening Rosemont Seneca’s doors, Hunter Biden and Devon Archer were in China, having secured access at the highest levels. Thornton Group’s account of the meeting on their Chinese-language website was telling: Chinese executives “extended their warm welcome” to the “Thornton Group, with its US partner Rosemont Seneca chairman Hunter Biden (second son of the now Vice President Joe Biden).”

The purpose of the meetings was to “explore the possibility of commercial cooperation and opportunity.” Curiously, details about the meeting do not appear on their English-language website.

Also, according to the Thornton Group, the three Americans met with the largest and most powerful government fund leaders in China — even though Rosemont was both new and small.

The timing of this meeting was also curious. It occurred just hours before Hunter Biden’s father, the vice president, met with Chinese President Hu in Washington as part of the Nuclear Security Summit.

There was a second known meeting with many of the same Chinese financial titans in Taiwan in May 2011. For a small firm like Rosemont Seneca with no track record, it was an impressive level of access to China’s largest financial players. And it was just two weeks after Joe Biden had opened up the US-China strategic dialogue with Chinese officials in Washington.

On one of the first days of December 2013, Hunter Biden was jetting across the Pacific Ocean aboard Air Force Two with his father and daughter Finnegan. The vice president was heading to Asia on an extended official trip. Tensions in the region were on the rise.

The American delegation was visiting Japan, China, and South Korea. But it was the visit to China that had the most potential to generate conflict and controversy. The Obama administration had instituted the “Asia Pivot” in its international strategy, shifting attention away from Europe and toward Asia, where China was flexing its muscles.

For Hunter Biden, the trip coincided with a major deal that Rosemont Seneca was striking with the state-owned Bank of China. From his perspective, the timing couldn’t have been better.

Vice President Biden, Hunter Biden and Finnegan arrived to a red carpet and a delegation of Chinese officials. Greeted by Chinese children carrying flowers, the delegation was then whisked to a meeting with Vice President Li Yuanchao and talks with President Xi Jinping.

Hunter and Finnegan Biden joined the vice president for tea with US Ambassador Gary Locke at the Liu Xian Guan Teahouse in the Dongcheng District in Beijing. Where Hunter Biden spent the rest of his time on the trip remains largely a mystery. There are actually more reports of his daughter Finnegan’s activities than his.

What was not reported was the deal that Hunter was securing. Rosemont Seneca Partners had been negotiating an exclusive deal with Chinese officials, which they signed approximately 10 days after Hunter visited China with his father. The most powerful financial institution in China, the government’s Bank of China, was setting up a joint venture with Rosemont Seneca.

The Bank of China is an enormously powerful financial institution. But the Bank of China is very different from the Bank of America. The Bank of China is government-owned, which means that its role as a bank blurs into its role as a tool of the government. The Bank of China provides capital for “China’s economic statecraft,” as scholar James Reilly puts it. Bank loans and deals often occur within the context of a government goal.

Rosemont Seneca and the Bank of China created a $1 billion investment fund called Bohai Harvest RST (BHR), a name that reflected who was involved. Bohai (or Bo Hai), the innermost gulf of the Yellow Sea, was a reference to the Chinese stake in the company. The “RS” referred to Rosemont Seneca. The “T” was Thornton.

The fund enjoyed an unusual and special status in China. BHR touted its “unique Sino-US shareholding structure” and “the global resources and network” that allowed it to secure investment “opportunities.” Funds were backed by the Chinese government.

In short, the Chinese government was literally funding a business that it co-owned along with the sons of two of America’s most powerful decision makers.

The partnership between American princelings and the Chinese government was just a beginning. The actual investment deals that this partnership made were even more problematic. Many of them would have serious national security implications for the United States.

In 2015, BHR joined forces with the automotive subsidiary of the Chinese state-owned military aviation contractor Aviation Industry Corporation of China (AVIC) to buy American “dual-use” parts manufacturer Henniges.

AVIC is a major military contractor in China. It operates “under the direct control of the State Council” and produces a wide array of fighter and bomber aircraft, transports, and drones — primarily designed to compete with the United States.

The company also has a long history of stealing Western technology and applying it to military systems. The year before BHR joined with AVIC, the Wall Street Journal reported that the aviation company had stolen technologies related to the US F-35 stealth fighter and incorporated them in their own stealth fighter, the J-31. AVIC has also been accused of stealing US drone systems and using them to produce their own.

In September 2015, when AVIC bought 51 percent of American precision-parts manufacturer Henniges, the other 49 percent was purchased by the Biden-and-Kerry-linked BHR.

Henniges is recognized as a world leader in anti-vibration technologies in the automotive industry and for its precise, state-of-the-art manufacturing capabilities. Anti-vibration technologies are considered “dual-use” because they can have a military application, according to both the State Department and Department of Commerce.

The technology is also on the restricted Commerce Control List used by the federal government to limit the exports of certain technologies. For that reason, the Henniges deal would require the approval of the Committee on Foreign Investment in the United States (CFIUS), which reviews sensitive business transactions that may have a national security implication.

According to BHR internal documents, the Henniges deal included “arduous and often-times challenging negotiations.” The CFIUS review in 2015 included representatives from numerous government agencies including John Kerry’s State Department.

The deal was approved in 2015.

Excerpted with permission from “Secret Empires: How the American Political Class Hides Corruption and Enriches Family and Friends,” by Peter Schweizer, published by Harper Collins. The book goes on sale March 20.

Apple, China and iCloud Data Safety?

Posted on by

Primer: Pegatron, the factory at the corner of Xiu Yan and Shen Jiang roads is one of the most secretive facilities at the heart of iPhone production and covers an area equal to almost 90 football fields. In the center is a plaza with a firehouse, police station and post office. There are shuttle buses, mega-cafeterias, landscaped lawns and koi ponds. The grey and brown-hued concrete buildings are meant to evoke traditional Chinese architecture. The brand-new Shanghai Disneyland, which opens its doors in June, is a 20-minute drive away.

Inside, the factory still hides a secret, according to China Labor Watch. Base pay remains so low that workers need overtime simply to make ends meet, the advocacy group said. It said 1,261 pay stubs from Pegatron’s Shanghai facility from September and October 2015 show evidence of excessive overtime. Pegatron, an Asustek spinoff, is the world’s biggest contract electronics manufacturer after Foxconn, according to Bloomberg Intelligence. More here.

Image result for pegatron china apple photo

Image result for icloud china apple photo

This Wednesday, Apple will be making some significant changes to how data is stored for users of its iCloud service in China – raising major concerns that the Chinese authorities will now be able to freely monitor Apple’s users in China. This may be quite worrying for he population and may remind you of the iCloud breach on 31 August 2014. Ever since then, people have been very sceptical of storing precious information online and have been purchasing services from businesses like http://www.thefinalstep.co.uk/ to protect their data from any hackers.

Apple has a reputation for being a powerful advocate for privacy and security. The company uses strong encryption by default in its services and grabbed headlines when it appealed a US court order that would allow the FBI to get around the phone’s security. Apple CEO Tim Cook even sent all Apple consumers a personal letter explaining the importance of privacy.

With China, however, a different story has emerged. Apple has been criticised for blocking Chinese users’ access to the Apple News app and for removing VPN apps from the App Store in China. The changes being made to iCloud are the latest indication that China’s repressive legal environment is making it difficult for Apple to uphold its commitments to user privacy and security. What do these changes mean and what options do Apple’s customers have to protect themselves?

  1. What is happening to Apple’s iCloud service in China?

On 28 February, Apple will transfer operation of its iCloud service for Chinese users to a Chinese company, Guizhou-Cloud Big Data Industry Development Co., Ltd (“GCBD”). The concept of iCloud and other Cloud computing services can be quite confusing to some, especially if it is something completely new to you. It is very interesting to look into. As many of us use services like this to store our files and photos, it makes sense to know what this is all about. Why not look into a site like https://www.salesforce.com/what-is-cloud-computing/ to stay informed.

The move will affect any photos, documents, contacts, messages and other user data and content that Chinese users store on Apple’s cloud-based servers. New Chinese legislation enacted in 2017 requires cloud services to be operated by Chinese companies, meaning companies like Apple must either lease server space inside China or establish joint ventures with Chinese partners.

  1. How does storing user data in China put individuals at risk?

Domestic law gives the Chinese government virtually unfettered access to user data stored inside China without adequate protection for users’ rights to privacy, freedom of expression or other basic human rights. Chinese police enjoy sweeping discretion and use broad and ambiguously constructed laws and regulations to silence dissent, restrict or censor information and harass and prosecute human rights defenders and others in the name of “national security” and other purported criminal offences. As a result, Chinese Internet users can face arrest and imprisonment for merely expressing, communicating or accessing information and ideas that the authorities don’t like.

Furthermore, China’s Cyber Security Law requires network operators to provide “technical support and assistance” to law enforcement and state security agents. That means that when the authorities come to GCBD requesting information about an iCloud user for the purposes of a criminal investigation, the company has a legal obligation to provide it and few, if any, viable legal avenues to challenge or refuse the request.

  1. Apple says it has control over encryption keys and that it won’t allow backdoors. Won’t that protect users in China?

It all depends on the circumstances under which the company will allow GCBD – and the Chinese authorities – access to intelligible decrypted data on iCloud users. When users accept the terms of service for iCloud in China, they agree to allow their information and content to be turned over to law enforcement “if legally required to do so”. Significantly, from now on Apple will store the encryption keys for Chinese users in China, not in the US – making it all but inevitable that the company will be forced to hand over decrypted data so long as the request complies with Chinese law.

Given that many provisions of Chinese law offer inadequate protection to privacy, freedom of expression and other rights, simply checking whether government information requests comply with Chinese law doesn’t address whether complying with the request might contribute to human rights violations. Apple hasn’t confirmed whether or how it will assess whether government information requests might violate users’ human rights. We won’t really know how Apple will respond until it’s put to the test, and unfortunately that’s probably just a matter of time.

As for “backdoors”, or technical measures that would allow law enforcement or other government agencies to access unencrypted user data without having to ask for it, Apple’s commitment to prevent their use is admirable. But the commitment is meaningless if law enforcement can get the companies to decrypt user information simply by saying that it is for a criminal investigation.

  1. What should iCloud users inside China do to protect themselves?

The best way to protect your personal information from being accessed by the Chinese government is to avoid storing it on servers inside China. Users with a credit card and billing address outside China can use those to register their accounts and keep storing their iCloud data outside China. Otherwise, the only option available to Chinese users is to delete their iCloud accounts and permanently opt out of the service. (Apple has provided instructions for how to do so here.) Individual users should seriously consider the risks involved and come to their own decision, but Apple should protect Chinese users by switching iCloud off by default and giving users very clear warnings about the risks they may face by opting in to the service.

  1. How can ICT companies act responsibly when operating in China?

Companies have a responsibility to respect all human rights wherever they operate in the world. Users of their products and services need to be given clear and specific information about risks they might face to their privacy and freedom of expression in China, and what action the company is taking in response. Companies should carry out regular and verifiable human rights impact assessments and demonstrate publicly that they have oversight, due diligence and accountability measures in place to ensure respect for human rights. Finally, companies should do everything they can to influence the Chinese government to protect and respect human rights and speak up and challenge government actions when they threaten human rights. If a company finds that it is unable to mitigate the high risk of human rights violations, it may be forced to decide not to operate in China.

Apple’s official website declares: “At Apple, we believe privacy is a fundamental human right.” It remains to be seen whether Apple can put its words into action.

Space Warfare, the New Battlefield

Posted on by

Image result for military space warfare photo

Primer: The Pentagon is considering creating a combatant command for space warfare, the latest step by the Defense Department to respond to Chinese and Russian militarization high above Earth.

The move — one of several under consideration — is mentioned in a new Pentagon report sent to Congress last week. Right now, space forces are dispersed throughout the military and intelligence community.

There are two kinds of combatant commands. Geographic cocoms oversee military operations in six regions of the world. Functional ones — like U.S. Strategic Command and U.S.Transportation Command — oversee operations that span multiple geographical commands. U.S. Cyber Command is considered a subunified command under STRATCOM, but is being elevated to a functional command.

The Pentagon is looking into whether space should have its own combatant command or subunified command (like Cyber Command), the report says. Space forces were grouped under U.S. Space Command, a unified combatant command, until 2002.

Image result for u.s. space command

***

The Pentagon is preparing for war should China, Russia, or other adversaries attack vital American satellites and other space systems, a senior Pentagon official told Congress on Wednesday.

The Pentagon has requested $12.5 billion in funding for the fiscal year 2019 that begins Oct. 1 for building up what he termed a “more resilient defendable space architecture.”

The request is $1.1 billion more than funding for last year on military space.

Rood, and Air Force Gen. John Hyten, commander of the Omaha-based Strategic Command, testified on the command’s budget request of $24 billion.

Neither elaborated on what space warfare capabilities are being developed. The Pentagon also has not said how it would deter and defend satellites from attack.

Space defense so far has involved development of intelligence capabilities to identify and assess if an incident in space is an attack, or the result of a malfunction or disruption due to collision with space debris.

Military space “resilience” also calls for the Pentagon to rapidly replace or restore satellites after attacks or other disruptions.

The Pentagon’s Defense Science Board, in a report last year, warned that the vulnerability of U.S. satellites to electronic attack was “a crisis to be dealt with immediately.”

The Joint Staff intelligence directorate warned earlier this year that China and Russia will have fully developed space attack weapons in place by 2020 that will threaten all U.S. satellites in low earth orbit—100 miles to 1,200 miles in space.

“Space is a warfighting domain just like the air, ground, maritime, and cyberspace domains,” Hyten said.

Currently, a defense and intelligence center called the National Space Defense Center, located at Schriever Air Force Base, Colorado, runs 24-hour operations for rapid detection, warning, and defense from space attacks.

War games involving space war also are held regularly with U.S. military forces and allies, including Asian and European allies.

China has conducted at least seven tests of hypersonic vehicles and Russia as well has conducted several hypersonic missile tests.

The hypersonic vehicles are designed to defeat missile defenses. More here.

***

February 2018: The Pentagon put Advanced Extremely High Frequency satellites in orbit to ensure communication in the event of a nuclear attack. But those spacecraft could also play a role in the rapid militarization of space.

  • Advanced Extremely High Frequency (AEHF) satellites will be able to keep the U.S. military in communication even after a nuclear attack.
  • They’re also more resistant to electronic jamming, which is a growing concern as tensions with China and Russia heat up.
  • In the war of the future, nations may try to physically destroy other nations’ satellites to disrupt communications and navigation.

Your phone is not going to work on the day nuclear war starts. But the U.S. President, National Security Council, and combat commanders count on being able to communicate. This doomsday connection relies on what we call Advanced Extremely High Frequency (AEHF) satellites that sit in geostationary orbit.

“We need systems that work on the worst day in the history of the world,” says Todd Harrison, director of the Aerospace Security Project at the Center for Strategic and International Studies.

There are four AEHF sats in orbit today. The proposed 2019 U.S. Air Force budget shows about $29.8 million in funding to complete two more, which would launch in 2019 and 2020. Air Force staffers say more money has been set aside in 2019 to ready the software and databases for the pair of new sats.

The Air Force talks about the AEHF satellites as part of its new focus on modernizing America’s nuclear abilities. “We must concurrently modernize the entire nuclear triad and the command and control systems that enable its effectiveness,” says Air Force Secretary Heather Wilson. The Trump administration has its eye on nuclear weapons, but these satellites also sit at the nexus of another big defense trend: Space warfare.

The Department of Defense is also investing in new jam-resistant GPS satellites. It is pouring money into future satellite programs, including AEHF, to the tune of $677 million for research and development in 2019. As orbital threats grow, new potential users—especially the U.S. Army—are taking interest in what the doomsday spacecraft can do. Preparing for post-apocalyptic communication may be just the beginning. More here.