Category Archives: NSA Spying

WC-135 Dispatched to Investigate Europe for Radiation

Posted on by

Gotta look deep for information and there are two theories, one is Russia as the other is the medical industry. Humm….it goes something like this…. By the way, the dates could easily lineup.

Related reading: US sends specialist ‘nuke sniffer’ plane to the UK as ‘radiation spike’ sparks fears Putin has tested nuclear weapon in the Arctic

Primer:

The Washington Free Beacon quotes Pentagon officials saying the unmanned underwater vehicle, code named Kanyon by the Pentagon, was test-launched from the Sarov-class submarine on November 27th.

What Pentagon names Kanyon is what in Russia is known as the «Ocean Multipurpose System Status-6» – a top secret weapon system the world has never seen anything like before.  A year ago, Russian state-TV Channel One showed a glimpse of a graphic slide of the Status-6, later on said to be an unauthorized leak of a secret weapon development plan. 

The drawings on the slide could very well be a purpose leak aimed at telling the world what weapon-systems are under development. The TV news covered the meeting in Sochi where President Putin was told by high-ranking officers in the Strategic forces how Russia’s nuclear deterrence strategy is developing. Moscow are looking for ways to overcome the United States’ Anti-Ballistic Missile Defence system, and one answer is to go deep with the nukes. Highly suggested reading more here.

Mysterious Radiation Spike Across Europe

Nuclear scientists are struggling to determine the source of small amounts of nuclear radiation that bloomed over Europe throughout January.

France’s IRSN institute, the public body for radiological and nuclear risks, announced in a statement on February 13 that Iodine-131, a radionuclide of human origin, was detected in trace amounts at ground-level atmosphere in continental Europe. First detected in the second week of January over northern Norway, Iodine-131 presence was then detected over Finland, Poland, Germany, Czech Republic, France, and Spain. However, the levels have since returned to normal and scientists have yet to determine the source of the radiation.

Norway’s Radiation protection Authority (NRPA), which first detected the Iodine-131 over its northern Russian border, told Motherboard over the phone today that the levels present essentially no risk to human health. “I can assure you that the levels are low,” said a press a spokesperson.

But with a half-life of just eight days, the detection of Iodine-131 is proof of a recent release, said IRSN in its statement to the media.

Rumors are circulating, of course, that Russia has secretly tested a low-yield nuclear weapon in the Arctic, possibly in the Novaya Zemlya region—historically used for Russia’s nuclear tests. Iodine-131, discovered by two University of California researchers in 1938, is a radioisotope synonymous with the atomic bomb tests carried out by the US and Russia throughout the 1950s, and has recently presented threats from leaking during the Chernobyl nuclear power plant disaster and the 2011 Fukushima nuclear accident.

But Iodine-131 is also found in the medical industry, commonly used for treating thyroid-related illnesses and cancers. Astrid Liland, head of the section for emergency preparedness at the NRPA, told Motherboard in an email today, “Since only Iodine-131 was measured, and no other radioactive substances, we think it originates from a pharmaceutical company producing radioactive drugs.
Iodine-131 is used for treatment of cancer.”

Particulate Iodine-131 (value +/- uncertainty) in the atmosphere(µBq/m3). Image: IRSN

Britain’s Society for Radiological Protection (SRP) also told Motherboard that the exclusive presence of Iodine-131 suggests the source is not a nuclear incident, but rather a medical facility such as a hospital or a supplier of radio-pharmaceuticals. “The release was probably of recent origin. Further than this it is impossible to speculate,” the SRP’s Brian Gornall told Motherboard in an email.

Still, where exactly that pharma company could be located is unknown. “Due to rapidly changing winds, it is not possible to track exactly where it came from. It points to a release source somewhere in Eastern Europe,” Liland told Motherboard.

The Iodine cloud prompted the United States Air Force to send over a specialized particle-sniffing aircraft to investigate. As per reports on The Aviationist, a US Air Force WC-135 deployed to Royal Air Force base Mildenhall in the UK on February 17, equipped to test the atmosphere over Europe for radiation. The aircraft’s last intercontinental expedition was to analyse the atmosphere over the Korean Peninsula following an alleged North Korean nuclear test.

The deployment spurred on rumors of a nuclear test from Russia, but a spokesperson for the the Comprehensive Nuclear-Test-Ban Treaty Organization (CTBTO), an international body that monitors nuclear weapon tests, told Motherboard in an email today, “Although some readings of I-131 above minimal detection level have been observed since beginning of year in Europe nothing extraordinary has been measured.”

The IRSN said in its statement that the data has now been shared between the members of the informal European network called Ring of Five, a group of organizations that research radiation levels in the atmosphere.

Russia has Provided N Korea Additional Hacking Platforms

Posted on by

Hackers from North Korea are reported to have stolen a large cache of military documents from South Korea, including a plan to assassinate North Korea’s leader Kim Jong-un.

Rhee Cheol-hee, a South Korean lawmaker, said the information was from his country’s defence ministry.

The compromised documents include wartime contingency plans drawn up by the US and South Korea.

They also include reports to the allies’ senior commanders.

Plans for the South’s special forces were reportedly accessed, along with information on significant power plants and military facilities in the South.

Mr Rhee belongs to South Korea’s ruling party, and sits on its parliament’s defence committee. He said some 235 gigabytes of military documents had been stolen from the Defence Integrated Data Centre, and that 80% of them have yet to be identified.

The hack took place in September last year. In May, South Korea said a large amount of data had been stolen and that North Korea may have instigated the cyber attack – but gave no details of what was taken.

North Korea denied the claim. The isolated state is believed to have specially-trained hackers based overseas, including in China. More here.

Russia is always part of the rogue nation process, it is curious of the timing as you read on. TransTeleCom is owned by Russia’s state-run railway company and has fiber optic cables that follow all the country’s main train lines, including all the way up to the North Korean border.

photo

Related reading: North Korea gets new internet access via Russia

Reuters: North Korea has opened a second internet connection with the outside world, this time via Russia, a move which cyber security experts said could give Pyongyang greater capability to conduct cyber attacks.

Previously traffic was handled via China Unicom (0762.HK) under a deal dating back to 2010. TransTeleCom now appears to be handling roughly 60 percent of North Korean internet traffic, while Unicom transmits the remaining 40 percent or so, Dyn said.

The new external connection was first reported by 38 North, a project of the U.S.-Korea Institute at Johns Hopkins School of Advanced International Studies (SAIS).

TransTeleCom declined to confirm any new routing deal with the North Korean government or its communications arm. In a statement, it said: “TransTeleCom has historically had a junction of trunk networks with North Korea under an agreement with Korea Posts and Telecommunications Corp signed in 2009.”

North Korea’s internet access is estimated to be limited to somewhere between a few hundred and just over 1,000 connections. These connections are vital for coordinating the country’s cyber attacks, said Bryce Boland, chief technology officer for the Asia-Pacific region at FireEye, a cyber-security company.

Boland said the Russian connection would enhance North Korea’s ability to command future cyber attacks.

Having internet routes via both China and Russia reduces North Korea’s dependence on any one country at a time when it faces intense geo-political pressures, he said.

Many of the cyber attacks conducted on behalf of Pyongyang came from outside North Korea using hijacked computers, Boland said. Those ordering and controlling the attacks communicate to hackers and hijacked computers from within North Korea.

“This will improve the resiliency of their network and increase their ability to conduct command and control over those activities,” Boland said.

The Washington Post reported earlier that the U.S. Cyber Command has been carrying out denial of service attacks against hackers from North Korea designed to limit their access to the internet. (wapo.st/2yRbg8w)

In February 2005, the TTK became the largest party in terms of the European Internet Exchange London Internet Exchange (LINX). In July 2005, the TTK became the fifth operator in Russia, received the right to provide long-distance services (after Rostelecom, Tsentrinfokoma, Golden Telecom and MTT). “TransteleCom” JSC provides communications services in Kazakhstan and for a map of locations and services, go here.

Chinese Infusion of Spies in the U.S.

Posted on by

Related reading: CHINESE INTELLIGENCE SERVICES AND ESPIONAGE THREATS TO THE UNITED STATES

Related reading: 2015/ U.S. officials: Chinese secret agents in U.S. spikes

Related reading: 2014/ How the F.B.I. Cracked a Chinese Spy Ring

Dissident Reveals Secret Chinese Intelligence Plans Targeting U.S.

Guo Wengui calls China communist system a ‘kleptocracy,’ vows reform

China earlier this year ordered the dispatch of 27 intelligence officers to the United States as part of a larger campaign of subversion, according to a leading Chinese dissident.

Guo Wengui, a billionaire real estate mogul, disclosed what he said was an internal Communist Party document authorizing the Ministry of State Security to send the spies, described as “people’s police officers.”

Guo, who is being sought by the Chinese government in a bid to silence his disclosures of high-level corruption and intelligence activity, denounced the Beijing regime as corrupt and called for a “revolution” to reform the system.

“My only single goal that I set myself to try to achieve is to change China,” Guo said through an interpreter during a National Press Club meeting attended by news reporters and supporters of the exiled dissident.

“What they’re doing is against humanity,” he said. “What the U.S. ought to do is take action, instead of just talking to the Chinese kleptocracy.”

Guo last month requested political asylum in the United States in the face of a high-level Chinese government effort to force the United States to return him to China. China has charged him with several crimes. Guo has denied the charges.

Guo earlier charged that senior Chinese leader Wang Qishan, who controls most of China’s finances, is corrupt and has engaged in moving money and documents outside of China. Wang is leading China’s nationwide anti-corruption drive that critics say is cover for efforts by Xi to consolidate power.

The Chinese campaign against Guo has included high-level diplomatic and economic pressure on American government and business leaders to lobby for Guo’s repatriation.

China’s Minister of Public Security, Guo Shengkun, met with Attorney General Jeff Sessions on Wednesday where China’s demands for the return of fugitives was discussed.

A Justice Department spokesman said Sessions raised the issue of a Chinese-origin cyber attack against the Hudson Institute, a think tank that had canceled its plan to hold the press conference for Guo under pressure from China. The Justice spokesman, Wynn Hornbuckle, said China pledged their cooperation in investigating the incident.

Hornbuckle would not say if Guo Wengui was discussed during the law enforcement and cyber security talks.

David Tell, a Hudson spokesman, told the Washington Free Beacon, the denial of service cyber attack was traced by investigators to Shanghai.

According to an email obtained by the Free Beacon, a Hudson employee stated that he was asked to forward a message to institute leaders sent from a Chinese Embassy official on Sept. 29.

Chinese officials, according to the email, “want Hudson to cancel the Guo Wengui event because he is a criminal and tells lies, that China is about to enter a sensitive time with its Party Congress, that hosting him would hurt China-U.S. relations, and that this event would embarrass Hudson Institute and hurt our ties with the Chinese government.”

The intelligence document released Thursday is one of a number sensitive internal reports obtained by Guo who was once close to MSS Vice Minister Ma Jian, who was imprisoned last year on corruption charges, but who Guo has said was repressed politically because of his knowledge of corruption among Chinese leaders.

Guo said he had planned to disclose three internal Chinese government documents during the Hudson event. But instead he burned the documents after the event was canceled.

Guo said he maintains close ties to supporters within the Chinese government and security system and is able to obtain many internal documents.

According to Guo, for simply holding the top-secret document he distributed at the press conference, a person could be jailed in China for three to five years.

The document was issued by the National Security Council, a new Chinese government and Party entity headed by Chinese leader Xi Jinping.

The MSS operatives will work under cover at the Bank of China branch offices and at Chinese diplomatic facilities in the United States.

The document is labeled “top secret” and dated April 27. It was released by Guo at a press conference in Washington during which he appealed for the U.S. government to wake up to the threat posed by China and counter it.

Guo said the authenticity of the document was confirmed by the U.S. government.

The directive to the MSS was formally called “The Request for Instructions on the Working Plan of Secretly Dispatching and 27 People’s Police Officers, He Jianfeng and Others from the Ministry of State Security to the United States on Field Duty in 2017.”

“We approve in principle,” the report says, adding “please carefully organize and implement.”

According to the document the MSS should follow Chinese ideology set out by the late leader Deng Xiaoping, as well as the concepts outlined in speeches by Xi, the current leader.

The document is one of the first internal documents to reveal how China is expanding intelligence activities targeting what it calls “hostile forces” in the United States.

The MSS, according to the report, was told to “go according to the need of the strategic arrangements” of the Communist Party “against overseas hostile forces, strictly abide by our national principles of state security work on the United States, and use the opportunity of the rise of our comprehensive national strength and Sino-U.S. diplomatic relations tending to ease to further expand the scope and depth of the infiltration into the anti-China hostile forces in the United States.”

The MSS agents are to enter the United States secretly in phases and “use the cover of the executives of the state-owned enterprises in the United States, such as the Bank of China (New York) to carry out solid intelligence collection, to incite defection of relevant individuals, and to conduct counter-espionage, etc.”

The spies also were directed to focus on “extraordinarily significant criminal suspects, including Ling Wancheng, Guo Wengui, and Cheng Muyang, etc.”

Ling is the brother of Ling Jihua, a former high-ranking Chinese official who China has accused of illegal activities and who defected to the United States in 2016. Cheng is a real estate mogul in Canada who China also accused of illegal activities.

“If necessary, they should also actively support, cooperate with, and assist the personnel in the United States who conduct the United Front operations, diplomatic operations, and military intelligence operations to carry out related business,” the document states.

United Front work is what the Chinese government calls influence operations aimed at coopting Americans into supporting Beijing’s policies.

The directive urges the spies to “make contributions for further crushing overseas anti-China hostile forces.”

Lastly, MSS officials should seek to strengthen the organization and provide after actions reports to the senior Party organ.

“We have friends all over the world … those who provide the documents are among the most senior people, including the current Politburo standing committee,” Guo said. “My material is real. Otherwise, they wouldn’t be afraid of it.”

Guo said during his press conference that since the April directive, around 50 additional intelligence operatives were sent to the United States.

An FBI spokeswoman had no comment on the document. A Chinese Embassy spokesman did not respond to an email seeking comment.

On Saturday, China’s Public Security Ministry issued a statement denying China was behind the hack of a law firm representing Guo and the Hudson Institute. The ministry also disputed the authenticity of the document.

“An official of the Ministry of Public Security states that, China paid close attention to such allegations and launched immediate investigation,” the statement said. “But no evidence has been found that China and its government have been involved with these incidents.”

The ministry also called the documents revealed by Guo “utterly clumsily forged and full of obvious mistakes.” It did not elaborate but offered to cooperate in a U.S. investigation into the authenticity of the materials and cooperate in the probe of the cyber attacks.

According to Guo, China is engaged in a three-pronged campaign of subversion in the United States he labeled “Blue-Gold-Yellow,” with each color standing for a different line of attack.

Blue represents large-scale Chinese cyber and internet operations while gold represents China’s use of money and financial power. The yellow is part of a plan to use sex to undermine American society.

Another Chinese government subversion program was described by Guo using the code name the “Three Fs.” It involves China’s systematic programs targeting the United States with the goal to weaken the country, throw the country into turmoil and ultimately defeat America.

Asked about the major Communist Party meeting scheduled for later this month, Guo said: “I would like all members of the Chinese Communist Party to wake up and say no to this ruling clique.”

Guo disclosed that he was imprisoned in China after the 1989 pro-democracy protests in Tiananmen Square and spent 22 months in prison. Chinese police also shot his brother, who later died.

Since then, he has spent the intervening years as an entrepreneur preparing to expose corrupt Chinese leaders, a process he began in January.

China has retaliated by freezing some $17 billion in assets in China and by imprisoning business associates and relatives of Guo.

Radio France’s Chinese-language radio service reported recently that several Chinese have been harassed by authorities for discussing Guo’s disclosures about Wang’s corruption. The report called the activity “Guo Wengui-phobia.”

Chinese censors have cracked down on people online who used the phrases used by Guo, like “Wang-Seven-Three” and “73” for Wang Qishen. Also a person wearing the t-shirt with the word “all of this is only the beginning”—one of Guo’s catch phrases on social media was detained.

“Those who support Guo Wengui call out ‘put a pot on your head,’ a homophone for ‘support Guo,'” the French report said. “Those who desperately want to catch him want to ‘smash that pot,’ literally meaning ‘smash the pot,’ but the term means ‘to fail.'”

China also recently blocked the messaging app WhatsApp, after China tightened controls on WeChat, Weibo, and Baidu message boards that were sharing posts on Guo.

“Looking at social media, every time Guo Wengui has revealed the secrets of a corrupt official, there’s been a reaction on the streets of Beijing,” the report said. “In restaurants, bars, in the streets and alleyways, people see each other and, smiling, ask, ‘What did he say now?’ It’s become a tacit greeting.”

Not an Inch of the US is Safe, Consider This…

Posted on by

Equifax hacked, NSA hacked, active shooters, stolen identity, bad legislation being signed by presidents, townhalls being disrupted by activists, leaked classified material, nefarious people roaming Elm Street and violence on college campuses…..not a complete list but even top people in Washington DC are not protected either.

Check this out…

photo

John Kelly’s personal phone has been compromised for months

White House tech support discovered the suspected breach after Kelly turned his phone in to tech support staff this summer.

White House officials believe that chief of staff John Kelly’s personal cell phone was compromised, potentially as long ago as December, according to three U.S. government officials.

The discovery raises concerns that hackers or foreign governments may have had access to data on Kelly’s phone while he was secretary of the Department of Homeland Security and after he joined the West Wing.

Tech support staff discovered the suspected breach after Kelly turned his phone in to White House tech support this summer complaining that it wasn’t working or updating software properly.

Kelly told the staffers the phone hadn’t been working properly for months, according to the officials.

White House aides prepared a one-page September memo summarizing the incident, which was circulated through the administration.

A White House official, speaking for the administration, said Kelly hadn’t used the personal phone often since joining the administration. This person said Kelly relied on his government-issued phone for most communications.

The official, who did not dispute any of POLITICO’s reporting on the timeline of events or the existence of the memo, said Kelly no longer had possession of the device but declined to say where the phone is now.

Kelly has since begun using a different phone, one of the officials said, though he relies on his government phone when he’s inside the White House.

Several government officials said it was unclear when – or where – Kelly’s phone was first compromised. It is unclear what data may have been accessed, if any.

Kelly’s travel schedule prior to joining the administration in January is under review. The former Marine general retired in 2016 as chief of U.S. Southern Command.

Staffers reviewed the cell phone for several days and tried to decipher what had happened to it, the officials said. Many functions on the phone were not working.

The IT department concluded the phone had been compromised and should not be used further, according to the memo.

The document triggered concern throughout the West Wing about what information may have been exposed, one of the officials said.

The revelation comes amid an internal probe at the White House into personal email use. Senior officials, including Jared Kushner and Ivanka Trump, have at times used personal email for government business, POLITICO has reported.

Additional storage lockers were recently added in the West Wing for personal devices and aides have been warned to limit personal cell phone use in the building.

Bill Marczak, a senior research fellow with the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, said the worst-case scenario would be “full access,” where an attacker would be able to essentially control a device, including its microphone and camera.

“The [attackers] I would be most worried about are nation-states or other actors who may have access to resale of commercial spyware sold to nation-states,” he said.

“The average user won’t notice anything at all. Really the only way to pick up on that is to do forensics on the phone,” he added.

This article was reported in coordination with the Project On Government Oversight, a nonprofit investigative watchdog organization.

NSA Data Stolen via Russian Anti-Virus Software

Posted on by

photo

The Department of Homeland Security recently barred federal agencies from using Kaspersky Lab products due to security concerns but has been tight-lipped about what intelligence linked the popular, Moscow-based computer security firm to specific intelligence operations.

Kaspersky Lab denied any knowledge of any role in the attack, but decried “news coverage of unproven claims continu[ing] to perpetuate accusations about the company” in a written statement.

“As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight,” the company said. More here.

photo with more detail at this link

Russian hackers stole classified data from NSA contractor

Russian government hackers stole data about how the US penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed highly classified material and stashed it on his home computer, a new report said Thursday.

The hackers apparently targeted the contractor after identifying the files through the contractor’s use of an anti-virus software made by the Russia-based Kaspersky Lab, The Wall Street Journal reported, citing sources familiar with the hacking.

Experts told the paper the hack was one of the most serious security breaches in years, and that it provided insight into how Russian intelligence exploits commercial software products to spy on the US.

The incident occurred in 2015 but wasn’t discovered until spring of last year, the sources told the WSJ.

The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for that kind of spying and how it defends American networks, the sources said.

The information could help the Russians guard their own networks, making it more difficult for American spooks to surveil Russia.

The breach was believed to be the first time that Kaspersky software, which is sold in the US, was exploited by Russian hackers as they spied on the US.

The revelation comes as special counsel Robert Mueller is investigating Russian meddling in the US election and possible collusion with the Trump campaign.

The president has called Russian hacking a “hoax” and “fake news” and slammed Mueller’s probe as a “witch hunt.”

A spokesman for the NSA would not comment on the security breach.

“Whether the information is credible or not, NSA’s policy is never to comment on affiliate or personnel matters,” the spokseman told the paper.

In a statement, Kaspersky said it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”

The NSA contractor in the Kaspersky incident was not known, and the company he worked for was not identified.

Sources told The Journal he is believed to have taken home numerous documents and other materials from NSA headquarters, possibly to continue working beyond his normal office hours.

The man apparently did not knowingly work for a foreign government, but knew that removing classified information without authorization was a violation of NSA policies and potentially a criminal act, the sources said.