HOW THE F.B.I. CRACKED A CHINESE SPY RING
May 19, 2014
In the magazine earlier this month, I wrote about Greg Chung, a Chinese-American engineer at Boeing who worked on NASA’s space-shuttle program. In 2009, Chung became the first American to be convicted in a jury trial on charges of economic espionage, for passing unclassified technical documents to China.
While reporting the story, I learned a great deal about an earlier investigation involving another Chinese-American engineer, named Chi Mak, who led F.B.I. agents to Greg Chung. The Mak case, which began in 2004, was among the F.B.I.’s biggest counterintelligence investigations, involving intense surveillance that went on for more than a year.
The stakes were high: at that time, the F.B.I. did not have a stellar record investigating Chinese espionage. Three years earlier, the government had been publicly humiliated by its failed attempt to prosecute the Chinese-American scientist Wen Ho Lee on charges of passing nuclear secrets from the Los Alamos National Laboratory to China, in a case that came to be seen by some observers as an example of racial prejudice. The investigation of Chi Mak—followed by the successful investigation and prosecution of Greg Chung—turned out to be a milestone in the F.B.I.’s efforts against Chinese espionage, and demonstrated that Chinese spies had indeed been stealing U.S. technological secrets.
While Chung volunteered his services to China out of what seemed to be love for his motherland, the F.B.I. believed that Mak was a trained operative who had been planted in the U.S. by Chinese intelligence. Beginning in 1988, Mak had worked at Power Paragon, a defense company in Anaheim, California, that developed power systems for the U.S. Navy. The F.B.I. suspected that Mak, who immigrated to the U.S. from Hong Kong in the late nineteen-seventies, had been passing sensitive military technology to China for years.
The investigation began when the F.B.I. was tipped off to a potential espionage threat at Power Paragon. The case was assigned to a special agent named James Gaylord; since the technologies at risk involved the Navy, Gaylord and his F.B.I. colleagues were joined by agents from the Naval Criminal Investigation Service. Mak was put under extensive surveillance: the investigators installed a hidden camera outside his home, in Downey, California, to monitor his comings and goings, and surveillance teams followed him wherever he went. All of his phone calls were recorded.
A short and energetic sixty-four-year-old with a quick smile, Mak was a model employee at Power Paragon. Other workers at the company often turned to him for help in solving problems, and Mak provided it with the enthusiasm of a man who appeared to live for engineering. His assimilation into American life was limited to the workplace: he and his wife, Rebecca, led a quiet life, never socializing with neighbors. Rebecca was a sullen, stern woman whose proficiency in English had remained poor during her two and a half decades in the United States. She never went anywhere without Mak, except to take a walk around the neighborhood in the morning.
Sitting around the house—secret audio recordings would later show—the two often talked about Chinese politics, remarking that Mao, like Stalin, was misunderstood by history. The influence of Maoist ideology was, perhaps, evident in the Maks’ extreme frugality: they ate their meals off of newspapers, which they would roll up and toss in the garbage. Every Saturday morning, after a game of tennis, they drove to a gas station and washed their car using the mops and towels there. From the gas station, the Maks drove to a hardware store and disappeared into the lumber section for ten minutes, never buying anything. For weeks, the agents following them wondered if the Maks were making a dead drop, but it turned out that the lumber section offered free coffee at that hour.
* * *
One evening in September, 2004, Gaylord drove to a playground next to the freeway in Downey. About two dozen of Gaylord’s colleagues from the F.B.I. were already gathered there, including a team from the East Coast that specialized in making clandestine entries into the homes of investigation suspects. That night, they planned to conduct a secret search of Mak’s house. Mak and Rebecca were vacationing in Alaska, and this gave agents an opportunity to use a court order authorizing them to enter the Maks’ residence in their absence.
For weeks, agents had been watching Blandwood Road, the street the Maks lived on, researching the nightly patterns of nearby neighbors. The person next door routinely woke up at three to go to the bathroom, walking past a window that offered a partial view into the Maks’ house. Behind the Maks’ residence was a dog that was given to barking loudly. A neighbor across the street came out every morning at four to smoke a cigarette. If any of them were to raise an alarm, the search would not remain secret. Mak would find out and, if he was indeed a spy, it would become harder to find evidence against him.
Shortly before midnight, Gaylord and two other agents got into a Chevy minivan with the middle and back rows of seats removed. The vehicle was identical in appearance to the one that Mak drove; it would raise no suspicions even if neighbors happened to notice it. The agents lay down flat in the back of the van, leaving only the driver visible from the street. After getting the go-ahead from a surveillance team, the van pulled out from the playground and drove to Blandwood Road, stopping a short distance from the Maks’ house.
The group of entry specialists was already inside the house. Gaylord gently opened the front door and entered, letting two other agents in behind him. The men stood motionless, waiting for their eyes to adjust to the darkness. Everything they could see was covered in a thick layer of dust, including a model airplane on a coffee table and a vacuum cleaner in the hallway. In the dim light, Gaylord saw stacks of documents, some two to three feet high, everywhere: by the front door, on the dinner table, in the home office.
The agents began photographing the documents, taking care to put them back exactly as they had been. Among the stacks were manuals and designs for power systems on U.S. Navy ships and concepts for new naval technologies under development. One set of documents contained information about the Virginia-class submarines, describing ways to cloak submarine propellers and fire anti-aircraft weapons underwater.
The agents took pictures of other materials: tax returns, travel documents, and an address book listing Mak’s contacts, including several other engineers of Chinese origin living in California. This is where the F.B.I. first came across the name Greg Chung.
* * *
The F.B.I. was also watching Chi Mak’s younger brother, Tai Mak, who had moved to the U.S. from Hong Kong in 2001. Tai was a broadcast engineer for a Hong Kong-based satellite-television channel, Phoenix TV, which is partly owned by the Chinese government. He lived in Alhambra, about twelve miles from Downey, with his wife, Fuk Li, and their two teen-age children, Billy and Shirley.
Fuk and Rebecca didn’t get along, and would bad-mouth each other to their husbands. Still, the two families got together every few weeks, usually at a Chinese restaurant in Alhambra, which has a large Chinese-American population. A frequent topic of conversation was Fuk’s aging mother, who lived alone in Guangzhou. Fuk and Tai were concerned about her health, and they depended on a family friend named Pu Pei-liang, a scholar at the Center for Asia Pacific Studies at Sun Yat-sen University, to check on her periodically.
Every week, agents inspected the trash from both families’ houses, after offloading it from a garbage truck. “It’s not a fun duty, especially in the summertime, here in California,” Gaylord told me. The job fell mostly to Gaylord’s younger colleagues, who would lay the garbage out in a parking lot or a garage and rummage through it.
The trash searches and the surveillance went on for months, but they yielded no evidence. “I never said it, but I thought, Wow, we’re using a lot of resources, but we haven’t proved anything yet,” Gaylord told me. Then, one day in February, 2005, Jessie Murray, an agent who spoke Mandarin, found several torn-up bits of paper with Chinese text while going through Chi and Rebecca’s trash. She put them in a Ziploc bag and brought them to the office.
The agents assembled the contents of the bag like a jigsaw puzzle. Patched together, the pieces constituted two documents, one handwritten and the other machine-printed. Gunnar Newquist, an investigator assigned to the case by the N.C.I.S., spotted an English phrase at the bottom of the handwritten sheet. “DDX,” he said, reading it aloud. “That’s a Navy destroyer.”
The handwritten text turned out to be a list of naval technologies and programs: submarine propulsion networks; systems for defending against nuclear, chemical, and biological attacks; and others. On the printed sheet were instructions about going to conferences to collect information. Gaylord was certain that the two documents were tasking lists from Chinese intelligence.
In October, the F.B.I. made another covert entry into Chi Mak’s house and installed a hidden camera above the dining-room table; the surveillance video from that camera can be seen below. Days later, on a Sunday morning, agents observed Mak sitting at the table, inserting CDs into a laptop and talking to Rebecca about the information that he was copying. All of it related to the Navy, including a paper about developing a quieter motor for submarines, a project that Mak was in charge of at Power Paragon.
Combing through translated phone conversations from the previous week, investigators learned that Fuk and Tai were planning to leave California for China the following Friday. They discovered a call that Tai had made to Pu, the family friend in Guangzhou, which Tai began with a strange introduction: “I am with Red Flower of North America.” Tai told Pu that he was coming to China for the spring trade show, and that he was bringing an assistant. Pu asked him to call upon arriving at the Guangzhou airport, using a phone card that Pu had given him earlier. Tai was clearly speaking in code: he wasn’t connected to any organization named Red Flower, and it was autumn, not spring.
The following day, Tai and Fuk talked about the upcoming trip. Fuk asked if they would have to carry a heavy load of documents from Chi Mak, as they had done in the past. Tai assured her that, this time, they only needed to put the information on disks, using the computer that Pu had given them.
Fuk and Tai were arrested at the Los Angeles airport after security agents searched their luggage and found an encrypted disk containing the files that Chi Mak had copied. On the same night, F.B.I. agents arrested Chi and Rebecca Mak just as they were preparing for bed. The two sat silently on the couch while agents searched the house, for the first time with the lights turned on.
* * *
During a six-week jury trial in 2007, government prosecutors painted Chi Mak as a trained spy who started his career as an intelligence officer for the Chinese government during his years in Hong Kong. Mak’s first assignment, according to the prosecution, was monitoring the movements of U.S. Navy ships entering and leaving the Hong Kong harbor during the Vietnam War, a job that Mak performed assiduously while working at his sister’s tailor shop. Gunnar Newquist testified that, in an interview given to Newquist and a fellow N.C.I.S. agent shortly after his arrest, Mak had confessed to sending information about commercial and military technologies to China since the early eighties. Mak denied making any such confession.
On May 10, 2007, the jury convicted Mak on charges of conspiring to export U.S. military technology to China and acting as an unregistered agent of a foreign government. Weeks later, Tai, Fuk, and their son, Billy, pleaded guilty to being part of the conspiracy. Rebecca Mak pleaded guilty to being an unregistered foreign agent. Mak was sentenced to twenty-four and a half years; Tai received a sentence of ten years. Fuk and Billy were deported to China, as was Rebecca—after she had spent three years in prison.
When I went to see Mak, last summer, at the Federal Correctional Institution, in Lompoc, California, a minimum-security prison near Vandenberg Air Force Base, he denied that he had ever worked for Chinese intelligence. Mak also insisted that Chung hadn’t spied for China, either. He said that they had both been unfairly targeted by investigators, as part of a politically motivated campaign against China by U.S. law enforcement agencies. The reason he’d come to the U.S. in the seventies, Mak said, was not to work as a sleeper agent—as the prosecution had claimed—but to advance professionally and to see the world. At one point, he caught himself going on at length about an aircraft-powering generator he had helped to design in the eighties. “When I talk technical, I get excited,” he said, grinning sheepishly.
His enthusiasm waned when I asked him about the list of military technologies that the F.B.I. had recovered from his trash. He told me that he’d found it inside a book on Chinese medicine that his nephew, Billy, brought back for him from a trip to China. “Maybe somebody was trying to take advantage of Billy,” he said. When I pressed him to guess who the sender of the list might have been, Mak got fidgety and grim. “It could have been Pu Pei-liang,” he said, finally. He insisted that the only thing he’d ever done with the list was tear it up.
Mak acknowledged that he’d sent papers to Pu in the past, but said that they were all from the open literature. The CDs he’d given to Tai before Tai’s aborted trip to China didn’t contain anything sensitive, either, he said, alleging that the prosecution had greatly exaggerated their importance. Still, I asked, who were the CDs meant for? Mak narrowed his eyes, as if trying hard to remember. “I’m not too sure,” he said. “I’m not too sure.”
MAY 16, 2014
POSTED BY YUDHIJIT BHATTACHARJEE
Find this story at 16 May 2014
© 2013 Condé Nast.
Dongfan “Greg” Chung, Chinese Spy, Gets More Than 15 Years In Prison
May 19, 2014
SANTA ANA, Calif. — A Chinese-born engineer convicted in the United States’ first economic espionage trial was sentenced Monday to more than 15 years in prison for stealing sensitive information on the U.S. space program with the intent of passing it to China.
Dongfan “Greg” Chung, a Boeing stress analyst with high-level security clearance, was convicted in July of six counts of economic espionage and other federal charges for storing 300,000 pages of sensitive papers in his Southern California home. Prosecutors alleged the papers included information about the U.S. space shuttle, a booster rocket and military troop transports.
Before reading the sentence, U.S. District Judge Cormac J. Carney said he didn’t know exactly what information Chung had passed to China over a 30-year period. But just taking the “treasure trove of documents” from Boeing Co., a key military contractor, constituted a serious crime, he said.
“What I do know is what he did, and what he did pass, hurt our national security and it hurt Boeing,” the judge said.
During brief remarks, Chung, 74, begged for a lenient sentence, saying he had taken the information to write a book.
“Your honor, I am not a spy, I am only an ordinary man,” said Chung, who wore a tan prison jumpsuit with his hands cuffed to a belly chain as his wife and son watched from the audience. “Your honor, I love this country. … Your honor, I beg your pardon and let me live with my family peacefully.”
Outside court, defense attorney Thomas Bienert said he would appeal.
“We have a different view of the facts and the evidence than the judge,” Bienert said. “We think the sentence should have been a lot less given the conduct involved.”
Prosecutors had requested a 20-year sentence, in part to send a message to other would-be spies, but the judge said he couldn’t determine exactly how much the breaches hurt Boeing and the nation.
Carney also cited the engineer’s age and frail health in going with a sentence of 15 years and eight months. Chung had a stroke within the past two years and was hospitalized several days ago with a gastrointestinal problem, Bienert said.
“It’s very difficult having to make a decision where someone is going to have to spend the rest of their adult life in prison,” Carney said. “I take no comfort or satisfaction in that.”
Assistant U.S. Attorney Greg Staples noted in his sentencing papers that Chung had amassed $3 million in personal wealth while betraying his adopted country.
“I know that there’s a lot of emotion on the defense side about what impact the sentence will have on the defendant, but I would like to put on the record that we are here speaking for the rest of the families in the United States who go to bed at night expecting that the security of this country is being looked out for,” Staples said.
The government accused Chung of using his decades-long career at Boeing and Rockwell International to steal papers on aerospace and defense technologies.
During the non-jury trial, the government showed photos of every available surface in Chung’s home covered with thick stacks of paper, and investigators testified about finding more documents in a crawl space. They said Boeing invested $50 million in the technology over a five-year period.
Chung’s lawyers argued then – and again at sentencing – that he may have violated Boeing policy by bringing the papers home, but he didn’t break any laws, and the U.S. government couldn’t prove he had given secrets to China.
The government believes Chung began spying for the Chinese in the late 1970s, a few years after he became a naturalized U.S. citizen and was hired by Rockwell.
Chung worked for Rockwell until it was bought by Boeing in 1996. He stayed with the company until he was laid off in 2002, then was brought back a year later as a consultant. He was fired when the FBI began its investigation in 2006.
When agents searched Chung’s home in Orange that year, they discovered thousands of pages of documents on a phased-array antenna being developed for radar and communications on the U.S. space shuttle and a $16 million fueling mechanism for the Delta IV booster rocket, used to launch manned space vehicles.
Agents also found documents on the C-17 Globemaster troop transport used by the U.S. Air Force and militaries in Britain, Australia and Canada – but the government later dropped charges related to those finds.
Prosecutors discovered Chung’s activities while investigating Chi Mak, another suspected Chinese spy living and working in Southern California. Mak was convicted in 2007 of conspiracy to export U.S. defense technology to China and sentenced to 24 years in prison.
Chung was the first person to be tried under the economic espionage provision of the Economic Espionage Act, which was passed in 1996 after the U.S. realized China and other countries were targeting private businesses as part of their spy strategies.
Since then, six economic espionage cases have settled before trial. In some of the cases, defendants were sentenced to just a year or two in prison.
Another economic espionage case went to trial in San Jose after Chung’s conviction, but a jury deadlocked on charges against two men accused of stealing computer chip blueprints from their Silicon Valley employer.
Prosecutors have previously tried cases under a different part of the 1996 act that deals with the theft of trade secrets.
GILLIAN FLACCUS 02/ 8/10 04:52 PM ET AP
Find this story at 2 August 2010
Copyright © 2014 TheHuffingtonPost.com, Inc.
Chinese-Born Man Guilty of Economic Spying (2009)
May 19, 2014
In this Feb 19, 2008 file photo, Dongfan “Greg” Chung, is shown leaving the U.S. District Court in Santa Ana, Calif., with an unidentified woman. The prosecution and defense presented opening statements Tuesday June 2, 2009 in the first economic espionage case to reach trial in the United States. Prosecutors laid out their case against Chung, 73, in U.S. District Court in Santa Ana, Calif. AP PHOTO/ORANGE COUNTY REGISTER, CHRISTINA HOUSE
A Chinese-born engineer was convicted Thursday of stealing trade secrets critical to the U.S. space program in the nation’s first economic espionage trial.
A federal judge found former Boeing Co. engineer Dongfan “Greg” Chung guilty of six counts of economic espionage and other charges for taking 300,000 pages of sensitive documents that included information about the U.S. space shuttle and a booster rocket.
“Mr. Chung has been an agent of the People’s Republic of China for over 30 years,” U.S. District Judge Cormac J. Carney said while issuing his ruling.
Federal prosecutors accused the 73-year-old stress analyst of using his 30-year career at Boeing and Rockwell International to steal the documents. They said investigators found papers stacked throughout Chung’s house that included sensitive information about a fueling system for a booster rocket – documents that Boeing employees were ordered to lock away at the close of work each day. They said Boeing invested $50 million in the technology over a five-year period.
The judge convicted Chung of six counts of economic espionage, one count of acting as a foreign agent, one count of conspiracy, and one count of lying to federal agent. He was acquitted of obstruction of justice.
Chung opted for a non-jury trial that ended June 24. During the three-week trial, defense attorneys said Chung was a “pack rat” who hoarded documents at his house but insisted he was not a spy.
They said Chung may have violated Boeing policy by bringing the papers home, but he didn’t break any laws and the U.S. government couldn’t prove he had given any of the information to China.
Attorneys and prosecutors were not immediately available for comment after the verdict.
The Economic Espionage Act was passed in 1996 to help the government crack down on the theft of information from private companies that contract with the government to develop U.S. space and military technologies.
By CBSNEWSAPJuly 16, 2009, 1:18 PM
Find this story at 16 July 2009
© 2009 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.
Chinese Espionage and French Trade Secrets
April 9, 2014
Paris prosecutor Jean-Claude Marin on Jan. 14 began an inquiry into allegations of commercial espionage carried out against French carmaker Renault. The allegations first became public when Renault suspended three of its employees on Jan. 3 after an internal investigation that began in August 2010. Within days, citing an anonymous French government source, Reuters reported that French intelligence services were looking into the possibility that China played a role in the Renault espionage case. While the French government refused to officially confirm this accusation, speculation has run wild that Chinese state-sponsored spies were stealing electric-vehicle technology from Renault.
The Chinese are well-known perpetrators of industrial espionage and have been caught before in France, but the details that have emerged so far about the Renault operation differ from the usual Chinese method of operation. And much has been learned about this MO just in the last two years across the Atlantic, where the United States has been increasingly aggressive in investigating and prosecuting cases of Chinese espionage. If Chinese intelligence services were indeed responsible for espionage at Renault it would be one of only a few known cases involving non-Chinese nationals and would have involved the largest amount of money since the case of the legendary Larry Wu-Tai Chin, China’s most successful spy.
STRATFOR has previously detailed the Chinese intelligence services and the workings of espionage with Chinese characteristics. A look back at Chinese espionage activities uncovered in the United States in 2010, since our latest report was compiled, can provide more context and detail about current Chinese intelligence operations.
Chinese Espionage in the U.S.
We chose to focus on operations in the United States for two reasons. First, the United States is a major target for Chinese industrial espionage. This is because it is a leader in technology development, particularly in military hardware desired by China’s expanding military, and a potential adversary at the forefront of Chinese defense thinking. Second, while it is not the only country developing major new technologies in which China would be interested, the United States has been the most aggressive in prosecuting espionage cases against Chinese agents, thereby producing available data for us to work with. Since 2008, at least seven cases have been prosecuted each year in the United States against individuals spying for China. Five were prosecuted in 2007. Going back to about 2000, from one to three cases were prosecuted annually, and before that, less than one was prosecuted per year.
Most of the cases involved charges of violating export restrictions or stealing trade secrets rather than the capital crime of stealing state secrets. As the premier agency leading such investigations, the FBI has clearly made a policy decision to refocus on counterintelligence after an overwhelming focus on counterterrorism following 9/11, and its capability to conduct such investigations has grown. In 2010, 11 Chinese espionage cases were prosecuted in the United States, the highest number yet, and they featured a wide range of espionage targets.
Ten of the 11 cases involved technology acquisition, and five were overt attempts to purchase and illegally export encryption devices, mobile-phone components, high-end analog-to-digital converters, microchips designed for aerospace applications and radiation-hardened semiconductors. These technologies can be used in a wide range of Chinese industries. While the mobile-phone technology would be limited to Chinese state-owned enterprises (SOEs) such as China Mobile, the aerospace-related microchips could be used in anything from rockets to fighter jets. Xian Hongwei and someone known as “Li Li” were arrested in September 2010 for allegedly attempting to purchase those aerospace-related microchips from BAE Systems, which is one of the companies involved in the development of the F-35 Joint Strike Fighter. Similar espionage may have played a role in China’s development of the new J-20 fifth-generation fighter, but that is only speculation.
(click here to enlarge image)
Five other cases in 2010 involved stealing trade secrets. These included organic light-emitting diode processes from Dupont, hybrid vehicle technology from GM, insecticide formulas from the Dow Chemical Co., paint formulas from Valspar and various vehicle design specifications from Ford. These types of Chinese cases, while often encouraged by state officials, are more similar to industrial espionage conducted by corporations. Since many of the major car companies in China are state-run, these technologies benefit both industry and the state.
But that does not mean these efforts are directed from Beijing. History shows that such espionage activities are not well coordinated. Various Chinese company executives (who are also Communist Party officials) have different requirements for their industrial espionage. In cases where two SOEs are competing to sell similar products, they may both try to recruit agents to steal the same technology. There are also a growing number of private Chinese companies getting involved in espionage. One notable example was when Du Shanshan and Qin Yu passed on technology from GM to Chery Automobile, a private, rather than state-run, manufacturer. In the five trade-secret cases in 2010, most of the suspects were caught because of poor tradecraft. They stored data on their hard drives, sent e-mails on company computers and had obvious communications with companies in China. This is not the kind of tradecraft we would expect from trained intelligence officers. Most of these cases probably involved ad hoc agents, some of whom were likely recruited while working in the United States and offered jobs back in China when they were found to have access to important technology.
These cases show how Chinese state-run companies can have an interest in espionage in order to improve their own products, both for the success of their companies and in the national interest of China. The U.S. Department of Justice has not provided specific details on how the stolen defense-related technologies were intended to be used in China, so it is hard to tell whether they would have enhanced China’s military capability.
First-generation Chinese carried out 10 of the 11 publicized cases in the United States last year. Some were living or working temporarily in the United States, others had become naturalized American citizens (with the exception of Xian and Li, who were caught in Hungary). The Chinese intelligence services rely on ethnic Chinese agents because the services do not generally trust outsiders. When recruiting, they also use threats against family members or the individuals themselves. Second- and third-generation Chinese who have assimilated in a new culture are rarely willing to spy, and the Chinese government has much less leverage over this segment of the ethnic-Chinese population living overseas.
In the 11 cases in 2010, it is not clear what payments, if any, the agents might have received. In some cases, such as those involving the trade secrets from Valspar and Ford, the information likely helped the agents land better jobs and/or receive promotions back in China. Cash does not typically rule the effectiveness of newly recruited Chinese spies, as it might with Western recruits. Instead, new Chinese agents are usually motivated by intelligence-service coercion or ideological affinity for China.
The outlier in 2010 was Glenn Duffie Shriver, an American student with no Chinese heritage who applied to work at both the U.S. State Department and the CIA. His was the first publicized case of the Chinese trying to develop an agent in place in the United States since Larry Chin. Shriver studied in China in 2002 and 2003. The recruitment process began when he returned to China in 2004 to seek employment and improve his language capabilities. After responding to an ad for someone with an English-language background to write a political paper, Shriver was paid $120 for producing an article on U.S.-Chinese relations regarding Taiwan and North Korea.
The woman who hired him then introduced him to two Chinese intelligence officers named Wu and Tang. They paid Shriver a total of $70,000 in three payments while he tried to land a job with the U.S. government. Shriver failed the exams to become a foreign service officer and began pursuing a career with the CIA. He was accused of lying on his CIA application by not mentioning at least one trip to China and at least 20 meetings with Chinese intelligence officers. It is not clear how he was exposed, but customs records and passport stamps would have easily revealed any trips to China that he did not report in his CIA application. On Oct. 22, 2010, Shriver pleaded guilty to conspiring to provide national defense information to intelligence officers of the People’s Republic of China and was sentenced to 48 months in prison in accordance with his plea agreement.
A few Americans have been accused of being Chinese agents before, such as former Defense Department official James Fondren, who was caught and convicted in 2009. These cases are rare, though they may increase as Beijing tries to reach higher levels of infiltration. It is also possible that the FBI has been reaching only for low-hanging fruit and that Chinese espionage involving Americans at higher levels is going undetected. If this were the case, it would not be consistent with the general Chinese espionage MO.
China takes a mosaic approach to intelligence, which is a wholly different paradigm than that of the West. Instead of recruiting a few high-level sources, the Chinese recruit as many low-level operatives as possible who are charged with vacuuming up all available open-source information and compiling and analyzing the innumerable bits of intelligence to assemble a complete picture. This method fits well with Chinese demographics, which are characterized by countless thousands of capable and industrious people working overseas as well as thousands more analyzing various pieces of the mosaic back home.
Another case in 2010 was an alleged China-based cyberattack against Google, in which servers were hacked and customer account information was accessed. Last year, more than 30 other major companies reported similar infiltration attempts occurring in 2009, though we do not know how widespread the effort really is. China’s cyber-espionage capabilities are well known and no doubt will continue to provide more valuable information for China’s intelligence services.
The Renault Case
Few details have been released about the Renault case, which will likely remain confidential until French prosecutors finish their investigation. But enough information has trickled in to give us some idea of the kind of operation that would have targeted Renault’s electric-vehicle program. Three Renault managers were accused: Matthieu Tenenbaum, who was deputy director of Renault’s electric-vehicle program; Michel Balthazard, who was a member of the Renault management board; and Bertrand Rochette, a subordinate of Balthazard who was responsible for pilot projects. Various media reports — mostly from Le Figaro — claim that the State Grid Corporation of China opened bank accounts for two of the three managers (it is unknown which two). Money was allegedly wired through Malta, and Renault’s investigators found deposits of 500,000 euros (about $665,000) and 130,000 euros (about $175,000) respectively in Swiss and Liechtenstein bank accounts.
Assuming this is true, it is still unclear what the money was for. Given that the three executives had positions close to the electric-vehicle program, it seems that some related technology was the target. Patrick Pelata, Renault’s chief operating officer, said that “not the smallest nugget of technical or strategic information on the innovation plan has filtered out of the enterprise.” In other words, Renault uncovered the operation before any technology was leaked — or it is intentionally trying to downplay the damage done in order to reassure investors and protect stock prices. But Pelata also called the operation “a system organized to collect economic, technological and strategic information to serve interests abroad.”
Renault is convinced a foreign entity was involved in a sophisticated intelligence operation against the company. The question is, what foreign entity? On Jan. 13, Renault filed an official complaint with French authorities, saying it was the victim of organized industrial espionage, among other things, committed by “persons unknown.” French Industry Minister Eric Besson clarified Jan. 14 that there was no information to suggest Chinese involvement in the case, though he previously said France was facing “economic war,” presuming that the culprits came from outside France. The source for the original rumors of Chinese involvement is unclear, but the French clearly backed away from the accusation, especially after Chinese Foreign Ministry spokesman Hong Lei called the accusation “baseless and irresponsible” on Jan. 11 (of course, even if the Chinese were the culprits they would certainly not admit it).
The Chinese have definitely targeted energy-efficient motor vehicle technology in the past, in addition to the Ford and GM cases, and Renault itself is no stranger to industrial espionage activities. In 2007, Li Li Whuang was charged with breach of trust and fraudulent access to a computer system while working as a trainee at Valeo, a French automotive components manufacturer, in 2005. The 24-year-old was studying in Paris when she was offered the trainee position at Valeo. Investigators found files on her computer related to a project with BMW and another with Renault.
The new Renault case, however, is very different from most Chinese espionage cases. First, it involved recruiting three French nationals with no ethnic ties to China, rather than first-generation Chinese. Second, the alleged payments to two of three Renault employees were much larger than Chinese agents usually receive, even those who are not ethnic Chinese. The one notable exception is the case of Larry Chin, who is believed to have received more than $1 million in the 30 years he spied for China as a translator for U.S. intelligence services. Renault executives would also be paid as much or more in salaries than what was found in these bank accounts, though we don’t know if more money was transferred in and out of the accounts. This may not be unprecedented, however; STRATFOR sources have reported being offered many millions of dollars to work for the Chinese government.
Another problem is the alleged use of a Chinese state-owned company to funnel payments to the Renault executives. Using a company traceable not only to China but to the government itself is a huge error in tradecraft. This is not likely a mistake that the Chinese intelligence services would make. In Chin’s case, all payments were made in cash and were exchanged in careful meetings outside the United States, in places where there was no surveillance.
Thus, STRATFOR doubts that the Renault theft was perpetrated by the Chinese. The leak suggesting otherwise was likely an assumption based on China’s frequent involvement in industrial espionage. Still, it could be a sign of new methods in Chinese spycraft.
The Shriver and Renault cases could suggest that some Chinese intelligence operations are so sophisticated that counterintelligence officers are unaware of their activities. They could mean that the Chinese are recruiting higher-level sources and offering them large sums of money. Chin, who got his start working for the U.S. Army during the Korean War, remained undetected until 1985, when a defector exposed him. There may be others who are just as well hidden. However, according to STRATFOR sources, including current and former counterintelligence officers, the vast majority of Chinese espionage operations are perpetrated at low levels by untrained agents.
There is little indication that the Chinese have switched from the high-quantity, low-quality mosaic intelligence method, and cyber-espionage activities such as hacking Google demonstrate that the mosaic method is only growing. The Internet allows China to recruit from its large base of capable computer users to find valuable information in the national interest. It provides even more opportunities to vacuum up information for intelligence analysis. Indeed, cyber-espionage is being used as another form of “insurance,” a way to ensure that the information collected by the intelligence services from other sources is accurate.
If China is responsible for the Renault penetration, the case would represent a change in the Chinese espionage MO, one aiming at a higher level and willing to spend more money, even though most of the cases prosecuted in the United States pointed to a continuation of the mosaic paradigm. Nevertheless, counterintelligence officers are likely watching carefully for higher-level recruits, fearing that others like Chin and Shriver may have remained undetected for years. These cases may be an indication of new resources made available to Western counterintelligence agencies and not new efforts by the Chinese.
One thing is certain: Chinese espionage activities will continue apace in 2011, and it will be interesting to see what targets are picked.
THURSDAY, JANUARY 20, 2011 – 03:53 Print Text Size
By Sean Noonan
Find this story at 20 January 2011
Copyright © 2014 Stratfor
Renault cars spy case: French intelligence investigates
April 9, 2014
The French president has asked the intelligence service to investigate suspected industrial spying at Renault.
The French carmaker has suspended three senior managers after an investigation into the possible leaking of electric vehicle secrets to rivals.
The firm has said industrial espionage poses a serious threat to its “strategic assets”.
The French industry minister has described the case of Renault, which is 15% state-owned, as “economic warfare”.
The right-leaning Le Figaro newspaper reported that, according to several sources, the information passed on relates to the technology in the battery and the engine of electrical vehicles that will be rolled out after 2012.
The three executives suspended are alleged to have sold new patents not yet registered to one or several intermediaries specialising in economic intelligence.
One of the three – who have all been given the opportunity to respond to the charges made against them, before any sanctions are imposed – is a member of the carmaker’s management committee.
Continue reading the main story
image of Mark Gregory
The incident comes at a time of rising concern in Europe and America about protecting intellectual property rights.
The picture emerging from French media reports is that the three suspended executives may have leaked details of battery and engine technologies developed for Renault’s new generation of electric cars.
Whether or not the allegations are true, they have touched a raw nerve. Western firms are worried about rivals in emerging economies grabbing their best ideas without paying for them.
The issue is becoming more serious as China and other new industrial powers become more sophisticated in what they produce.
Stories about stolen industrial secrets will probably become more frequent as competition between old industrial powers and new ones intensifies.
The BBC’s Christian Fraser, in Paris, says that it is a mark of how seriously the French government is taking this breach of trust that it has asked the intelligence service to investigate.
Car manufacturing is an important part of the French economy, and a major employer, our correspondent says.
One of the biggest advantages that Western carmakers have is their advanced technology, which enables them to compete against cheaper labour costs outside Europe.
According to sources within Renault it is suspected the final recipient of this information was likely to have been a Chinese rival.
“We cannot accept that an innovation financed by the French taxpayer ends up in the hands of the Chinese,” one, anonymous industry ministry source told Agence France Presse.
The carmaker, alongside its partner Nissan, has invested heavily in electric vehicle technology.
Both plan to launch a number of new electric vehicles over the next two years.
7 January 2011
Find this story at 7 January 2011
BBC © 2014
No bugs found in former Nortel building, Defence officials now say
November 8, 2013
The Conservative government says Defence officials have assured it that no listening devices have been found at the former Nortel campus,
OTTAWA — The Conservative government says Defence officials have assured it that no listening devices have been found at the former Nortel campus, contradicting previous security concerns raised by both former Nortel and government intelligence employees.
Former Nortel employees have contacted the Citizen to say that the listening devices were found when Department of National Defence officials did their initial security sweeps of the facility, purchased for DND’s new home.
DND documents also indicate that concerns about the security surrounding the former Nortel campus were raised last year within the department. A briefing document for then-Defence minister Peter MacKay warned that the public announcement that the DND was moving into the complex before it could be properly secured created a major problem.
“This not only raises the level of difficulty of verifying appropriate security safeguards in the future, it will probably dramatically increase security costs and cause delays to reach full operational capability,” MacKay was told in April 2012 by Canadian Forces security officers.
Last year senior Nortel staff acknowledged that the company had been the subject of a number of spy and computer hacking operations over a decade, with the main culprits suspected of being associated with China.
Michel Juneau-Katsuya, a former senior officer with the Canadian Security Intelligence Service, said the spy agency also determined that Nortel had been targeted. “We knew it was well penetrated,” he told the Citizen. “When I was the Chief of Asia-Pacific we warned Nortel.”
But Julie Di Mambro, spokeswoman for Defence Minister Rob Nicholson, said Tuesday the government has now received assurances from DND. “Security officials have assured us that they have not discovered any bugs or listening devices,” she noted in an email. “Our government continues to be vigilant when it comes to maintaining the security of information and personnel.”
No further details were provided.
The purchase and refit of the Nortel campus has emerged as a political issue, with opposition MPs and others questioning whether the Conservative government’s plan to spend almost $1 billion on the purchase and renovations of the site makes financial sense. Retired lieutenant-general Andrew Leslie, now an adviser for Liberal Leader Justin Trudeau, told CTV on Monday that he thought it was a bad idea to spend such a large amount of money on a new military headquarters.
The government spent $208 million to buy the property, with an additional $790 million to be spent on renovating the buildings for DND’s needs, according to a presentation made to the Senate by Treasury Board officials. The cost to prepare the site involves everything from creating new offices to installing secure computer networks.
Asked last week for details about the listening devices and whether they were still functioning, the DND responded with a statement to the Citizen that it takes security at its installations seriously. “The Department of National Defence and Canadian Armed Forces cannot provide any information regarding specific measures and tests undertaken to secure a location or facility for reasons of national security,” noted an email from DND spokeswoman Carole Brown. “The DND/CAF must maintain a safe and secure environment at all of its facilities, in order to maintain Canada’s security posture at home and abroad.”
In February, MacKay was also briefed about the poor state of DND security. Among the points raised in the presentation was that the Defence Department’s “security posture does not currently meet government standards,” according to documents obtained by Postmedia.
The case of Royal Canadian Navy officer Jeffrey Delisle, who spied for the Russians, was specifically mentioned on the same page as the presentation noted that “repeated audits have called for improvement, but insufficient action has occurred.” Those audits calling for improved security included reviews by internal auditors and the federal auditor general’s office.
Phil McNeely, Liberal MPP for Ottawa-Orléans, said he is concerned the government and the DND did not do its due diligence before the Nortel campus was purchased. McNeely, who opposes the DND move to Nortel, said he is worried taxpayers are “now stuck with a $208 million lemon.”
An internal security study by Nortel suggested that the hackers had been able to download research and development studies and business plans starting in 2000. The hackers also placed spyware so deep into some employee computers it escaped detection, the Wall Street Journal reported last year.
Another spy operation was launched against Nortel from the Philippines, security officials determined. That operation involved freelance computer hackers who were working for a “foreign power.”
By David Pugliese, OTTAWA CITIZEN October 1, 2013
Find this story at 1 October 2013
© Copyright (c) The Ottawa Citizen
Mysterious listening devices found at future headquarters of defence department
November 8, 2013
Former Nortel campus was subject of decade-long industrial espionage
A bird’s eye view of the former Nortel campus in Ottawa, bought by the Department of National Defence in 2010.
OTTAWA — Workers preparing the former Nortel complex as the new home for the Department of National Defence have discovered electronic eavesdropping devices, prompting new fears about the security of the facility.
It’s not clear whether the devices were recently planted or left over from an industrial espionage operation when Nortel occupied the complex.
Asked for details about the listening devices and whether they were still functioning, the DND responded with a statement to the Citizen that it takes security at its installations seriously.
The DND/CAF must maintain a safe and secure environment at all of its facilities
“The Department of National Defence and Canadian Armed Forces cannot provide any information regarding specific measures and tests undertaken to secure a location or facility for reasons of national security,” noted an email from DND spokeswoman Carole Brown. “The DND/CAF must maintain a safe and secure environment at all of its facilities, in order to maintain Canada’s security posture at home and abroad.”
Recently released DND documents, however, indicate that concerns about the security surrounding the former Nortel campus at 3500 Carling Ave. were raised last year.
A briefing document for then Defence Minister Peter MacKay warned that the public announcement the DND was moving into the complex before it could be properly secured created a major problem. “This not only raises the level of difficulty of verifying appropriate security safeguards in the future, it will probably dramatically increase security costs and cause delays to reach full operational capability,” MacKay was told in April 2012 by Canadian Forces security officers.
The briefing note was released under the Access to Information law.
Last year it was also revealed that Nortel had been the target of industrial espionage for almost a decade, with the main culprits thought to be hackers based in China. An internal security study by Nortel suggested that the hackers had been able to download research and development studies and business plans starting in 2000.
The hackers also placed spyware so deep into some employee computers it escaped detection, the Wall Street Journal reported last year.
The Conservative government has earmarked almost $1 billion for its plan to move military personnel and Department of National Defence staff to the former Nortel campus. That includes $208 million to buy the property, with an additional $790 million to be spent to renovate the buildings for DND’s needs, according to a presentation made to the Senate by Treasury Board officials. The cost to prepare the site involves everything from creating new offices to installing secure computer networks.
Recently, however, the federal government has noted it could be open to revisiting its plans to have the DND occupy the facility. Public Works has been considering whether other government departments might make their home there instead.
“Public Works and Government Services Canada is currently reviewing its plans for the renovation and future occupancy of the Carling Campus in light of the current environment of fiscal restraint to ensure that the use of the campus provides best value for taxpayers,” Brown added in her email.
The DND originally estimated the cost of preparing the Nortel site for its needs would be $633 million, according to department documents obtained by the Citizen through the Access to Information law.
Although DND is planning for the move, cabinet has not yet made the final decision authorizing the department to occupy the Nortel site.
Some have questioned the move at a time of cost-cutting, particularly since the DND will still continue to occupy key buildings such as its main headquarters, the Major-General George R. Pearkes Building on Colonel By Drive, as well as its facility on Star Top Road. The DND’s presence in the Louis St. Laurent Building, the National Printing Bureau building and the Hotel de Ville building in Gatineau will also continue.
The department has estimated it would save $50 million a year by moving many of its employees in the Ottawa area into the Nortel campus but it has not provided a breakdown on how it came up with that figure.
In justifying the move, the department noted it would save money through reduced cab fares, less need for commissionaires to guard offices and an atmosphere that allows people to work better together.
David Pugliese, Ottawa Citizen
Published: September 30, 2013, 10:38 am
Find this story at 30 September 2013
© COPYRIGHT – POSTMEDIA NEWS
China calls Australian spy HQ plans hacking claims ‘groundless’
June 20, 2013
Foreign ministry spokesman shrugs off ‘groundless accusations’ by Australian media that Chinese hackers stole Asio blueprints
China has shrugged off allegations by Australian media that Chinese hackers have stolen the blueprints for the new Australian spy headquarters.
“China pays high attention to cybersecurity issues, and is firmly apposed to all forms of hacker attacks,” foreign ministry spokesman Hong Lei said at a regular press briefing on Tuesday afternoon. “Groundless accusations will not help solve this issue.”
The response came amid separate allegations that Chinese hackers had compromised some of the US’s most advanced weapons systems designs.
According to a classified report prepared for the Pentagon, the breaches compromised more than two dozen weapon designs for highly advanced missiles, fighter jets, helicopters and combat ships, the Washington Post reported.
Designs believed to have been compromised include those for the advanced Patriot missile system, the Black Hawk helicopter, and the $1.4tn F-35 Joint Strike Fighter, the most expensive weapons system ever built.
While the Defence Science Board, a senior advisory group that prepared the report, did not explicitly accuse the Chinese of stealing the designs, “senior military and industry officials with knowledge of the breaches said the vast majority were part of a widening Chinese campaign of espionage against US defence contractors and government agencies,” the Washington Post reported.
“In many cases, [the defence contractors] don’t know they’ve been hacked until the FBI comes knocking on their door,” an unidentified senior military official told the newspaper. “This is billions of dollars of combat advantage for China. They’ve just saved themselves 25 years of research and development. It’s nuts.”
In Canberra, the Australian foreign minister, Bob Carr, said claims that Chinese hackers stole top-secret blueprints of the Australian spy agency Asio’s new headquarters would not threaten bilateral ties.
Carr refused to confirm ABC reports that the cyber-attack netted documents containing details of the building’s floor plan, communications cabling layouts, server locations and security systems.
Concern has been rising over state-sponsored hacking emanating from China, with further allegations that its cyberspies have recently obtained sensitive Australian military secrets and foreign affairs documents.
Carr said the government was “very alive” to emerging cybersecurity threats but refused to confirm the ABC’s specific claims on Tuesday.
“I won’t comment on matters of intelligence and security for the obvious reason: we don’t want to share with the world and potential aggressors what we know about what they might be doing, and how they might be doing it,” he said.
The Australian prime minister, Julia Gillard, referred in parliament on Tuesday to “these inaccurate reports” without elaborating on which elements of the reports were wrong.
George Brandis, a senator with the opposition Liberal party, said on Wednesday that he had received a confidential briefing from Asio officials and the report was accurate. The Australian newspaper reported that the plans were stolen three years ago and no longer posed a threat to the operations of Australia’s main spy agency.
The Asio building’s construction had been plagued by delays and ballooning cost, with builders blaming late changes made to the internal design in response to cyber-attacks.
Chinese telecommunications giant Huawei was last year barred from bidding for construction contracts on the national broadband network amid fears of cyber-espionage.
Jonathan Kaiman in Beijing
guardian.co.uk, Wednesday 29 May 2013 03.10 BST
Find this story at 29 May 2013
© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.
Report: Australia spy plans hacked by Chinese
June 20, 2013
ABC Television says secret data stolen in major cyber attack on foreign affairs office housing overseas spy agency.
Carr says Australia’s relationship with China will not be damaged by the hacking allegations [Getty Images]
Chinese hackers have reportedly stolen plans for a new $600m Australian spy headquarters as part of a growing wave of cyber attacks against business and military targets of the US ally.
The hackers also stole confidential information from the Department of Foreign Affairs and Trade, which houses the overseas spy agency the Australian Secret Intelligence Service, Australia’s ABC Television said late on Monday.
The ABC report, which did not name sources, said that Chinese hackers had targeted Australia-based companies more aggressively than previously thought, including steel-manufacturer Bluescope Steel, and military and civilian communications manufacturer Codan.
The influential Greens party said on Tuesday that the reported hacking was a “security blunder of epic proportions” and called for an inquiry.
“I think there can be a proper investigation, an independent investigation, into this sorry saga of the ASIO building,” Christine Milne, head of the Greens party, said.
However, the Australian government has refused to comment directly on the allegations.
Relationship ‘not damaged’
Bob Carr, Australia’s foreign minister, said that the report would not damage the country’s ties with its biggest trade partner China.
David Vaile, of the University of New South Wales, talks about the implications of the latest hacking attack.
“I won’t comment on whether the Chinese have done what is being alleged or not,” he said.
“I won’t comment on matters of intelligence and security for the obvious reason: we don’t want to share with the world and potential aggressors what we know about what they might be doing, and how they might be doing it.”
The report follows several other hacking attacks on government facilities in the past two years.
The attack through the computers of a construction contractor exposed building layouts and the location of communication and computer networks, the ABC said.
The ASIO building, being built near the location of Australia’s top-secret Defence Signals Directorate, is supposed to have some of the most sophisticated hacking defences in the country, which is part of a global electronic intelligence gathering network including the US and the UK.
But its construction had been plagued by delays and cost blowouts, with some builders blaming late changes made to the internal design in response to cyber attacks.
Australian officials, like those in the US and other Western nations, have made cyber attacks a security priority following a growing number of attacks of the resource rich country, mostly blamed on China.
Chinese telecommunications giant Huawei was barred last year from bidding for construction contracts on a new Australian high-speed broadband network amid fears of cyber espionage.
The Reserve Bank of Australia said in March that it had been targeted by cyber attacks, but no data had been lost or systems compromised amid reports that the hackers had tried to access intelligence on Group of 20 wealthy nations negotiations.
In the US, the Pentagon’s latest annual report on Chinese military developments accused China for the first time of trying to break into US defence networks, calling it “a serious concern”.
China has dismissed as groundless both the Pentagon report and a February report by the US computer security company Mandiant, which said a secretive Chinese military unit was probably behind a series of hacking attacks targeting the US that had stolen data from 100 companies.
Last Modified: 28 May 2013 06:10
Find this story at 28 May 2013
June 20, 2013
While debate rages over Australia’s border security, there’s growing evidence that the greatest threat to Australia’s national security potentially comes from foreign computer hackers. Few in government or business will admit the full extent of the break-ins, with one expert calling it a “dirty little secret”.
Next on Four Corners reporter Andrew Fowler reveals that hackers, working from locations overseas, have targeted key Federal Government departments and major corporations in Australia. Their intention is to steal national security secrets and vital business information.
In one case, an Australian company that supplies secret communications equipment used by military across the globe had its computer network hacked. It appears the hackers accessed the system holding vital design information involving a military radio system. The break-in meant secure communications used by Australia’s allies could be compromised.
Speaking with security specialists and insiders, Four Corners also details a number of specific high level break-ins involving Government departments. In each case it explains how the security system might have been breached.
A deafening silence surrounds this issue. Companies won’t speak about the break-ins because they fear it will alarm clients and shareholders. Governments refuse to speak up because inevitably they will be asked, who is doing this? The answer is uncomfortable.
A number of people, including former government advisors in cyber security, claim the digital trail leads to China. Although it’s unclear if the hackers are working for the Chinese Government, those same experts believe that any company doing significant business in China must assume it will be the target of corporate espionage.
HACKED!, reported by Andrew Fowler and presented by Kerry O’Brien, goes to air on Monday 27th May at 8.30pm on ABC1. The program is repeated on Tuesday 28th May at 11.35pm. It can also be seen on ABC News 24 on Saturday at 8.00pm, ABC iview or at abc.net.au/4corners.
By Andrew Fowler and Peter Cronau
Updated May 29, 2013 16:22:00
Find this story at 29 May 2013
© 2013 ABC
Obama orders US to draw up overseas target list for cyber-attacks
June 20, 2013
Exclusive: Top-secret directive steps up offensive cyber capabilities to ‘advance US objectives around the world’
Barack Obama has ordered his senior national security and intelligence officials to draw up a list of potential overseas targets for US cyber-attacks, a top secret presidential directive obtained by the Guardian reveals.
The 18-page Presidential Policy Directive 20, issued in October last year but never published, states that what it calls Offensive Cyber Effects Operations (OCEO) “can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging”.
It says the government will “identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power”.
The directive also contemplates the possible use of cyber actions inside the US, though it specifies that no such domestic operations can be conducted without the prior order of the president, except in cases of emergency.
The aim of the document was “to put in place tools and a framework to enable government to make decisions” on cyber actions, a senior administration official told the Guardian.
The administration published some declassified talking points from the directive in January 2013, but those did not mention the stepping up of America’s offensive capability and the drawing up of a target list.
Obama’s move to establish a potentially aggressive cyber warfare doctrine will heighten fears over the increasing militarization of the internet.
The directive’s publication comes as the president plans to confront his Chinese counterpart Xi Jinping at a summit in California on Friday over alleged Chinese attacks on western targets.
Even before the publication of the directive, Beijing had hit back against US criticism, with a senior official claiming to have “mountains of data” on American cyber-attacks he claimed were every bit as serious as those China was accused of having carried out against the US.
Presidential Policy Directive 20 defines OCEO as “operations and related programs or activities … conducted by or on behalf of the United States Government, in or through cyberspace, that are intended to enable or produce cyber effects outside United States government networks.”
Asked about the stepping up of US offensive capabilities outlined in the directive, a senior administration official said: “Once humans develop the capacity to build boats, we build navies. Once you build airplanes, we build air forces.”
The official added: “As a citizen, you expect your government to plan for scenarios. We’re very interested in having a discussion with our international partners about what the appropriate boundaries are.”
The document includes caveats and precautions stating that all US cyber operations should conform to US and international law, and that any operations “reasonably likely to result in significant consequences require specific presidential approval”.
The document says that agencies should consider the consequences of any cyber-action. They include the impact on intelligence-gathering; the risk of retaliation; the impact on the stability and security of the internet itself; the balance of political risks versus gains; and the establishment of unwelcome norms of international behaviour.
Among the possible “significant consequences” are loss of life; responsive actions against the US; damage to property; serious adverse foreign policy or economic impacts.
The US is understood to have already participated in at least one major cyber attack, the use of the Stuxnet computer worm targeted on Iranian uranium enrichment centrifuges, the legality of which has been the subject of controversy. US reports citing high-level sources within the intelligence services said the US and Israel were responsible for the worm.
In the presidential directive, the criteria for offensive cyber operations in the directive is not limited to retaliatory action but vaguely framed as advancing “US national objectives around the world”.
The revelation that the US is preparing a specific target list for offensive cyber-action is likely to reignite previously raised concerns of security researchers and academics, several of whom have warned that large-scale cyber operations could easily escalate into full-scale military conflict.
Sean Lawson, assistant professor in the department of communication at the University of Utah, argues: “When militarist cyber rhetoric results in use of offensive cyber attack it is likely that those attacks will escalate into physical, kinetic uses of force.”
An intelligence source with extensive knowledge of the National Security Agency’s systems told the Guardian the US complaints again China were hypocritical, because America had participated in offensive cyber operations and widespread hacking – breaking into foreign computer systems to mine information.
Provided anonymity to speak critically about classified practices, the source said: “We hack everyone everywhere. We like to make a distinction between us and the others. But we are in almost every country in the world.”
The US likes to haul China before the international court of public opinion for “doing what we do every day”, the source added.
One of the unclassified points released by the administration in January stated: “It is our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as preferred courses of action.”
The full classified directive repeatedly emphasizes that all cyber-operations must be conducted in accordance with US law and only as a complement to diplomatic and military options. But it also makes clear how both offensive and defensive cyber operations are central to US strategy.
Under the heading “Policy Reviews and Preparation”, a section marked “TS/NF” – top secret/no foreign – states: “The secretary of defense, the DNI [Director of National Intelligence], and the director of the CIA … shall prepare for approval by the president through the National Security Advisor a plan that identifies potential systems, processes and infrastructure against which the United States should establish and maintain OCEO capabilities…” The deadline for the plan is six months after the approval of the directive.
The directive provides that any cyber-operations “intended or likely to produce cyber effects within the United States” require the approval of the president, except in the case of an “emergency cyber action”. When such an emergency arises, several departments, including the department of defense, are authorized to conduct such domestic operations without presidential approval.
Obama further authorized the use of offensive cyber attacks in foreign nations without their government’s consent whenever “US national interests and equities” require such nonconsensual attacks. It expressly reserves the right to use cyber tactics as part of what it calls “anticipatory action taken against imminent threats”.
The directive makes multiple references to the use of offensive cyber attacks by the US military. It states several times that cyber operations are to be used only in conjunction with other national tools and within the confines of law.
When the directive was first reported, lawyers with the Electronic Privacy Information Center filed a Freedom of Information Act request for it to be made public. The NSA, in a statement, refused to disclose the directive on the ground that it was classified.
In January, the Pentagon announced a major expansion of its Cyber Command Unit, under the command of General Keith Alexander, who is also the director of the NSA. That unit is responsible for executing both offensive and defensive cyber operations.
Earlier this year, the Pentagon publicly accused China for the first time of being behind attacks on the US. The Washington Post reported last month that Chinese hackers had gained access to the Pentagon’s most advanced military programs.
The director of national intelligence, James Clapper, identified cyber threats in general as the top national security threat.
Obama officials have repeatedly cited the threat of cyber-attacks to advocate new legislation that would vest the US government with greater powers to monitor and control the internet as a means of guarding against such threats.
One such bill currently pending in Congress, the Cyber Intelligence Sharing and Protection Act (Cispa), has prompted serious concerns from privacy groups, who say that it would further erode online privacy while doing little to enhance cyber security.
In a statement, Caitlin Hayden, national security council spokeswoman, said: “We have not seen the document the Guardian has obtained, as they did not share it with us. However, as we have already publicly acknowledged, last year the president signed a classified presidential directive relating to cyber operations, updating a similar directive dating back to 2004. This step is part of the administration’s focus on cybersecurity as a top priority. The cyber threat has evolved, and we have new experiences to take into account.
“This directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the full array of national security tools we have at our disposal. It provides a whole-of-government approach consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace.
“This directive will establish principles and processes that can enable more effective planning, development, and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action. The procedures outlined in this directive are consistent with the US Constitution, including the president’s role as commander in chief, and other applicable law and policies.”
Glenn Greenwald and Ewen MacAskill
guardian.co.uk, Friday 7 June 2013 20.06 BST
Find this story at 7 June 2013
© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.
Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies
June 20, 2013
Designs for many of the nation’s most sensitive advanced weapons systems have been compromised by Chinese hackers, according to a report prepared for the Pentagon and to officials from government and the defense industry.
Among more than two dozen major weapons systems whose designs were breached were programs critical to U.S. missile defenses and combat aircraft and ships, according to a previously undisclosed section of a confidential report prepared for Pentagon leaders by the Defense Science Board.
Experts warn that the electronic intrusions gave China access to advanced technology that could accelerate the development of its weapons systems and weaken the U.S. military advantage in a future conflict.
The Defense Science Board, a senior advisory group made up of government and civilian experts, did not accuse the Chinese of stealing the designs. But senior military and industry officials with knowledge of the breaches said the vast majority were part of a widening Chinese campaign of espionage against U.S. defense contractors and government agencies.
The significance and extent of the targets help explain why the Obama administration has escalated its warnings to the Chinese government to stop what Washington sees as rampant cybertheft.
In January, the advisory panel warned in the public version of its report that the Pentagon is unprepared to counter a full-scale cyber-conflict. The list of compromised weapons designs is contained in a confidential version, and it was provided to The Washington Post.
Some of the weapons form the backbone of the Pentagon’s regional missile defense for Asia, Europe and the Persian Gulf. The designs included those for the advanced Patriot missile system, known as PAC-3; an Army system for shooting down ballistic missiles, known as the Terminal High Altitude Area Defense, or THAAD; and the Navy’s Aegis ballistic-missile defense system.
Also identified in the report are vital combat aircraft and ships, including the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the Navy’s new Littoral Combat Ship, which is designed to patrol waters close to shore.
Also on the list is the most expensive weapons system ever built — the F-35 Joint Strike Fighter, which is on track to cost about $1.4 trillion. The 2007 hack of that project was reported previously.
China, which is pursuing a comprehensive long-term strategy to modernize its military, is investing in ways to overcome the U.S. military advantage — and cyber-espionage is seen as a key tool in that effort, the Pentagon noted this month in a report to Congress on China. For the first time, the Pentagon specifically named the Chinese government and military as the culprit behind intrusions into government and other computer systems.
As the threat from Chinese cyber-espionage has grown, the administration has become more public with its concerns. In a speech in March, Thomas Donilon, the national security adviser to President Obama, urged China to control its cyber-activity. In its public criticism, the administration has avoided identifying the specific targets of hacking.
But U.S. officials said several examples were raised privately with senior Chinese government representatives in a four-hour meeting a year ago. The officials, who spoke on the condition of anonymity to describe a closed meeting, said senior U.S. defense and diplomatic officials presented the Chinese with case studies detailing the evidence of major intrusions into U.S. companies, including defense contractors.
In addition, a recent classified National Intelligence Estimate on economic cyber-espionage concluded that China was by far the most active country in stealing intellectual property from U.S. companies.
The Chinese government insists that it does not conduct cyber-
espionage on U.S. agencies or companies, and government spokesmen often complain that Beijing is a victim of U.S. cyberattacks.
Obama is expected to raise the issue when he meets with Chinese President Xi Jinping next month in California.
A spokesman for the Pentagon declined to discuss the list from the science board’s report. But the spokesman, who was not authorized to speak on the record, said in an e-mail, “The Department of Defense has growing concerns about the global threat to economic and national security from persistent cyber-intrusions aimed at the theft of intellectual property, trade secrets and commercial data, which threatens the competitive edge of U.S. businesses like those in the Defense Industrial Base.”
The confidential list of compromised weapons system designs and technologies represents the clearest look at what the Chinese are suspected of targeting. When the list was read to independent defense experts, they said they were shocked by the extent of the cyber-espionage and the potential for compromising U.S. defenses.
“That’s staggering,” said Mark Stokes, executive director of the Project 2049 Institute, a think tank that focuses on Asia security issues. “These are all very critical weapons systems, critical to our national security. When I hear this in totality, it’s breathtaking.”
The experts said the cybertheft creates three major problems. First, access to advanced U.S. designs gives China an immediate operational edge that could be exploited in a conflict. Second, it accelerates China’s acquisition of advanced military technology and saves billions in development costs. And third, the U.S. designs can be used to benefit China’s own defense industry. There are long-standing suspicions that China’s theft of designs for the F-35 fighter allowed Beijing to develop its version much faster.
“You’ve seen significant improvements in Chinese military capabilities through their willingness to spend, their acquisitions of advanced Russian weapons, and from their cyber-espionage campaign,” said James A. Lewis, a cyber-policy expert at the Center for Strategic and International Studies. “Ten years ago, I used to call the PLA [People’s Liberation Army] the world’s largest open-air military museum. I can’t say that now.”
The public version of the science board report noted that such cyber-espionage and cyber-sabotage could impose “severe consequences for U.S. forces engaged in combat.” Those consequences could include severed communication links critical to the operation of U.S. forces. Data corruption could misdirect U.S. operations. Weapons could fail to operate as intended. Planes, satellites or drones could crash, the report said.
In other words, Stokes said, “if they have a better sense of a THAAD design or PAC-3 design, then that increases the potential of their ballistic missiles being able to penetrate our or our allies’ missile defenses.”
Winslow T. Wheeler, director of the Straus Military Reform Project at the Project on Government Oversight, made a similar point. “If they got into the combat systems, it enables them to understand it to be able to jam it or otherwise disable it,” he said. “If they’ve got into the basic algorithms for the missile and how they behave, somebody better get out a clean piece of paper and start to design all over again.”
The list did not describe the extent or timing of the penetrations. Nor did it say whether the theft occurred through the computer networks of the U.S. government, defense contractors or subcontractors.
Privately, U.S. officials say that senior Pentagon officials are frustrated by the scale of cybertheft from defense contractors, who routinely handle sensitive classified data. The officials said concerns have been expressed by Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, and Adm. James A. Winnefeld Jr., the vice chairman, as well as Gen. Keith Alexander, director of the National Security Agency.
“In many cases, they don’t know they’ve been hacked until the FBI comes knocking on their door,” said a senior military official who was not authorized to speak on the record. “This is billions of dollars of combat advantage for China. They’ve just saved themselves 25 years of research and development. It’s nuts.”
In an attempt to combat the problem, the Pentagon launched a pilot program two years ago to help the defense industry shore up its computer defenses, allowing the companies to use classified threat data from the National Security Agency to screen their networks for malware. The Chinese began to focus on subcontractors, and now the government is in the process of expanding the sharing of threat data to more defense contractors and other industries.
An effort to change defense contracting rules to require companies to secure their networks or risk losing Pentagon business stalled last year. But the 2013 Defense Authorization Act has a provision that requires defense contractors holding classified clearances to report intrusions into their networks and allow access to government investigators to analyze the breach.
The systems on the science board’s list are built by a variety of top defense contractors, including Boeing, Lockheed Martin, Raytheon and Northrop Grumman. None of the companies would comment about whether their systems have been breached.
But Northrop Grumman spokesman Randy Belote acknowledged the company “is experiencing greater numbers of attempts to penetrate its computer networks” and said the firm is “vigilant” about protecting its networks.
A Lockheed Martin official said the firm is “spending more time helping deal with attacks on the supply chain” of partners, subcontractors and suppliers than dealing with attacks directly against the company. “For now, our defenses are strong enough to counter the threat, and many attackers know that, so they go after suppliers. But of course they are always trying to develop new ways to attack.”
The Defense Science Board report also listed broad technologies that have been compromised, such as drone video systems, nanotechnology, tactical data links and electronic warfare systems — all areas where the Pentagon and Chinese military are investing heavily.
“Put all that together — the design compromises and the technology theft — and it’s pretty significant,” Stokes said.
By Ellen Nakashima, Published: May 28
Find this story at 28 May 2013
© The Washington Post Company
Inside the NSA’s Ultra-Secret China Hacking Group Deep within the National Security Agency, an elite, rarely discussed team of hackers and spies is targeting America’s enemies abroad.
June 20, 2013
This weekend, U.S. President Barack Obama sat down for a series of meetings with China’s newly appointed leader, Xi Jinping. We know that the two leaders spoke at length about the topic du jour — cyber-espionage — a subject that has long frustrated officials in Washington and is now front and center with the revelations of sweeping U.S. data mining. The media has focused at length on China’s aggressive attempts to electronically steal U.S. military and commercial secrets, but Xi pushed back at the “shirt-sleeves” summit, noting that China, too, was the recipient of cyber-espionage. But what Obama probably neglected to mention is that he has his own hacker army, and it has burrowed its way deep, deep into China’s networks.
When the agenda for the meeting at the Sunnylands estate outside Palm Springs, California, was agreed to several months ago, both parties agreed that it would be a nice opportunity for President Xi, who assumed his post in March, to discuss a wide range of security and economic issues of concern to both countries. According to diplomatic sources, the issue of cybersecurity was not one of the key topics to be discussed at the summit. Sino-American economic relations, climate change, and the growing threat posed by North Korea were supposed to dominate the discussions.
Then, two weeks ago, White House officials leaked to the press that Obama intended to raise privately with Xi the highly contentious issue of China’s widespread use of computer hacking to steal U.S. government, military, and commercial secrets. According to a Chinese diplomat in Washington who spoke in confidence, Beijing was furious about the sudden elevation of cybersecurity and Chinese espionage on the meeting’s agenda. According to a diplomatic source in Washington, the Chinese government was even angrier that the White House leaked the new agenda item to the press before Washington bothered to tell Beijing about it.
So the Chinese began to hit back. Senior Chinese officials have publicly accused the U.S. government of hypocrisy and have alleged that Washington is also actively engaged in cyber-espionage. When the latest allegation of Chinese cyber-espionage was leveled in late May in a front-page Washington Post article, which alleged that hackers employed by the Chinese military had stolen the blueprints of over three dozen American weapons systems, the Chinese government’s top Internet official, Huang Chengqing, shot back that Beijing possessed “mountains of data” showing that the United States has engaged in widespread hacking designed to steal Chinese government secrets. This weekend’s revelations about the National Security Agency’s PRISM and Verizon metadata collection from a 29-year-old former CIA undercover operative named Edward J. Snowden, who is now living in Hong Kong, only add fuel to Beijing’s position.
But Washington never publicly responded to Huang’s allegation, and nobody in the U.S. media seems to have bothered to ask the White House if there is a modicum of truth to the Chinese charges.
It turns out that the Chinese government’s allegations are essentially correct. According to a number of confidential sources, a highly secretive unit of the National Security Agency (NSA), the U.S. government’s huge electronic eavesdropping organization, called the Office of Tailored Access Operations, or TAO, has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People’s Republic of China.
Hidden away inside the massive NSA headquarters complex at Fort Meade, Maryland, in a large suite of offices segregated from the rest of the agency, TAO is a mystery to many NSA employees. Relatively few NSA officials have complete access to information about TAO because of the extraordinary sensitivity of its operations, and it requires a special security clearance to gain access to the unit’s work spaces inside the NSA operations complex. The door leading to its ultramodern operations center is protected by armed guards, an imposing steel door that can only be entered by entering the correct six-digit code into a keypad, and a retinal scanner to ensure that only those individuals specially cleared for access get through the door.
According to former NSA officials interviewed for this article, TAO’s mission is simple. It collects intelligence information on foreign targets by surreptitiously hacking into their computers and telecommunications systems, cracking passwords, compromising the computer security systems protecting the targeted computer, stealing the data stored on computer hard drives, and then copying all the messages and data traffic passing within the targeted email and text-messaging systems. The technical term of art used by NSA to describe these operations is computer network exploitation (CNE).
TAO is also responsible for developing the information that would allow the United States to destroy or damage foreign computer and telecommunications systems with a cyberattack if so directed by the president. The organization responsible for conducting such a cyberattack is U.S. Cyber Command (Cybercom), whose headquarters is located at Fort Meade and whose chief is the director of the NSA, Gen. Keith Alexander.
Commanded since April of this year by Robert Joyce, who formerly was the deputy director of the NSA’s Information Assurance Directorate (responsible for protecting the U.S. government’s communications and computer systems), TAO, sources say, is now the largest and arguably the most important component of the NSA’s huge Signal Intelligence (SIGINT) Directorate, consisting of over 1,000 military and civilian computer hackers, intelligence analysts, targeting specialists, computer hardware and software designers, and electrical engineers.
The sanctum sanctorum of TAO is its ultramodern operations center at Fort Meade called the Remote Operations Center (ROC), which is where the unit’s 600 or so military and civilian computer hackers (they themselves CNE operators) work in rotating shifts 24 hours a day, seven days a week.
These operators spend their days (or nights) searching the ether for computers systems and supporting telecommunications networks being utilized by, for example, foreign terrorists to pass messages to their members or sympathizers. Once these computers have been identified and located, the computer hackers working in the ROC break into the targeted computer systems electronically using special software designed by TAO’s own corps of software designers and engineers specifically for this purpose, download the contents of the computers’ hard drives, and place software implants or other devices called “buggies” inside the computers’ operating systems, which allows TAO intercept operators at Fort Meade to continuously monitor the email and/or text-messaging traffic coming in and out of the computers or hand-held devices.
TAO’s work would not be possible without the team of gifted computer scientists and software engineers belonging to the Data Network Technologies Branch, who develop the sophisticated computer software that allows the unit’s operators to perform their intelligence collection mission. A separate unit within TAO called the Telecommunications Network Technologies Branch (TNT) develops the techniques that allow TAO’s hackers to covertly gain access to targeted computer systems and telecommunications networks without being detected. Meanwhile, TAO’s Mission Infrastructure Technologies Branch develops and builds the sensitive computer and telecommunications monitoring hardware and support infrastructure that keeps the effort up and running.
TAO even has its own small clandestine intelligence-gathering unit called the Access Technologies Operations Branch, which includes personnel seconded by the CIA and the FBI, who perform what are described as “off-net operations,” which is a polite way of saying that they arrange for CIA agents to surreptitiously plant eavesdropping devices on computers and/or telecommunications systems overseas so that TAO’s hackers can remotely access them from Fort Meade.
It is important to note that TAO is not supposed to work against domestic targets in the United States or its possessions. This is the responsibility of the FBI, which is the sole U.S. intelligence agency chartered for domestic telecommunications surveillance. But in light of information about wider NSA snooping, one has to prudently be concerned about whether TAO is able to perform its mission of collecting foreign intelligence without accessing communications originating in or transiting through the United States.
Since its creation in 1997, TAO has garnered a reputation for producing some of the best intelligence available to the U.S. intelligence community not only about China, but also on foreign terrorist groups, espionage activities being conducted against the United States by foreign governments, ballistic missile and weapons of mass destruction developments around the globe, and the latest political, military, and economic developments around the globe.
According to a former NSA official, by 2007 TAO’s 600 intercept operators were secretly tapping into thousands of foreign computer systems and accessing password-protected computer hard drives and emails of targets around the world. As detailed in my 2009 history of NSA, The Secret Sentry, this highly classified intercept program, known at the time as Stumpcursor, proved to be critically important during the U.S. Army’s 2007 “surge” in Iraq, where it was credited with single-handedly identifying and locating over 100 Iraqi and al Qaeda insurgent cells in and around Baghdad. That same year, sources report that TAO was given an award for producing particularly important intelligence information about whether Iran was trying to build an atomic bomb.
By the time Obama became president of the United States in January 2009, TAO had become something akin to the wunderkind of the U.S. intelligence community. “It’s become an industry unto itself,” a former NSA official said of TAO at the time. “They go places and get things that nobody else in the IC [intelligence community] can.”
Given the nature and extraordinary political sensitivity of its work, it will come as no surprise that TAO has always been, and remains, extraordinarily publicity shy. Everything about TAO is classified top secret codeword, even within the hypersecretive NSA. Its name has appeared in print only a few times over the past decade, and the handful of reporters who have dared inquire about it have been politely but very firmly warned by senior U.S. intelligence officials not to describe its work for fear that it might compromise its ongoing efforts. According to a senior U.S. defense official who is familiar with TAO’s work, “The agency believes that the less people know about them [TAO] the better.”
The word among NSA officials is that if you want to get promoted or recognized, get a transfer to TAO as soon as you can. The current head of the NSA’s SIGINT Directorate, Teresa Shea, 54, got her current job in large part because of the work she did as chief of TAO in the years after the 9/11 terrorist attacks, when the unit earned plaudits for its ability to collect extremely hard-to-come-by information during the latter part of George W. Bush’s administration. We do not know what the information was, but sources suggest that it must have been pretty important to propel Shea to her position today. But according to a recently retired NSA official, TAO “is the place to be right now.”
There’s no question that TAO has continued to grow in size and importance since Obama took office in 2009, which is indicative of its outsized role. In recent years, TAO’s collection operations have expanded from Fort Meade to some of the agency’s most important listening posts in the United States. There are now mini-TAO units operating at the huge NSA SIGINT intercept and processing centers at NSA Hawaii at Wahiawa on the island of Oahu; NSA Georgia at Fort Gordon, Georgia; and NSA Texas at the Medina Annex outside San Antonio, Texas; and within the huge NSA listening post at Buckley Air Force Base outside Denver.
The problem is that TAO has become so large and produces so much valuable intelligence information that it has become virtually impossible to hide it anymore. The Chinese government is certainly aware of TAO’s activities. The “mountains of data” statement by China’s top Internet official, Huang Chengqing, is clearly an implied threat by Beijing to release this data. Thus it is unlikely that President Obama pressed President Xi too hard at the Sunnydale summit on the question of China’s cyber-espionage activities. As any high-stakes poker player knows, you can only press your luck so far when the guy on the other side of the table knows what cards you have in your hand.
Save big when you subscribe to FP.
THOMAS SAMSON/AFP/Getty Images
Matthew M. Aid is the author of Intel Wars: The Secret History of the Fight Against Terror and The Secret Sentry: The Untold History of the National Security Agency, and is co-editor with Cees Wiebes of Secrets of Signals Intelligence During the Cold War and Beyond.
Foreign Policy Magazine
Thursday, June 20, 2013
BY MATTHEW M. AID | JUNE 10, 2013
Find this story at 10 June 2013
©2013 The Foreign Policy Group, LLC.
China has ‘mountains of data’ about U.S. cyber attacks: official
June 20, 2013
(Reuters) – China’s top Internet security official says he has “mountains of data” pointing to extensive U.S. hacking aimed at China, but it would be irresponsible to blame Washington for such attacks, and called for greater cooperation to fight hacking.
Cyber security is a major concern for the U.S. government and is expected to be at the top of the agenda when President Barack Obama meets with Chinese President Xi Jinping in California on Thursday and Friday.
Obama will tell Xi that Washington considers Beijing responsible for any cyber attacks launched from Chinese soil and must take action to curb high-tech spying, White House officials said on Tuesday.
China’s Internet security chief complained that Washington used the news media to raise cyber security concerns which would be better settled through communication, not confrontation.
“We have mountains of data, if we wanted to accuse the U.S., but it’s not helpful in solving the problem,” said Huang Chengqing, director of the National Computer Network Emergency Response Technical Team/Coordination Center of China, known as CNCERT.
“They advocated cases that they never let us know about,” Huang said in comments on Tuesday and carried by the government-run China Daily newspaper on Wednesday.
“Some cases can be addressed if they had talked to us, why not let us know? It is not a constructive train of thought to solve problems.”
CNCERT has instead co-operated with the United States, receiving 32 Internet security cases from the United States in the first four months of 2013, and handling most promptly, except for a few that lacked sufficient proof, Huang said.
Designs for more than two dozen major U.S. weapons systems have been compromised by Chinese hackers, the Washington Post reported late last month.
The compromised designs included combat aircraft and ships, as well as missile defense systems vital for Europe, Asia and the Gulf, the newspaper said, citing a report prepared for the U.S. Defense Department by the Defense Science Board.
Huang did not deny the report, but suggested that if the U.S. government wants to keep weapons programs secure, it should not allow them to be accessed online.
“Even following the general principle of secret-keeping, it should not have been linked to the Internet,” Huang said.
Cyber attacks from the United States have been as serious as the accusations from Washington, Huang said
CNCERT, which issues a weekly report on cyber attacks against China, says that 4,062 U.S.-based computer servers hijacked 2.91 million mainframe computers in China.
(Reporting by Terril Yue Jones; Editing by Michael Perry)
BEIJING | Wed Jun 5, 2013 12:24am EDT
Find this story at 5 June 2013
© Thomson Reuters
NSA hacks China, leaker Snowden claims<< oudere artikelen
June 20, 2013
Hong Kong (CNN) — U.S. intelligence agents have been hacking computer networks around the world for years, apparently targeting fat data pipes that push immense amounts of data around the Internet, NSA leaker Edward Snowden told the South China Morning Post on Wednesday.
Among some 61,000 reported targets of the National Security Agency, Snowden said, are hundreds of computers in China — which U.S. officials have increasingly criticized as the source of thousands of attacks on U.S. military and commercial networks. China has denied such attacks.
The Morning Post said it had seen documents provided by Snowden but was unable to verify their authenticity. The English-language news agency, which operates in Hong Kong, also said it was unable to independently verify allegations of U.S. hacking of networks in Hong Kong and mainland China since 2009.
Snowden told the paper that some of the targets included the Chinese University of Hong Kong, public officials and students. The documents also “point to hacking activity by the NSA against mainland targets,” the newspaper reported.
The claims came just days after U.S. President Barack Obama pressed Chinese President Xi Jinping to address cyberattacks emanating from China that Obama described as “direct theft of United States property.”
Snowden’s allegations appear to give weight to claims by some Chinese government officials that the country has been a victim of similar hacking efforts coming from the United States.
His claims came as Gen. Keith Alexander, the National Security Agency chief, testified at a U.S. Senate hearing that the country’s cyberinfrastructure, including telephones and computer networks, is somewhat vulnerable to attack.
On a scale of one to 10, “our critical infrastructure’s preparedness to withstand a destructive cyberattack is about a three, based on my experience,” he said.
In the Morning Post interview — published one week after the British newspaper The Guardian revealed the first leaks attributed to Snowden — he claimed the agency he once worked for as a contractor typically targets high-bandwidth data lines that connect Internet nodes located around the world.
“We hack network backbones — like huge Internet routers, basically — that give us access to the communications of hundreds of thousands of computers without having to hack every single one,” the newspaper quoted him as saying.
A “backbone” is part of the inner workings of a computer network that links different parts of that network. It is used to deliver data from one part of the network to another and, as such, could expose data from multiple computers if hacked.
‘Trying to bully’
Snowden, 29, worked for the Booz Allen Hamilton computer consulting firm until Monday, when he was fired after documents he provided to journalists revealed the existence of secret programs to collect records of domestic telephone calls in the United States and the Internet activity of overseas residents.
While he has not been charged, the FBI is conducting an investigation into the leaks, and he has told The Guardian that he expects the United States will try to prosecute him.
Snowden told the Morning Post that he felt U.S. officials were pressuring his family and also accused them of “trying to bully” Hong Kong into extraditing him to prevent the release of more damaging information.
He vowed to resist extradition efforts if it comes to that, saying he “would rather stay and fight the United States government in the courts, because I have faith in Hong Kong’s rule of law.”
“My intention is to ask the courts and people of Hong Kong to decide my fate,” the South China Morning Post quoted Snowden as saying. “I have been given no reason to doubt your system.”
But Hong Kong lawmaker Regina Ip, a former secretary of security for the territory, said Tuesday that while any extradition process could take months, Snowden isn’t necessarily beyond the reach of the United States.
“If he thought there was a legal vacuum in Hong Kong which renders him safe from U.S. jurisdiction, that is unlikely to be the case,” she said.
The newspaper said Snowden has been hiding in undisclosed locations inside the semi-autonomous Chinese territory since checking out of his hotel room Monday — a day after he revealed his identity in an interview with The Guardian.
Snowden told the Morning Post he is not trying to evade U.S. authorities.
“People who think I made a mistake in picking Hong Kong as a location misunderstand my intentions,” the newspaper quoted him as saying. “I am not here to hide from justice; I am here to reveal criminality.”
The NSA and the National Intelligence director did not immediately respond to a CNN request for comment.
Asked during a media briefing on Wednesday for comment on Snowden’s latest claims, U.S. State Department spokeswoman Jennifer Psaki declined. She said she had not seen the latest Morning Post report.
On the defensive
The revelations have renewed debate over surveillance in the United States and overseas in the name of fighting terrorism, with supporters saying the programs revealed by Snowden are legal and have helped stop terror plots. Civil liberties advocates, however, call the measures dangerous and unacceptable intrusions.
Such criticisms have put Obama and his allies on the issue — both Democrats and Republicans — on the defensive against mounting criticisms from a similarly bipartisan group of critics demanding changes to rein in the programs.
There also is a sharp division among Americans over the issue.
A Gallup poll released Wednesday found that 44% of Americans believe Snowden did the right thing by releasing details about the classified surveillance programs, while 42% said it was wrong and 14% said they were unsure.
The poll for that question had a 6% margin of error.
It also found that more Americans disapprove than approve of the government’s surveillance programs, 53% to 37%. Ten percent had no opinion.
The poll for that question had a 4% margin of error.
Those differences were on display Wednesday when Alexander, the director of the National Security Agency, testified at a hearing into cybersecurity technology and civil liberties.
Officials have been unable to explain controversial data mining programs because they have been classified, Alexander testified.
But Alexander rejected the Snowden’s claim that the NSA could tap into any American’s phone or computer.
“I know of no way to do that,” Alexander said.
But he testified that phone records obtained by the government helped prevent “dozens” of terrorist events.
He would not discuss disrupted plots broadly, saying they were classified. But he did say federal data mining appeared to play a role in helping to disrupt a plot in recent years to attack the New York subway system.
Alexander said information developed overseas was passed along to the FBI, which he said was able to identify eventual suspect Najibullah Zazi in Colorado and ultimately uncover a plot. Zazi pleaded guilty to terror-related charges in 2010.
While not on the roster for Wednesday’s hearing, another administration official in the spotlight is Director of National Intelligence James Clapper, whom Democratic Sen. Ron Wyden has singled out for how he answered questions about the telephone surveillance program in March.
In March, Wyden asked Clapper whether the NSA collects “any type of data at all on millions or hundreds of millions of Americans?”
“No sir,” Clapper said.
On Saturday, Clapper told NBC News that he answered in the “most truthful or least most untruthful manner” possible.
Clapper told NBC that he had interpreted “collection” to mean actually examining the materials gathered by the NSA.
He previously told the National Journal he had meant that “the NSA does not voyeuristically pore through U.S. citizens’ e-mails,” but he did not mention e-mails at the hearing.
NSA leaker’s girlfriend says she’s ‘lost at sea’
Fallout over revelations about the NSA’s intelligence-gathering has reached the European Union’s governing body, where Vice President Viviane Reding raised concerns that the United States may have targeted some of its citizens.
Reding said she plans to raise the issue during a meeting Friday with U.S. Attorney General Eric Holder.
“The respect for fundamental rights and the rule of law are the foundations of the EU-U.S. relationship. This common understanding has been, and must remain, the basis of cooperation between us in the area of Justice,” Reding, the EU commissioner for justice, said Wednesday.
“Trust that the rule of law will be respected is also essential to the stability and growth of the digital economy, including transatlantic business. This is of paramount importance for individuals and companies alike.”
CNN’s Jethro Mullen reported and wrote from Hong Kong, and Chelsea J. Carter reported and wrote from Atlanta. CNN’s Paul Steinhauser, Tom Cohen, Michael Pearson, Doug Gross, Shirley Henry, Brian Walker and Pamela Boykoff contributed to this report.
By Jethro Mullen and Chelsea J. Carter, CNN
June 13, 2013 — Updated 0932 GMT (1732 HKT)
Find this story at 13 June 2013
© 2013 Cable News Network