China steps up spying on U.S. military

Li Shangfu (center), who was slapped with U.S. sanctions this week for buying arms from Russia, is director of the Equipment Development Department of China’s Central Military Commission. The department announced a database that will likely benefit from China’s theft of 22.1 million records on American federal workers, including those with security clearances, from the Office of Personnel Management in 2015. (Photo by: Mark Schiefelbein/Associated Press/File)

 

China’s People’s Liberation Army (PLA) is stepping up open-source spying on the U.S. military and other foreign militaries that will utilize artificial intelligence means.

According to a procurement notice from China’s Central Military Commission, the new database is a six-month project to set up an “Open Source Intelligence Database on Foreign Militaries.”

The revealing notice was published by the commission’s PLA Equipment Development Department, whose director, Lt. Gen. Li Shangfu, was slapped with U.S. sanctions this week for buying arms from Russia.

The database will likely benefit from China’s theft of 22.1 million records on American federal workers, including those with security clearances, from the Office of Personnel Management in 2015. Chinese hackers also stole an estimated 80 million records on Americans from health care insurance giant Anthem. Continue reading →

Killing C.I.A. Informants, China Crippled U.S. Spying Operations

An honor guard outside the Great Hall of the People in Beijing last month. The Chinese government killed or imprisoned 18 to 20 C.I.A sources from 2010 through 2012. Credit Wang Zhao/Agence France-Presse — Getty Images

 

WASHINGTON — The Chinese government systematically dismantled C.I.A. spying operations in the country starting in 2010, killing or imprisoning more than a dozen sources over two years and crippling intelligence gathering there for years afterward.

Current and former American officials described the intelligence breach as one of the worst in decades. It set off a scramble in Washington’s intelligence and law enforcement agencies to contain the fallout, but investigators were bitterly divided over the cause. Some were convinced that a mole within the C.I.A. had betrayed the United States. Others believed that the Chinese had hacked the covert system the C.I.A. used to communicate with its foreign sources. Years later, that debate remains unresolved.

But there was no disagreement about the damage. From the final weeks of 2010 through the end of 2012, according to former American officials, the Chinese killed at least a dozen of the C.I.A.’s sources. According to three of the officials, one was shot in front of his colleagues in the courtyard of a government building — a message to others who might have been working for the C.I.A. Continue reading →

PLA’s hacking hotel

American military intelligence has identified a hotel complex that is serving as an ersatz headquarters for a Chinese military hacking unit. China is basically hiding its operations cyberattack units in plain sight.

 

U.S. military intelligence has identified a headquarters for a Chinese military hacking unit — inside two Beijing hotels.

According to an open-source intelligence report produced by the Army’s Asian Studies Detachment, “the Headquarters/Jintang and Seasons Hotel appear to be located in the same or at least adjacent buildings, both of which are, according to available information, owned by or connected to the People’s Liberation Army 4th Department.”

The Fourth Department, known as 4PLA, until recently was part of the military’s General Staff Department and is also known as the Electronic Countermeasures and Radar Department. The unit was reorganized into a new PLA service called the Strategic Support Force. The roll of the department is to conduct offensive electronic warfare and information warfare, including offensive cyberattacks. Continue reading →

The Cyber Threat: Government Debates Cyber Counterattacks as Chinese Attacks Continue Unabated

Recent talks with Chinese delegation achieve little progress

China’s aggressive cyber espionage and military reconnaissance operations against both U.S. government and private networks show no sign of abating under the Obama administration’s policy of holding talks and threatening but not taking punitive action.

Typical of the administration’s approach has been the seemingly endless series of high-level meetings with Chinese officials, such as talks held last week in Washington to discuss “norms” of behavior in cyberspace.

For at least the past five years, President Obama and the White House have ignored appeals from security and military officials, as well as from Congress and the private sector, to show greater resolve and take some type of action against the Chinese, lest the country’s technology wealth be drained empty. Continue reading →

FBI Warns Nation-State Cyber Attacks Are Continuing

This will continue until America is either crippled beyond repair, or until America decides to abandon its “patch and pray” reactive measures that do almost nothing against future threats, and become proactive.

 

Government and private networks hit by sophisticated cyber espionage

Foreign government hackers are continuing to target U.S. government and private sector computer networks in sophisticated cyber attacks, the FBI warned in an alert sent this week.

“Advanced Persistent Threat (APT) cyber actors continue to target sensitive information stored on U.S. commercial and government networks through cyber espionage,” the FBI said in the May 11 notice.

The term “APT actor” is a euphemism for state-sponsored or highly sophisticated cyber attackers, usually involving connections to foreign militaries or intelligence services. Continue reading →

U.S. government worse than all major industries on cyber security: report

WASHINGTON (Reuters) – U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released Thursday.

The analysis, from venture-backed security risk benchmarking startup SecurityScorecard, measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords and susceptibility to social engineering, such as an employee using corporate account information on a public social network. Continue reading →

Chinese, Others Hack Interior Data 19 Times

Foreign intelligence agents and other hackers attacked Interior Department networks 19 times in recent years, before walking away from keyboards with unknown amounts of stolen data, according to agency inspectors.

The incidents are unrelated to a previously disclosed assault on Interior networks connected to Office of Personnel Management systems, the agency says. That high-profile campaign seized from the U.S. government 21.5 million confidential records on national security personnel and their family members. Continue reading →

CIA pulled officers from Beijing after massive cybertheft of US federal personnel records

The CIA pulled a number of officers from the US Embassy in Beijing as a precautionary measure following the massive online theft of personal data of federal employees, current and former US officials said.

The move is a concrete impact of the breach, one of two major hacks into Office of Personnel Management computers that were disclosed earlier this year. Officials have privately attributed the hacks to the Chinese government.

The theft of documents has been characterised by senior US officials as political espionage intended to identify spies and people who might be recruited as spies or blackmailed to provide useful information.

Because the OPM records contained the background checks of State Department employees, officials privately said the Chinese could have compared those records with the list of embassy personnel. Anybody not on that list could be a CIA officer. Continue reading →

U.S., China Agree Not to Conduct, Support Cyber Theft

The only reason that the U.S. would make a deal with China is that China now does a better job at cyberwarfare and has the upper hand, thanks to years of Obama’s dismantling of America. What’s more, everyone knows China isn’t going to stick to the agreement and continue operations. This capitulation signals America is losing its edge.

 

U.S. President Barack Obama and his Chinese counterpart Xi Jinping have agreed that neither country’s government will conduct or “knowingly” support cyber theft of intellectual property or commercial trade secrets, an issue that has been a source of tensions.

“I indicated it [cyber theft] has to stop.” Obama said at a joint news conference after private talks with Xi at the White House Friday. “This is progress, but I have to insist that our work is not yet done.” Continue reading →

Office of Personnel Mgmt: 5.6M estimated to have fingerprints stolen in breach

The Office of Personnel Management announced Wednesday that 5.6 million people are now estimated to have had their fingerprint information stolen.

That number was originally thought to be about 1.1 million, OPM said in a statement. About 21.5 million individuals had their Social Security Numbers and other sensitive information affected by the hack.

Continue reading →

Clapper: US Must Prepare for ‘A Large, Armageddon-Scale’ Cyber Attack

Maybe one day after all these decades the government will stop saying “we must prepare” and start saying “we are preparing” or, better yet, “we are prepared.”

Every year it’s the same parroted line in a differing word order. Everyone wants to warn, and consequently tricking themselves into thinking they made an actual effort, but no one wants to take action. Action is key, not the lights and cameras.

But maybe one day, after all these decades, it’ll change — maybe.

 

 

Director of National Intelligence James Clapper said the U.S. must be prepared for a “large, Armageddon-scale” cyber attack during remarks Thursday at an annual conference of U.S. intelligence community members, but he said that was not likely. Continue reading →

The Next Wave of Cyberattacks Won’t Steal Data — They’ll Change It

The big attacks that have been disclosed so far in 2015 involved the theft of data, and a lot of it. Some 21 million personnel records were taken from the Office of Personnel Management, likely by China, while 4,000 records, some with “sensitive” information, were stolen from the Joint Chiefs civilian email system, a theft blamed on Russia.

But America’s top spies say the attacks that worry them don’t involve the theft of data, but the direct manipulation of it, changing perceptions of what is real and what is not.

Director of National Intelligence James Clapper spelled out his concerns in written testimony presented to the House Subcommittee on Intelligence today. Continue reading →

The Cyber Wars Begin: Obama Says US “Must Retaliate” Against China For Historic Data Breach

On Friday, we highlighted a “secret” NSA map which purports to show every Chinese cyber attack on US targets over the past five years. “The prizes that China pilfered during its ‘intrusions’ included everything from specifications for hybrid cars to formulas for pharmaceutical products to details about U.S. military and civilian air traffic control systems,” intelligence sources told NBC, who broke the story.

The release of the map marked the culmination of a cyber attack propaganda campaign which began with accusations that North Korea had attempted to sabotage Sony, reached peak absurdity when Penn State claimed Chinese spies had taken control of the campus engineering department, and turned serious when Washington blamed China for what was deemed “the largest theft of US government data ever.” “Whether all of this is cause for the Pentagon to activate the ‘offensive’ component of its brand new cyber strategy remains to be seen,” we said yesterday. Continue reading →

OPM Announces More Than 21 Million Affected by Second Data Breach

The federal personnel agency announced Thursday a massive hack.

More than 21 million Social Security numbers were compromised in a breach that affected a database of sensitive information on federal employees held by the Office of Personnel Management, the agency announced Thursday.

That number is in addition to the 4.2 million social security numbers that were compromised in another data breach at OPM that was made public in June.

Of the 21.5 million records that were stolen, 19.7 million belonged to individuals who had undergone background investigation, OPM said. The remaining 1.8 million records belonged to other individuals, mostly applicants’ families.

Continue reading →

Prepare for more cyber attacks on US

The “patch and pray” system within the United States has killed cyber security. Nobody is willing to commit any funds to protecting the system until something has already happened. Unless this way of thinking is changed and experts begin to go on the offense with cyber defense, America’s IT infrastructure is as good as dead.

 

Another week, another wave of cyber alarm in America. On Wednesday both the New York Stock Exchange and United Airlines suspended activity for several hours due to mysterious computing problems, while the Wall Street Journal’s website briefly went down. All three insisted that the outages reflected technical hitches, not malicious attack. But many are anxious after past assaults on mighty American companies and agencies.

In February Anthem, an insurance company, revealed that cyber hackers had stolen information on 80m customers. The Washington-based Office of Personnel Management said cyber hackers had taken data on millions of federal employees. Companies ranging from retailers to banks have been attacked, too. Continue reading →