Killing C.I.A. Informants, China Crippled U.S. Spying Operations

An honor guard outside the Great Hall of the People in Beijing last month. The Chinese government killed or imprisoned 18 to 20 C.I.A sources from 2010 through 2012. Credit Wang Zhao/Agence France-Presse — Getty Images

 

WASHINGTON — The Chinese government systematically dismantled C.I.A. spying operations in the country starting in 2010, killing or imprisoning more than a dozen sources over two years and crippling intelligence gathering there for years afterward.

Current and former American officials described the intelligence breach as one of the worst in decades. It set off a scramble in Washington’s intelligence and law enforcement agencies to contain the fallout, but investigators were bitterly divided over the cause. Some were convinced that a mole within the C.I.A. had betrayed the United States. Others believed that the Chinese had hacked the covert system the C.I.A. used to communicate with its foreign sources. Years later, that debate remains unresolved.

But there was no disagreement about the damage. From the final weeks of 2010 through the end of 2012, according to former American officials, the Chinese killed at least a dozen of the C.I.A.’s sources. According to three of the officials, one was shot in front of his colleagues in the courtyard of a government building — a message to others who might have been working for the C.I.A. Continue reading →

PLA’s hacking hotel

American military intelligence has identified a hotel complex that is serving as an ersatz headquarters for a Chinese military hacking unit. China is basically hiding its operations cyberattack units in plain sight.

 

U.S. military intelligence has identified a headquarters for a Chinese military hacking unit — inside two Beijing hotels.

According to an open-source intelligence report produced by the Army’s Asian Studies Detachment, “the Headquarters/Jintang and Seasons Hotel appear to be located in the same or at least adjacent buildings, both of which are, according to available information, owned by or connected to the People’s Liberation Army 4th Department.”

The Fourth Department, known as 4PLA, until recently was part of the military’s General Staff Department and is also known as the Electronic Countermeasures and Radar Department. The unit was reorganized into a new PLA service called the Strategic Support Force. The roll of the department is to conduct offensive electronic warfare and information warfare, including offensive cyberattacks. Continue reading →

Asia Times: Chinese Espionage and Intelligence Activities at All Time High, Experts Say

The US announced criminal charges in 2014 against five Chinese army hackers for stealing trade secrets from American companies

 

Chinese intelligence operations worldwide to steal important information both through human agents and cyber attacks are a growing threat, according to experts who testified at a US congressional commission last week.

Beijing’s spies, operating through the civilian Ministry of State Security and People’s Liberation Army Intelligence Bureau (IB), have scored impressive gains against the United States in particular, where economic espionage — the theft of trade secrets and high technology — remains at unprecedented levels.

Technology espionage by China was highlighted by the conviction in California last week of Wenxia Man of San Diego who was convicted of illegally conspiring to export fighter jet engines and an unmanned aerial vehicle to China. Continue reading →

The Cyber Threat: Government Debates Cyber Counterattacks as Chinese Attacks Continue Unabated

Recent talks with Chinese delegation achieve little progress

China’s aggressive cyber espionage and military reconnaissance operations against both U.S. government and private networks show no sign of abating under the Obama administration’s policy of holding talks and threatening but not taking punitive action.

Typical of the administration’s approach has been the seemingly endless series of high-level meetings with Chinese officials, such as talks held last week in Washington to discuss “norms” of behavior in cyberspace.

For at least the past five years, President Obama and the White House have ignored appeals from security and military officials, as well as from Congress and the private sector, to show greater resolve and take some type of action against the Chinese, lest the country’s technology wealth be drained empty. Continue reading →

U.S. government worse than all major industries on cyber security: report

WASHINGTON (Reuters) – U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released Thursday.

The analysis, from venture-backed security risk benchmarking startup SecurityScorecard, measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords and susceptibility to social engineering, such as an employee using corporate account information on a public social network. Continue reading →

Chinese, Others Hack Interior Data 19 Times

Foreign intelligence agents and other hackers attacked Interior Department networks 19 times in recent years, before walking away from keyboards with unknown amounts of stolen data, according to agency inspectors.

The incidents are unrelated to a previously disclosed assault on Interior networks connected to Office of Personnel Management systems, the agency says. That high-profile campaign seized from the U.S. government 21.5 million confidential records on national security personnel and their family members. Continue reading →

U.S. counterintelligence chief skeptical China has curbed spying on U.S.

U.S. counterintelligence chief Bill Evanina said on Wednesday he was skeptical China had followed through on recent promises to curb spying on the United States.

Evanina told a briefing that he had seen “no indication” from the U.S. private sector “that anything has changed” in the extent of Chinese espionage on the United States. Continue reading →

CIA pulled officers from Beijing after massive cybertheft of US federal personnel records

The CIA pulled a number of officers from the US Embassy in Beijing as a precautionary measure following the massive online theft of personal data of federal employees, current and former US officials said.

The move is a concrete impact of the breach, one of two major hacks into Office of Personnel Management computers that were disclosed earlier this year. Officials have privately attributed the hacks to the Chinese government.

The theft of documents has been characterised by senior US officials as political espionage intended to identify spies and people who might be recruited as spies or blackmailed to provide useful information.

Because the OPM records contained the background checks of State Department employees, officials privately said the Chinese could have compared those records with the list of embassy personnel. Anybody not on that list could be a CIA officer. Continue reading →

U.S., China Agree Not to Conduct, Support Cyber Theft

The only reason that the U.S. would make a deal with China is that China now does a better job at cyberwarfare and has the upper hand, thanks to years of Obama’s dismantling of America. What’s more, everyone knows China isn’t going to stick to the agreement and continue operations. This capitulation signals America is losing its edge.

 

U.S. President Barack Obama and his Chinese counterpart Xi Jinping have agreed that neither country’s government will conduct or “knowingly” support cyber theft of intellectual property or commercial trade secrets, an issue that has been a source of tensions.

“I indicated it [cyber theft] has to stop.” Obama said at a joint news conference after private talks with Xi at the White House Friday. “This is progress, but I have to insist that our work is not yet done.” Continue reading →

Office of Personnel Mgmt: 5.6M estimated to have fingerprints stolen in breach

The Office of Personnel Management announced Wednesday that 5.6 million people are now estimated to have had their fingerprint information stolen.

That number was originally thought to be about 1.1 million, OPM said in a statement. About 21.5 million individuals had their Social Security Numbers and other sensitive information affected by the hack.

Continue reading →

China reportedly compiling ‘Facebook’ of U.S. government employees

According to CrowdStrike founder Dmitri Alperovitch, Chinese hackers are using information gained from the breaches of the U.S. Office of Personnel Management, as well as intrusions into the Anthem and CareFirst BlueCross BlueShield health insurance networks, to build a complete profile of federal employees in what the company calls a “Facebook of Everything.”

…

As Fox News has reported, the most sensitive information stolen in the OPM breach was lifted from what is known as the Standard Form 86, or SF-86. The 127-page security clearance application is essentially a road map to your life. It contains highly detailed information on everything from where an applicant lived and worked, to personal references, family members, friends and associates, as well as drug history and intimate health information. Continue reading →

Clapper: US Must Prepare for ‘A Large, Armageddon-Scale’ Cyber Attack

Maybe one day after all these decades the government will stop saying “we must prepare” and start saying “we are preparing” or, better yet, “we are prepared.”

Every year it’s the same parroted line in a differing word order. Everyone wants to warn, and consequently tricking themselves into thinking they made an actual effort, but no one wants to take action. Action is key, not the lights and cameras.

But maybe one day, after all these decades, it’ll change — maybe.

 

 

Director of National Intelligence James Clapper said the U.S. must be prepared for a “large, Armageddon-scale” cyber attack during remarks Thursday at an annual conference of U.S. intelligence community members, but he said that was not likely. Continue reading →

The Next Wave of Cyberattacks Won’t Steal Data — They’ll Change It

The big attacks that have been disclosed so far in 2015 involved the theft of data, and a lot of it. Some 21 million personnel records were taken from the Office of Personnel Management, likely by China, while 4,000 records, some with “sensitive” information, were stolen from the Joint Chiefs civilian email system, a theft blamed on Russia.

But America’s top spies say the attacks that worry them don’t involve the theft of data, but the direct manipulation of it, changing perceptions of what is real and what is not.

Director of National Intelligence James Clapper spelled out his concerns in written testimony presented to the House Subcommittee on Intelligence today. Continue reading →

The Cyber Wars Begin: Obama Says US “Must Retaliate” Against China For Historic Data Breach

On Friday, we highlighted a “secret” NSA map which purports to show every Chinese cyber attack on US targets over the past five years. “The prizes that China pilfered during its ‘intrusions’ included everything from specifications for hybrid cars to formulas for pharmaceutical products to details about U.S. military and civilian air traffic control systems,” intelligence sources told NBC, who broke the story.

The release of the map marked the culmination of a cyber attack propaganda campaign which began with accusations that North Korea had attempted to sabotage Sony, reached peak absurdity when Penn State claimed Chinese spies had taken control of the campus engineering department, and turned serious when Washington blamed China for what was deemed “the largest theft of US government data ever.” “Whether all of this is cause for the Pentagon to activate the ‘offensive’ component of its brand new cyber strategy remains to be seen,” we said yesterday. Continue reading →

What Happens if There’s a Massive Data Breach in the Cloud?

If the White House can be hacked as well as other governmental agencies such as the OPM where 21 million federal employees had their information compromised (FBI/CIA, etc… included), it’s only a matter of time…

 

 

Government IT systems have taken a beating lately, with the recent Office of Personnel Management’s breach exposing some 21-plus million federal employee records being just the cherry on top of what’s been a cybersecurity sundae from hell for most agencies.

But coincidentally, none of these breaches involved cloud systems.

Federal cloud security standards, governed by the Federal Risk and Authorization Management program, have been hugely successful thus far in ensuring cloud service providers that serve government customers aren’t bringing knives to gun fights. Continue reading →