Jan 31
Times EnemyChina, security China, insecure news
China bugs and burgles Britain
A restricted report by the security service MI5 describes how China has attacked UK companies in a concerted hacking campaign
David Leppard
From The Sunday Times January 31, 2010
THE security service MI5 has accused China of bugging and burgling UK business executives and setting up “honeytraps” in a bid to blackmail them into betraying sensitive commercial secrets.
A leaked MI5 document says that undercover intelligence officers from the People’s Liberation Army and the Ministry of Public Security have also approached UK businessmen at trade fairs and exhibitions with the offer of “gifts” and “lavish hospitality”.
The gifts — cameras and memory sticks — have been found to contain electronic Trojan bugs which provide the Chinese with remote access to users’ computers.
MI5 says the Chinese government “represents one of the most significant espionage threats to the UK” because of its use of these methods, as well as widespread electronic hacking.
Written by MI5’s Centre for the Protection of National Infrastructure, the 14-page “restricted” report describes how China has attacked UK defence, energy, communications and manufacturing companies in a concerted hacking campaign.
It claims China has also gone much further, targeting the computer networks and email accounts of public relations companies and international law firms. “Any UK company might be at risk if it holds information which would benefit the Chinese,” the report says.
The explicit nature of the MI5 warning is likely to strain diplomatic ties between London and Beijing. Relations between the two countries were damaged last month after China’s decision to execute a mentally ill British man for alleged drug trafficking.
Earlier this month the United States demanded that China investigate a sophisticated hacking attack on Google and a further 30 American companies from Chinese soil.
China has occasionally attempted sexual entrapment to target senior British political figures. Two years ago an aide to Gordon Brown had his BlackBerry phone stolen after being picked up by a Chinese woman who had approached him in a Shanghai hotel disco.
The report says the practice has now extended to commercial espionage. It says Chinese agents are trying to cultivate “long-term relationships” with the employees of key British companies: “An undercover intelligence officer may try to develop a friendship or business relationship, often using lavish hospitality and flattery.
“Chinese intelligence services have also been known to exploit vulnerabilities such as sexual relationships and illegal activities to pressurise individuals to co-operate with them.”
The warning to British businessmen adds: “Hotel rooms in major Chinese cities, such as Beijing and Shanghai, which are frequented by foreigners, are likely to be bugged … hotel rooms have been searched while the occupants are out of the room.”
It warns that British executives are being targeted in China and in other countries. “During conferences or visits to Chinese companies you may be given gifts such as USB devices or cameras. There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware.”
China has repeatedly denied spying on Britain and the West. Its London embassy did not comment.
In 2007 Jonathan Evans, the director-general of MI5, had written privately to 300 chief executives of banks and other businesses warning them that their IT systems were under attack from “Chinese state organisations”.
There have been unconfirmed reports that China has tried to hack into computers belonging to the Foreign Office, nine other Whitehall departments and parliament.
Last year a report by Whitehall’s joint intelligence committee said China may be capable of shutting down critical services such as power, food and water supplies. But the latest document is the most comprehensive and explicit warning to be issued by the UK authorities on the new threat. Entitled The Threat from Chinese Espionage, it was circulated to hundreds of City and business leaders last year.
The growing threat from China has led Evans to complain that his agency is being forced to divert manpower and resources away from the fight against Al-Qaeda. His lobbying helped to prompt the Cabinet Office to set up the Office of Cyber Security, which will be launched in March.
Jan 29
Times Enemysecurity insecure news, power plants
A Daily Tech article reports Power Plants Report Increase of Foreign-Based Attacks.
The article is below:
Power Plants Report Increase of Foreign-Based Attacks
Michael Barkoviak – January 29, 2010 6:20 AM
Cyber attacks against power plants and other vital infrastructure may be higher than previously believed
A new study [PDF] that interviewed power plant operators and other “critical infrastructure” indicates more than 50 percent of all U.S. power plants have had to deal with an increase in cyber attacks.
Security company McAfee funded the research, speaking with 600 IT managers and executives from 14 different nations.
Around 54 percent of those interviewed said some type of network “stealthy infiltration” took place, with the same number of executives noting they faced massive denial-of-service attacks on their networks at one point in time.
The threat of cyber attacks scare most computer users to be worried about potential data and bank theft — but security experts and government analysts note cyber attacks could be a national security issue as well.
Brazil had several high-profile blackouts in late 2009, which allegedly are tied to cyber attacks against the country’s IT infrastructure. Brazilian officials denied cyber terrorism caused the outages, but it’s a major issue now that the 2016 Summer Olympic Games will be held in Rio de Janeiro.
The threat of cyber attacks are even more serious now with China, North Korea, and Russia either hiring hackers directly to launch attacks, or are funneling money to hacker groups.
These types of issues will be handled by Howard Schmidt, President Barack Obama’s hand-picked cyber czar, who will worth with security experts in an effort to keep the country safe from state-sponsored attacks.
The FBI and Secret Service also are attempting to combat cyber terrorism, especially if the attack appears to be coordinated by a foreign government.
Jan 27
Times Enemysecurity insecure news, politics, wire tapping
It is in the news today that four men entered a U.S. Federal Building with the intent to wire-tap a Democratic Senator’s telephones. I listened to the story on the radio, read several articles online, and each time the same thought has gone through my mind … proper planning prevents piss poor performance. The odd thing in this story is that one of the people involved should know better.
Here are the stories from the Wall Street Journal and The New York Times:
Wall Street Journal: Senator’s Phones Allegedly Targeted
Federal officials accused four men, including a conservative activist, of posing as telephone repairmen to tamper with phones at the New Orleans offices of Democratic Sen. Mary Landrieu.
The four men, who also included the son of an acting U.S. attorney, were arrested Monday in the Hale Boggs Federal Building in downtown New Orleans and charged with entering a federal building under false pretenses with the intent of committing a felony, according to the U.S. attorney’s office for the Eastern District of Louisiana.
One of the suspects, James O’Keefe, a 25-year-old filmmaker and conservative activist last year said his undercover videos at field offices of advocacy group Association of Community Organizations for Reform Now, or Acorn documented corruption.
The Federal Bureau of Investigation said Mr. O’Keefe, who had traveled to New Orleans and delivered a speech Thursday, admitted to helping plan and coordinate the scheme.
The other men arrested were identified as Joseph Basel, 24, Stan Dai, 24, and Robert Flanagan, 24, of New Orleans. Mr. Flanagan is the son of William J. Flanagan, the interim U.S. attorney for the Western District of Louisiana. The suspects are scheduled to appear in federal court in New Orleans on Feb. 12.
Each of the men was released Tuesday on $10,000 bond. Mr. Flanagan’s attorney, J. Garrison Jordan, said his client exercised “poor judgment.” “I don’t think he intended to commit a crime. I think he just got caught up in this stunt,” Mr. Jordan said. “They are all in their young 20s, highly educated, never been in trouble with the law before. It’s out of character for my client.”
Attorney Edward Castaing, who represented Messrs. O’Keefe, Basel and Dai at the bond hearing, declined to comment on the charges. “We will investigate the allegations,” he said.
Late Monday morning, according to an FBI affidavit, Messrs. Flanagan and Basel, dressed in blue work shirts, fluorescent green vests and construction hard hats, entered Sen. Landrieu’s offices and told a staffer they had come to fix the phone lines. By then, Mr. O’Keefe already had arrived at the offices, according to the FBI.
After Mr. Basel examined a phone in the office, he asked for access to the phone closet to work further, the FBI said. The men were sent to a federal General Services Administration office elsewhere in the building, where they were asked to produce identification. They said they left it in their vehicle, according to the affidavit.
They were arrested shortly thereafter by federal marshals. The U.S. attorney’s office didn’t say why the men allegedly sought to tamper with the phone lines. Authorities didn’t specify Mr. Dai’s alleged role but said he also helped conceive and execute the plan.
“This is a very unusual situation and somewhat unsettling for me and my staff,” “I am as interested as everyone else about their motives and purpose, which I hope will become clear as the investigation moves forward,” Ms. Landrieu said in a statement.
Mr. Jordan said Mr. Flanagan works at the nonprofit advocacy group Pelican Institute in New Orleans. Last Thursday, the Pelican Institute hosted an event with Mr. O’Keefe as the featured speaker. His topic was Exposing Truth: Undercover Video, New Media and Creativity, according to the Pelican Institute’s Web site. The organization didn’t return calls seeking comment.In Mr. O’Keefe’s videos at Acorn offices, he and a partner, Hannah Giles, posed as a pimp and a prostitute, respectively, and secretly recorded receiving financial advice from Acorn workers about starting a brothel. Acorn spokesman Kevin Whalen said Mr. O’Keefe’s arrest provided “further evidence of his disregard for the law in pursuit of his extremist agenda.”
Write to Corey Dade at corey.dade@wsj.com
The New York Times: 4 Arrested in Phone Tampering at Landrieu Office
Published: January 26, 2010
NEW ORLEANS — Federal officials charged four men on Tuesday with plotting to tamper with the telephone system in the New Orleans office of Senator Mary Landrieu, Democrat of Louisiana. One of the men was a conservative activist who gained fame last year by secretly recording members of the community group Acorn giving him advice on how to set up a brothel.
All four of the men arrested Monday in New Orleans, each in his mid-20s, were charged with entering federal property under false pretenses with the intent of committing a felony, according to the United States Attorney’s Office for the Eastern District of Louisiana. They appeared in court on Tuesday, and a preliminary hearing was scheduled for Feb. 12.
If convicted, the four would face sentences ranging from a fine to 10 years in prison.
The political activist was James O’Keefe, 25, who has gained renown in conservative circles by poking fun at the left through pranks and undercover video. In the Acorn videos, Mr. O’Keefe and an associate, Hannah Giles, posing as a pimp and a prostitute, secretly filmed themselves seeking and receiving financial advice for a brothel from Acorn workers.
The film damaged Acorn’s reputation, and prompted a move by Congress to cut off some of its federal money. The group has sued Mr. O’Keefe and Ms. Giles, saying the secret recordings were illegal, and late Tuesday, Acorn’s chief executive, Bertha Lewis, said the arrest was further evidence of Mr. O’Keefe’s “disregard for the law in pursuit of his extremist agenda.”
The other men arrested were Joseph Basel, 24; Robert Flanagan, 24; and Stan Dai, 24, federal officials said. Mr. Flanagan is the son of William Flanagan, the interim United States attorney for the Western District of Louisiana.
It was not clear precisely what the men were trying to do in Ms. Landrieu’s office, or what kind of information they were trying to gather. But an affidavit signed by Steven Rayes, a special agent for the F.B.I., detailed parts of the operation, which began about 11 a.m. on Monday. Mr. Basel and Mr. Flanagan entered the building dressed in “blue denim pants, blue work shirts, light green fluorescent vests, tool belts, and construction-style hard hats.”
They said they were there to do repair work on the telephone system, and later claimed they had left their identification in their car.
Mr. O’Keefe was already inside the building and told a person at the office that he was waiting for someone to arrive, according to the complaint. It said he was “holding a cellular phone so as to record” video images of Mr. Basel and Mr. Flanagan.
Mr. Basel picked up the handset of the main telephone at the reception desk and both he and Mr. Flanagan tried — or pretended to try — to call it with their cellphones. Saying that they could not complete the calls, they asked to be directed to the telephone closet, so they could work on the building’s telephone system.
Shortly afterward, they were arrested by United States marshals.
The affidavit did not accuse the men of trying to tap the phones, or describe in detail what they did to the equipment.
“There is no wiretap allegation,” said J. Garrison Jordan, the lawyer who represented Mr. Flanagan at a bond hearing, where the men were all released on $10,000 bonds. He declined to give specifics, saying he had not had much time to talk with Mr. Flanagan.
“In general terms,” Mr. Jordan said, “I think it was a bad stunt that they pulled, and they exercised very poor judgment.”
Eddie Castaing, a lawyer representing the three others, also said he had had little time to talk with his clients and knew little more than what was in the complaint. Mr. Basel is from Minnesota, and Mr. Dai from Virginia.
“The truth shall set me free,” Mr. O’Keefe told reporters as he left jail.
Reached by telephone, his father, James O’Keefe Jr., of Westwood, N.J., said he did not know the facts of the case.
“He is an outstanding young man doing investigative journalism,” Mr. O’Keefe said of his son. “He studies a different form of journalism, and he pushes the limits a bit. What they were up to, I have no idea.”
Mr. O’Keefe had been in New Orleans last Thursday to give a speech for the Pelican Institute for Public Policy, a libertarian research organization. The topic of the speech was “Exposing Truth: Undercover Video, New Media and Creativity.”
Mr. Jordan said he understood that Mr. Flanagan worked for the Pelican Institute. He has written several articles critical of Ms. Landrieu for the online newsletter of the Pelican Institute. E-mail messages and phone calls to Pelican Institute staff members were not returned.
Ms. Landrieu issued a statement saying that the situation was “somewhat unsettling” for her and that she looked forward to learning the men’s motives.
Mr. O’Keefe’s Acorn videos won credit from several quarters for drawing attention to long-held conservative suspicions about the group, and conservatives praised him as catching many news organizations asleep on a major story. “I thought the set of capers regarding Acorn was a kind of ‘60 Minutes’ undercover-exposé — going where ‘60 Minutes’ fears to tread,” said Scott W. Johnson, a co-founder of the conservative Power Line blog, which frequently carried posts lauding Mr. O’Keefe and Ms. Giles.
Speaking of Mr. O’Keefe’s arrest, Mr. Johnson said, “It sounds like it was another kind of journalism project, maybe a misguided one — I’m open minded — but there’s so little information it’s impossible to say anything intelligent about it.”
In September, Richard W. Rahn, a senior fellow at the Cato Institute, wrote a column in The Washington Times hailing Mr. O’Keefe and Ms. Giles as technologically savvy, “smart amateurs” who “with courage and good judgment are becoming effective investigative journalists.”
Mr. Rahn said Tuesday that he did not have enough information on Mr. O’Keefe’s arrest to offer a different assessment.
Jim Rutenberg contributed reporting from New York.
A version of this article appeared in print on January 27, 2010, on page A12 of the New York edition.
Jan 21
Times EnemyChina, news, security China, insecure news, news
This seems like an interesting timeline which could be used as a spring-board for a more thorough Timeline(s).
PRC Gov Responses to Hacking Allegations – Timeline
Published by jumper under China internet, Other attacks, UK Attacks, US attacks
All dates represent the date the article was published, not necesarily the date that the quote was made.
July 26, 2004
In response to accusations that the Chinese government was involved in computer intrusions against ROK government agencies
“Some media reports that the Chinese government might be behind the hacking incident are groundless” – Chinese Embassy in Seoul (no personal attribution)
December 15, 2005
Response to SANS comments about China being involved in world wide hacking
“Work units and individuals are not permitted to use the Internet to be engaged in illegal activities or commit crimes,… China has laws that make tampering with or cracking a computer’s code illegal.” – Qin Gang
August 27, 2007
In response to a Der Spiegel article that reported intrusions into the German governemnt
“The Chinese government attaches great importance to the hacker attack on the German government networks,” adding China would take “determined” and “forceful” measures to combat hacker activities. – Wen Jiabao
August 28, 2007
In response to the reports of Chinese attributed intrusions into the government of Germany
“The Chinese government has always opposed and prohibited any criminal activity that breaks down computer networks, including hacker attacks,… China has clear rules and regulations on this.” – Jiang Yu
September 4, 2007
In a public response to the FT article that suggested PRC government involvement in a Pentagon intrusion
“The Chinese government has always opposed any Internet-wrecking crime, including hacking, and cracked down on it according to the law” – An Lu (editor)
September 10, 2007
Response to reports about intrusions into the French government for which the French plainly stated that they have no evidence to indicate PRC gov involvement.
“Saying that the Chinese military has made cyber-attacks on the networks of foreign governments is groundless and irresponsible and are a result of ulterior motives” – Jiang Yu
April 9, 2008
In response to Business Week’s e-Spionage article
“The Chinese Government always opposes and forbids any cyber crimes including “hacking” that undermine the security of computer networks. Chinese laws and regulations are explicit in this regard.” – Wang Baodong
April 1, 2009
In response to Ghostnet report
“There is a ghost called the Cold War and a virus called the Theory of China’s Threat overseas,… Some people, possessed by this ghost and infected with this virus, ‘fall ill’ from time to time. Their attempts at using rumors to disgrace China will never succeed… It is the ghost and the virus that should be ferreted out” – Qin Gang
May 15, 2009
Response to accusations of Chinese espionage in PACOM
“We urge the United States to abandon Cold War mentality, stop its groundless accusations against China and do more to help build mutual trust between the United States and China and the friendship between the two peoples,” – Ma Zhaoxu
“The intrusion doesn’t exist at all” – Jiang Yu
Jun 12, 2008
In response to reports of Chinese hacking into computers in the offices of Rep. Frank Wolf and Rep. Chris Smith.
“Is there any evidence? … Do we have such advanced technology? Even I don’t believe it,… I’d like to urge some people in the U.S. not to be paranoid,… They should do more to contribute to mutual understanding, trust and friendship between the U.S. and China.” – Qin Gang
January 19, 2010
In response to Indian allegations of Chinese hacking (following the Google intrusion)
“I can say that these accusations are groundless… The Chinese government is firmly against hacking activities and will deal with relevant cases in accordance with the law” – Ma Zhaoxu
January 22, 2010
In response to US Sec of State Hillary Clinton’s remarks about Internet Freedom and the Google intrusion
“We urge the United States to respect the facts and cease using so-called Internet freedom to make groundless accusations against China” – Ma Zhaoxu
“China resolutely opposes Clinton’s remarks and it is not true that the country restricts online freedom…” – Ma Zhaoxu
January 25, 2010
In response to US Sec of State Clinton’s request for a transparent investigation into the Google intrusion
“We are resolutely against those who make a issue of things without referring to actual facts by needlessly accusing China, ignoring Chinese laws and interfering in Chinese internal politics” – unnamed spokesperson for the State Council Information Office
“As the global landscape is undergoing profound irreversible shifts, the calculated free-Internet scheme is just one step of a U.S. tactic to preserve its hegemonic domination” – Yan Xuetong
January 25, 2010
Response to Google intrusion
The “accusation that the Chinese government participated in (any) cyberattack, either in an explicit or inexplicit way, is groundless and aims to denigrate China… We are firmly opposed to that” – unnamed spokesman for the Ministry of Industry and Information Technology to Xinhua
RSS