Group items tagged

Lost in the kerfuffle over North Korea’s hacking of Sony is this little irony: South Korea, the Hermit Kingdom’s main rival and a stalwart ally of the United States, has also been cyberspying on America. South Korea has an active online espionage program that is primarily aimed at the North but also has been “targeting us,” according to a newly disclosed internal National Security Agency document.

The NSA document, which was included in the trove of classified files leaked by ex-NSA contractor Edward Snowden and published last week by Der Spiegel, includes a first-person account from an unnamed NSA employee who says the agency was aware of South Korea’s hacking operations but not “super interested” in them until they were ramped up “a bit more” against the United States. The document is undated but makes reference to an NSA manual published in 2007. It gives no indication why South Korea stepped up its cyberspying on the United States.

US spies are hacking into Chinese mobile phone companies to steal text messages and attacking the servers at Tsinghua University, Edward Snowden has told the Sunday Morning Post. The latest explosive revelations about US National Security Agency cybersnooping in Hong Kong and on the mainland are based on further scrutiny and clarification of information Snowden provided on June 12. The former technician for the US Central Intelligence Agency and contractor for the National Security Agency provided documents revealing attacks on computers over a four-year period.

The documents listed operational details of specific attacks on computers, including internet protocol (IP) addresses, dates of attacks and whether a computer was still being monitored remotely. The Sunday Morning Post can now reveal Snowden's claims that the NSA is: Extensive hacking of major telecommunication companies in China to access text messages   Sustained attacks on network backbones at Tsinghua University, China’s premier seat of learning   Hacking of computers at the Hong Kong headquarters of Pacnet, which owns one of the most extensive fibre optic submarine cable networks in the region

Pacnet, which recently signed major deals with the mainland's top mobile phone companies, owns more than 46,000 kilometres of fibre-optic cables. The cables connect its regional data centres across the Asia-Pacific region, including Hong Kong, the mainland, Japan, South Korea, Singapore and Taiwan. It also has offices in the US. Snowden claims that data from Chinese mobile phone companies has been compromised, with millions of private text messages mined by the NSA. Cybersecurity experts on the mainland have long feared mobile phone companies had fallen victim to back-door attacks because they were forced to go overseas to buy core technology for their networks. In recent years, those security concerns became more vocal and as a result domestic network equipment suppliers such as Huawai, Datang and ZTE started to close the technology gap, enabling the phone companies to reduce their reliance on foreign suppliers.

Hillary Clinton’s email problems are already causing headaches for her presidential campaign. But within American counterintelligence circles, there’s a mounting sense that the former secretary of state may not be the only Obama administration official in trouble. This is a scandal that has the potential to spread to the White House, as well. The Federal Bureau of Investigation can be expected to be tight-lipped, especially because this highly sensitive case is being handled by counterintelligence experts from Bureau headquarters a few blocks down Pennsylvania Avenue from the White House, not by the FBI’s Washington Field Office. That will ensure this investigation gets the needed “big picture” view, since even senior FBI agents at any given field office may only have a partial look at complex counterintelligence cases.

And this most certainly is a counterintelligence matter. There’s a widely held belief among American counterspies that foreign intelligence agencies had to be reading the emails on Hillary’s private server, particularly since it was wholly unencrypted for months. “I’d fire my staff if they weren’t getting all this,” explained one veteran Department of Defense counterintelligence official, adding: “I’d hate to be the guy in Moscow or Beijing right now who had to explain why they didn’t have all of Hillary’s email.” Given the widespread hacking that has plagued the State Department, the Pentagon, and even the White House during Obama’s presidency, senior counterintelligence officials are assuming the worst about what the Russians and Chinese know.

EmailGate has barely touched the White House directly, although it’s clear that some senior administration officials beyond the State Department were aware of Hillary’s unorthodox email and server habits, given how widely some of the emails from Clinton and her staff were forwarded around the Beltway. Obama’s inner circle may not be off-limits to the FBI for long, however, particularly since the slipshod security practices of certain senior White House officials have been a topic of discussion in the Intelligence Community for years. Hillary Clinton was far from the only senior Obama appointee to play fast and loose with classified materials, according to Intelligence Community insiders. While most counterspies agree that Hillary’s practices—especially using her own server and having her staffers place classified information into unclassified emails, in violation of federal law—were especially egregious, any broad-brush investigation into security matters are likely to turn up other suspects, they maintain. “The whole administration is filled with people who can’t shoot straight when it comes to classified,” an Intelligence Community official explained to me this week. Three U.S. officials suggested that Susan Rice, the National Security Adviser, might be at particular risk if a classified information probe goes wide. But it should be noted that Rice has made all sorts of enemies on the security establishment for her prickly demeanor, use of coarse language, and strategic missteps.

The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden. The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products. British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.

The efforts to compromise security software were of particular importance because such software is relied upon to defend against an array of digital threats and is typically more trusted by the operating system than other applications, running with elevated privileges that allow more vectors for surveillance and attack. Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.

The requested warrant, provided under Section 5 of the U.K.’s 1994 Intelligence Services Act, must be renewed by a government minister every six months. The document published today is a renewal request for a warrant valid from July 7, 2008 until January 7, 2009. The request seeks authorization for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software.”

China has dismissed all US accusations of industrial cyber-espionage against five of its military officials and published proof that Washington is actually stealing data from China. Beijing also summoned the US ambassador for an explanation. Beijing reacted to Washington’s recent round of industrial espionage accusations by publishing its latest data on US cyber-attacks against China.

China’s National Computer Network Emergency Response Technical Team Coordination Center of China (NCNERTTCC) reported that during just two months, from March 19 to May 18, the US directly controlled 1.18 million host computers in China using 2,077 Trojan horse networks or botnet servers. According to the NCNERTTCC, over the last two months 135 host computers stationed in the US conducted 14,000 phishing operations against Chinese websites using for the attacks 563 phishing pages. The other hacking activities through the same period of time included 57,000 backdoor attacks, performed from 2,016 IP addresses in the US through backdoors implanted on 1,754 Chinese websites. The Chinese Foreign Ministry summoned the American ambassador to China for an explanation, urging him to drop all charges against China’s military officers. The meeting between Chinese Assistant Foreign Minister Zheng Zeguang and US Ambassador Max Baucus took place on Monday night, reported Xinhua.

Depending on further developments, China “will take further action on the so-called charges by the United States,” Zheng told Baucus. “The Chinese government and military and its associated personnel have never conducted or participated in the theft of trade secrets over the internet,” Zheng reportedly told Baucus as quoted by Xinhua.