Epoch Times national security reporter Joshua Philipp speaks at the Institute for Critical Infrastructure Technology headquarters in Washington D.C. on July 28, 2016. (Institute for Critical Infrastructure Technology)Epoch Times national security reporter Joshua Philipp speaks at the Institute for Critical Infrastructure Technology headquarters in Washington D.C. on July 28, 2016. (Institute for Critical Infrastructure Technology)

Slides for video above.

***

Espionage, in Hollywood terms, involves agents in tuxedos who brandish high tech surveillance gear and weaponry. For the Chinese Communist Party, however, espionage is conducted in plainer, but more nefarious ways.

On July 28, the Institute for Critical Infrastructure Technology, a nonprofit cybersecurity think tank., held an event in Washington D.C. to explain findings on Chinese espionage detailed in its recent report, “China’s Espionage Dynasty: Economic Death by a Thousand Cuts.” Joshua Philipp, who covers national security for Epoch Times, presented on the overt structure and operations of the Chinese regime’s systems for intelligence gathering and control in the United States and abroad.

Drawing on his earlier reporting and interviews, as well as other news reports and literature, Philipp showed how the Chinese regime exploits the open system of the United States to advance their espionage, which chiefly involves infiltrating overseas Chinese communities or underground groups, then bringing these organizations in line with an overarching “united front.”

Philips said that two key Communist Party organs, the United Front Department and the Overseas Chinese Affairs Office, facilitate the Chinese regime’s efforts to govern ethnic Chinese living abroad. “The Chinese Communist Party regards Chinese expats, Chinese immigrants in other countries, and even second and third generation Chinese as part of the Chinese system,” said Philipp.

Thus, Chinese students have been recruited as special agents, and Chinese newspapers that are partial to the regime receive financial support through advertisements from companies in mainland China, Philipp said, citing documents leaked to Epoch Times by Chinese defector and former diplomat Chen Yonglin.

The Chinese regime has also attempted to infiltrate the tongs—the Chinese community groups established by early immigrants to provide support their countrymen of the same clan or province. Today, these tongs have “extremely large memberships,” according to Philipp.

“If you want to expand the influence of the Chinese Communist Party in foreign countries, this is the easiest way to do it,” Philipp said. “You go to the people who already govern these communities, and give them incentive to act as pseudo communist officials overseas.”

Through the tongs, the Chinese regime then influences foreign politics. Philipp noted that two aides of former New York City Comptroller John Liu, who ran for mayor in 2008, were linked with powerful local tongs, and even Beijing.

Joshua Philipp won a New York Press Association award for best news and feature for a series of reports exposing John Liu’s connections to the Chinese regime.

Read the full article here

A group of cybercriminals has breached and mapped the global banking system, and in a series of attacks has so far stolen $81 million from the central bank of Bangladesh. Experts believe the attacks were done through a vulnerability in the SWIFT banking system, which connects 11,000 financial institutions around the world.
Investigations into the ongoing attacks are still underway, and related attacks on other banks are still being uncovered. Some experts are pinning the attack on hackers from North Korea, since the tools they used share similarities to the November 2014 hack of Sony Pictures Entertainment.
According to an insider with direct knowledge of the recent attacks, however, the culprit behind the digital bank robberies is much larger. The insider requested to remain anonymous due to security concerns, and was able to provide evidence to support his claims.
A screenshot provided to Epoch Times showing the security certificate of a Mexico-owned bank money transfer network being exfiltrated. Hackers can use the certificate to send communications through the company’s networks, which its recipients would automatically validate. (Epoch Times)
A screenshot provided to Epoch Times showing the security certificate of a Mexico-owned bank money transfer network being exfiltrated. Hackers can use the certificate to send communications through the company’s networks, which its recipients would automatically validate. (Epoch Times)
Chinese state hackers identified the initial vulnerability, and used it to infiltrate and infect the global financial system, according to the insider. When their contract ended with the Chinese regime last year, they sold the vulnerability to cybercrime groups on a private marketplace in the darknet in an attempt to thwart detection, he said. The darknet is an alternate internet that is only accessible using specialized software. While the darknet has legitimate uses, criminal groups buy, sell, and conspire on darknet forums.
The Chinese regime runs a large network of hackers under the General Staff Department, Third Department, of its military. These hackers carry out orders from the Chinese regime, and also often run additional operations or sell data on the side for personal financial gain. Epoch Times exposed this system in a previous investigative series.
Read MoreMurder, Money, and Spies Investigative Series
The cybercrime groups who purchased the vulnerability are allegedly those carrying out the current attacks and illegal money transfers.
“The Chinese have already gained permanent access to the target financial networks and exfiltrated all the data they wanted for the contract for their sponsor” the insider said. “Now they have this vulnerability they can continue to monetize, so now they’re selling it to criminal networks.”
Process of the Breach
The code used in the vulnerability pulled from multiple places, which could also mean researchers just looking at the breach from the surface may draw false conclusions. He said some of the code was developed in-house by the Chinese hackers, but they also purchased some of the code from Russian universities.
The insider said the Chinese hackers didn’t sell the vulnerability to any specific cybercrime group either. “They’ll sell one bank to one group,” he said, and noted most of the hackers carrying out the current attacks are comparatively low-skilled. “They’re not coders,” he said. “They just know how to release packages and deploy them.”
The insider was able to provide forensic data and screenshots that support the claims. The insider was also able to provide a list of targeted banks, which he noted is growing, and which includes a long list of banks and financial systems that are connected to a compromised banking partner network—including several in the United States, Latin America, and Asia.
The Chinese state hackers started their attacks on the bank networks as early as 2006, according to the insider, and began uploading malware to the bank networks in 2013.
Read MoreChinese General Says ‘Contain the United States’ by Attacking Its Finances
While the breach of SWIFT has been made public, he said, the Chinese hackers also breached a money transfer network which is run by a Mexico-owned bank based in New Jersey.
“Basically, Mexico’s critical infrastructure is owned by the same APT group,” he said, using “APT” or “advanced persistent threat,” to refer to the Chinese state hackers. “They’re in everything down there,” the insider said, referring to the level of access the Chinese state hackers have gained over critical networks in Mexico.
A post on a cybercrime darknet forum offers access to Mexican government networks, stating the entry is “ideal for cyberspy.” (Screenshot was provided to Epoch Times by an insider)
A post on a cybercrime darknet forum offers access to more than 150,000,000 sensitive files from Mexican government networks, stating “information is complete country.” (Screenshot was provided to Epoch Times by an insider)
A post on a cybercrime darknet forum sells access to “all information” on Mexico, noting it contains a new method to breach networks, and includes “bigs company” in the financial sector. (Screenshot was provided to Epoch Times by an insider)
It wasn’t until around June 2015 that the Chinese state hackers sold the vulnerability to cybercrime organizations, and these organizations immediately used it to begin mapping, testing, and infecting banks and financial systems.
The insider said the hackers exploited a vulnerability in the code used to build web applications named Apache Struts V2. It was vulnerable as early as 2006 and was patched in 2013. He also noted that after gaining access, the hackers have since traversed numerous additional financial networks they’re targeting.
While the Chinese state hackers sold access to the bank networks, the source noted the hackers had been mapping and infecting the global banking system over the last eight years.
When they decided to sell the vulnerability, they did not forfeit their access to the networks. By the time they sold it, the insider said, it had already served its purpose. In other words, the Chinese state hackers still have access to the networks—and not just to a few banks, but instead most of the global banking system.
The insider speculated that the Chinese state hackers are selling the original vulnerability both for profit, and to use the cybercriminal gang as a deliberate distraction from their higher-level breaches. He went on to

Read the full article here

This news analysis was originally dispatched as part of Epoch Times China email newsletters. Subscribe to the newsletters by filling your email in the “China D-brief” box under this article.
Chinese telecommunications company Huawei recently unveiled its new P9 smartphone, and as a recent Wired headline states, “Huawei just copied the iPhone—down to the last screw.”
Incidents like this aren’t anything new when it comes to Chinese tech companies. Epoch Times noted back in 2014 that Chinese company Xiaomi had built its entire brand around copying Apple, right down to its CEO dressing like Steve Jobs during product events.
The recent development does, however, highlight an important issue.
Just a few months ago, U.S. leaders were adamant about stopping the Chinese regime’s use of cyberattacks to steal information from U.S. companies. This led to the agreement, announced by President Barack Obama and Chinese leader Xi Jinping, on Sept. 25, 2015, to end the use of cyberattacks for economic theft.
Obama stated, at the time, “We’ve agreed that neither the U.S. or the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage.”
There is mixed reporting on how effective the agreement was. A “60 Minutes” segment on Jan. 17 noted that the day after the announcement, Chinese cyberattacks on U.S. businesses continued as usual. Cybersecurity company FireEye claimed the agreement did reduce the number of Chinese cyberattacks on U.S. companies, but its claims are also contested by other cyber researchers.
As I mentioned in an article around that time, however, the key problem with the cyber agreement is that it only addressed cyberattacks used for economic theft, and it only addressed economic theft conducted through cyber.
In other words, the agreement does nothing to stop cyberattacks used for intelligence gathering. This means the Chinese cyberattacks on the Office of Personnel Management, which stole 21.5 million records on current and former U.S. federal employees, falls outside the program.
And just as importantly, the agreement does nothing to stop Chinese economic theft using methods other than cyberespionage.
That last part is important. The part that’s often overlooked in China’s use of cyberattacks for economic theft, is that cyber is merely one of many tools the Chinese regime uses for theft of information, and all its tools are in turn just extensions of a system being directed by Chinese policy.
The Chinese regime still has a large focus on using conventional spies to steal information. Over the course of just three weeks in April, there were four cases of alleged Chinese spies targeting the United States.
Even this month, there has already been one case of an individual conducting what resembles espionage on behalf of the Chinese regime. A former U.S. Army contractor was sentenced to six months in home confinement for lying on his security clearance form by concealing that he formerly served in the Chinese People’s Liberation Army. The individual had also violated security protocols by connecting a USB drive to a computer on the Army network, then trying to cover his tracks.
MORE:Canada Says Huawei Employees May Be Spies, Rejects Immigration Applications
The fact is, the Chinese Communist Party has a vast system for stealing information from the United States and from U.S. businesses.
Its other methods include its use of vast networks of student spies, its use of academic research partnerships, its use of front organizations including Chinese hometown associations, its use of business partnerships around research, and its use of inviting foreign experts on key topics to visit China and either present or cooperate on research around their expertise.
Then, there are Chinese “grey markets,” where Chinese factories that manufacture foreign goods simply do additional production runs, so they can make and sell the products themselves.
Stopping the cyberattacks won’t stop the problem. Cyber certainly makes it easier for the Chinese regime to steal products and designs, but again, they have plenty of other tools at their disposal.
Think of cyber as just one head of a hydra. You can cut off the head, but two heads will grow back in its place. With the Chinese regime, if cyber is removed from the equation of economic theft, it will simply find other, more effective means.
Yet, just like the mythical hydra, the way to stop this system is to stop swinging at the appendages, and go straight for the heart—and for the Chinese regime, the heart of these programs are its internal policies and facilities for stealing and copying foreign technology.
MORE:Faced With Barrage of Chinese Spies, US Expands Rules for National Security Cases
Its policies for economic theft include Project 863, the Torch Program, the 973 Program, and the 211 Program. It also has a vast system of centers designed to reverse-engineer stolen technology, known as China’s National Technology Transfer Centers or National Demonstration Organizations.
With recent U.S. efforts to stop the Chinese regime’s use of economic theft, the question shouldn’t be whether the cyberattacks stopped. The questions should be whether the Chinese regime ended its policies that guide economic theft, and whether it closed its facilities dedicated to copying stolen technology. The answer so far to both of these questions is a simple “no.”

Read the full article here

The Chief Information Security Officer (CISO) for a firm that specializes in gaining intelligence on the criminal activities in the darkest corners of the Internet has revealed the existence of private marketplaces run by China’s cyberspies.
Ed Alexander is CISO for the California-based company DBI. In a phone interview, Alexander said these private marketplaces are where many of China’s state-sponsored hackers do their side work and sell stolen data to the highest bidders.
“Their primary allegiance is to China. Their secondary allegiance is to themselves,” said Ed Alexander, Chief Information Security Officer of DBI, in a phone interview.
DBI trains and manages darknet operatives-for-hire, who conduct human intelligence (HUMINT) operations on the Darknet, and Alexander oversees these world’s largest CyberHUMINT teams.
Contrary to reports saying China’s state-run hackers are clumsy and poorly skilled, Alexander said that in the 10 years since his deployment of cyberHUMINT operations, “these are the most sophisticated people I’ve seen.”
Even other nation-state hackers, such as those with the Syrian Electronic Army, he said, “[are] nowhere close to the sophistication of the Chinese.”
The Hidden Internet
There are two sides to the Internet. The part most of us use is called the “Clearnet” or the “Surface Net,” and includes all parts of the Internet that are searchable and readily accessible. The other part of the Internet is the “Deep Web,” which constitutes about 94 percent of the actual Internet and includes all the data that search engines can’t see.
Within the Deep Web, there are hidden websites that can only be accessed using specialized tools, such as The Onion Router (TOR) Web browser. This part of the Internet is called the Darknet, and while it has several benign websites, it is also home to digital black markets such as the “Silk Road,” which sells illegal drugs and firearms.
The part of the Darknet that DBI deals with, however, is deeper still. It gathers intelligence from invite-only and private forums where the real cybercriminal underground conducts its business.
DBI’s approach is in sharp contrast to the new entrant Darknet intelligence start-ups, which only scrape data off the open darknet forums. DBI is the only company offering cyberHUMINT operatives-for-hire, and it is employed by Fortune 500 companies, law enforcement, military, and intelligence agencies worldwide.
Alexander compared the environment on the Darknet to that of a prison gang ecosystem. New people on the Darknet are not seen as being part of the gangs. “They’re just outsiders looking around,” he said, and are always oblivious to the discussions that go on among the organizations running the show.
He said in these communities, DBI sees discussions on which government and business networks are being targeted, which ones have already been breached, and which ones have their data being sold to the highest bidders.
China’s State Hackers
When it comes to the Chinese Darknet, the more public forums are typically used by the less experienced hackers. The marketplaces operated by the state hackers are much more difficult to access.
Alexander said these hackers have told his operatives they’re state sponsored. “They tell us they work for China,” Alexander said.
The Darknet marketplaces used by China’s state hackers use a 3-step, invite-only process for access.
All would-be members need to be proposed by a known member to a site’s admins for approval. Step 2, is to be vouched for by at least 5 known and trusted darknet denizens of echelon status. Finally, every buyer needs to demonstrate they have at least $100,000 of bitcoin in a digital wallet, which the buyer proves they control. Only after passing the vetting process does a new member then get access to shop and interact with other members.
Most of their clients are representatives from nation-states, and Alexander said there are buyers from a surprisingly large number of countries on their markets, including Russia and Iran.
He said the Chinese state hackers will sell to “any country that has enough money to pay them for their services—this is about money,” yet noted they strictly do not sell to representatives from terrorist organizations.
Stolen data for anywhere up to $75,000. Access to a business or government network goes for around $100,000. And if the client wants to hire them to breach a specific target, Alexander said they charge no less than $1 million.
The Chinese hackers run the market as their side business, Alexander said. While breaching networks for their day jobs under the Chinese regime, they’ll often steal additional data they can sell on the black market.
MORE:You’re on File: Exclusive Inside Story on China’s Database of Americans
Chinese state hackers are often viewed as clumsy. During a segment on 60 Minutes in October 2014, FBI Director James Comey said “I liken them a bit to a drunk burglar. They’re kickin’ in the front door, knocking over the vase, while they’re walking out with your television set.”
Information from DBI shows a different picture. The Chinese state hackers breach networks under contract, steal what they were hired to steal, then take anything else they can sell on the side.
He also noted the hackers treat it like a business, noting “they’ll never resell the information.” It seems there is a kind of honor among these thieves.

Read the full article here

BEIJING—China’s government has highlighted big data, encryption technology and “core technologies” such as semiconductors as the key elements of its push to grow into a tech powerhouse, according to a new five-year plan released Saturday that envisages the Internet as a major source of growth as well as a potential risk.
Even as it highlighted the need to improve Internet infrastructure to rural areas and unlock the digital economy’s potential, Chinese economic planners called for a more secure and better managed Web, with enhanced Internet control systems, Internet security laws and real-name registration policies.
Chinese officials including Internet czar Lu Wei have played down concerns over what critics have described as China’s expanding Web censorship, saying that it is the Chinese government’s sovereign prerogative and a necessary measure to maintain domestic order.
China’s development plan calls for a better cybersecurity approval system and more “precise” Web management to “clean up illegal and bad information.”
The plan also calls for a multilateral, democratic, transparent and international governance system and active participation in international Internet governance efforts.
MORE:Chinese Netizens Are Actively Distancing Themselves From a Survey That Praises the Chinese Internet EnvironmentApple Walks a Thin Line on User Privacy While Dealing With China
Premier Li Keqiang highlighted the promise of the Internet, saying Saturday that various traditional sectors, ranging from manufacturing to government to health care, need to connect to the Web and raise their efficiency as part of an overarching national strategy called “Internet Plus.” He vowed to raise research and technology spending to account for 2.5 percent of gross domestic product (GDP) in the five years through 2020, which he said would mark a “remarkable achievement.”
The five-year plan calls for all families in large cities to have access to 100 megabyte-per-second Internet service and broadband coverage reaching 98 percent of the population in incorporated villages.
At the same time, Chinese leaders, wary of over-relying on foreign technology, will seek to boost China’s homegrown industry and cut down on imports—a strategy that has drawn complaints from trade partners like the United States.
MORE:Chinese Cybercriminals Go Global in Hacker UndergroundXi Jinping Tours State Media, Solidifies Control Over Propaganda
Similar to previous years, when Chinese leaders highlighted industries such as e-commerce as a growth focus, the new draft of China’s development plan specifically elevated big data and cloud computing, relatively new and promising fields that Chinese industry experts view as not yet cornered by U.S. companies that dominate other parts of the technology market.
The plan also calls for China to catch up on “core” technologies such as semiconductors and basic computer parts and software, as well as encryption technology.
China’s campaign to beef up its chip technology has encountered political resistance from the United States. China’s national chip champion, Tsinghua Unigroup, said last month that it would abandon its attempt to acquire a stake in California data storage firm Western Digital, the second deal it has scrapped because of opposition from U.S. regulators who do not want sensitive technology to fall into Chinese hands.
MORE:China’s Publishing Ban Has Far-Reaching ImplicationsUN Criticism of China Gains Support Online

Read the full article here

Chinese cybercriminals are getting more organized, and are building a stronger presence on international markets and forums used by online criminals.
“China has long been home to a relatively robust and large underground cybercrime community within the Deep & Dark Web,” says a report released on Feb. 19 by Flashpoint, a Deep Web data and intelligence group.
The Deep Web is the unseen part of the Internet. A large portion of it is just code and data, other parts are defined more broadly as Web pages not searchable by Google or that are password protect.
But there’s another subset of the Deep Web, sometimes called the “DarkNet,” that is only accessible with specialized software. It’s a place where illicit markets sell everything from drugs to hitmen, and where cybercriminals often sell stolen data or buy new tools for their trade.
“The vast majority of mass retail business is conducted via automated shops and platforms designed to cater to a wide audience with little in the way of individual interaction between buyer and seller required,” the report says.
While Chinese cybercriminals have always had a strong pressence on the DarkNet, however, they used to lack structure, and their operations were comparatively less professional.
While cybercriminals elsewhere sometimes have full digital storefronts where they may sell stolen credit cards and data, the Chinese cybercriminals were often still using forms of direct communication for one-off deals.
They were often using tools like Baidu Tieba and QQ Messenger. This would be roughly equivalent to using Google Chat or Instant Messenger to sell stolen goods.
Sometimes they would even post advertisements for cybercrime on random forums, including places where people discuss real estate, video games, and entertainment.
“This stands in stark contrast to the high level of professionalism and maturity that characterizes the Russian underground economy, where one-on-one transactions are primarily reserved for significant sales,” the report says.
Over the last year, however, the operations of Chinese cybercriminals changed.
Researchers at Flashpoint monitoring Chinese cybercriminals on the Darknet throughout 2015 saw “increasing signs” that the Chinese cybercrime underground was maturing, and branching out internationally.
MORE:Next Targets for Chinese Hackers Could Be Agriculture and Alternative EnergyEXCLUSIVE: How Hacking and Espionage Fuel China’s Growth
Instead of building their own systems, the report says many Chinese cybercriminals started establishing themselves on forums and shops “within the Russian underground.”
The report notes that Chinese likely chose the Russian systems because their markets have comparatively loose standards. They usually accept registration from users who don’t speak Russian or English.
The new shift has only just started, but the Chinese joining the broader community of cybercriminals may bring about a more globalized structure for cybercrime.

Read the full article here

This news analysis was originally dispatched as part of Epoch Times China email newsletters. Subscribe to the newsletters by filling your email in the “China D-brief” box under this article.
With a hope to end the onslaught of Chinese cyberattacks on U.S. businesses, President Barack Obama announced a deal with the leader of the Chinese Communist Party (CCP), Xi Jinping, on Sept. 25, 2015, to end cyberattacks meant for economic gain.
The next day, the Chinese cyberattacks on U.S. businesses continued as usual.
The impact of Chinese economic theft was the focus of a new segment on “60 Minutes,” which aired Jan. 17. It highlighted an environment where Americans are being spied on by a foreign government, and where U.S. CEOs are doing business with China while knowing they have only five or six years to do business before their products are stolen.
“The CEO knows that by going into business with China, he is committing long-term suicide,” said Richard Bonin, who produced the story for “60 Minutes,” in a CBS News video.
What was probably most interesting was that despite the noise around Chinese economic theft, there is an air of quiet tolerance among businesses, with government procurement, and with international regulation.
If the cyber agreement between the United States and China has shown us anything, it’s that the CCP will not cooperate when it comes to stopping economic theft. For them, the risk of these attacks is negligible, the benefits of the attacks are too great, and the Chinese economy has come to rely too heavily on theft to just switch it off.
One of the key problems is that the United States still doesn’t have a real strategy for dealing with cyberattacks. This issue was highlighted by Gen. Michael Hayden, the former director of the NSA and CIA, during a recent speech at the S4x16 ICS/SCADA cybersecurity conference in Miami.
“We lack a legal policy framework,” Hayden said, according to cybersecurity news website Dark Reading. He added, “People ask how come government isn’t doing something about it … Government will be permanently late to the need in providing cybersecurity.”
This ties back to the cybersecurity agreement with China. One of the key problems with cybersecurity, in general, is that the United States has not yet demonstrated that using cyberattacks for economic gain is a risky endeavor.
Cyberattacks are often carried out from countries that have no extradition treaties with the United States, U.S. businesses are not allowed to launch counterattacks, and the business environment often has CEOs petrified of making the attacks public for fear of lawsuits and angry investors.
It’s a crime with high profit and little risk, and as the “60 Minutes” segment highlighted, even businesses with alleged stolen products are still able to sell these products freely in the United States.
Daniel McGahn, the head of American Superconductor, spoke about his experience of having his software stolen in China. He said in the “60 Minutes” segment that he had to then fire 600 of his nearly 900 employees, and his company lost “well over a billion dollars.”
Sinovel, the company partly owned by the Chinese regime that allegedly robbed him, now exports wind turbines running on his technology. They were even able to sell one of these turbines to the state of Massachusetts, which was paid for with federal stimulus funds.
The case is a clear example of what a cyber agreement with China needs, yet still lacks: sanctions that can discourage theft.
Obama signed an executive order giving himself the ability to sanction companies that commit economic theft, and the threat of sanctions was believed to be one of the key tools used to nail down the cyber agreement in September. But as I reported at the time, the sanctions were not mentioned directly in the agreement.
In other words, the cyber agreement lacks teeth. It still gives the Chinese regime no real reason to stop its attacks—and instead just gave it a platform of dialogue where it can continue pretending it has no part in the problem.
The other key problem is also one I’ve mentioned before. Economic theft is not just a cyber problem, and the Chinese regime—in particular—still uses a large number of conventional spies to carry out its work.
This was also highlighted in the “60 Minutes” segment, with American Superconductor.
McGahn noted in the segment that when he started doing business with China, he made sure his systems were locked tight. They used strong encryption and had a solid system for cybersecurity.
Then, in 2011, they tested their software on Sinovel’s turbines. The system had been programmed to shut down after the test, but the blades kept spinning. The Chinese company had successfully broken his encryption.
It turned out the breach took place through one of their employees—an Austrian named Dejan Karabasevic, who would later spend a year in jail for his crime. McGahn said the Chinese regime “offered him women. They offered him an apartment. They offered him money. They offered him a new life.”
MORE:CHINA SECURITY: The Inner Workings of Chinese Economic Espionage
And all it took for McGahn’s company to lose its key product to China, was for Karabasevic to say “yes.”
The problem of economic theft seems complicated on the surface, but when you boil it down, it’s pretty simple: the Chinese regime and its state-run companies will use any means they have to steal U.S. intellectual property, and gradually push U.S. companies out of the global market.
To solve the problem, the United States needs to broaden its view of economic theft past cybersecurity. And it needs to find a solution that turns what is currently a highly profitable, and generally safe, operation into something that isn’t worth the risk.

Read the full article here

This news analysis was originally dispatched as part of Epoch Times China email newsletters. Subscribe to the newsletters by filling your email in the “China D-brief” box under this article.
The first U.S.-China dialogue under a new cybersecurity agreement concluded last week—but what was left unmentioned was much more important than what was said.
According to Xinhua, the official mouthpiece of the Chinese Communist Party, the Chinese representatives claimed they identified the individuals who breached the U.S. Office of Personnel Management (OPM), and explained that “the case turned out to be a criminal case rather than a state-sponsored cyber attack as the U.S. side has previously suspected.”
The statement is unlikely to be a surprise to anyone following cybersecurity. The Chinese regime always denies its involvement in cyberattacks, regardless of evidence. Most interesting is that in a statement giving a brief recap of the meeting, the U.S. Department of Justice gave no mention of the discussion on the OPM hack.
In a way, the Chinese regime has become a boy who cried wolf: it has lied so often that many experts—including many U.S. officials—don’t give its claims much weight.
The Washington Post reported that even prior to the cybersecurity meeting from Dec. 1 to Dec. 2, the Chinese regime claimed it “arrested a handful of hackers it says were connected to the breach” of OPM, yet also cited an unnamed U.S. official stating “we don’t know that if the arrests the Chinese purported to have made are the guilty parties.”
“There is a history [in China] of people being arrested for things they didn’t do or other ‘crimes against the state,’” the official said.
The bilateral meeting between the Chinese Minister of Public Security, the U.S. Secretary of Homeland Security, and the U.S. Attorney General was the first under the new U.S.-China cybersecurity agreement, announced by President Barack Obama and Chinese Communist Party leader Xi Jinping on Sept. 25.
The stance brought to the table by the Chinese representatives was likely well in line with what U.S. officials expected.
John Carlin, assistant attorney general for national security, explained during a Dec. 3 presentation that after the U.S. Department of Justice indicted five Chinese military officers in May 2014 for their involvement in state-run cyberattacks, the Chinese regime altered its line on cybersecurity.
The Chinese regime’s initial response, Carlin said, was of “indignant denials.” Just a year later, however, it’s response moved towards one claiming that they also oppose and combat theft of commercial secrets—and other forms of cyberattacks.
The shift in official line seems to chime with the ancient Chinese saying: “It’s the thief who yells ‘stop thief.’”
Of course, there are plenty of reasons why experts would choose to not believe the Chinese regime’s claims that it arrested hackers, or that it had nothing to do with the breach.
The Chinese regime’s state-sponsored cyberattacks have already been deeply exposed. Most of its military hackers operate out of its General Staff Department, Third Department. In July, the Project 2049 Institute think tank even traced one the Chinese hacker units to a government office in Shanghai.
The OPM breach was tied to several other Chinese state-sponsored cyberattacks, which cybersecurity experts dubbed “Deep Panda.” The same hackers who breached the OPM also breached health insurance company Anthem.
MORE:Murder, Money, and Spies Investigative SeriesCHINA SECURITY: China Reins in Its Hacker Army
The stolen private information is being used by Chinese agencies to build a database on Americans. An insider in China detailed this database, and told Epoch Times that the system for big data analytics is based on the same database the Chinese regime uses for spying on its own people.
It is also possible that Chinese officials were telling a half-truth, and that the hackers behind the OPM breach were not officially under the Chinese regime or its military. But, with bit of background on the Chinese cyber army, this still wouldn’t free them from blame.
The Chinese regime revealed the structure of its cyber army in the 2013 edition of its military publication, “The Science of Military Strategy.” Its cyber army has three tiers: the first being specialized military units, the second being specialists in civilian organizations and government agencies, and the third being groups outside the Chinese regime “that can be organized and mobilized for network warfare operations.”

Read the full article here

Visitors crowd the IBM stand at the CeBIT IT fair on March 2, 2011, in Hanover, central Germany. IBM has allegedly showed its product source code to Chinese agents. (Johannes Eisele/AFP/Getty Images)Visitors crowd the IBM stand at the CeBIT IT fair on March 2, 2011, in Hanover, central Germany. IBM has allegedly showed its product source code to Chinese agents. (Johannes Eisele/AFP/Getty Images)

This news analysis was originally dispatched as part of Epoch Times’ China email newsletters. Subscribe to the newsletters by filling your email in the “China D-brief” box under this article.

If you were wondering how the Chinese regime was going to keep stealing intellectual property from U.S. businesses with the new cyber regulations, fear not. Some U.S. businesses are just handing it over directly—no cyberattacks needed.

This ties to the Chinese Communist Party’s new “National Security” law, which was passed in July. The Orwellian law covers nearly every facet of Chinese society, and part of it is aimed at foreign companies. It says all information systems in China needs to be “secure and controllable.”

Under the new rule, every company operating in China is required to give Chinese authorities their source code and encryption keys, and backdoor access to their computer networks in China.

In other words, businesses will now be simply handing Chinese agents the lifeblood of their products, while also giving them a free pass to spy on their networks. Information that Chinese agents once had to steal through cyberattacks will now, it seems, be handed over willingly.

IBM just became the first major U.S. tech company to agree to these new rules. The news came from two unnamed sources briefed on the practice, who were interviewed by The Wall Street Journal.

Here’s how it allegedly went down: agents with the Chinese regime’s Ministry of Industry and Information Technology were invited into a secure room, where IBM allowed them to look at some of their source code.

It wasn’t clear which IBM products they opened up for review, and it wasn’t clear how long the Chinese agents were allowed to pore over it. While the Chinese agents weren’t allowed to take the code out of the room, it also wasn’t clear what security precautions IBM took to ensure the Chinese agents weren’t simply recording the process with hidden cameras.

This whole incident brings to mind a scene out of the 1964 film, “Dr. Strangelove.” It’s almost as if the fictitious General Buck Turgidson (played by George C. Scott) is sending a direct warning warning to IBM when he blurts out, “They’ll see the big board!” before the Soviet ambassador is invited into the Pentagon War Room.

Of course, IBM has been no stranger to shortsighted deals with the Chinese Communist Party as of late.

In April, IBM began handing off its technical know-how to Chinese companies that have clearly stated their objectives to replace IBM’s markets in China.

It started passing information on how to build its high-end servers, and the software that runs the servers, to the Beijing-based Teamsun.

New York Times cited an interview with Teamsun vice president Huang Hua, posted to the company’s website. It outlined Teamsun’s goals to replace IBM, stating:

“Calling a movement in China to replace crucial high-end technology from IBM, Oracle and EMC an ‘opportunity,’ Mr. Huang said Teamsun’s strategy to ‘absorb and then innovate’ would enable it to eliminate the capability gap between Chinese and American companies and create products that could replace those sold by companies in the United States.”

It adds that “Language about replacing IBM, Oracle and EMC was removed from the site after Teamsun and IBM were contacted for this article.”

It wasn’t the first time, either. IBM set the U.S. Navy scrambling to find new servers for its critical systems, after IBM sold its x86 server division to Chinese computer company Lenovo.

The $2.1 billion sale in October included the x86 BladeCenter HT servers used in some critical Navy systems, including its Aegis Combat System, which controls its ballistic missile and air-defense systems.

When a business with products used in critical business, government, and military networks reveals its code to an authoritarian regime, it’s no longer just a problem of bad business, but also national security.

Read the full article here

Original Article click here

US President Barack Obama speaks next to Chinese President Xi Jinping at a joint press conference after their meeting at the White House in Washington,DC on September 25, 2015.      (YURI GRIPAS/AFP/Getty Images)US President Barack Obama speaks next to Chinese President Xi Jinping at a joint press conference after their meeting at the White House in Washington,DC on September 25, 2015.      (YURI GRIPAS/AFP/Getty Images)

This news analysis was originally dispatched as part of Epoch Times’ China email newsletters. Subscribe to the newsletters by filling your email in the “China D-brief” box under this article.

U.S. leaders sealed their Sept. 25 cyber agreement with the Chinese regime recently, sending them a list of Chinese hackers identified as having stolen commercial secrets from U.S. businesses, and requesting their arrests.

In an unexpected turn of events, Chinese authorities actually made some of the arrests. Now, experts and U.S. officials are now paying close attention to whether China prosecutes the hackers.

But while this makes for an interesting show, the new developments do not, by any means, spell an end to Chinese state-sponsored economic theft.

The opposite may be more likely: by passing evidence on Chinese hackers to Chinese authorities, the United States might unintentionally help the Chinese regime close gaps in its system for economic theft.

More seriously, however, is what type of evidence U.S. authorities will hand to Party representatives when they gather enough evidence for arrests. If the hackers stand trial in China, they’ll not only need information on allegations, but also proof that shows how the information was gathered.

Chinese authorities could very easily take this information as a road map for how U.S. investigators are detecting attacks. Using this information, they could adjust their methods each time, and make it cyberattacks progressively more difficult to pin down.

The result could be that Chinese state-sponsored cyberattacks not only continue, but become even more difficult to detect.

Firstly, the agreement only forbids, as Obama puts it, “cyber-enabled theft of intellectual property.” This does nothing to address intellectual theft through the Chinese regime’s various other means.

In other words, it doesn’t forbid economic theft. It just addresses one method of economic theft.

And being the opaque system that it is, the Communist Party has plenty of leeway to play U.S. authorities for fools.

It would be simple to put on show trials and let the hackers go free afterward, while telling U.S. authorities they’re serving time behind bars. It would also be easy for them to pin the blame on unrelated, innocent parties.

The only time it could be verified that the Party had arrested the right people would be in the rare cases that U.S. authorities could obtain photographs and detailed profiles of Chinese hackers. For those keeping track, they’ve only been able to publicly identify around six specific hackers over the last decade, according to publicly available information.

The biggest piece left unmentioned, however, isn’t about the hackers at all. The part being missed is that the Chinese Communist Party is behind the attacks—and what the U.S. really needs is proof that the Chinese regime has dismantled its massive system for economic theft.

This means showing proof that they’ve rescinded state policies calling for economic theft—getting rid of programs such as its Project 863. It means showing proof that it has dismantled military branches involved in state-sponsored cyberattacks, particularly those under its General Staff Department, Third Department. And it means showing proof that state-run transfer centers throughout China tasked with reverse engineering stolen technology have been closed.

None of this appears to be on the cards, or even under discussion.

As this newsletter reported last week, the agreement only addresses a small part of the overall system for Chinese state-run economic theft. Hackers get the most attention, but the Chinese regime also uses a vast network of insiders—old fashioned human spies—who carry out this work.

The insiders working on Chinese economic theft operate in the sister department to its military hackers: the General Staff Department, Second Department.

And this is not to even speak of the individuals lured or coerced to spy for Chinese state-run companies. This often Chinese researchers, students, professors, and individuals already working in key U.S. companies.

Read the full article here

Original Article click here

President Barack Obama and Chinese leader Xi Jinping at the White House on September 25, 2015 (Jim Watson/AFP/Getty Images)President Barack Obama and Chinese leader Xi Jinping at the White House on September 25, 2015 (Jim Watson/AFP/Getty Images)

The cybersecurity deal between the United States and China is a deal without trust. With the United States threatening sanctions and declaring that its patience for Chinese cyberattacks had reached an end, the leader of the Chinese Communist Party (CCP), Xi Jinping, agreed to end cyberattacks that have been stealing trillions in value annually from the U.S. economy.

The agreement is being viewed with a sort of pessimistic hope in the cybersecurity community.

“My opinion is, I’ll believe it when I see it,” said Darren Hayes, director of cybersecurity and an assistant professor at Pace University, in a phone interview.

While some experts believe the threat of sanctions against Chinese companies is too large for the CCP not to comply, the CCP has a track record of saying one thing and doing another.

“I know it’s a priority for the U.S. government, because they estimate that trillions of dollars have been stolen, but this agreement lacks credibility,” said Hayes.

Obama and Xi announced the agreement during a joint press conference on Sept. 25, and drew a distinction between spy operations meant for economic gain, and those meant solely for espionage.

They agreed, Obama said, that neither country will “conduct or knowingly support cyberenabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage.”

Obama said he told Xi “the question now is, are words followed by actions.”

Oversight for Cyberspies

The cyberagreement will establish a system for high-level dialogue between the United States and the CCP. On the U.S. side, this will include U.S. secretary of homeland security and the U.S. attorney general.

The CCP will assign an official at the ministerial level. Other departments, including the FBI, the Department of Homeland Security, and Chinese offices with similar roles, will take part.

According to a White House fact sheet, this biannual dialogue will be used as a mechanism “to review the timeliness and quality of responses” if an incident takes place. In other words, if the United States detects a cyberattack being used to steal from a business, they will alert the CCP, and participants in the dialogue will review whether the CCP did anything about it.

Despite the oversight, on the surface the agreement appears to be toothless. Yet, deep down this may not be the case.

The context of the agreement is what’s important, according to Dmitri Alperovitch, co-founder and CTO of Crowdstrike, a cybersecurity technology company.

The CCP realized, he said in a phone interview, “if they didn’t concede on these points that sanctions would have been put on Chinese companies.”

While it doesn’t appear sanctions are mentioned directly in the agreement, the United States is reserving them as an option if the CCP’s use of cyberattacks for theft continue.

Obama hinted at this during the joint press conference with Xi. He said, “We will be watching carefully to make an assessment as to whether progress has been made in this area.”

If the CCP doesn’t comply, Obama said, sanctions and other retaliatory options are still on the table. He said, “I did indicate to President Xi that we will apply those and whatever other tools we have in our toolkit to go after cybercriminals, either retrospectively or prospectively.”

New Targets

One of the main problems the CCP faces is that its systems for economic theft are massive, and deeply entwined with its programs for economic growth.

Epoch Times recently exposed this system in an investigative report. The CCP’s economic theft is directed by legislation, and carried out by large-scale networks of military and private hackers. Stolen information is reverse engineered by a network of hundreds of “technology transfer centers” under government and academic offices. The system is also supported by more than 3,200 military front companies operating in the United States.

“We’re talking about tens of thousands of people involved in doing this for the Chinese government, and to say this is going to stop today or tomorrow is absurd,” said Hayes.

President Barack Obama (L) shakes hands with Chinese Communist Party leader Xi Jinping at the White House on Sept. 25. (JIM WATSON/AFP/Getty Images)

President Barack Obama (L) shakes hands with Chinese Communist Party leader Xi Jinping at the White House on Sept. 25. (JIM WATSON/AFP/Getty Images)

According to Alperovitch, however, the CCP may not need to dismantle this system. He believes the program could solve the problem of economic theft in the United States, but said Chinese hackers will still have plenty of targets to choose from.

Alperovitch said the CCP is unlikely to dismantle its network of military hackers. Instead, “They’re just going to give them new tasks.”

“It’s not going to cut down on all espionage,” he said, noting that we will likely see an increase in cyberattacks that fall under conventional espionage—and there will likely be an increase of Chinese cyberattacks against other countries.

The issue rests in two key elements of the agreement. First off, the agreement is currently only between the United States and China—and the CCP’s operations to steal intellectual property could simply turn their sights on businesses outside the United States.

Second, the agreement doesn’t cover cyberattacks that fall under the definition of old-fashioned espionage.

“The line is it has to be for commercial benefit,” Alperovitch said.

This means that cyberattacks stealing U.S. military blueprints, personal data on federal employees, and cyberattacks monitoring U.S. officials and other persons of interest will not only not end, but may even increase.

“I think the hope was just to curtail commercial espionage,” Alperovitch said. “There’s absolutely nothing you could do to stop the Chinese from stealing the blueprints from the F-35 [fighter jet].”

Obama emphasized this key difference in operations during a Sept. 16 business roundtable.

He said the United States has told the CCP, “We understand traditional intelligence gathering functions that all states, including us, engage in,” yet noted “that is fundamentally different from your government or its proxies engaging directly in industrial espionage and stealing trade secrets.”

Read the full article here