Tuesday, July 10, 2012

596 Snowden affair blunts U.S. push for China to curb cyber theft

Snowden affair blunts U.S. push for China to curb cyber theft

Newsletter published on 14 July 2013

(1) & (2) Snowden: Microsoft gives NSA access to encrypted messages,
Skype calls
(3) Snowden: secret court rulings used to "legitimize" Gov't
surveillance violating Constitution
(4) Snowden: NSA monitors China's internet via Cisco
(5) China cyberpries stealing US intellectual property
(6) Pentagon accuses China over cyber-espionage
(7) Chinese military unit accused of hacking attacks
(8) Pentagon chief Chuck Hagel accuses China of cyberattacks
(9) US weapon plans compromised by China: report
(10) Snowden affair blunts U.S. push for China to curb cyber theft
(11) US attempts to block Chinese Cyberspies

(1) Snowden: Microsoft gives NSA access to encrypted messages, Skype calls

http://www.digitaljournal.com/article/354172

Edward Snowden reveals Microsoft collaboration with the NSA

By Michael Thomas

Jul 11, 2013

A new series of files provided by Edward Snowden show that Microsoft
collaborated closely with the National Security Agency to give the
agency access to Microsoft's encrypted data.

The Guardian recently obtained top secret files that reveal just how
closely Microsoft worked with the much-maligned NSA. Among other things,
the report speaks of Microsoft allowing the NSA the ability to intercept
web chats; access to Microsoft's cloud-based storage system SkyDrive;
and audio and video recordings of conversations on Skype, the chat tool
Microsoft bought in 2011.

The revelations come at a particularly bad time for Microsoft, Gizmodo
reports. Just a few hours earlier on Thursday, the company announced
vast new restructuring plans. Ironically, Microsoft launched a marketing
campaign in April with the slogan "Your privacy is our priority."

In response to the allegations, Microsoft said, "When we upgrade or
update products we aren't absolved from the need to comply with existing
or future lawful demands." They also insist they only provide customer
data when asked by the government, and further, only when the data is
about a specific case or person.

Many major technology firms in Silicon Valley are reportedly lobbying
the government to allow them to disclose the exact nature of their
co-operation with the NSA, citing customer concern over privacy. Since
the revelation of the PRISM program, technology firms listed on NSA
documents have routinely denied any knowledge of the program's
existence. They have also said the NSA does not have any "back door"
access to their data.

Several countries have since expressed concern over the extent of the
NSA's spying. Most recently, two French human rights groups are suing
the NSA, as reported by Digital Journal. Various US politicians have
defended the PRISM program, however, saying that it is crucial to the
nation's security.

(2) Snowden: Microsoft gives NSA access to encrypted messages, Skype calls

http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data

How Microsoft handed the NSA access to encrypted messages

Secret files show scale of Silicon Valley co-operation on Prism
Outlook.com encryption unlocked even before official launch
Skype worked to enable Prism collection of video calls
Company says it is legally compelled to comply

Glenn Greenwald, Ewen MacAskill, Laura Poitras, Spencer Ackerman and
Dominic Rushe

The Guardian, Friday 12 July 2013

Microsoft has collaborated closely with US intelligence services to
allow users' communications to be intercepted, including helping the
National Security Agency to circumvent the company's own encryption,
according to top-secret documents obtained by the Guardian.

The files provided by Edward Snowden illustrate the scale of
co-operation between Silicon Valley and the intelligence agencies over
the last three years. They also shed new light on the workings of the
top-secret Prism program, which was disclosed by the Guardian and the
Washington Post last month.

The documents show that:

? Microsoft helped the NSA to circumvent its encryption to address
concerns that the agency would be unable to intercept web chats on the
new Outlook.com portal;

? The agency already had pre-encryption stage access to email on
Outlook.com, including Hotmail;

? The company worked with the FBI this year to allow the NSA easier
access via Prism to its cloud storage service SkyDrive, which now has
more than 250 million users worldwide;

? Microsoft also worked with the FBI's Data Intercept Unit to
"understand" potential issues with a feature in Outlook.com that allows
users to create email aliases;

? In July last year, nine months after Microsoft bought Skype, the NSA
boasted that a new capability had tripled the amount of Skype video
calls being collected through Prism;

? Material collected through Prism is routinely shared with the FBI and
CIA, with one NSA document describing the program as a "team sport".

The latest NSA revelations further expose the tensions between Silicon
Valley and the Obama administration. All the major tech firms are
lobbying the government to allow them to disclose more fully the extent
and nature of their co-operation with the NSA to meet their customers'
privacy concerns. Privately, tech executives are at pains to distance
themselves from claims of collaboration and teamwork given by the NSA
documents, and insist the process is driven by legal compulsion.

In a statement, Microsoft said: "When we upgrade or update products we
aren't absolved from the need to comply with existing or future lawful
demands." The company reiterated its argument that it provides customer
data "only in response to government demands and we only ever comply
with orders for requests about specific accounts or identifiers".

In June, the Guardian revealed that the NSA claimed to have "direct
access" through the Prism program to the systems of many major internet
companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.

Blanket orders from the secret surveillance court allow these
communications to be collected without an individual warrant if the NSA
operative has a 51% belief that the target is not a US citizen and is
not on US soil at the time. Targeting US citizens does require an
individual warrant, but the NSA is able to collect Americans'
communications without a warrant if the target is a foreign national
located overseas.

Since Prism's existence became public, Microsoft and the other companies
listed on the NSA documents as providers have denied all knowledge of
the program and insisted that the intelligence agencies do not have back
doors into their systems.

Microsoft's latest marketing campaign, launched in April, emphasizes its
commitment to privacy with the slogan: "Your privacy is our priority."

Similarly, Skype's privacy policy states: "Skype is committed to
respecting your privacy and the confidentiality of your personal data,
traffic data and communications content."

But internal NSA newsletters, marked top secret, suggest the
co-operation between the intelligence community and the companies is
deep and ongoing.

The latest documents come from the NSA's Special Source Operations (SSO)
division, described by Snowden as the "crown jewel" of the agency. It is
responsible for all programs aimed at US communications systems through
corporate partnerships such as Prism.

The files show that the NSA became concerned about the interception of
encrypted chats on Microsoft's Outlook.com portal from the moment the
company began testing the service in July last year.

Within five months, the documents explain, Microsoft and the FBI had
come up with a solution that allowed the NSA to circumvent encryption on
Outlook.com chats

A newsletter entry dated 26 December 2012 states: "MS [Microsoft],
working with the FBI, developed a surveillance capability to deal" with
the issue. "These solutions were successfully tested and went live 12
Dec 2012."

Two months later, in February this year, Microsoft officially launched
the Outlook.com portal.

Another newsletter entry stated that NSA already had pre-encryption
access to Outlook email. "For Prism collection against Hotmail, Live,
and Outlook.com emails will be unaffected because Prism collects this
data prior to encryption."

Microsoft's co-operation was not limited to Outlook.com. An entry dated
8 April 2013 describes how the company worked "for many months" with the
FBI which acts as the liaison between the intelligence agencies and
Silicon Valley on Prism to allow Prism access without separate
authorization to its cloud storage service SkyDrive.

The document describes how this access "means that analysts will no
longer have to make a special request to SSO for this a process step
that many analysts may not have known about".

The NSA explained that "this new capability will result in a much more
complete and timely collection response". It continued: "This success is
the result of the FBI working for many months with Microsoft to get this
tasking and collection solution established."

A separate entry identified another area for collaboration. "The FBI
Data Intercept Technology Unit (DITU) team is working with Microsoft to
understand an additional feature in Outlook.com which allows users to
create email aliases, which may affect our tasking processes."

The NSA has devoted substantial efforts in the last two years to work
with Microsoft to ensure increased access to Skype, which has an
estimated 663 million global users.

One document boasts that Prism monitoring of Skype video production has
roughly tripled since a new capability was added on 14 July 2012. "The
audio portions of these sessions have been processed correctly all
along, but without the accompanying video. Now, analysts will have the
complete 'picture'," it says.

Eight months before being bought by Microsoft, Skype joined the Prism
program in February 2011.

According to the NSA documents, work had begun on smoothly integrating
Skype into Prism in November 2010, but it was not until 4 February 2011
that the company was served with a directive to comply signed by the
attorney general.

The NSA was able to start tasking Skype communications the following
day, and collection began on 6 February. "Feedback indicated that a
collected Skype call was very clear and the metadata looked complete,"
the document stated, praising the co-operation between NSA teams and the
FBI. "Collaborative teamwork was the key to the successful addition of
another provider to the Prism system."

ACLU technology expert Chris Soghoian said the revelations would
surprise many Skype users. "In the past, Skype made affirmative promises
to users about their inability to perform wiretaps," he said. "It's hard
to square Microsoft's secret collaboration with the NSA with its
high-profile efforts to compete on privacy with Google."

The information the NSA collects from Prism is routinely shared with
both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA
has recently expanded sharing with the other two agencies.

The NSA, the entry reveals, has even automated the sharing of aspects of
Prism, using software that "enables our partners to see which selectors
[search terms] the National Security Agency has tasked to Prism".

The document continues: "The FBI and CIA then can request a copy of
Prism collection of any selector=85" As a result, the author notes:
"these two activities underscore the point that Prism is a team sport!"

In its statement to the Guardian, Microsoft said:

We have clear principles which guide the response across our entire
company to government demands for customer information for both law
enforcement and national security issues. First, we take our commitments
to our customers and to compliance with applicable law very seriously,
so we provide customer data only in response to legal processes.

Second, our compliance team examines all demands very closely, and we
reject them if we believe they aren't valid. Third, we only ever comply
with orders about specific accounts or identifiers, and we would not
respond to the kind of blanket orders discussed in the press over the
past few weeks, as the volumes documented in our most recent disclosure
clearly illustrate.

Finally when we upgrade or update products legal obligations may in some
circumstances require that we maintain the ability to provide
information in response to a law enforcement or national security
request. There are aspects of this debate that we wish we were able to
discuss more freely. That's why we've argued for additional transparency
that would help everyone understand and debate these important issues.

In a joint statement, Shawn Turner, spokesman for the director of
National Intelligence, and Judith Emmel, spokeswoman for the NSA, said:

The articles describe court-ordered surveillance and a US company's
efforts to comply with these legally mandated requirements. The US
operates its programs under a strict oversight regime, with careful
monitoring by the courts, Congress and the Director of National
Intelligence. Not all countries have equivalent oversight requirements
to protect civil liberties and privacy.

They added: "In practice, US companies put energy, focus and commitment
into consistently protecting the privacy of their customers around the
world, while meeting their obligations under the laws of the US and
other countries in which they operate."

? This article was amended on 11 July 2013 to reflect information from
Microsoft that it did not make any changes to Skype to allow Prism
collection on or around July 2012.

(3) Snowden: secret court rulings used to "legitimize" Gov't
surveillance violating Constitution


http://www.heraldsun.com.au/technology/news/nsa-whistleblower-edward-snowden-surfaces-to-meet-activists-at-moscows-sheremetyevo-airport/story-fni0bzod-1226678729528

NSA whistleblower Edward Snowden surfaces to meet activists at Moscow's
Sheremetyevo airport

AP
JULY 13, 2013 6:43AM

http://www.heraldsun.com.au/technology/news/nsa-whistleblower-edward-snowden-surfaces-to-meet-activists-at-moscows-sheremetyevo-airport/story-fni0bzod-1226678729528

EDWARD Snowden has been seen meeting with human rights activists at
Moscow's Sheremetyevo international airport.

National Security Agency leaker Edward Snowden wants asylum in Russia
and is willing to stop sharing information as a trade-off for such a
deal, according to a parliament member who was among a dozen activists
and officials to meet with him Friday.

Mr Snowden appeared nervous, but in apparently good health during the
meeting behind closed doors in the transit zone of Moscow's Sheremetyevo
airport where he's been marooned for weeks, Duma member Vyacheslav
Nikonov told reporters.

In a statement, Mr Snowden said he had no regrets about leaking
information about government surveillance but admitted that it had been
at a person cost to him.
<http://wikileaks.org/Statement-by-Edward-Snowden-to.html>

"The 4th and 5th Amendments to the Constitution of my country, Article
12 of the Universal Declaration of Human Rights, and numerous statutes
and treaties forbid such systems of massive, pervasive surveillance," Mr
Snowden said.  "While the US Constitution marks these programs as
illegal, my government argues that secret court rulings, which the world
is not permitted to see, somehow legitimize an illegal affair.

"That moral decision to tell the public about spying that affects all of
us has been costly, but it was the right thing to do and I have no
regrets," he said.

A photo attributed to a Human Rights Watch representative who attended
the meeting was posted on the Guardian and other websites, the first
image to appear of Mr Snowden since the newspaper broke the story of
widespread US internet surveillance based on his leaks.

An image posted to Twitter of NSA whistleblower Edward Snowden meeting
with rights activists in Moscow. Picture: Tanya Lokshina - Human Rights
Watch

Dmitry Peskov, President Vladimir Putin's spokesman, told Russian news
agencies after the announcement on Friday that Russia has not yet
received a new bid for asylum from Mr Snowden and that Mr Putin would
continue with his insistence that Mr Snowden stop leaking information.

Both Mr Nikonov and Genri Reznik, a lawyer who participated in the
meeting, said Mr Snowden was willing to stop leaks. ...

(4) Snowden: NSA monitors China's internet via Cisco

http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20130618000122&cid=1101

Cisco's business in China set to suffer from Prism revelations

Staff Reporter 2013-06-18 16:29 (GMT+8)

At a time when nine internet companies are believed to be involved in
the US National Security Agency's Prism surveillance, Cisco Systems, one
of the nine and the world's biggest IT equipment provider in cloud
computing, has been involved in almost all China's major network
construction projects, the Shenzhen-based Securities Times reports.

Edward Snowden, a former technical worker at the CIA and NSA last week
sensationally revealed himself as the whistleblower behind leaks that
uncovered secret US government surveillance programs. Snowden, an IT
administrator for the defense contractor Booz Allen Hamilton, said that
the UK intelligence-gathering agency GCHQ may have connections to the
Prism program, which is said to give American agencies easy access to
nine of the world's top internet companies, as well as the phone records
of millions of people.

According to Snowden, nine companies, including Cisco, Apple, Facebook,
Microsoft and Google, are involved in spying activities by giving access
to their databanks to the US agencies — an accusation all nine companies
swiftly denied, the report said.

However, on June 14, Facebook and Microsoft admitted that the US
government had asked them to provide information on their users, and
they unveiled the partial details in a bid to distance themselves from
the Prism revelations as early as possible.

Meanwhile, Chinese media has turned the focus to the potential threats
to China's internet security by these US internet companies, as Snowden
revealed that the NSA monitored China's internet and computer operations
via Cisco.

Cisco has reportedly been involved in almost all the construction of
major network projects in China related to the government, customs, post
offices, finance, railway, aviation, medical, military and police, as
well as telecommunication networks. Cisco controls more than 70% of
China's two biggest internet operators, China Telecom and China Unicom,
which together account for more than 80% of the country's internet traffic.

Furthermore, Cisco is the key technology and equipment supplier to the
US government and its military. Security experts are therefore worried
that in the even of war, the US government could use Cisco's products
around the world to create an internet war to deal a major blow to
adversary countries.

Cisco has overtaken Hewlett-Packard and IBM to become the world's
biggest IT equipment provider in terms of cloud computing, according to
market researcher Synergy Research Group.

Cisco raked in income of more than US$1.6 billion last year in China,
representing 30% of its total profits. It is expected that the Prism
incident will seriously affect its business in China, while other
companies such as Microsoft and Apple will also see their business in
mainland China affected, the report said.

Since last year, security experts already called for the Chinese
government to emphasize internet security problems. The Prism incident
is a major warning and may well prompt Beijing to enact an internet
security act to set clear rules to regulate purchases by the government,
military and state-run enterprises.

Such legislation would inevitably benefit domestic suppliers such as
Huawei and ZTE in cloud computing, data processing, IT consulting and
information security, the report said. Perhaps a touch ironically, the
two Chinese companies have seen their attempts to expand their business
in the United States hampered by national security concerns from the US
government in precisely the same manner as Cisco may be expected to
experience.

(5) China cyberpries stealing US intellectual property

http://www.theregister.co.uk/2013/05/23/us_government_report_chinese_ip_theft/

Report: China IP theft now equal in value to US exports to Asia

Stricter security testing, sanctions and legal counterhacking needed

By Iain Thomson in San Francisco

Posted in Security, 23rd May 2013 01:33 GMT

China is responsible up to 80 per cent of US intellectual property
theft, which a government report has estimated accounts for $300bn in
lost exports, roughly the equivalent of the current American trade
balance with Asia.

"Unless current trends are reversed, there is a risk of stifling
innovation, with adverse consequences for both developed and still
developing countries," the IP Commission report warns. "The American
response to date of hectoring governments and prosecuting individuals
has been utterly inadequate to deal with the problem."

The commission, headed by the former ambassador to China and Republican
presidential candidate Jon Huntsman, former director of national
intelligence Admiral Dennis Blair, and aided by former Intel boss Craig
Barrett, has spent the last year examining the state of IP theft in the
US, and the results aren't pretty.

An estimated 70 per cent of US corporate assets are tied up in
"intangible assets" such as intellectual property, and around 6 per cent
of this is being lost in IP theft every year, according to the
commission. If China operated at the same level of IP law as the US, the
result would be an estimated $107bn in additional annual sales for
American companies and net employment could increase by 2.1 million jobs.

The most immediate problem is that US companies are being directly
harmed by IP theft. The report cited a recent case where a US firm had
perfected a miniaturized smartphone component, only to have its designs
(and markets) stolen when Middle Kingdom companies undersold them using
the purloined material.

China was also fingered in a US Senate Armed Services Committee
investigation that found over 1,800 counterfeit electronic and
mechanical products that were traced back to over 100 Chinese firms.
Some factories building these fake goods employ 15,000 people at a time.

Other countries are also taking part in skinning the US on IP, according
to the report.

"Russia, India, and other countries constitute important actors in a
worldwide challenge," it states. "Many issues are the same: poor legal
environments for IPR, protectionist industrial policies, and a sense
that IP theft is justified by a playing field that benefits developed
countries."

This is all leading to the long-term effect of discouraging research and
development by US companies, the report suggests. There's little point
in spending vast amounts on R&D if someone's going to steal the result
and manufacture it offshore.

Send lawyers, guns, and money

The report makes 21 recommendations, with the initial push being
legislative. Congress needs to view IP theft as a matter of national
security, the report suggests, and a foreign company's record on the
issue must be taken into account when deciding whether to allow foreign
investors to operate in the US and use its banking and financial services.

Disclosure laws also have to be beefed up, so that when US companies
suffer theft they have to report it and can be held accountable. The US
should move away from the policy of trying to persuade governments to
enforce IP laws and be more willing to use bodies like the International
Trade Commission to pursue claims.

The report says increases are needed in the funding and investigative
capabilities of the FBI and Department of Justice to go after IP
offenders and, somewhat more controversially, it also recommends US
companies should be freed up to take measures to fight back against
attackers and retrieve stolen information.

"Currently, Internet attacks against hackers for purposes of
self-defense are as illegal under U.S. law as the attacks by hackers
themselves," the report states. "If counterattacks against hackers were
legal, there are many techniques that companies could employ that would
cause severe damage to the capability of those conducting IP theft."

Finally, offending companies must be penalized in cases of proven theft,
to reduce the financial incentive for crime. This could involve a tariff
on Chinese imports amounting to 150 per cent of the estimated value of
IP theft and/or the withholding of an equivalent amount from the World
Health Organization budget.

All this will make uncomfortable reading for President Obama as he
prepares for his first meeting with the new Chinese president Xi Jinping
next month. No doubt they will have lots to talk about on the IP front. ®

(6) Pentagon accuses China over cyber-espionage

http://www.abc.net.au/news/2013-05-07/an-pentagon-report-accuses-china-of-cyber-espionage/4674056

Updated May 28, 2013 07:33:57

A Pentagon report says China has engaged in widespread cyber-espionage
in a bid to extract information about the US Government's foreign policy
and military plans.

In its 83-page annual report to Congress on Chinese military
developments, the Pentagon said China's cyber snooping was a "serious
concern" that pointed to an even greater threat because the "skills
required for these intrusions are similar to those necessary to conduct
computer network attacks".

"The US government continued to be targeted for (cyber) intrusions, some
of which appear to be attributable directly to the Chinese government
and military," it said.

The report says the main purpose of the hacking was to gain information
to benefit defence industries, military planners and government leaders.

"China is using its computer network exploitation (CNE) capability to
support intelligence collection against the US diplomatic, economic, and
defence industrial base sectors that support US national defence
programs," it said.

"In 2012, numerous computer systems around the world, including those
owned by the US government, continued to be targeted for intrusions,
some of which appear to be attributable directly to the Chinese
government and military."

The report marked the most explicit statement yet from the United States
that it believes China's cyber spying is focused on the US government,
as well as American corporations.

Although President Barack Obama's administration has demanded China stop
widespread cyber theft, officials have tended to focus their public
comments on the hacking of private business networks and not US
government agencies.

The information targeted by the cyber spying could possibly benefit
China's arms and technology sectors, as well policymakers interested in
US leaders' thinking on China-related issues, the report said.

The cyber spying could assist Chinese military planners in "building a
picture of US network defence networks, logistics, and related military
capabilities that could be exploited during a crisis," it said.

US officials have grown alarmed over what they call increasingly brazen
hacking from China that has penetrated defence contractors including
Lockheed Martin and a host of other organizations and agencies.

The digital espionage was part of a broader industrial espionage effort
that seeks to secure military-related US and Western technology,
allowing Beijing to scale back its reliance on foreign arms manufacturers.

"China continues to leverage foreign investments, commercial joint
ventures, academic exchanges, the experience of repatriated Chinese
students and researchers, and state-sponsored industrial and technical
espionage to increase the level of technologies and expertise available
to support military research, development, and acquisition," the report
said. ...

ABC/Wires

(7) Chinese military unit accused of hacking attacks

http://www.abc.net.au/news/2013-02-20/chinese-military-unit-accused-of-hacking-attacks/4528870

By Brendan Trembath and wires

Updated February 20, 2013 11:59:52

Computer security company Mandiant says it believes a Chinese military
unit is responsible for multiple hacking attacks against the United States.

The US-based company has released a report that identifies 'Unit 61398'
as the most likely source of attacks on at least 141 organisations,
"across a diverse set of industries beginning as early as 2006".

"The nature of 'Unit 61398's' work is considered by China to be a state
secret; however, we believe it engages in harmful 'Computer Network
Operations'," Mandiant said in the report.

"It is time to acknowledge the threat is originating in China, and we
wanted to do our part to arm and prepare security professionals to
combat that threat effectively."

The report says Unit 61398 is located in Shanghai's Pudong district,
China's financial and banking hub, and staffed by perhaps thousands of
people proficient in English as well as computer programming and network
operations.

The unit had stolen "hundreds of terabytes of data".

Clients including The New York Times have hired Mandiant to clean up
their systems after cyberattacks.

The New York Times said hackers stole its corporate passwords and
accessed the personal computers of 53 employees after the newspaper
published a report on the family fortune of China's premier Wen Jiabao.

Most of the hacking victims are located in the United States, with
smaller numbers in Canada and Britain.

The information stolen ranged from details on mergers and acquisitions
to the emails of senior employees, Mandiant said.

The 12-storey building that reportedly houses the unit sits in an
unassuming residential area and is surrounded by a wall adorned with
military propaganda photos and slogans. ...

(8) Pentagon chief Chuck Hagel accuses China of cyberattacks

http://www.theaustralian.com.au/news/world/pentagon-chief-chuck-hagel-accuses-china-of-cyberattacks/story-e6frg6so-1226654977891

AFP   June 01, 2013 3:41PM

US Defence Secretary Chuck Hagel has accused Beijing of involvement in
cyber espionage in a speech at a Singapore security forum attended by
Chinese military officials.

Stepping up US pressure on China over electronic espionage ahead of a
summit between their leaders next week, Hagel pointedly blamed the
Chinese government and military for repeated intrusions into sensitive
US information systems.

"The United States has expressed our concerns about the growing threat
of cyber intrusions, some of which appear to be tied to the Chinese
government and military," Hagel said in prepared remarks delivered at an
annual Singapore conference known as the Shangri-La Dialogue.

"As the world's two largest economies, the US and China have many areas
of common interest and concern, and the establishment of a cyber working
group is a positive step in fostering US-China dialogue on cyber," the
Pentagon chief said.

"We are determined to work more vigorously with China and other partners
to establish international norms of responsible behaviour in cyberspace."

Hagel's speech came at the end of a week in which China was forced to
deny claims that it mounted a cyber attack to steal the plans for ASIO's
Canberra headquarters.

US President Barack Obama and his Chinese counterpart Xi Jinping will
meet in California on June 7-8, the two leaders' first meeting since Xi
took office in March.

China's delegation to the Singapore meeting was led by Lieutenant
General Qi Jianguo, a deputy chief of the general staff of the People's
Liberation Army.

Hagel's remarks came just days after China's defence ministry dismissed
a Pentagon report released in May accusing Chinese hackers of accessing
US weapons designs. ...

The Pentagon report released in early May said China has engaged in
widespread cyber espionage in a bid to extract information about the US
government's foreign policy and military plans.

China kept up a steady campaign of hacking in 2012 that included
attempts to target US government computer networks, which could provide
Beijing a better insight into America's policy deliberations and
military capabilities, it said.

"China is using its computer network exploitation (CNE) capability to
support intelligence collection against the US diplomatic, economic, and
defense industrial base sectors that support US national defense
programs,'' said the report.

(9) US weapon plans compromised by China: report

http://articles.washingtonpost.com/2013-05-27/world/39554997_1_u-s-missile-defenses-weapons-combat-aircraft

Ellen Nakashima

Washington Post

May 28, 2013

Washington: Designs for many of the US's most sensitive advanced weapons
systems have been compromised by Chinese hackers, according to a report
prepared for the Pentagon and to officials from government and the
defence industry.

Among more than two dozen major weapons systems whose designs were
breached were programs critical to US missile defences and combat
aircraft and ships, according to a previously undisclosed section of a
confidential report prepared by the Defence Science Board for Pentagon
leaders.

Experts warn that the electronic intrusions gave China access to
advanced technology that could accelerate the development of its weapons
systems and weaken the US military advantage in a future conflict.

The Defence Science Board, a senior advisory group composed of
government and civilian experts, did not accuse the Chinese of stealing
the designs. But senior military and industry officials with knowledge
of the breaches said the vast majority were part of a widening Chinese
campaign of espionage against US defence contractors and government
agencies.

The significance and extent of the targets help explain why the Obama
administration has escalated its warnings to the Chinese government to
stop what Washington sees as rampant cyber theft.

In March, the advisory panel warned in the public version of its report
that the Pentagon is unprepared to counter a full-scale cyber conflict.
The list of compromised weapons designs is contained in a confidential
version, and it was provided to The Washington Post.

Some of the weapons form the backbone of the Pentagon's regional missile
defence for Asia, Europe and the Persian Gulf. The designs included
those for the advanced Patriot missile system, known as PAC-3; an Army
system for shooting down ballistic missiles, known as the Terminal High
Altitude Area Defence, or THAAD; and the Navy's Aegis ballistic missile
defence system.

Also identified in the report are vital combat aircraft and ships,
including the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk
helicopter and the Navy's new Littoral Combat Ship, which is designed to
patrol waters close to shore.

Also on the list is the most expensive weapons system ever built – the
F-35 Joint Strike Fighter, which is on track to cost about $US1.4
trillion ($1.45 trillion). The 2007 hack of that project was reported
previously.

China, which is pursuing a long-term, comprehensive strategy to
modernise its military, is investing in ways to overcome the US military
advantage – and cyber espionage is seen as a key tool in that effort,
the Pentagon noted this month in a report to Congress on China. For the
first time, the Pentagon specifically named the Chinese government and
military as the culprit behind intrusions into government and other
computer systems.

As the threat from Chinese cyber espionage has grown, the administration
has become more public with its concerns. In a speech in March, Thomas
Donilon, the national security adviser to President Barack Obama, urged
China to control its cyber activity. In its public criticism, the
administration has avoided identifying the specific targets of hacking.

But US officials said several examples were raised privately with senior
Chinese government representatives in a four-hour meeting a year ago.
The officials, who spoke on the condition of anonymity to describe a
closed meeting, said senior US defence and diplomatic officials
presented the Chinese with case studies detailing the evidence of major
intrusions into US companies, including defence contractors.

In addition, a recent classified National Intelligence Estimate on
economic cyber espionage concluded that China was by far the most active
country in stealing intellectual property from US companies.

The Chinese government insists that it does not conduct cyber espionage
on US agencies or companies, and government spokesmen often complain
that Beijing is a victim of US cyber attacks.

Mr Obama is expected to raise the issue when he meets with Chinese
President Xi Jinping next month in California. ...

(10) Snowden affair blunts U.S. push for China to curb cyber theft

http://www.reuters.com/article/2013/07/09/us-usa-china-cyber-idUSBRE96713220130709

Mon, Jul 8 2013

By Paul Eckert

WASHINGTON | Tue Jul 9, 2013 6:35am EDT

WASHINGTON (Reuters) - Revelations by former U.S. spy agency contractor
Edward Snowden will make it harder for the United States to confront
China at talks this week over the alleged cyber theft of trade secrets
worth hundreds of billions of dollars a year.

Snowden's disclosures of American electronic surveillance around the
world give China an argument to counter U.S. complaints that it steals
private intellectual property (IP) from U.S. companies and research centers.

Cyber security is at the center of high-level talks between the two
countries in Washington that will show whether a positive tone struck by
President Barack Obama and new Chinese President Xi Jinping at a summit
last month can translate into cooperation on difficult issues.

Top U.S. officials, from Obama down, have long tried to convince China
to recognize a clear line between the kind of cyber espionage by spy
agencies revealed by Snowden and the theft of technology.

"This Snowden thing has muddied the waters in a terrible way," said
James McGregor, author of a book on China's authoritarian capitalism and
industrial policy.

"China would rather have the waters muddy, because they can say 'You do
it. We do it. What's the big deal?' and the cyber theft from companies
will go on and on," he said by telephone from China, where he is senior
counselor for APCO Worldwide, a U.S. business consultancy.

At the talks, U.S. officials will press China on cyber theft, Treasury
Secretary Jack Lew said last week, describing the problem as "just
different from other kinds of issues in the cyber area.

Many countries spy on each other, but U.S. officials say China is unique
in the amount of state-sponsored IP theft it carries out as it tries to
catch up with the United States in economic power and technological prowess.

Last week the U.S. Department of Justice charged Chinese wind turbine
maker Sinovel Wind Group Co and two of its employees with stealing
software source code from U.S.-based AMSC worth $800 million.

The U.S. Chamber of Commerce hopes "to see a clear indication that China
recognizes thefts of trade secrets, whether by cyber or other means, is
stealing property and will bring the full force of its laws to curb
this," said Jeremie Waterman, the group's senior director for Greater China.

Beijing parries complaints about Chinese hacking into the computers of
U.S. businesses by saying China is itself a major victim of cyber
espionage. Chinese officials have dismissed as unconvincing recent U.S.
official and private-sector reports attributing large-scale hacking of
American networks to China.

China's official Xinhua news agency said last month the Snowden case
showed the United States was "the biggest villain in our age" and a
hypocrite for complaining about Chinese cyber attacks.

On Tuesday, the Communist Party's People's Daily attacked the United
States for a hypocritical internet policy of defending hacking in the
name of national security when it suited Washington's purposes.

"Differentiating hacking attacks as 'good' and 'bad' is a double
standard when it comes to internet security," the newspaper's overseas
edition said in a front page comment.

China's stance seems to be stiffened by Snowden's revelations of
widespread surveillance by the National Security Agency and his
assertion that the agency hacked into critical network infrastructure at
universities in China and Hong Kong.

Snowden fled to Hong Kong before his leaks to newspapers became public
last month, and then went to Moscow, where he is believed to be holed up
in the transit area of the Sheremetyevo airport, trying to find a
country to give him sanctuary.

'OUT OF BOUNDS' SPYING

Now in their fifth year, the annual U.S.-Chinese talks, known as the
Strategic and Economic Dialogue, will cover topics from U.S. concerns
about North Korea's nuclear weapons and expanding military ties to
climate change and access to Chinese financial markets.

China's exchange-rate policy is on the agenda, although it has receded
as an issue with the gradual strengthening of the yuan and a reduction
of huge current account imbalances.

This year U.S. Secretary of State John Kerry and Lew host Chinese State
Councilor Yang Jiechi and Vice Premier Wang Yang for the first such
dialogue session since China's once-a-decade leadership change in March,
when Xi took over.

The meetings follow Obama's summit last month with Xi in California,
where the two men developed what aides called a productive relationship.
Nevertheless, Obama demanded Chinese action to halt what he called "out
of bounds" cyber spying.

Officials from the two countries discussed international law and
practices in cyberspace at low-level talks on Monday. Cyber security
will feature at other meetings during the week that are also likely to
address U.S. accusations that Beijing gained access electronically to
Pentagon weapons designs.

IP theft costs U.S. businesses $320 billion a year, a sum equivalent to
annual U.S. exports to Asia, the authors of a recent report say.

China accounts for between 50 percent and 80 percent of IP theft
suffered by U.S. firms, the Commission on the Theft of American
Intellectual Property, a bipartisan group of former U.S. officials, said
in a May report.

Cyber theft of industrial designs, business strategies and trade secrets
is just a part of IP pilfering.

IP theft also involves "planted employees, bribed employees, employees
who were appealed to on the basis of nationalism and all the traditional
means of espionage, often accompanied by cyber," said Richard Ellings,
president of the National Bureau of Asian Research think tank, who
co-wrote the report.

The U.S. District Court in Manhattan charged three New York University
researchers in May with conspiring to take bribes from Chinese medical
and research outfits for details about NYU research into magnetic
resonance imaging technology.

Arrests by U.S. Immigration and Customs Enforcement and the Homeland
Security Department for IP infringements rose 159 percent and
indictments increased 264 percent from 2009 to 2013, a June report by
the U.S. Intellectual Property Enforcement Coordinator showed.

The Commission on the Theft of American Intellectual Property called for
tough penalties including banking sanctions, bans on imports and
blacklisting in U.S. financial markets.

(Additional reporting by Ben Blanchard in BEIJING; Editing by Alistair
Bell, Xavier Briand and Clarence Fernandez)

(11) US attempts to block Chinese Cyberspies

http://online.wsj.com/article/SB10001424127887324694904578600041603746114.html

Updated July 12, 2013, 12:57 a.m. ET

U.S., Firms Draw a Bead on Chinese Cyberspies

BY DANNY YADRON AND SIOBHAN GORMAN

The U.S. government gave American Internet providers addresses linked to
suspected Chinese hackers earlier this year as part of a previously
undisclosed effort aimed at blocking cyberspying, current and former
U.S. officials said.

The push reflects a significant shift in levels of cooperation between
the government and Internet companies amid rising concerns over hacking.
It also marks a bold move by the U.S. as it takes part in high-level
meetings on cybersecurity and other matters with the Chinese this week
in Washington. Each side accuses the other of cyberespionage. ...

No comments:

Post a Comment