If you carry classified government information or trade secrets as part of your job, traveling in China is risky. Hackers, whether affiliated with the government, on the payroll of competing companies, or operating alone, are a constant threat, and you generally have to assume that you are never unobserved online. But a piece in the New York Times makes it exceedingly clear just how far one has to go to get even a measure of electronic privacy and security in China:
When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film. Kenneth G. Lieberthal of the Brookings Institution takes precautions while traveling. He leaves his cellphone and laptop at home and instead brings “loaner” devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.”
This is a philosophy that Representative Mike Rogers, chairman of the House Intelligence Committee, calls traveling “electronically naked”; Jacob Olcott, a cybersecurity expert at Good Harbor Consulting, calls it ‘Business 101’ for people involved in commerce in China. Read the NYT piece for more, but here’s one more nugget that emphasizes how dangerous, in terms of information security, it is to have any contact at all with Chinese systems:
McAfee, the security company, said that if any employee’s device was inspected at the Chinese border, it could never be plugged into McAfee’s network again. Ever. “We just wouldn’t take the risk,” said Simon Hunt, a vice president.
What’s the News: America’s intelligence agencies are in the business of predicting the future, using limited amounts of information to divine world events. But even expert analysts and sophisticated algorithms can make mistakes.
That’s why IARPA—which takes on high-risk, high-reward research projects (read: awesome longshots) in US intelligence—is turning to crowdsourcing, reports Adam Rawnsley at Wired.com’s Danger Room. Applied Research Associates will launch an IARPA-backed website this Friday to test whether those of us without security clearances can point the clandestine services in the right direction.
Over the last two years (and perhaps as long as four), hackers probably based in China have been targeting several huge multinational energy companies and using long-established techniques to extract information. That’s according to the computer security firm McAfee, which helped some of the companies fight back against the ongoing wave of attacks it has dubbed “Night Dragon.”
“We have confirmed that five companies have been attacked,” said Dmitri Alperovitch, McAfee’s vice president for threat research. He said he suspected that at least a dozen companies might have been affected by the team of computer hackers seemingly based in Beijing and who appeared to work during standard business hours there. “These people seemed to be more like company worker bees rather than free-spirited computer hackers,” he said. “These attacks were bold, even brazen, and they left behind a trail of evidence.” [The New York Times]
In a blog post about the attacks, McAfee CTO George Kurtz notes that the hackers took advantage of techniques that have been around for more than a decade. In fact, he says, their simplicity helped them to evade security software.
During the last two years — and up to four years — the hackers had access to the computer networks, focusing on financial documents related to oil and gas field exploration and bidding contracts, said Alperovitch. They also copied proprietary industrial processes. “That information is tremendously sensitive and would be worth a huge amount of money to competitors,” said Alperovitch. [Reuters]
It was late September when the world got wind of Stuxnet, the complex piece of malware that appeared to specifically target Iranian nuclear sites. Now, analysis of Stuxnet suggests it was almost perfectly designed to corrupt nuclear centrifuges, according to David Albright of the Institute for Science and International Security.
On Wednesday, Mr. Albright and a colleague, Andrea Stricker, released a report saying that when the worm ramped up the frequency of the electrical current supplying the centrifuges, they would spin faster and faster. The worm eventually makes the current hit 1,410 Hertz, or cycles per second — just enough, they reported, to send the centrifuges flying apart. In a spooky flourish, Mr. Albright said in the interview, the worm ends the attack with a command to restore the current to the perfect operating frequency for the centrifuges — which, by that time, would presumably be destroyed. [The New York Times]
Computer experts don’t know Stuxnet’s origin for sure, though the Times’ story drops a few cryptic hints of Israeli involvement. And further study of the attack shows that although Stuxnet appears calibrated to disrupt centrifuges, it could be easily adapted to seize the reins of other systems.
The widespread interconnection of corporate networks and use of SCADA systems [supervisory control and data acquisition] means that industrial infrastructure is increasingly vulnerable to software attack. Such control systems are used in virtually every industry—food production, vehicle assembly, chemical manufacturing—and are commonly exposed to insecure networks. This leaves them vulnerable to tampering, such as with Stuxnet, as well as intellectual property theft. [Ars Technica]
A lucrative new car market, a former General Motors employee, and a dumpster with shredded documents. According to a federal court indictment (pdf) released on Thursday, these may be a recipe for hybrid car espionage. A former GM employee and her husband–Shanshan Du and Yu Qin–stand accused of shuttling secrets out of the American automobile company and attempting to provide design information to a Chinese competitor.
Earth2Tech reports that as hybrids become a bigger part of the automotive landscape, they’re also the cause of more legal fights, including recent legal battles over hybrid technology patents involving Ford and Toyota.
According to Australia-based IP law firm Griffith Hack, filings for patents covering hybrid technology have been “increasing roughly exponentially” across much of the industry in the last few years, although the Clean Energy Patent Growth Index from intellectual property law firm Heslin Rothenberg Farley & Mesiti suggests a more gradual climb.[Earth2Tech]
General Motors values the stolen secrets at over $40 million and suspects that Du started loading documents onto a hard drive after the company offered her a severance package in January 2005.
Shahram Amiri is at the Pakistani embassy in Washington D.C. Unless he’s not.
The missing Iranian nuclear scientist is no stranger to intrigue and indecision: Last month we covered dueling YouTube videos in which two men, both claiming to be Amiri, say that either he was being held against his will in the United States or was studying freely and happily here. Today his case took more strange turns, as government officials in Pakistan claimed that Amiri is currently at their embassy in Washington, awaiting a return trip to Iran.
Today Amiri was quoted by Iranian official media as claiming that the US government had intended to return him to Iran to cover up his kidnapping in Saudi Arabia. “Following the release of my interview in the internet which brought disgrace to the US government for this abduction, they wanted to send me back quietly to Iran by another country’s airline,” he told state radio from the Iranian interests office in Washington. “Doing so, they wanted to deny the main story and cover up this abduction. However, they finally failed” [The Guardian].
These weren’t snapshots of covert meetings or secret handshakes, but–more likely–the quotidian: kittens and ice cream cones. They weren’t hidden in some obscure drop location, but viewable to the public, online. The pictures’ real importance was tucked inside, in encoded messages detailing secret meetings.
We aren’t talking Magic Eye–no mater how long you cross your eyes, staring at these pictures wouldn’t tell you where to drop off money or who to call. The alleged spies reportedly encoded the messages at the pixel level.
Every color on your computer screen is a combination of red, blue, and green–digitally represented as three numeric values. By making subtle changes to these numbers, the Russians hid binary code that someone–with the right software–could recombine into a message.
Have you seen this man? If so, please ask him to make up his mind.
Shahram Amiri, a 32-year-old Iranian nuclear scientist, is at the center of an episode of United States-Iran intrigue that just got weirder, thanks to YouTube. Amiri disappeared during his pilgrimage to Saudi Arabia last year, and anonymous U.S. officials confirmed that he defected, presumably bringing information about Iran’s nuclear program. Now he—or someone purporting to be him—appears in two contradictory videos that claim he was either abducted and tortured by the United States or is living happily here and going about his studies.
The first video:
The dark-haired man, appearing unshaven and disheveled, said he was being held against his will in Tucson. “I was kidnapped in a joint operation by the American intelligence, CIA terror and kidnap teams, and Saudi Arabia’s Istikhbarat” spy service, the man said in a grainy video aired in Iran on Monday night. He said he had been drugged before being smuggled out of Saudi Arabia, adding that he had been subjected to “severe torture” and “psychological pressures” [Washington Post].
A very different Amiri showed up in a second video today. He, or someone like him, appears in a professionally shot video sitting in front of some parlor with a globe and a chess board, as if he wants to have a few minutes of our time to talk about life insurance.
Despite burning curiosity, I have no idea what the Dalai Lama writes in his personal emails. But somewhere in China, hackers know.
China-based hacking operations have moved from murmurs to the front page since the fracas between the Chinese government and Google flared up three months ago. Besides the communist government’s flagrant and unapologetic Internet censorship, the search giant also accused China of harboring hackers who were behind politically motivated cyber attacks, like the targeting of Chinese human rights activists’ Gmail accounts. This week, computer security experts at the Munk School of Global Affairs at the University of Toronto announced that they’ve been trailing a group of China-based attackers they dub the “Shadow Network” for eight months. And they say they can show that those hackers have stolen a plethora of politically sensitive materials.
The intruders breached the systems of independent analysts, taking reports on several Indian missile systems. They also obtained a year’s worth of the Dalai Lama’s personal e-mail messages. The intruders even stole documents related to the travel of NATO forces in Afghanistan [The New York Times]. They also took political documents that outlined India’s concerns about its relations with Africa, Russia, and the Middle East. The core servers for the operation seem to be based in the city of Chengdu in southwest China.
Much to the chagrin of a certain Wyoming Senator, the Central Intelligence Agency is poised to fight terrorism and spy on sea lions (Sen. John Barrasso once quipped the CIA should stick to the former occupation). The nation’s top scientists and spies are collaborating on an effort to use the federal government’s intelligence assets — including spy satellites and other classified sensors — to assess the hidden complexities of environmental change. They seek insights from natural phenomena like clouds and glaciers, deserts and tropical forests [The New York Times].
The program will have little impact on the CIA’s normal intelligence gathering, say those involved, and will only release data already in hand or data gathered during satellite down time. The images will even have their sharpness decreased in order to maintain some secrecy about the satellites’ true capabilities.