Mandiant Internet Security accuses Chinese Army unit of cyber attacks on U.S.

By LUIS MIRANDA | THE REAL AGENDA | FEBRUARY 19, 2013

A secret unit of the People’s Liberation Army (PLA) of China is behind a number of attacks suffered by businesses and organizations in the United States, according to a report released by the U.S. company Mandiant Internet security.

The document says that research conducted by Mandiant in the last three years shows that groups that cyber attacked government agencies, companies and American newspapers “are based mainly in China and that the Chinese government is aware of them.”

The report commissioned by The New York Times and other media, that sought to track down and clean up their computer systems, identifies PLA Unit 61398, based in Shanghai, as one of the entities responsible for the attacks. Digital signatures of the so-called ‘virtual raids’, says Mandiant, were traced to a 12-story building in the financial district of Pudong in Shanghai.

According to Mandiant, this division of the Chinese Army is kept up by thousands of employees, and English proficient programming techniques and network management. The unit has stolen “hundreds of terabytes of data from at least 141 organizations in a wide range of industries since 2006”.

Most victims are located in the United States, according to the report. There is also, though in smaller numbers, victims in Canada and the UK. The stolen information ranges from details of business transactions, such as mergers and acquisitions, to emails from senior managers, according to the study released in the U.S. on Monday.

“The nature of the work carried out by Unit 61398 is considered a state secret in China. However, we believe that is involved in harmful Computer Network Operations “, the report said. “It’s time to admit that the threat originated in China, and we wanted to make our contribution to arm and equip security professionals in order to combat this threat effectively.”

The report focuses in particular on a group, which it calls APT1, or Advanced Persistent Threat, which, has removed vast amounts of information and has targeted critical infrastructure. the report alleges.

“We believe APT1 can continue a campaign of cyber espionage in large part because it receives direct support from the Chinese government,” says Mandiant, identifying APT1 with Unit 61398.

In recent weeks cyber attacks on U.S. newspapers like the New York Times and Wall Street Journal, as well as others made to Twitter, have supposedly been linked to Chinese hackers. The New York Times said that hackers stole passwords and accessed the personal computers of 53 employees, after the newspaper published information on the family fortune amassed by the Chinese premier, Wen Jiabao.

A report by the U.S. Congress last year said that increasingly dexterous entities backed by the Chinese government are trying to enter the U.S. systems, and called China “the most threatening player in cyberspace.”

China has repeatedly rejected the allegations and says that the country is also a victim of hackers. “The hacker attacks are transnational and can be hidden. Determining their origin is difficult. We do not know how they can stand support the evidence on that report,” said Hong Lei, a spokesman for the Foreign Ministry of China.

“Arbitrary criticism, based on rudimentary data is irresponsible, unprofessional and does not help solve the problem … China is strongly opposed to piracy,” Lei said, while emphasizing that China “is a major victim of cyber attacks” and that “of all of the attacks that the country suffers, most come from the United States.”

The questions that remains is, if both governments are so sure that their they are mutually responsible for the cyber attacks, why haven’t they sorted out the problem? Instead, China and the U.S. resort to censorship and internet power grabs in order to combat an invisible enemy, they say, which requires that everyone surrenders their ability to freely navigate the world wide web.

Everyone knows that cyber wars are conducted by the strongest players in world affairs in an attempt to exercise dominance against each other. No bread and butter hacker has the capacity to penetrate the kind of security set at Pentagon or the Chinese government. It is clear that the cyber terrorists are the governments themselves, therefore it is absurd that average internet users are obligated to be spied on because of these governments’ cyber terror activities.

The Real Agenda encourages the sharing of its original content ONLY through the tools provided at the bottom of every article. Please DON’T copy articles from The Real Agenda and redistribute by email or post to the web.

Advertisement

Leon Panetta announces that “Cyber Pearl Harbor” is near

By LUIS MIRANDA | THE REAL AGENDA | OCTOBER 22, 2012

The cyber ​​war against Iran began under President Bush with a series of attacks commanded by the governments of the United States and Israel. Their first known product, the Stuxnet virus, severely disrupted the Iranian nuclear facilities a couple of years ago. When it was discovered in the summer of 2010, the virus had escaped to the Internet from the Iranian Natanz nuclear plant. Obama made clear his concern and said he was weary about the U.S. turning into a “hacker” which could be a justification for other countries to launch attacks against the U.S.. But that is precisely what the cyber war is all about: seeking an external attack by provoking American foes so the military industrial complex can justify the takeover of the internet. Obama himself has approved internet censorship legislation that enables him and his government to block large portions of the internet or even to switch the net off.

Although officially the Iranians are the villains, they were not the first to push the button. It was Obama himself, who during his first presidential term, decided to carry out this less futile kind of war. He and his government developed cyber spying and cyber sabotage procedures that are now applied against the American people themselves as well as foreign governments. The plans to launch spying and cyber war games includes the use of drones to attack targets in countries such as Somalia, Yemen, Afghanistan and Pakistan.

The cyber war is usually kept quiet, so not many people learn about it unless it is found out that the U.S. and Israel are behind the attacks launched against Iran, as it has happened lately. Meanwhile, Leon Panetta, who has just declared that his country is on the brink of a “cyber Pearl Harbor”, does not say absolutely anything about the provocations carried out by the U.S. and its ally Israel. What is causing Panetta’s concerns? The Defense Secretary of the United States is referring to recent attacks on computer systems that belong to Saudi oil companies and U.S. financial institutions, which the U.S. attributes to Iran; more specifically, a cyber war operation put together by the Islamic Republic of Iran.

The existence of Iranian cyber warriors is not new, but the US has not shown any convincing proof that Iran was the one that attacked the Saudis or American banks. Since 2011 and in response to a previous cyber attacks that sought to hack its nuclear program — conducted by Israel and the US — Iran began working on a program to not only defend itself from such attacks, but to carry out offensives against its aggressors. But the United States has not demonstrated that the attacks carried out in August that affected the national oil company Saudi Aramco and some US banks, were of Iranian making.

Obama’s doubts about having the US work as a cyber terrorists state ended quickly and the White House along with the Pentagon and the CIA began a program known as Olimpic Games. Through this and other programs, Obama approved the escalation of cyber attacks against Iran. back in early July, The New York Times published an extensive report that explained how Obama “secretly ordered increased attacks against sophisticated computer systems inside Iranian factories that worked in the enrichment of uranium.” The report detailed how this plan expanded significantly the use of cyber terror tools from the part of the US government.

After launching the attacks, Obama also called on American civil and military intelligence services to work closer together and to cooperate on this front with the Israelis. After initially denying it, so that it did not have to recognize its weakness, the Iranian regime ended up recognizing that trojans, viruses and malware coming from outside Iran had infiltrated its nuclear energy programs.

In 2010, Richard A. Clarke, who was head of U.S. counterterrorism services with Bill Clinton and George W. Bush, published an essay entitled Cyber ​​War. Clarke talked about World War III in cyberspace for which states like U.S., Israel, Russia and China were already preparing to fight.

Some people believe that Flame, one of the viruses that got inside Iranian computers may have been the first of many trojan horses to come. In late May, the Iranian government agency dedicated to the fight against piracy (its acronym CERT) announced that it had located the virus, the most malignant ever invented. Flame had been infecting computers for two years without being detected by any antivirus software.

Flame is a set of programs that performs multiple tasks of espionage and sabotage: records conversations, allows the computer to be controlled remotely, has Bluetooth and takes over upcoming mobile phones near the computers, copies and transmits data remotely and is  undetectable by any existing antivirus program today.

Of course, the U.S. does not officially recognize any of these viruses that have undermined Iran’s nuclear program. Neither does Israel. But it is well known that the U.S. Air Force already has 7000 cyber warriors in bases located in Texas and Georgia. It is unknown to the public how many more of these the US has in other departments of the Pentagon, the CIA and other U.S. federal government agencies.

The effort to turn the US into a cyber terrorist state began in 2009 under President Obama. After approving various pieces of legislation, the US government created the United States Cyber ​​Command (USCYBERCOM) which is the organ that manages all special operations of the U.S. Air Force.

USCYBERCOM was not the only creature of its kind and now it seems to have found a serious rival in the Iranian specialized units.

The Real Agenda encourages the sharing of its original content ONLY through the tools provided at the bottom of every article. Please DON’T copy articles from The Real Agenda and redistribute by email or post to the web.

Google Warning Users against State-sponsored Cyber attacks

This move by the technology giant shouldn’t be understood as an attempt to keep user information safe. Google, a government-sponsored data mining operation is perhaps the largest violator of privacy on the Internet.

By JOHN ROGIN | FOREIGN POLICY | JUNE 6, 2012

A senior Senate aide confirmed that this evening he received a warning on his Gmail account that Google suspected he had been the target of a state-sponsored cyber attack.

Web giant Google is about to announce a new warning informing Gmail users when a specific type of attacker is trying to hijack their accounts — governments and their proxies.

Later today, the company will announce a new warning system that will alert Gmail users when Google believes their accounts are being targeted by state-sponsored attacks. The new system isn’t a response to a specific event or directed at any one country, but is part and parcel of Google’s recent set of policy changes meant to allow users to protect themselves from malicious activity brought on by state actors. It also has the effect of making it more difficult for authoritarian regimes to target political and social activists by hacking their private communications.

“We are constantly on the lookout for malicious activity on our systems, in particular attempts by third parties to log into users’ accounts unauthorized. When we have specific intelligence-either directly from users or from our own monitoring efforts-we show clear warning signs and put in place extra roadblocks to thwart these bad actors,” reads a note to users by Eric Grosse, Google’s vice president for security engineering, to be posted later today on Google’s Online Security blog, obtained in advance by The Cable. “Today, we’re taking that a step further for a subset of our users, who we believe may be the target of state-sponsored attacks.”

When Google’s internal systems monitoring suspicious internet activity, such as suspicious log-in attempts, conclude that such activities include the involvement of states or state-backed initiatives, the user will now receive the specialized, more prominent warning pictured above. The warning doesn’t necessarily mean that a user’s account has been hijacked, but is meant to alert users that Google believes a state sponsored attack has been attempted so they can increase their security vigilance.

Google wants to be clear they are not singling out any one government for criticism and that the effort is about giving users transparency about what is going on with their accounts, not about highlighting the malicious actions of foreign states.

“If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account,” Grosse writes. “You might ask how we know this activity is state-sponsored. We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis-as well as victim reports-strongly suggest the involvement of states or groups that are state-sponsored.”

Google insiders told The Cable that Google will not be giving out information on which governments it sees as the most egregious violators of web privacy.  For Google, the new initiative is not an effort against governments but a way to help its users help defend and protect themselves.

Users who click through the new warning message will be directed to a page that outlines commonly seen security threats and suggests ways users can immediately raise their level of security on Gmail.

“We’re constantly working to prevent harmful activity on our services, especially attempts to compromise our users’ information,” the insider said. “The primary message is: we believe that you’re a target so you should take immediate steps to protect your account.”

The new announcement comes only days after the company said they would alert users in mainland China when they use search terms that are likely to be censored by the Chinese government. According to another of Google’s official blogs, that move was meant to improve the search experience for Chinese users by allowing them to avoid terms that would result in stalls or breaks in their search experience due to government filters.

For example, Google said that Chinese users searching the character for “river,” which is “jiang” in Chinese, causes technical problems. The same character is also used in the search for former Chinese President Jiang Zemin.

Google didn’t specifically mention Chinese censorship in its notice about Chinese search terms, apparently in an effort not to antagonize the Chinese government any more than necessary. Google and Beijing have been at odds since 2010, when the company announced it would no longer censor search terms on the Google.cn and moved the bulk of its Chinese operations to Hong Kong.

That move followed a series of Gmail attacks in 2010, directed at Chinese human rights activists, which were widely suspected to be linked to the Chinese government. Following those attacks, the government-controlled People’s Daily publicly accused Google of being an agent for U.S. intelligence agencies.

While last week’s announcement and this week’s announcement are both being presented by Google as user based initiatives not directed at foreign governments, Google CEO Eric Schmidt has been speaking out publicly and forcefully in recent months about the potential negative role governments can play in circumventing internet freedom.

“While threats come from individuals and even groups of people, the biggest problem will be activities stemming from nations that seek to do harm,” he said in London last month.

Obama Pressed for Cyber attacks against Iran with Stuxnet and Flame

Main Stream Media carefully justifies attacks under the excuse that Iran might be producing a nuclear bomb or that Al-Qaeda — a USA creation — is using computers somewhere.

By DAVID E. SANGER | NY TIMES | JUNE 1, 2012

From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.

Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.

At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.

“Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.

Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.

This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day.

These officials gave differing assessments of how successful the sabotage program was in slowing Iran’s progress toward developing the ability to build nuclear weapons. Internal Obama administration estimates say the effort was set back by 18 months to two years, but some experts inside and outside the government are more skeptical, noting that Iran’s enrichment levels have steadily recovered, giving the country enough fuel today for five or more weapons, with additional enrichment.

Whether Iran is still trying to design and build a weapon is in dispute. The most recent United States intelligence estimate concludes that Iran suspended major parts of its weaponization effort after 2003, though there is evidence that some remnants of it continue.

Iran initially denied that its enrichment facilities had been hit by Stuxnet, then said it had found the worm and contained it. Last year, the nation announced that it had begun its own military cyberunit, and Brig. Gen. Gholamreza Jalali, the head of Iran’s Passive Defense Organization, said that the Iranian military was prepared “to fight our enemies” in “cyberspace and Internet warfare.” But there has been scant evidence that it has begun to strike back.

Read Full Article →

Iran unplugs oil terminal from Internet

ASSOCIATED PRESS | APRIL 23, 2012

Iran has disconnected its oil ministry and its main crude export terminal from the Internet to avoid being attacked by computer malware, a semiofficial news agency reported on Monday.

Mehr said an export terminal in Kharg Island and other oil facilities came under attack from malware and hackers but continued their work as usual.

Some 80 percent of Iran’s daily 2.2 million barrels of crude export goes through the Kharg facility, located off its southern coast.

Iran says that it is involved in a long-running technological war with the United States and Israel. In recent years, Tehran has repeatedly announced it has defused malware in its industrial sector including the highly specialized Stuxnet in 2010, which it said had targeted the country’s nuclear facilities.

This round of cyberattack began Sunday, Mehr quoted Hamdollah Mohammadnejad, deputy oil minister in charge of civil defense, as saying. He said the ministry and some provincial officers were taken offline, and a special headquarters was set up to confront the attacks.

Earlier this year, head of Iran’s civil defense agency Gholam Reza Jalali said the energy sector of the country has been a main target of cyberattacks over the past two years.

Iran has recently announced a series of cyberdefense measures spearheaded by the Revolutionary Guards _ a unit which already runs every key military program in Iran and many industries.

In March, the Guard set up what it claims is a hack-proof communications network for its high-level commanders.

Ultimately, Iran says it wants to set up a completely indigenous Internet that is also aimed at checking a “cultural invasion” by enemies aimed at promoting dissent and undermining the ruling system.

The Stuxnet virus was reported to have disrupted controls of some nuclear centrifuges. Tehran says its scientists neutralized the malware and it only damaged the laptops of some personnel at a nuclear power plant.

Iran is at odds with Israel and the West over its controversial nuclear program. The U.S. and its allies accuse Tehran of wanting to develop weapons technology. Iran denies the claims, saying its program is for peaceful purposes.

Iran has reported other cyberattacks since, including an infection in April 2011 dubbed “Stars” and a spy virus about which little is known but its name, “Doku.”