Mandiant Internet Security accuses Chinese Army unit of cyber attacks on U.S.

By LUIS MIRANDA | THE REAL AGENDA | FEBRUARY 19, 2013

A secret unit of the People’s Liberation Army (PLA) of China is behind a number of attacks suffered by businesses and organizations in the United States, according to a report released by the U.S. company Mandiant Internet security.

The document says that research conducted by Mandiant in the last three years shows that groups that cyber attacked government agencies, companies and American newspapers “are based mainly in China and that the Chinese government is aware of them.”

The report commissioned by The New York Times and other media, that sought to track down and clean up their computer systems, identifies PLA Unit 61398, based in Shanghai, as one of the entities responsible for the attacks. Digital signatures of the so-called ‘virtual raids’, says Mandiant, were traced to a 12-story building in the financial district of Pudong in Shanghai.

According to Mandiant, this division of the Chinese Army is kept up by thousands of employees, and English proficient programming techniques and network management. The unit has stolen “hundreds of terabytes of data from at least 141 organizations in a wide range of industries since 2006”.

Most victims are located in the United States, according to the report. There is also, though in smaller numbers, victims in Canada and the UK. The stolen information ranges from details of business transactions, such as mergers and acquisitions, to emails from senior managers, according to the study released in the U.S. on Monday.

“The nature of the work carried out by Unit 61398 is considered a state secret in China. However, we believe that is involved in harmful Computer Network Operations “, the report said. “It’s time to admit that the threat originated in China, and we wanted to make our contribution to arm and equip security professionals in order to combat this threat effectively.”

The report focuses in particular on a group, which it calls APT1, or Advanced Persistent Threat, which, has removed vast amounts of information and has targeted critical infrastructure. the report alleges.

“We believe APT1 can continue a campaign of cyber espionage in large part because it receives direct support from the Chinese government,” says Mandiant, identifying APT1 with Unit 61398.

In recent weeks cyber attacks on U.S. newspapers like the New York Times and Wall Street Journal, as well as others made to Twitter, have supposedly been linked to Chinese hackers. The New York Times said that hackers stole passwords and accessed the personal computers of 53 employees, after the newspaper published information on the family fortune amassed by the Chinese premier, Wen Jiabao.

A report by the U.S. Congress last year said that increasingly dexterous entities backed by the Chinese government are trying to enter the U.S. systems, and called China “the most threatening player in cyberspace.”

China has repeatedly rejected the allegations and says that the country is also a victim of hackers. “The hacker attacks are transnational and can be hidden. Determining their origin is difficult. We do not know how they can stand support the evidence on that report,” said Hong Lei, a spokesman for the Foreign Ministry of China.

“Arbitrary criticism, based on rudimentary data is irresponsible, unprofessional and does not help solve the problem … China is strongly opposed to piracy,” Lei said, while emphasizing that China “is a major victim of cyber attacks” and that “of all of the attacks that the country suffers, most come from the United States.”

The questions that remains is, if both governments are so sure that their they are mutually responsible for the cyber attacks, why haven’t they sorted out the problem? Instead, China and the U.S. resort to censorship and internet power grabs in order to combat an invisible enemy, they say, which requires that everyone surrenders their ability to freely navigate the world wide web.

Everyone knows that cyber wars are conducted by the strongest players in world affairs in an attempt to exercise dominance against each other. No bread and butter hacker has the capacity to penetrate the kind of security set at Pentagon or the Chinese government. It is clear that the cyber terrorists are the governments themselves, therefore it is absurd that average internet users are obligated to be spied on because of these governments’ cyber terror activities.

The Real Agenda encourages the sharing of its original content ONLY through the tools provided at the bottom of every article. Please DON’T copy articles from The Real Agenda and redistribute by email or post to the web.

Advertisement

Obama to extend his powers to launch ‘preemptive’ cyber attacks

The latest power grab enables the President of the United States to launch pre-emptive attacks on anyone suspicious of planning to attack U.S. infrastructure.

By LUIS MIRANDA | THE REAL AGENDA | FEBRUARY 5, 2013

President Barack Obama will have the authority to order preventive cyber attacks if the U.S. detects a potential threat from abroad. Officials consulted by several U.S. media say the administration wants to take action against the increasing number of attacks on computer networks in the country.

According to main stream media reports, Obama will sign a new executive order to take on new powers that enable him to start a new phase in American history: cyber wars. The Obama administration has recently studied the use of the available computer arsenal and its conclusion is that the president may assume such jurisdiction if a computer attack is sensed.

The Obama administration has worked on model legislation that would have passed both these powers as a framework of security standards to supposedly protect the country’s infrastructure as well as how the nation would respond to a cyber attack. The bill backed by the White House was rejected by the opposition in Congress, so the president, as he has done since his first day in office, will use an executive order to expand his power.

Remember the talk of a presidential internet kill switch? This is it, and the power to turn it on and off will now be put on paper.

Obama’s gesture coincides with recent reports of attacks by Chinese hackers to several U.S. media, so one of Obama’s justification to sign a new executive order that gives him unlimited power to launch a cyber attack is that his propaganda machine must be spared from any attacks so that it can continue lying to people about Obama’s real intention to grab the web. As it is widely known, no part of the United States sensitive infrastructure is ‘online’.

Defense Secretary Leon Panetta used scare tactics last fall when he warned about a new “cyber Pearl Harbor” that could cause massive damage to American infrastructure. He mentioned that hackers could “derail passenger trains or cargo trains loaded with deadly chemicals” and that “there are cases in which intruders have gained access to control systems “of various parts of U.S. infrastructure. The Obama administration argues that any such attacks would be treated as an “act of war”.

The U.S. Department of Defense already created a new cyber command and ordered some sectors to increase its budget within the Army. Current legislation states that the U.S. can only carry out anti terrorist missions in those countries where it is involved in a war, but the new rules would allow the president and intelligence agencies to access foreign networks in order to detect possible attacks targeting the U.S. or  introduce computer viruses into their systems to prevent operation. That is exactly what the United States and Israel did to Iran last year even though there wasn’t any legislation approved neither by the Congress nor the president. What politicians in Washington are doing right now is simply coding what they’ve been doing for a long time. Of course any and all details about the so-called preemptive cyber attacks will remain secret.

The U.S. used cyber war to carry out an offensive against Iran, focusing exclusively on the infrastructure of its uranium enrichment plant, which in itself could have cause a massive nuclear accident. The project, inherited from the Bush administration, managed to block the operation of Iran’s nuclear program by introducing a computer virus in their systems, which showed that a nation’s infrastructure can be disabled or destroyed without previous warning and without bombarding buildings or civilian populations.

Experts say cyber warfare could cause serious damage to attack targets such as the U.S. financial system or transport networks. What those experts don’t point out is that very few nations, a dozen or less, have the technical capability to carry out such attacks, and that in the military community everyone knows who those countries are. Therefore, no preemptive strikes are needed. All it is needed is to remain vigilant instead of granting the president even more power than he already has.

What the United States is essentially saying is, do as we say, not as we do. The idea that the Americans intend to establish cooperation and exchange of information with governments and private entities in order to prevent a cyber Pearl Harbor, is as real as Santa Claus. The U.S. is simply announcing to the world that its next battlefield for conquest will be the world wide web, a territory rarely seen as the next stage in global warfare.

According to news reports, Obama’s main focus will be to prevent intrusions into the systems that manage the energy, finances chemical and basic services networks, none of which are ‘online’ or need to be online. The Obama Administration has publicly defended the U.S. response to cyber warfare, saying that it should focus both on preventing attacks as well as strengthening their computer systems to reduce the potential consequences of such an attack.

Since the supposed cyber attacks may not come from a nation, but could come from so-called terrorists groups, it is unlikely preemptive cyber attacks will be a real solution to them. The new power grab led by the Obama administration is mostly about grabbing the web to conduct its own terror plots, much like the United States has done in the physical world up until today. U.S. military dominance will extend itself from the ‘real’ world to cyber space.

The Real Agenda encourages the sharing of its original content ONLY through the tools provided at the bottom of every article. Please DON’T copy articles from The Real Agenda and redistribute by email or post to the web.

White House prepares Executive Order to ‘protect the country’ from Cyberattacks

By JENNIFER MARTINEZ | THE HILL | SEPTEMBER 7, 2012

The White House is circulating a draft of an executive order aimed at protecting the country from cyberattacks, The Hill has learned.

The draft proposal, which has been sent to relevant federal agencies for feedback, is a clear sign that the administration is resolved to take action on cybersecurity even as Congress remains gridlocked on legislation that would address the threat.

The draft executive order would establish a voluntary program where companies operating critical infrastructure would elect to meet cybersecurity best practices and standards crafted, in part, by the government, according to two people familiar with the document.

The concept builds off of a section in the cybersecurity bill from Sen. Joe Lieberman (I-Conn.) that was blocked last month by Senate Republicans, who called it a backdoor to new regulations.

The draft has undergone multiple revisions and is brief, spanning no more than five pages. It is still being worked on and is subject to change, the people familiar with the draft stressed.

It’s also unclear whether the final product will get the president’s approval to move forward.

A new draft of the executive order is expected to be shared with agencies next week.

White House counterterrorism adviser John Brennan first floated the idea of an executive order in a speech a few days after the Senate bill failed. He said the White House would consider taking action on the executive level to ensure key infrastructure such as the power grid, water supply and transportation networks are secure.

The momentum for cybersecurity legislation in Congress weakened after Lieberman’s bill failed to clear the Senate. Now industry groups and Congress are watching the White House for clues about what might be included in a executive order on cybersecurity.

A spokeswoman for the White House declined to comment on whether a draft for a executive order was being circulated, but said it is one of the options the administration is weighing.

Read Full Article →

U.S. Military Openly Admits to Conducting Cyberwarfare

Destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries.

By NOAH SHACHTMAN | WIRED.com | AUGUST 29, 2012

There was a time, not all that long ago, when the U.S. military wouldn’t even whisper about its plans to hack into opponents’ networks. Now America’s armed forces can’t stop talking about it.

The latest example comes from the U.S. Air Force, which last week announced its interest in methods “to destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries [sic] ability to use the cyberspace domain for his advantage.” But that’s only one item in a long list of “Cyberspace Warfare Operations Capabilities” that the Air Force would like to possess. The service, in its request for proposals, also asked for the “ability to control cyberspace effects at specified times and places,” as well as the “denial of service on cyberspace resources, current/future operating systems, and network devices.”

The Air Force says it will spend $10 million on the effort, mostly for short programs of three to 12 months; the service wants its Trojans and worms available, ASAP. And they should be available to both the top brass and to the “operational commander,” too. In other words, cyber strikes shouldn’t just be the prerogative of the president, to be launched at only the most strategically important moments. Malware should be a standard component of a local general’s toolkit.

These digital weapons could even be deployed before a battle begins. The Air Force notes that it would like to deploy “technologies/capabilities” that leave “the adversary entering conflicts in a degraded state.”

Such an open discussion — even one so vague — might seem like a bit of a surprise, considering the Obama administration is actively investigating leaks to the press about America’s online espionage campaign against Iran. The Senate Intelligence Committee considered the disclosure so dangerous, it passed a controversial bill last month that creates new punishments for leakers of classified information.

But this isn’t 2007, when the Pentagon was still insisting that it had a “defensive mindset” in cyberspace. New pieces of military-grade malware — apparently linked to the broader U.S. cyberspying push — are being discovered constantly on Middle Eastern networks. Besides, the Air Force is hardly alone in talking about its desire for — and use of — network attacks. They are becoming a regular part of the military conversation — so normal, in fact, that generals are even beginning to talk about their troops’ wartime hacking.

 Lt. Gen. Richard Mills, who led coalition forces in southwestern Afghanistan in 2010 and 2011, bragged at a technology conference last week that his troops had broken into militants’ communications. “I can tell you that as a commander in Afghanistan in the year 2010, I was able to use my cyber operations against my adversary with great impact,” Mills said. “I was able to get inside his nets, infect his command-and-control, and in fact defend myself against his almost constant incursions to get inside my wire, to affect my operations.”

Mills added that the Marines had recently put together a company of Marines, stationed at the headquarters of the National Security Agency, to give the Corps “an offensive capability.” A second company “will be designed to increase the availability of intelligence analysts, intelligence collectors and offensive cyber operations and place them in the appropriate unit, at the appropriate time, at the appropriate place, so that forward deployed commander in the heat of combat has full access to the cyber domain.”

The day before Mills’ talk, the Pentagon’s leading research division announced a new, $110 million program to help warplanners assemble and launch online strikes in a hurry and make cyber attacks a more routine part of U.S. military operations. The effort, dubbed “Plan X” by the Defense Advanced Research Projects Agency, isn’t supposed to formally get underway until Sept. 20. But Darpa has already awarded a no-bid, $600,000 contract to the Washington-area cybersecurity firm Invincea to start work on “Plan X.”

Invincea wasn’t immediately able to comment on the “Digital Battlefield Understanding Study and proof-of-concept demonstration” that it intends to produce for Darpa. But a military document justifying Invincea’s sole-source contract notes that the company submitted an “unsolicited proposal” for the project on June 26. Less than a month later, it was approved. “Invincea is the only source who possesses the particular commercial software and knowledge necessary to rapidly address technical insights in modeling a cyber battlespace and optimizing digital battle plans,” the document notes.

Invincea isn’t the only military contractor working on the tools of cyber war, however. These days, the build-up of America’s online arsenal has become the subject of all sorts of open talk and deal-making.

Another Cyber False-Flag to Lock down the Internet

First came Stuxnet, then Flame and Duqu. Now, prepare for Gauss

By LUIS MIRANDA | THE REAL AGENDA | AUGUST 13, 2012

The efforts to bring about full control of the free internet are about to receive another jolt, as a new cyber bug known as Gauss is fast spreading around the world collecting information from banking institutions, commercial transactions and other data.

Gauss was discovered by Kaspersky Lab, a Moscow-based computer security firm. According to its workers, Gauss is from the same making as Stuxnet and Flame, two computers viruses launched by the US and Israel to disrupt Internet services, especially in the Middle East.

Gauss is then a new form of cyber false-flag launched by governments that have an interest in kidnapping the web to make it of their own while curtailing access and free speech. The virus has been targeting banks, social networks and e-commerce, among others. It has been stealing login and password information as well as email and instant messaging data.

Gauss’s actions have been felt more strongly in the Middle East, in countries such as Lebanon, while in the West, the virus attacked computers at CitiGroup Inc.’s and Paypal. The specificity of the attacks already has many people buzzing about whether this virus could be used to create glitches that would cause a financial disaster, something of the kind seen in Wall Street, where financial transactions were affected by a ‘malfunction’ which caused great pain to investors. No need to emphasize that Wall Street is also connected to the World Wide Web, and that any strong attack on financial business could at the very least shut down the exchange.

People at Kaspersky Lab, among other computer technology companies are still trying to determine the reach that this virus has had so far and whether it is a bug carrying out surveillance in order to later execute a massive attack, or if it will start spreading its own poison around the financial world. The only information that has now been confirmed, is that Gauss is indeed a state- sponsored cyber-espionage tool. “Researchers from the security software manufacturer Symantec Corp, confirm Kaspersky Lab’s summation that Gauss is related to previous government-created cyber warfare viruses,” reports Occupy Corporatism.

Previous to Gauss, Stuxnet and Flame were used to attack technological infrastructure linked to the production of nuclear energy in Iran by entering the online systems and installing surveillance and .exe programs in an effort to slow down and destroy Iranian infrastructure. “After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same ‘factory’ or ‘factories.’ All these attack toolkits represent the high end of nation-state-sponsored cyber-espionage and cyber war operations,” said Kaspersky Lab in a communiqué.

A common reason given by governments in order to justify these kind of attacks is the need to be vigilant when it comes to Middle East threats, especially movement of monies between what the US and Israel consider dangerous governments or traditional terrorist groups. Of course this is a lie, as the US government itself has, in numerous occasions authorized terrorist groups to carry out financial transactions in order to support their operations. This happened in Libya and is now happening is Syria, where the US Treasury has officially announced their support for the terrorist rebel groups who are fighting the Syrian Army.

While the US government congratulates itself for its fight against terrorism and money laundering — which is in itself questionable — its Treasury Department is publicly enabling terrorists in Syria to fund their operations against the local government. Back in November 2011, a report on Pravda revealed how US and other global baking entities were being used to hide dirty money from the drug trade. In that specific case, banks around the world allowed the circulation of $352 billion dollars in drug cartel money. According to the same report, billions more in drug money had been injected into the economy in previous years.

These cyber attacks are examples of double false-flags, not only because they cause disruption in transactions and commerce, but also because they have the intended purpose of being used as excuses to ramp up the corporate power-grab of the Internet. Something similar has been happening in the United States in the realm of the Second Amendment and gun rights in general, where two mass shootings have brought the calls for gun regulations back onto the main stream.

According to Kapersky Lab, the makers of Gauss went to a great deal of trouble to hide the purpose of the virus by using sophisticated encryption codes that may take a few months to break. International organizations interested in controlling the web, such as the United Nations, has warned governments worldwide about the threat posed by Gauss. Paradoxically, there isn’t anything more threatening to the Internet than the management of its infrastructure by one single entity, which is what the UN wants. The UN’s cyber security coordinator, Marco Obiso, said in a statement that “we don’t know what exactly it does. We can have some ideas. We are going to emphasize this.”

Parallel to the UN’s efforts to divert attention from its intent to manage the web all by itself, the United States Department of Homeland Security (DHS) is said to be studying any possible threat that Gauss may present to the country. “The department’s cyber security analysts are working with organizations that could potentially be affected to detect, mitigate and prevent such threats,” said DHS’ Peter Boogaard.

The same kind of attacks now being conducted by the US and Israel against other nations’ infrastructure, are the reasons why highly advanced technological states such as Russia, the United States and China have called for the adoption of harsher cybersecurity policies in order to defend their own countries. Is it because they intend to keep on causing cyber attacks in order to call for more Internet control, or is it because they know that their infrastructure will be the subject of attacks in response to their non-stop terror attacks on other nations?

One fact is clear. The only cyber attacks the world has witnessed so far haven’t come from fringe terrorist organizations, crazy individuals with the technology to send out a massive attack on sensible systems or rogue governments in the traditional sense. All of the major attacks have come from the collaboration of very advanced countries who publicly call themselves the victims of attacks, but that privately are the ones carrying out such attacks.

Could the next attack be one that will enable governments like the US, China or Israel to justify an even more dangerous attack on inoffensive nations? Or perhaps it will be a chance to cause a major financial attack in addition to imposing significant restrains on those who access the Internet and what can be uploaded or downloaded, for example. A worldwide attack of major proportions on the financial industry would certainly be a handy tool to carry out more financial terrorism of the kind being conducted right now against developed and developing nations.

We will have to wait and see. Meanwhile, it is clear that any attempt to curtail Internet freedom will not go unnoticed by the public because we already know the cyber terrorists’ modus operandi.