FBI claims China is engaging in both traditional, economic espionage, and more

FBI Wray

Important Takeaways:

  • FBI says China is ‘defining threat of our generation’ with hackers ready to ‘wreak havoc’ in US
  • FBI Director Christopher Wray has said the national security threats in the US are ‘more complex and sophisticated than ever’ as he claimed China is ‘becoming more aggressive’
  • He said: “Today’s national security threats are more complex and sophisticated than ever. We’re seeing hostile nation-states becoming more aggressive in their efforts to steal our secrets and our innovation, target our critical infrastructure, and export their repression to our shores.
  • “Front and center is China—the defining threat of our generation. To put it simply, the CCP [Communist Party of China] is throwing its whole government at undermining the security and economy of the rule-of-law world.”
  • Wray warned officials that “China’s hacking program is larger than that of every other major nation combined.”
  • “If each one of the FBI’s cyber agents and intelligence analysts focused exclusively on the China threat, China’s hackers would still outnumber FBI cyber personnel by at least 50 to 1”, he added.
  • In the alarming speech, the FBI claimed China is engaging in “traditional espionage and economic espionage, foreign malign influence, election interference, and transnational repression—often working in tandem.”

Read the original article by clicking here.

China has been conducting espionage activities in Cuba since at least 1992

John Kirby

Ecclesiastes 5:8 If you see the poor oppressed in a district, and justice and rights denied, do not be surprised at such things; for one official is eyed by a higher one, and over them both are others higher still

Important Takeaways:

  • A retired American intelligence official told the Miami Herald in a report published Wednesday that China has been conducting espionage activities in Cuba since at least 1992, taking advantage of the fall of the Soviet Union to forge a closer relationship with the fellow communist nation.
  • The base, Simmons claimed, is located in Bejucal, a suburb of the greater Havana area.
  • Simmons described the base as a “signals intelligence facility,” meaning a base to intercept American communications for espionage purposes
  • John Kirby, national security council coordinator, called it “shameful” that anonymous sources were informing the public of potential Chinese espionage activity 90 miles from U.S. soil.
  • It’s shameful that somebody, or somebodies, somehow think it’s okay to put this kind of information in the public bloodstream,” Kirby scolded reporters, “Clearly, there’s a source or sources out there that think it’s somehow beneficial to put this kind of information into the public stream, and it’s absolutely not …

Read the original article by clicking here.

Italy arrests navy captain for spying, expels Russian diplomats

By Crispian Balmer and Angelo Amante

ROME (Reuters) – Italy expelled two Russian diplomats on Wednesday after police said they had caught an Italian navy captain passing secret documents to a Russian military official in return for money.

The Italian captain and the Russian embassy staff member were arrested in a car park in Rome and accused of “serious crimes tied to spying and state security” after their meeting on Tuesday night, Italian Carabinieri police said.

The suspects were not officially identified. A police source said the captain was called Walter Biot and had accepted 5,000 euros ($5,900) in return for the information.

It was not immediately possible to contact Biot, who was in custody, and the name of his lawyer was not disclosed.

Ansa news agency said NATO documents were among the files that the Italian had handed over, raising potential security worries for other members of the Western military alliance.

Italy immediately summoned the Russian ambassador Sergey Razov and expelled two Russian officials believed to be involved in what Foreign Minister Luigi Di Maio called an “extremely grave matter”.

Biot, 54, had the rank of a frigate captain but was working at the defense ministry department tasked with developing national security policy and managing part of the relations with Italy’s allies, a ministry source told Reuters.

Previously, he had worked at the ministry’s external relations unit. His name and picture appear in the book of contacts for Italy’s 2014 European Union presidency.

“The accusation of espionage against Italian and Russian officers shows that we must continue to work closely with Europe and our allies to constantly improve our means of protecting the safety and well-being of our citizens,” Di Maio said.

Russian news agencies, citing the Russian embassy in Italy, said the pair who were expelled worked in the military attaché’s office. Officials did not say whether the Russian army official who had met the captain was one of those ordered to leave.

Russia’s Interfax news agency quoted a Russian lawmaker as saying Moscow would reciprocate for the expulsions, standard practice in such cases.

However, statements from Moscow suggested Russia was keen to play down the incident. The Russian foreign ministry was quoted as saying that it regretted the expulsions, but that they did not threaten bilateral relations.

Earlier, the Kremlin said it did not have information about the circumstances of the case but hoped the two countries would maintain positive and constructive ties.

The incident was the latest in a series of spying accusations in recent months against Russians in European countries. Bulgaria expelled Russian officials on suspicion of spying in March, and the Netherlands did so in December.

Tuesday’s arrests were ordered by prosecutors following a long investigation carried out by the Italian intelligence with the support of the military, the police said.

($1 = 0.8524 euros)

U.S. to require approvals on work of Chinese diplomats in America

By Humeyra Pamuk and David Brunnstrom

WASHINGTON (Reuters) – The United States said on Wednesday it would now require senior Chinese diplomats to get State Department approval before visiting U.S. university campuses and holding cultural events with more than 50 people outside mission grounds.

Washington cast the move as a response to what it said was Beijing’s restrictions on American diplomats based in China. It comes as part of a Trump administration campaign against alleged Chinese influence operations and espionage activity.

The State Department said it also would take action to help ensure all Chinese embassy and consular social media accounts were “properly identified.”

“We’re simply demanding reciprocity. Access for our diplomats in China should be reflective of the access that Chinese diplomats in the United States have, and today’s steps will move us substantially in that direction'” U.S. Secretary of State Mike Pompeo told a news briefing.

It was the latest U.S. step to restrict Chinese activity in the United States in the run-up to the November presidential election, in which President Donald Trump has made a tough approach to China a key foreign policy platform.

Pompeo also said Keith Krach, the State Department’s undersecretary for Economic Growth, had written recently to the governing boards of U.S. universities alerting them to threats posed by the Chinese Communist Party.

“These threats can come in the form of illicit funding for research, intellectual property theft, intimidation of foreign students and opaque talent recruitment efforts,” Pompeo said.

He said universities could ensure they had clean investments and endowment funds, “by taking a few key steps to disclose all (Chinese) companies’ investments invested in the endowment funds, especially those in emerging-market index funds.”

On Tuesday, Pompeo said he was hopeful Chinese Confucius Institute cultural centers on U.S. university campuses, which he accused of working to recruit “spies and collaborators,” would all be shut by the end of the year.

Last month, Pompeo labeled the center that manages the dozens of Confucius Institutes in the United States “an entity advancing Beijing’s global propaganda and malign influence” and required it to register as a foreign mission.

The State Department announced in June it would start treating four major Chinese media outlets as foreign embassies, calling them mouthpieces for Beijing.

It took the same step against five other Chinese outlets in February, and in March said it was slashing the number of journalists allowed to work at U.S. offices of major Chinese media outlets to 100 from 160 due to Beijing’s “long-standing intimidation and harassment of journalists.”

(Reporting by Humeyra Pamuk and David Brunnstrom; Editing by Chizu Nomiyama and Bill Berkrot)

U.S. diplomats head to China despite row over Houston consulate

By Humeyra Pamuk

WASHINGTON (Reuters) – A flight bound for Shanghai carrying U.S. diplomats has left the United States as Washington presses ahead with its plan to restaff its mission in China a day after a U.S. order to close the Chinese consulate in Houston sharply escalated tensions.

A person familiar with the matter told Reuters the flight, carrying an unspecified number of U.S. diplomats, left Washington on Wednesday evening. The State Department did not immediately respond to a request for comment.

An internal State Department email dated July 17, seen by Reuters, said the department was working to arrange a charter flight to Shanghai from Washington’s Dulles International Airport departing on Thursday.

The source said this flight had departed earlier than initially planned.

The email said a tentative July 29 flight to Tianjin and Beijing was in the initial planning stages and a target date for another flight, to Guangzhou, was still to be determined.

The memo said priority was being given to reuniting separated families and returning section/agency heads.

The U.S. is working to fully restaff its mission in China, one of its largest in the world, which was evacuated in February because of COVID-19, the illness caused by the new coronavirus.

Thursday’s flight went ahead despite a dramatic move by Washington to close China’s consulate in Houston amid sweeping espionage allegations.

China warned on Thursday it would be forced to respond to the U.S. move, which had “severely harmed” relations.

It gave no details, but the South China Morning Post reported that China may close the U.S. consulate in Chengdu, while a source told Reuters on Wednesday it was considering shutting the consulate in Wuhan, where the United States withdrew staff at the start of the coronavirus outbreak.

Two flights have so far taken place to return some of the more than 1,200 U.S. diplomats with their families to China since negotiations for the returns hit an impasse in early July over conditions China wanted to impose on the Americans.

The impasse caused the State Department to postpone flights tentatively scheduled for the first 10 days of July.

U.S.-China relations have deteriorated this year to their lowest level in decades over a wide range of issues, including China’s handling of the coronavirus pandemic, bilateral trade and a new security law for Hong Kong.

Washington and Beijing have been negotiating for weeks over the terms of how to bring U.S. diplomats back amid disagreement over COVID-19 testing and quarantine procedures as well as frequency of flights and how many each can bring back.

(Reporting by Humeyra Paumuk; Additional reporting by David Brunnstrom; Editing by Mary Milliken and Diane Craft)

U.S. orders China to shut Houston consulate as spying accusations mount

By Cate Cadell and David Brunnstrom

BEIJING/WASHINGTON (Reuters) – The United States gave China 72 hours to close its consulate in Houston amid accusations of spying, marking a dramatic deterioration in relations between the world’s two biggest economies.

The U.S. State Department said on Wednesday the Chinese mission in Houston was being closed “to protect American intellectual property and Americans’ private information.”

China’s foreign ministry said Washington had abruptly issued the demand on Tuesday and called it an “unprecedented escalation.” The ministry threatened unspecified retaliation.

The Chinese Embassy in Washington had received “bomb and death threats” because of “smears & hatred” fanned by the U.S. government, spokeswoman Hua Chunying wrote in a tweet.

“The U.S. should revoke its erroneous decision,” she said. “China will surely react with firm countermeasures.”

Communist Party rulers in Beijing were considering shutting the U.S. consulate in the central city of Wuhan in retaliation, a source with knowledge of the matter said.

U.S.-based China experts said Beijing could also opt to target more important consulates in Hong Kong, Shanghai or Guangzhou, something that could hurt American businesses.

The Houston move comes in the run-up to the November U.S. presidential election, in which President Donald Trump and his Democratic rival, Joe Biden, have both tried to look tough towards China.

Speaking on a visit to Denmark, U.S. Secretary of State Mike Pompeo repeated accusations about Chinese theft of U.S. and European intellectual property, which he said were costing “hundreds of thousands of jobs.”

While offering no specifics about the Houston consulate, Pompeo referred to a U.S. Justice Department indictment on Tuesday of two Chinese nationals over what it called a decade-long cyber espionage campaign that targeted defense contractors, COVID-19 researchers and hundreds of other victims worldwide.

Pompeo also referred to recent speeches by the head of the FBI and others that highlighted Chinese espionage activities.

“President Trump has said: ‘Enough. We are not going to allow this to continue to happen,'” he told reporters. “That’s the actions that you’re seeing taken by President Trump, we’ll continue to engage in this.”

Republican Senator Marco Rubio, acting chairman of the Senate Intelligence Committee, described the Houston consulate on Twitter as the “central node of the Communist Party’s vast network of spies & influence operations in the United States.”

Trump was due to hold a news conference at 5.30 p.m. (2130 GMT), the White House said.

The New York Times quoted the top U.S. diplomat for East Asia, David Stilwell, as saying that the Houston consulate had been at the “epicenter” of the Chinese army’s efforts to advance its warfare advantages by sending students to U.S. universities.

“We took a practical step to prevent them from doing that,” Stilwell told the Times.

Stephen Biegun, the State Department’s number two diplomat, told the U.S. Senate Foreign Relations Committee the decision was made in response to “longstanding areas of concern.”

He said these included intellectual property theft and commercial espionage, as well as unequal treatment of U.S. diplomats, exporters, investors and media in China and abuse by China’s security services of the welcoming U.S. posture toward Chinese students and researchers.

A Chinese diplomat, speaking to Reuters on condition of anonymity, denied the spying allegations and said the Houston mission acted like other Chinese consulates in the United States – issuing visas, and promoting visits and businesses.

‘RACE TO THE BOTTOM’

U.S.-China ties have worsened sharply this year over issues ranging from the coronavirus and telecoms-gear maker Huawei to China’s territorial claims in the South China Sea and clampdown on Hong Kong.

Jonathan Pollack, an East Asia expert with the Brookings Institution, said he could not think of anything “remotely equivalent” to the move against the Houston consulate since the U.S. and China opened full diplomatic relations in 1979.

“The Trump Administration appears to view this latest action as political ammunition in the presidential campaign… It’s part of the administration’s race to the bottom against China,” he said.

Overnight in Houston, firefighters went to the consulate after smoke was seen. Two U.S. government officials said they had information that documents were being burned there.

Chinese Foreign Ministry spokesman Wang Wenbin said the consulate was operating normally.

But its closure within a short period of time by Washington was “an unprecedented escalation of its recent actions against China,” Wang said.

A source with direct knowledge of the matter said China was considering closing the U.S. consulate in Wuhan, where the State Department withdrew staff and their families early this year due to the coronavirus outbreak that first emerged in the city.

China’s foreign ministry did not immediately respond to a request for comment on whether it would shut the consulate.

Wang said the U.S. government had been harassing Chinese diplomats and consular staff for some time and intimidating Chinese students. He said the United States had interfered with China’s diplomatic missions, including intercepting diplomatic pouches. The State Department did not respond to a request for comment on the Chinese accusations.

(Reporting by Cate Cadell in Beijing and David Brunnstrom in Washington; additional reporting by Nikolaj Skydsgaard in Copenhagen, Patricia Zengerle, Daphne Psaledakis, Mark Hosenball, Steve Holland and Arshad Mohammed in Washington, Michelle Nichols and Echo Wang in New York and Rama Venkat in Bengaluru; Writing by David Brunnstrom and Nick Macfie; Editing by Peter Graff and Rosalba O’Brien)

U.S. accuses Chinese nationals of hacking spree for COVID-19 data, defense secrets

By Raphael Satter and Christopher Bing

WASHINGTON (Reuters) – The U.S. Justice Department on Tuesday indicted two Chinese nationals over their role in what the agency called a decade-long cyber espionage campaign that targeted defense contractors, COVID researchers and hundreds of other victims worldwide.

U.S. authorities said Li Xiaoyu and Dong Jiazhi stole terabytes of weapons designs, drug information, software source code, and personal data from targets that included dissidents and Chinese opposition figures. The cyber criminals were contractors for the Chinese government, rather than full-fledged spies, U.S. officials said.

U.S. Assistant Attorney General for National Security John Demers said at a virtual press conference the hackings showed China “is willing to turn a blind eye to prolific criminal hackers operating within its borders.”

“In this manner, China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provides safe haven for cyber criminals in exchange for those criminals being on call for the benefit of the state.”

Messages left with one of several accounts registered in the name of Li’s digital alias, oro0lxy, were not immediately returned. Reuters could not immediately locate contact details for Dong. The Chinese Embassy in Washington did not immediately return a message seeking comment, although Beijing has repeatedly denied hacking the United States.

The indictment mostly did not name any companies or individual targets, but U.S. Attorney William Hyslop, who spoke alongside Demers, said there were “hundreds and hundreds of victims in the United States and worldwide.” Officials said the investigation was triggered when the hackers broke into a network belonging to the Hanford Site, a decommissioned U.S. nuclear complex in eastern Washington state, in 2015.

Li and Dong were “one of the most prolific group of hackers we’ve investigated,” said FBI Special Agent Raymond Duda, who heads the agency’s Seattle field office.

A July 7 indictment made public on Tuesday alleges that Li and Dong were contractors for China’s Ministry of State Security, or MSS, a comparable agency to the U.S. Central Intelligence Agency. The MSS, prosecutors said, supplied the hackers with information into critical software vulnerabilities to penetrate targets and collect intelligence. Targets included Hong Kong protesters, the office of the Dalai Lama and a Chinese Christian non-profit.

As early as Jan. 27, as the coronavirus outbreak was coming into focus, the hackers were trying to steal COVID-19 vaccine research of an unidentified Massachusetts biotech firm, the indictment said.

It is unclear whether anything was stolen but one expert said the allegation shows the “extremely high value” that governments such as China placed on COVID-related research.

“It is a fundamental threat to all governments around the world and we expect information relating to treatments and vaccines to be targeted by multiple cyber espionage sponsors,” said Ben Read, a senior analyst at cyber-security company FireEye.

He noted that the Chinese government had long relied on contractors for its cyber-spying operations.

“Using these freelancers allows the government to access a wider array of talent, while also providing some deniability in conducting these operations,” Read said.

(Reporting by Chris Sanders; Editing by Chizu Nomiyama and Richard Chang)

U.S. senators unveil bill to curb foreign espionage, influence on campuses

(Reuters) – A bipartisan group of U.S. senators introduced legislation on Thursday aimed at protecting research and innovation on U.S. campuses and preventing suspected theft of intellectual property by China and other countries.

There is a growing push in Washington to clamp down on spying and intellectual property theft that some Chinese nationals are suspected of engaging in at U.S. universities and colleges.

The “Safeguarding American Innovation Act” proposes to strengthen the U.S. State Department’s authority to deny visas to foreign nationals seeking access to certain sensitive technologies related to U.S. national security and economic security interests.

It also proposes penalizing individuals with fines and imprisonment for failing to disclose foreign support on federal grant applications, as well as lowering the threshold for U.S. schools and universities to report foreign gifts.

“This bill will help us stop foreign governments from stealing our research and innovation while also increasing transparency to ensure that taxpayers know when colleges and universities accept significant foreign funding,” Senator Rob Portman, a Republican and lead sponsor, said in a statement.

The bill, co-sponsored by at least nine Republicans and six Democrats, also aims to give the Department of Education authority to punish U.S. schools that fail to properly report gifts received from foreign entities.

In one of the highest-profile cases to emerge from a crackdown on Chinese influence within universities, a Harvard University professor pleaded not guilty on Tuesday to charges that he lied to authorities about his ties to a China-run recruitment program and funding he received from the Chinese government for research.

Reuters, citing sources, reported last month that the United States is planning to cancel the visas of thousands of Chinese graduate students believed by the Trump administration to have links with China’s military.

(Reporting by Ismail Shakil in Bengaluru; additional reporting by Patricia Zengerle in Washington; Editing by Mark Heinrich and Paul Simao)

Assange tried to call White House, Hillary Clinton over data dump, his lawyer says

By Michael Holden

LONDON (Reuters) – Julian Assange tried to contact Hillary Clinton and the White House when he realized that unredacted U.S. diplomatic cables given to WikiLeaks were about to be dumped on the internet, his lawyer told his London extradition hearing on Tuesday.

Assange is being sought by the United States on 18 counts of hacking U.S. government computers and an espionage offense, having allegedly conspired with Chelsea Manning, then a U.S. soldier known as Bradley Manning, to leak hundreds of thousands of secret documents by WikiLeaks almost a decade ago.

On Monday, the lawyer representing the United States told the hearing that Assange, 48, was wanted for crimes that had endangered people in Iraq, Iran and Afghanistan who had helped the West, some of whom later disappeared.

U.S. authorities say his actions in recklessly publishing unredacted classified diplomatic cables put informants, dissidents, journalists and human rights activists at risk of torture, abuse or death.

Outlining part of his defense, Assange’s lawyer Mark Summers said allegations that he had helped Manning to break a government password, had encouraged the theft of secret data and knowingly put lives in danger were “lies, lies and more lies”.

He told London’s Woolwich Crown Court that WikiLeaks had received documents from Manning in April 2010. He then made a deal with a number of newspapers, including the New York Times, Britain’s Guardian and Germany’s Der Spiegel, to begin releasing redacted parts of the 250,000 cables in November that year.

A witness from Der Spiegel said the U.S. State Department had been involved in suggesting redactions in conference calls, Summers said.

However, a password that allowed access to the full unredacted material was published in a book by a Guardian reporter about WikiLeaks in February 2011. In August, another German newspaper reported it had discovered the password and it had access to the archive.

PEOPLE’S LIVES “AT RISK”

Summers said Assange attempted to warn the U.S. government, calling the White House and attempting to speak to then- Secretary of State Clinton, saying “unless we do something, people’s lives are put at risk”.

Summers said the State Department had responded by suggesting that Assange call back “in a couple of hours”.

The United States asked Britain to extradite Assange last year after he was pulled from the Ecuador embassy in London, where he had spent seven years holed up avoiding extradition to Sweden over sex crime allegations which have since been dropped.

Assange has served a prison sentence in Britain for skipping bail and remains jailed pending the U.S. extradition request

Supporters hail Assange as an anti-establishment hero who revealed governments’ abuses of power, and argue the action against him is a dangerous infringement of journalists’ rights. Critics cast him as a dangerous enemy of the state who has undermined Western security.

(Reporting by Michael Holden; Editing by Gareth Jones)

Chinese government hackers suspected of moonlighting for profit

FILE PHOTO: An attendee looks on during the 2016 Black Hat cyber-security conference in Las Vegas, Nevada, U.S. August 3, 2016. REUTERS/David Becker/File Photo

By Joseph Menn, Jack Stubbs and Christopher Bing

LAS VEGAS (Reuters) – One of the most effective teams of Chinese government-backed hackers is also conducting financially-motivated side operations, cybersecurity researchers said on Wednesday.

U.S. firm FireEye said members of the group it called Advanced Persistent Threat 41 (APT41) penetrated and spied on global tech, communications and healthcare providers for the Chinese government while using ransomware against game companies and attacking cryptocurrency providers for personal profit.

The findings, announced at the Black Hat security conference in Las Vegas, show how some of the world’s most advanced hackers increasingly pose a threat to consumers and companies not traditionally targeted by state-backed espionage campaigns.

“APT41 is unique among the China-Nexus actors we track in that it uses tools typically reserved for espionage campaigns in what appears to be activity for personal gain,” said FireEye Senior Vice President Sandra Joyce.

Officials in China did not immediately respond to Reuters request for comment. Beijing has repeatedly denied Western accusations of conducting widespread cyber espionage.

FireEye said the APT 41 group used some of the same tools as another group it has previously reported on, which FireEye calls APT17 and Russian security firm Kaspersky calls Winnti.

Current and former Western intelligence officials told Reuters Chinese hacking groups were known to pursue commercial crimes alongside their state-backed operations.

FireEye, which sells cybersecurity software and services, said one member of APT41 advertised as a hacker for hire in 2009 and listed hours of availability outside of the normal workday, circumstantial evidence of moonlighting.

The group has used spear-phishing, or trick emails designed to elicit login information. But it has also deployed root kits, which are relatively rare and give hard-to-detect control over computers. In all, the group has used nearly 150 unique pieces of malware, FireEye said.

The most technically impressive feats included tainting millions of copies of a utility called CCleaner, now owned by security company Avast. Only a small number of specially selected, high-value computers were fully compromised, making detection of the hack more difficult.

Avast said that it had worked with security researchers and law enforcement to stop the attack and that no damage was detected. The company did not have any immediate further comment on Wednesday.

In March, Kaspersky found the group hijacked Asus’ software update process to reach more than 1 million computers, again targeting a much smaller number of end-users. Asus said the next day it had issued a fix for the attack, which affected “a small number of devices.”

“We have evidence that at least one telecom company may have been the intended target during the Asus compromise, which is consistent with APT41’s espionage targeting over the past two years,” said FireEye spokesman Dan Wire.

But FireEye and Slovakia-based cybersecurity company ESET said the gaming compromises aligned with financial motives more than national espionage. Among other things, the group won access to a game’s production environment and generated tens of millions of dollars’ worth of virtual currency, FireEye said.

(Reporting by Joseph Menn, Jack Stubbs and Chris Bing; Editing by Greg Mitchell and Nick Zieminski)