Skip to content

February 23 2013

February 25, 2013




Report Fingers Chinese Military Unit in US Hack Attacks

ABC News

By LEE FERRAN (@leeferran)

Feb. 19, 2013

Virginia-based cyber security firm has released a new report alleging a specific Chinese military unit is likely behind one of the largest cyber espionage and attack campaigns aimed at American infrastructure and corporations.

In the report, released today by Mandiant, China’s Unit 61398 is blamed for stealing “hundreds of terabytes of data from at least 141 organizations” since 2006, including 115 targets in the U.S. Twenty different industrial sectors were targeted in the attacks, Mandiant said, from energy and aerospace to transportation and financial institutions.

Mandiant believes it has tracked Unit 61398 to a 12-story office building in Shanghai that could employee hundreds of workers.

“Once [Unit 61398] has established access [to a target network], they periodically revisit the victim’s network over several months or years and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations’ leadership,” the report says.

The New York Times, which first reported on the Mandiant paper Monday, said digital forensic evidence presented by Mandiant pointing to the 12-story Shangai building as the likely source of the attacks has been confirmed by American intelligence officials. Mandiant was the firm that The Times said helped them investigate and eventually repel cyber attacks on their own systems in China last month.

The Chinese government has repeatedly denied involvement in cyber intrusions and Chinese Foreign Ministry spokesperson Hong Lei said today that the claims in the Mandiant report were unsupported, according to a report by The Associated Press.

“To make groundless accusations based on some rough material is neither responsible nor professional,” he reportedly said.

Mandiant’s report was released a week after President Obama said in his State of the Union address that America must “face the rapidly growing threat from cyber attack.”

“We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy,” he said.

Though Obama did not reference China or any country specifically, U.S. officials have previously accused the Asian nation of undertaking a widespread cyber espionage campaign.

Referring to alleged Chinese hacking in October 2011, House Intelligence Committee Chairman Rep. Mike Rogers (R-Mich.) said in an open committee meeting that he did not believe “that there is a precedent in history for such a massive and sustained intelligence effort by a government agency to blatantly steal commercial data and intellectual property.”

Rogers said that cyber intrusions into American and other Western corporations by hackers working on behalf of Beijing — allegedly including attacks on corporate giants like Google and Lockheed Martin — amounted to “brazen and widespread theft.”

“The Chinese have proven very, very good at hacking their way into very large American companies that spend a lot of money trying to protect themselves,” cyber security expert and ABC News consultant Richard Clarke said in an interview last week.


A Chinese Hacker’s Identity Unmasked

By Dune Lawrence and Michael Riley on February 14, 2013


Joe Stewart’s day starts at 6:30 a.m. in Myrtle Beach, S.C., with a peanut butter sandwich, a sugar-free Red Bull, and 50,000 or so pieces of malware waiting in his e-mail in-box. Stewart, 42, is the director of malware research at Dell SecureWorks, a unit of Dell (DELL), and he spends his days hunting for Internet spies. Malware is the blanket term for malicious software that lets hackers take over your computer; clients and fellow researchers constantly send Stewart suspicious specimens harvested from networks under attack. His job is to sort through the toxic haul and isolate anything he hasn’t seen before: He looks for things like software that can let hackers break into databases, control security cameras, and monitor e-mail.

Within the industry, Stewart is well-known. In 2003 he unraveled one of the first spam botnets, which let hackers commandeer tens of thousands of computers at once and order them to stuff in-boxes with millions of unwanted e-mails. He spent a decade helping to keep online criminals from breaking into bank accounts and such. In 2011, Stewart turned his sights on China. “I thought I’d have this figured out in two months,” he says. Two years later, trying to identify Chinese malware and develop countermeasures is pretty much all he does.

Computer attacks from China occasionally cause a flurry of headlines, as did last month’s hack on the New York Times (NYT). An earlier wave of media attention crested in 2010, when Google (GOOG) and Intel (INTC) announced they’d been hacked. But these reports don’t convey the unrelenting nature of the attacks. It’s not a matter of isolated incidents; it’s a continuous invasion.

Malware from China has inundated the Internet, targeting Fortune 500 companies, tech startups, government agencies, news organizations, embassies, universities, law firms, and anything else with intellectual property to protect. A recently prepared secret intelligence assessment described this month in the Washington Post found that the U.S. is the target of a massive and prolonged computer espionage campaign from China that threatens the U.S. economy. With the possible exceptions of the U.S. Department of Defense and a handful of three-letter agencies, the victims are outmatched by an enemy with vast resources and a long head start.

Stewart says he meets more and more people in his trade focused on China, though few want that known publicly, either because their companies have access to classified data or fear repercussions from the mainland. What makes him unusual is his willingness to share his findings with other researchers. His motivation is part obsession with solving puzzles, part sense of fair play. “Seeing the U.S. economy go south, with high unemployment and all these great companies being hit by China … I just don’t like that,” he says. “If they did it fair and square, more power to them. But to cheat at it is wrong.”


Stewart tracks about 24,000 Internet domains, which he says Chinese spies have rented or hacked for the purpose of espionage. They include a marketing company in Texas and a personal website belonging to a well-known political figure in Washington. He catalogs the malware he finds into categories, which usually correspond to particular hacking teams in China. He says around 10 teams have deployed 300 malware groups, double the count of 10 months ago. “There is a tremendous amount of manpower being thrown at this from their side,” he says.

Investigators at dozens of commercial security companies suspect many if not most of those hackers either are military or take their orders from some of China’s many intelligence or surveillance organizations. In general, they say the attacks are too organized and the scope too vast to be the work of freelancers. Secret diplomatic cables published by WikiLeaks connected the well-publicized hack of Google to Politburo officials, and the U.S. government has long had classified intelligence tracing some of the attacks to hackers linked to the People’s Liberation Army (PLA), according to former intelligence officials. None of that evidence is public, however, and China’s authorities have for years denied any involvement.

Up to now, private-sector researchers such as Stewart have had scant success putting faces to the hacks. There have been faint clues left behind—aliases used in domain registrations, old online profiles, or posts on discussion boards that give the odd glimpse of hackers at work—but rarely an identity. Occasionally, though, hackers mess up. Recently, one hacker’s mistakes led a reporter right to his door.

Stewart works in a dingy gray building surrounded by a barbed-wire fence. A small sign on a keycode-locked door identifies it as Dell SecureWorks. With one other researcher, Stewart runs a patchwork of more than 30 computers that fill his small office. As he examines malware samples, he shifts between data-filled screens and white boards scribbled with technical terms and notes on Chinese intelligence agencies.

The computers in his office mostly run programs he wrote himself to dissect and sort the malware and figure out whether he’s dealing with variations of old code or something entirely new. As the computers turn up code, Stewart looks for signature tricks that help him identify the work of an author or a team; software writers compare it with the unique slant and curlicues of individual handwriting. It’s a methodical, technical slog that would bore or baffle most people but suits Stewart. He clearly likes patterns. After work, he relaxes with a 15-minute session on his drum kit, playing the same phrase over and over.


A big part of Stewart’s task is figuring out how malware is built, which he does to an astonishing level of detail. He can tell the language of the computer on which it was coded—helping distinguish the malware deployed by Russian criminal syndicates from those used by Chinese spies. The most important thing he does, however, is figure out who or what the software is talking to. Once inside a computer, malware is set up to signal a server or several servers scattered across the globe, seeking further marching orders. This is known in the information security business as “phoning home.” Stewart and his fellow sleuths have found tens of thousands of such domains, known as command and control nodes, from which the hackers direct their attacks.

Discovery of a command node spurs a noticeable rise in pitch in Stewart’s voice, which is about as much excitement as he displays to visitors. If a company getting hacked knows the Internet Protocol (IP) address of a command node, it can shut down all communication with that address. “Our top objective is to find out about the tools and the techniques and the malware that they’re using, so we can block it,” Stewart says.

The Internet is like a map, and every point—every IP—on that map belongs to someone with a name and an address recorded in its registration. Spies, naturally, tend not to use their real names, and with most of the Internet addresses Stewart examines, the identifying details are patently fake. But there are ways to get to the truth.



In March 2011, Stewart was examining a piece of malware that looked different from the typical handiwork of Russian or Eastern European identity thieves. As he began to explore the command nodes connected to the suspicious code, Stewart noticed that since 2004, about a dozen had been registered under the same one or two names—Tawnya Grilth or Eric Charles—both listing the same Hotmail account and usually a city in California. Several were registered in the wonderfully misspelled city of Sin Digoo.

Some of the addresses had also figured in Chinese espionage campaigns documented by other researchers. They were part of a block of about 2,000 addresses belonging to China Unicom (CHU), one of the country’s largest Internet service providers. Trails of hacks had led Stewart to this cluster of addresses again and again, and he believes they are used by one of China’s top two digital spying teams, which he calls the Beijing Group. This is about as far as Stewart and his fellow detectives usually get—to a place and a probable group, but not to individual hackers. But he got a lucky break over the next few months.

Tawnya Grilth registered a command node using the URL It was a little too close to the name of Stewart’s employer. So Stewart says he contacted Icann (the Internet Corporation for Assigned Names and Numbers), the organization that oversees Internet addresses and arbitrates disputes over names. Stewart argued that by using the word Dell, the hackers had violated his employer’s trademark. Grilth never responded, and Icann agreed with Stewart and handed over control of the domain. By November 2011 he could see hacked computers phoning home from all over the world—he was watching an active espionage campaign in progress.

He monitored the activity for about three months, slowly identifying victim computers. By January 2012, Stewart had mapped as many as 200 compromised machines across the globe. Many were within government ministries in Vietnam, Brunei, and Myanmar, as well as oil companies, a newspaper, a nuclear safety agency, and an embassy in mainland China. Stewart says he’d never seen such extensive targeting focused on these countries in Southeast Asia. He broadened his search of IP addresses registered either by Tawnya Grilth or “her” e-mail address,, and found several more. One listed a contact with the handle xxgchappy. The new addresses led to even more links, including discussion board posts on malware techniques and the website, a malware repository where researchers study hacking techniques from all over the world.

Then Stewart discovered something much more unusual: One of the domains hosted an actual business—one that offered, for a fee, to generate positive posts and “likes” on social network sites such as Twitter and Facebook (FB). Stewart found a profile under the name Tawnya on the hacker forum BlackHatWorld promoting the site and a PayPal (EBAY) account that collected fees and funneled them to a Gmail account that incorporated the surname Zhang. Stewart was amazed that the hacker had exposed his or her personal life to such a degree.

In February 2012, Stewart published a 19-page report on SecureWorks’s website to coincide with the RSA Conference in San Francisco, one of the biggest security industry events of the year. He prefaced it with an epigraph from Sun Tzu’s The Art of War: “We cannot enter into informed alliances until we are acquainted with the designs of our neighbors and the plans of our adversaries.”

Stewart didn’t pursue Zhang. His job was done. He learned enough to protect his customers and moved on to the other countless bits of malware. But his report generated interest in the security world, because it’s so difficult to find any traces of a hacker’s identity. In particular, Stewart’s work intrigued another researcher who immediately took up the challenge of unmasking Tawnya Grilth. That researcher is a 33-year-old who blogs under the name Cyb3rsleuth, an identity he says he keeps separate from his job running an India-based computer intelligence company. He asked that his name not be used to avoid unwanted attention, including hacking attempts on his company.


Cyb3rsleuth says he’d already found a calling in outing the identities of Eastern European hackers and claims to have handed over information on two individuals to government authorities. Stewart’s work inspired him to post his findings publicly, and he says he hopes that unearthing more details on individual hackers will give governments the evidence to take action. The hackers are human and make mistakes, so the trick is finding the connection that leads to a real identity, Cyb3rsleuth says.

As Stewart’s new collaborator dug in, the window into Tawnya Grilth’s world expanded. There were posts on a car forum; an account on a Chinese hacker site; and personal photos, including one showing a man and a woman bundled up against the wind at what looked like a tourist site with a pagoda in the background.

Cyb3rsleuth followed the trail of the hacker’s efforts to drum up business for the social media promotion service through aliases and forums tied to the Hotmail account. He eventually stumbled on a second business, this one with a physical location. The company, Henan Mobile Network, was a mobile-phone wholesaler, according to business directories and online promotional posts. The shop’s website was registered using the Jeno Hotmail account and the Eric Charles pseudonym.


Cyb3rsleuth checked an online Chinese business directory for technology companies and turned up not only a telephone number for the company but also a contact name, Mr. Zhang, and an address in Zhengzhou, a city of more than 8 million in the central Chinese province of Henan. The directory listing gave three account numbers for the Chinese instant-messaging service called QQ. The service works along the lines of MSN Messenger, with each account designated by a unique number. One of those accounts used an alternate e-mail that incorporated the handle xxgchappy and listed the user’s occupation as “education.”

Putting that e-mail into Chinese search engines, Cyb3rsleuth found it was also registered on, a Chinese Facebook-style site, to a Zhang Changhe in Zhengzhou. Zhang’s profile image on Kaixin is of a blooming lotus, a traditional Buddhist symbol. Going back to the QQ account, Cyb3rsleuth found a blog linked to it, again with a Buddha-themed profile picture, whose user went by Changhe—the same pronunciation as the Kaixin user’s given name, though rendered in different characters. The blog contained musings on Buddhist faith, including this, from a post written in Chinese and titled “repentance”: “It’s Jan. 31, 2012 today, I’ve been a convert to Buddhism for almost five years. In the past five years, I broke all the Five Precepts—no killing living beings, no stealing, no sexual misconduct, no lies, and no alcohol, and I feel so repentant.” Amid his list of sins, from lack of sympathy to defensiveness to lying, is No. 4: “I continuously and shamelessly stole, hope I can stop in the future.”

The same QQ number appears on an auto forum called xCar, where the user is listed as belonging to a club for owners of the Dongfeng Peugeot 307—a sporty four-door popular among China’s emerging middle class—and where the user asked, circa 2007, about places to buy a special license-plate holder.

In a photo taken in 2009, Zhang stands on a beach, squinting into the sun with his back to the waves, arm in arm with a woman the caption says is his wife—the same person as in the pagoda picture. His bushy hair is cut short over a young face.

In March, Cyb3rsleuth published what he found on his personal blog, hoping that someone—governments, the research community, or some of the many hacking victims—would act. He knows of no response so far. Still, he’s excited. He’d found the face of a ghost, he says.



The city of Zhengzhou sprawls near the Yellow River in Henan province. The municipal government website describes it as “an example of a remarkably fast-changing city in China (without minor tourism clutter).” Kung-fu fans pass through on their way to the Shaolin Temple, a center of Buddhism and martial arts, 56 miles to the southwest. The city mostly serves as a gigantic transit hub for people and goods moving by rail to other places all over China.

About a 500-meter walk south from the central railway station is a tan, seven-story building with a dirty facade and red characters that read Central Plains Communications Digital City. The building is full of tiny shops, many selling electronics. The address listed for Zhang’s mobile-phone business is on the fourth floor, room A420.

Under dim fluorescent lights, two young clerks tell a reporter that they don’t know Zhang Changhe or Henan Mobile Network. The commercial manager of the building, Wang Yan, says the previous tenant of A420 moved out three years ago; she says she has no idea what the business had been, except that the proprietors weren’t there very often and that the operation didn’t last long.

A Chinese-language search on Google turns up a link to several academic papers co-authored by a Zhang Changhe. One, from 2005, relates to computer espionage methods. He also contributed to research on a Windows rootkit, an advanced hacking technique, in 2007. In 2011, Zhang co-authored an analysis of the security flaws in a type of computer memory and the attack vectors for it. The papers identified Zhang as working at the PLA Information Engineering University. The institution is one of China’s principal centers for electronic intelligence, where professors train junior officers to serve in operations throughout China, says Mark Stokes of the Project 2049 Institute, a think tank in Washington. It’s as if the U.S. National Security Agency had a university.

The gated campus of the PLA Information Engineering University is in Zhengzhou, about four miles north of Zhang Changhe’s mobile shop. The main entrance is at the end of a tree-lined lane, and uniformed men and women come and go, with guards checking vehicles and identification cards. Reached on a cell-phone number listed on the QQ blog, Zhang confirms his identity as a teacher at the university, adding that he was away from Zhengzhou on a work trip. Asked if he still maintained the Henan Mobile telephone business, he says: “No longer, sorry.” About his links to hacking and the command node domains, Zhang says: “I’m not sure.” About what he teaches at the university: “It’s not convenient for me to talk about that.” He denies working for the government, says he won’t answer further questions about his job, and hangs up.

Gate to the PLA Information Engineering UniversityStewart continues to uncover clues that point to Zhang’s involvement in computer network intrusions. A piece of malware SecureWorks discovered last year and dubbed Mirage infected more than 100 computers, mainly in Taiwan and the Philippines. Tawnya Grilth owned one of the command domains. Late last year, Stewart was looking at malware hitting Russian and Ukrainian government and defense targets. The only other sample of that kind of malware he could find in his database was one that phoned home to a command node at The billing name used in the registration: Zhang Changhe. Stewart says Zhang is affiliated with the Beijing Group, which probably involves dozens of people, from programmers to those handling the infrastructure of command centers to those who translate stolen documents and data. As Stewart discusses this, his voice is flat. He’s realistic. Outing one person involved in the hacking teams won’t stop computer intrusions from China. Zhang’s a cog in a much larger machine and, given how large China’s operations have become, finding more Zhangs may get easier. Show enough of this evidence, Stewart figures, and eventually the Chinese government can’t deny its role. “It might take several more years of piling on reports like that to make that weight of evidence so strong that it’s laughable, and they say, ‘Oh, it was us,’ ” says Stewart. “I don’t know that they’ll stop, but I would like to make it a lot harder for them to get away with it.”



6 Types of Data Chinese Hackers Pilfer


Mandiant Highlights Broad Range of Info Stolen from Victims

By Eric Chabrow, February 19, 2013.

Follow Eric @GovInfoSecurity


IT security provider Mandiant lists six categories of information that’s commonly pilfered from business and government computers by hackers from a Chinese military unit it dubs APT1.

Mandiant’s findings appear in a comprehensive report issued Feb. 18 that the security firm contends documents how APT1 has breached computers in enterprises that conduct business mostly in English, especially in the United States [see map below]. China denies the allegations presented in the report.

According to Mandiant, the data stolen relate to:

1. Product development and use, including information on test results, system designs, product manuals, parts lists and simulation technologies;

2. Manufacturing procedures, such as descriptions of proprietary processes, standards and waste management processes;

3. Business plans, such as information on contract negotiation positions and product pricing, legal events, mergers, joint ventures and acquisitions;

4. Policy positions and analysis, such as white papers, and agendas and minutes from meetings involving high-ranking personnel;

5. E-mails of high-ranking employees;

6. User credentials and network architecture information.


Mandiant says it’s often difficult to estimate how much data APT1 has stolen during its intrusions because the People’s Liberation Army unit deletes the compressed archives after it pilfer them, leaving only trace evidence that is usually overwritten during normal business activities.

Another reason Mandiant cites for the difficulty to determine how data were stolen: Some victims are more intent on assigning resources to restore the security of their network in lieu of investigating the impact of the security breach.

The security firm estimates that the Chinese army unit had stolen as much as 6.5 terabytes of compressed data from a single organization over a 10-month time period and conjectures that APT1 has stolen hundreds of terabytes from its victims.

Mandiant says the report provides evidence linking APT1 to China’s 2nd Bureau of the People’s Liberation Army General Staff Department’s 3rd Department. Other highlights from the report reveal that economic espionage conducted by APT1 since 2006 has been directed against 141 victims across multiple industries, most notably information technology, aerospace, public administration and satellites and telecommunications.

Mandiant Chief Executive Officer Kevin Mandia says the scale and impact of APT1’s operation compelled the company to write this report.

“APT1 is among dozens of threat groups Mandiant tracks around the world and one of more than 20 attributed to China that are engaged in computer intrusion activities,” Mandia said in a statement accompanying the report’s release. “Given the sheer amount of data this particular group has stolen, we decided it was necessary to arm and prepare as many organizations as possible to prevent additional losses.”

Dan McWhorter, Mandiant’s managing director for threat intelligence, says the company expects retribution from China, but feels exposure outweighs such risks.

“It is time to acknowledge the threat is originating from China, and we wanted to do our part to arm and prepare security professionals to combat the threat effectively,” he says in a preface to the report. “The issue of attribution has always been a missing link in the public’s understanding of the landscape of APT (advanced persistent threat) cyber-espionage. Without establishing a solid connection to China, there will always be room for observers to dismiss APT actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns.”



China Says Army Is Not Behind Attacks in Report


February 20, 2013



SHANGHAI — A day after a United States security company accused a People’s Liberation Army unit in Shanghai of engaging in cyberwarfare against American corporations, organizations and government agencies, China’s defense ministry issued a strong denial and insisted that the report was flawed.

At a news conference in Beijing Wednesday, the ministry suggested the allegations were destructive and challenged the study, which was produced by Mandiant, an American computer security company. The report identified P.L.A. Unit 61398 in Shanghai as one of the most aggressive computer hacking operations in the world.

Geng Yansheng, a spokesman for China’s Ministry of National Defense, said that China had been the victim of cyberattacks that have originated in the United States, and that Mandiant mischaracterized China’s activities.

“Chinese military forces have never supported any hacking activities,” Mr. Geng said at the briefing. “The claim by the Mandiant company that the Chinese military engages in Internet espionage has no foundation in fact.”

On Tuesday, a spokesman for China’s Foreign Ministry, Hong Lei, made similar remarks, arguing that cyberattacks are difficult to trace because they are “often carried out internationally and are typically done so anonymously.”

The New York Times reported on Tuesday that a growing body of digital forensic evidence pointed to the involvement of the P.L.A. Shanghai unit and that U.S. intelligence officials had also been tracking the unit’s cyber activities.

On its Web site, Mandiant released a lengthy report on Tuesday detailing some of its evidence, including Internet protocol addresses and even the identities of several Chinese individuals it believes were behind some of the attacks. Mandiant said it had monitored the hackers as they logged onto social networking sites or through e-mail accounts.


Attempts to contact two of the individuals through telephone numbers and instant message service addresses linked to them were unsuccessful. In one case, the individual — whose online profile says he is 28 years old and a graduate of a university that specializes in computer science — declined to answer questions.


Several military analysts said they had also traced some major cyber attacks back to the P.L.A. and its Shanghai Unit 61398, which is known to be engaged in network security.


Still, many security experts concede that it is difficult if not possible to know for certain where attacks originate because hackers often take control of computers in various locations.


Chinese officials have insisted in recent years that China is one of the biggest targets of cyber attacks.


“Statistics show that Chinese military terminals connected to the Internet have been subjected to large numbers of attacks from abroad, and I.P. addresses indicate that a considerable number of these attacks are from the United States, but we have never used this as a reason to accuse the United States,” the defense ministry said Wednesday. “Every country should handle the problem of cyber security in a professional and responsible manner.”


Administration developing penalties for cybertheft

Seattle Times

Wednesday, February 20, 2013


Associated Press




Evidence of an unrelenting campaign of cyberstealing linked to the Chinese government is prompting the Obama administration to develop more aggressive responses to the theft of U.S. government data and corporate trade secrets.

A report being released Wednesday considers fines and other trade actions against China or any other country guilty of cyber-espionage. Officials familiar with the administration’s plans spoke on condition of anonymity because they were not authorized to speak publicly about the threatened action.

The Chinese government denies being involved in the cyberattacks cited in a cybersecurity firm’s analysis of breaches that compromised more than 140 companies. On Wednesday, China’s Defense Ministry called the report deeply flawed.

Mandiant, a Virginia-based cybersecurity firm, released a torrent of details Monday that tied a secret Chinese military unit in Shanghai to years of cyberattacks against U.S. companies. Mandiant concluded that the breaches can be linked to the People’s Liberation Army’s Unit 61398.

Military experts believe the unit is part of the People’s Liberation Army’s cybercommand, which is under the direct authority of the General Staff Department, China’s version of the Joint Chiefs of Staff. As such, its activities would be likely to be authorized at the highest levels of China’s military.

The release of the Mandiant report, complete with details on three of the alleged hackers and photographs of one of the military unit’s buildings in Shanghai, makes public what U.S. authorities have said less publicly for years. But it also increases the pressure on the U.S. to take more forceful action against the Chinese for what experts say has been years of systematic espionage.

“If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three or four times, the president would be on the phone and there would be threats of retaliation,” said Shawn Henry, former FBI executive assistant director. “This is happening thousands of times a day. There needs to be some definition of where the red line is and what the repercussions would be.”

Henry, the president of the security firm CrowdStrike, said that rather than tell companies to increase their cybersecurity, the government needs to focus more on how to deter the hackers and the nations that are backing them.

James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said that in the past year the White House has been taking a serious look at responding to China. “This will be the year they will put more pressure on, even while realizing it will be hard for the Chinese to change. There’s not an on-off switch,” Lewis said.

In denying involvement in the cyberattacks tracked by Mandiant, China’s Foreign Ministry said China too has been a victim of hacking, some of it traced to the U.S. Foreign Ministry spokesman Hong Lei cited a report by an agency under the Ministry of Information Technology and Industry that said that in 2012 alone foreign hackers used viruses and other malicious software to seize control of 1,400 computers in China and 38,000 websites.

“Among the above attacks, those from the U.S. numbered the most,” Hong said at a daily media briefing, lodging the most specific allegations the Chinese government has made about foreign hacking.

Cybersecurity experts say U.S. authorities do not conduct similar attacks or steal data from Chinese companies but acknowledge that intelligence agencies routinely spy on other countries.

China is clearly a target of interest, said Lewis, noting that the U.S. would be interested in Beijing’s military policies, such as any plans for action against Taiwan or Japan.

In its report, Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a white 12-story office building run by the army’s Unit 61398.

Mandiant said there are only two viable conclusions about the involvement of the Chinese military in the cyberattacks: Either Unit 61398 is responsible for the persistent attacks, or they are being done by a secret organization of Chinese speakers, with direct access to the Shanghai telecommunications infrastructure, who are engaged in a multi-year espionage campaign being run right outside the military unit’s gates.

“In a state that rigorously monitors Internet use, it is highly unlikely that the Chinese government is unaware of an attack group that operates from the Pudong New Area of Shanghai,” the Mandiant report said, concluding that the only way the group could function is with the “full knowledge and cooperation” of the Beijing government.

The unit “has systematically stolen hundreds of terabytes of data from at least 141 organizations,” Mandiant wrote. A terabyte is 1,000 gigabytes. The most popular version of the new iPhone 5, for example, has 16 gigabytes of space, while the more expensive iPads have as much as 64 gigabytes of space. The U.S. Library of Congress’ 2006-10 Twitter archive of about 170 billion tweets totals 133.2 terabytes.



Chuck Hagel, Strategic Thinker?

Why aren’t more pundits defending the Defense nominee for foreseeing today’s budget problems? Probably because they were wrong themselves.

National Journal

by Michael Hirsh

Updated: February 19, 2013 | 10:26 a.m.

It looks awfully likely that Chuck Hagel will squeak through confirmation as President Obama’s Defense secretary. But it is also likely that he’ll enter the Pentagon a damaged figure, a nominee tainted by the lingering impression that he is not ready to handle the vast complexities of a defense budget slated for slashing. Sen. Lindsey Graham, R-S.C., in telling Fox News Sunday that he would no longer block a Hagel vote, still indicated he was shifting his position reluctantly. He called Hagel “one of the most unqualified, radical choices for secretary of Defense in a long time.”

Unqualified? Radical? Hagel did himself no favors, of course, with his unsteady performance at his confirmation hearing two and a half weeks ago. But what has gone largely unnoted by the punditocracy is that, over the past decade or so, the former Republican senator from Nebraska has distinguished himself with subtle, well-thought-out, and accurate analyses of some of America’s greatest strategic challenges of the 21st century–especially the response to 9/11–while many of his harshest critics got these issues quite wrong.


Even Hagel’s defenders, scarce though they still seem today, have not addressed this question well. Consider Thomas Friedman, perhaps the most widely read foreign-affairs columnist of our time. In a column in The New York Times on Dec. 25, Friedman supported the Hagel nomination even though he said Hagel’s views on Israel and Iran were “out of the mainstream.”

“The legitimate philosophical criticism of Hagel concerns his stated preferences for finding a negotiated solution to Iran’s nuclear program, his willingness to engage Hamas to see if it can be moved from its extremism, his belief that the Pentagon budget must be cut, and his aversion to going to war again in places like Iraq and Afghanistan, because he has been to war and knows how much can go wrong,” Friedman wrote. “Whether you agree with these views or not, it would be nothing but healthy to have them included in the president’s national security debates.”

This was faint praise indeed. Perhaps it might even be more “healthy” to have a Pentagon chief whose views on these issues have so often proved right in contrast to so many others, including Friedman himself. Much has been made of Hagel’s opposition to the Bush administration’s turn toward Iraq a decade ago, but what is more important are the reasons Hagel gave at the time for this lonely stand. In an interview he did with me in the summer of 2002, Hagel laid out a sophisticated vision of a foreign policy that needed to balance “realism and idealism,” one that was governed, above all, by a careful assessment of what it might mean to divert precious resources–both human and monetary–to Iraq when Afghanistan was still so unfinished.

“We are involved in something here we’ve never had to face before,” Hagel said as the Bush administration turned its war machine toward Iraq, expressing concern to me that the minuscule security forces left behind in Afghanistan would not be enough. “The coalition forces run the risk of having not an adequate force on the ground to be able to give the Afghans under the [Hamid] Karzai government a reasonable chance to succeed with the monumental task that government has,” he said. “I have always believed that once we engaged in Afghanistan the way we did, we had to see it through not just for Afghanistan but also because our prestige was on the line. The greatest risk is allowing that to unwind and go backward.”

As we now know, Afghanistan did unwind and go backward, thanks in large part to U.S. inattention. In the first years after the fall of the Taliban, aid amounted to just $67 a year per Afghan, a meager figure compared to nation-building exercises such as Bosnia ($249) and East Timor ($256), according to Beth DeGrasse of the U.S. Institute of Peace. Jim Dobbins, Bush’s former special envoy to Kabul, told me in an interview in 2006 that Afghanistan was the “most under-resourced nation-building effort in history.” Another senior Bush administration official, former reconstruction coordinator Carlos Pascual, also said at the time that the State Department had “maybe 20 to 30 percent” of the people it needed in Afghanistan.


Yet as much as Hagel raised concerns about backsliding in the actual theater of the war against al-Qaida, he also worried presciently about U.S. overreach, as well as alienating allies around the world that were critical to fighting a global struggle against transnational terrorists. Hagel foresaw that unless Washington was more careful about the exercise of hard power, we would find ourselves in the very crisis we are in today, with a $600 billion-plus defense budget that the president and Congress have now mandated be cut by $500 billion over the next decade. Hagel saw that, in Iraq, America was taking on an already weakened leader who the senator said probably didn’t have weapons of mass destruction, and at the same time empowering another regime (Iran) that badly wanted WMDs–a dire development further documented on Monday by The Washington Post, which reported that the Iranian-backed Shiite group Asaib Ahl al-Haq, the “League of the Righteous,” is exerting new political power in Iraq.

Hagel also delivered some of the earliest warnings about the potentially disastrous effects of George W. Bush’s ill-grounded “Axis of Evil” speech, in which the president needlessly alienated Tehran only days after the Iranians had actually delivered up aid and support to stabilize post-Taliban Afghanistan. Ironically, Bush’s own officials on the ground in Afghanistan, such as Dobbins, had testified to Iran’s measured policies at the time. They noted that at a 2002 donor’s conference in Tokyo that occurred only a week before the Axis of Evil speech, Iran pledged $500 million–at the time, more than double the Americans’ contribution– to help rebuild Afghanistan. “Iran actually has been quite helpful in Afghanistan,” Hagel, then a member of the Senate Foreign Relations Committee, told Congressional Quarterly on Feb. 1, 2002. “And we’re giving them the back of our hand.” Hagel added: “We’re not isolating [the Iranians]. We’re isolating ourselves…. We ought to be a little more thoughtful. That [axis] comment only helps the mullahs.”

Hagel was, in other words, displaying a deeply knowledgeable, well-grounded sense of the actual (monetary) and strategic costs of war, a critical faculty that will be badly needed in the months ahead as he grapples with the possibility of sequestration and budget cuts. His skepticism has since been vindicated by a large number of studies of the titanic costs of launching wars in both Iraq and Afghanistan, amounting to multiple trillions of dollars. A Rand Corp. study in 2010 even concluded that the chaos in Iraq following the U.S. invasion “stalled or reversed the momentum of Arab political reform; local regimes perceive that U.S. distraction in Iraq and the subsequent focus on Iran have given them a reprieve on domestic liberalization.”

What were Hagel’s critics of today, and even some of his lukewarm defenders, saying at the same time? On March 13, 2003, seven days before the Iraq invasion, the Times’ Friedman wrote: “This war is so unprecedented that it has always been a gut call-and my gut has told me four things. First, this is a war of choice. Saddam Hussein poses no direct threat to us today. But confronting him is a legitimate choice-much more legitimate than knee-jerk liberals and pacifists think. Removing Mr. Hussein-with his obsession to obtain weapons of mass destruction-ending his tyranny and helping to nurture a more progressive Iraq that could spur reform across the Arab-Muslim world are the best long-term responses to bin Ladenism.”

Chuck Hagel, of course, was no knee-jerk liberal. He was, demonstrably, smart and strategic about the risks of a terrible expense in blood and treasure that lay ahead– far more than many others. And he deserves more credit for that than he is getting. Perhaps Hagel is, after all, just the man to tackle the Defense Department budget.


NAME – Charles Timothy “Chuck” Hagel.

AGE-BIRTH DATE – 66; Oct. 4, 1946.

EDUCATION – Graduate, Brown Institute for Radio and Television, Minneapolis, 1966; bachelor’s degree, history, University of Nebraska, Omaha, 1971.

EXPERIENCE – Chairman of the Atlantic Council and the United States of America Vietnam War Commemoration Advisory Committee; co-chairman of the President’s Intelligence Advisory Board and member of the Defense Policy Board. U.S. senator, 1997-2009; president, McCarthy & Co., an investment banking firm based in Omaha, Neb., 1992-1996; president and chief executive officer of the Private Sector Council, a nonprofit business organization in Washington, D.C., 1990-1992; co-founder, director and executive vice president of Vanguard Cellular Systems Inc. and chairman of Communications Corporation International LTD, 1985-1987; co-founder, director and president of Collins, Hagel & Clarke Inc., an international consulting, marketing and investment company involved in cellular telecommunications, 1982-1985; deputy administrator, U.S. Veterans Administration, 1981-1982; manager of government affairs, Firestone Tire & Rubber Co., 1977-1980; assistant to Rep. John Y. McCollister, R-Neb., 1971-1977; newscaster and talk-show host in Nebraska, 1969-1971; Army, including service in Vietnam, 1967-1968.

FAMILY – Wife, Lilibet; two children.

QUOTE – “We are each a product of our experiences, and my time in combat very much shaped my opinions about war. I’m not a pacifist; I believe in using force, but only after following a very careful decision-making process.” – Hagel in an October interview with Vietnam Magazine.


Postal Service to launch new clothing line in 2014 – in a store near you

Washington Post

Posted by Josh Hicks on February 19, 2013 at 4:27 pm

First the end of Saturday mail, now a new clothing line. The U.S. Postal Service is taking unprecedented steps to make itself relevant and profitable these days.

The cash-strapped agency announced plans on Tuesday to launch a new line of all-weather apparel and accessories sometime next year.

Move over, upscale North Face. Or should it be the grittier Carhartt brand that worries?

The Postal Service chose “Rain Heat & Snow” as its own brand name, alluding to its unofficial motto: “Neither snow nor rain nor heat nor gloom of night stay these couriers from the swift completion of their appointed rounds.”


Only men’s apparel and accessories will be available initially, but the agency plans to add a women’s line in the future, it said Tuesday.

The Postal Service inked a licensing agreement with Cleveland-based Wahconah Group, Inc. to produce the new line, which will include jackets, headgear, footwear and clothing that allows integration of modern technology devices such as iPods, according to agency spokesman Roy Betts.

“This agreement will put the Postal Service on the cutting edge of functional fashion,” agency licensing manager Steven Mills said in a statement. “The main focus will be to produce Rain Heat & Snow apparel and accessories using technology to create ‘smart apparel’ — also known as wearable electronics.”

Betts said the Postal Service plans to sell its apparel and accessories in premium department stores and specialty stores, but not at post offices. He said the agency plans to make the products available in 2014.

The Postal Service decided to launch a clothing line as a way to promote and strengthen its brand, as well as to generate money, according to Betts.

The licensing agreement allows the Postal Service to collect royalty fees for its new product line without investing money to produce the gear, Betts said.

“We’re looking at many different approaches to generate revenue and become more innovative in the marketplace,” Betts said. “This is one effort among many that the Postal Service is undertaking to respond to the changing dynamics of the marketplace.”

The agency reported a $1.3 billion loss during the first quarter, but its numbers were severely hampered by a congressional mandate that cost about $1.4 billion during that period.

In 2006, Congress passed a statute requiring the Postal Service to pre-pay for 75 years worth of retiree benefits within 10 years. No other federal agency is forced to make such an investment.

The Postal Service would have recorded a $100 million profit during the first quarter if not for that mandate, according to the figures in the agency’s financial report.

Postmaster General Patrick R. Donahoe announced on Feb. 6 that the Postal Service would end Saturday mail delivery starting in August in an effort to deal with its financial troubles, which have been ongoing for several years now.

The Postal Service introduced a limited retail line in the 1980s that included items such as T-shirts, mugs and neckties, all sold exclusively in post offices. Betts said the agency discontinued those products after lobbyists complained to Congress that the organization was directly competing with private businesses and that it was not established to sell merchandise.


FAA Drone Plan Hits Turbulence

Information Week


February 20, 2013 01:50 PM

The Federal Aviation Administration is hampered by technology and policy issues that must be resolved before the federal government allows the expanded use of unmanned aerial vehicles in U.S. airspace, according to testimony from the Government Accountability Office.

The FAA currently approves the use of UAVs, or drones, on a case-by-case basis over U.S. skies. To date, the Department of Defense has received the largest number of approvals, 201, followed by academic institutions, NASA, local law enforcement and other federal agencies. Opening U.S. airspace to more drone traffic, including those for commercial purposes, requires a coordinated plan with new systems and processes.

Legislation passed by Congress last year requires the FAA to establish six drone test ranges in the United States, but privacy concerns about the collection and use of data have delayed the opening of the ranges. Without the hard data on UAV performance that would be generated by test ranges, it’s difficult for the FAA to draft the safety, reliability and performance standards that Congress requires.

There are other challenges to “integrating” drones into U.S. airspace. “UAS integration is an undertaking of significant breadth and complexity,” Gerald Dillingham, GAO’s director of physical infrastructure issues, said in his testimony.

For one thing, the sense-and-avoid technology needed to let drones automatically avoid piloted aircraft isn’t mature. Among the methods under consideration is a ground-based system under development by the Army that has been successfully tested, but which might not be suitable for all drones. A second approach involves the use of the same GPS-based transponder system being planned for the FAA’s NextGen air traffic management system.

A third possibility is a NASA-tested system that uses GPS and avionics to transmit a drone’s location to ground receivers, which forward the information to other aircraft with the right kind of avionics.

The potential for “lost link” communications between ground control and the UAV is another issue. Drones typically have preprogrammed instructions on how to operate if those communications are lost, but air traffic controllers need access to that same information. Standard procedures have not yet been created.

Dedicated radio spectrum for command and control is also needed. Drone now use unprotected spectrum, leaving them vulnerable to interference, either intentional or accidental, and the potential for loss of control. Similarly, GPS signals could be used to keep air traffic control informed of a drone’s whereabouts, but low-cost devices are available that can jam those signals.

The FAA faces a series of deadlines, some of which it has already missed, related to the UAV integration effort. Congress tasked the agency with creating a five-year roadmap for assimilating drones into the national airspace. The roadmap, due earlier this month, is circulating within the FAA but has not yet been publicly released.


US students get cracking on Chinese malware code

Students at Mississippi State University will analyze samples used in a wide-ranging, seven-year hacking campaign

Jeremy Kirk

February 21, 2013 (IDG News Service)


Wesley McGrew, a research assistant at Mississippi State University, may be among the few people thrilled with the latest grim report into a years-long hacking campaign against dozens of U.S. companies and organizations.

But McGrew’s interest is purely academic: He teaches a reverse engineering class at the university, training 14 computer science and engineering students how to analyze malicious software.

Part of the curriculum for his class will involve analyzing malware samples identified in a report from security vendor Mandiant, which alleged a branch of the Chinese military called “Unit 61398” ran a massive hacking campaign that struck 141 organizations over the last seven years.

Mandiant’s report is fueling a diplomatic crisis between the U.S. and China, but it will also provide a learning opportunity for future computer security experts.

“Oh, it’s fantastic,” said McGrew, who will defend his doctoral thesis on the security of SCADA (supervisory control and data acquisition) systems next month. “The importance of having malware that has an impact on the economic advantage of one company over another or the security of a nation is priceless. This is exactly what they should be learning to look at.”

Mandiant published more than 1,000 MD5 hashes for malware it linked to the campaign. An MD5 hash is a mathematical representation of a file based on its size. No two files have the same MD5 hash unless they are exactly the same, which makes it a good way to identify files.

In an interview late Wednesday night, McGrew said Mandiant also described “families” of related malware used in the campaigns but did not link those to the MD5 hashes. He is working to analyze some of the malware files to link them to certain malware families, which he detailed on his blog.

There are also other efforts to find out precisely what malware has been used. The website is an online repository for malware where researchers can submit and obtain samples.

Since the Mandiant report was published, has seen an influx of samples with the same MD5 hashes. McGrew said that in the last day or so, there are now 281 matches on for the 1,007 MD5 hashes published by Mandiant.

McGrew said he is particularly interested in samples that are not too complicated for his students, who have basic malware analysis skills. The blend of malware linked to the attacks ranges in sophistication, he said. Some of the samples are detected by antivirus software and aren’t particularly complex.

Attackers are less likely to use their more advanced malware against a target if a simpler one suffices, since it could be detected and blocked in the future, McGrew said. Other samples, however, still aren’t detected by some security software.

McGrew’s lesson plan will include supplying the students with malware samples and asking them about certain functions.


“By providing them with real malware samples and teaching them all the proper safety procedures for handling, we allow them to have the expertise of looking at real malicious software,” he said.

Many of his students are on scholarship programs that will require them to work for a certain time for government agencies. Mississippi State University, based in Starkville, is part of the National Science Foundation’s Scholarship for Service program. The scholarship pays for the last two years of a student’s degree in exchange for the student taking a job revolving around security with a federal government agency.

The university is also part of the U.S. Department of Defense’s Information Assurance Scholarship Program, established in 2001, that requires students to spend one year in government service for every year they received funds. The idea behind the program is to increase U.S. expertise in cybersecurity in a field that increasingly demanding more and more skill people.

“We have a room with highly motivated students absolutely looking to get into this field,” McGrew said. “It puts them in positions that the country is desperately trying to fill right now.”


Congress risks cyberattack hit

The Hill

By Jennifer Martinez – 02/21/13 05:00 AM ET

Security experts warn Congress is vulnerable to cyberattacks from digital intruders like hacker group Anonymous and China, which was named in a report this week as having successfully breached the security of some U.S. firms.

The digital networks that run the backbone of the information systems and networks of congressional staff and lawmakers are treasure troves of sensitive data for foreign intelligence services and independent hacker groups alike. Experts warn that Congress isn’t using the types of technology and security methods that could prevent sophisticated hacker attacks.

A successful security breach on a congressional committee or lawmaker’s office network could yield information about U.S. military operations and the budget, draft legislation and policy memos, or upcoming hearing testimony from top government officials, according to security experts. By cracking into these networks, hackers could get a peek into future U.S. policymaking and the thinking of some of the country’s top decision-makers.

Foreign hackers would aim to use this valuable intelligence to get an economic, political or security advantage over the U.S., experts say.

Over the years, hackers have learned to bypass traditional security tools, like firewalls and network encryption, to gain access to sensitive networks by unleashing targeted cyberattacks on an employee’s laptop or another device, said Tom Kellermann, vice president of cybersecurity for security software firm Trend Micro.


Congress is “overly reliant on perimeter defenses that are ineffective in today’s targeted environment,” he warned.

“They lack their own appropriate levels of funding for technologies and manpower to deal with this properly,” Kellermann said. “A major corporation has more resources than they do.”

Top-ranking lawmakers and influential congressional committees, such as the Intelligence and Armed Services committees, are likely at the top of hackers’ target lists, security experts say.

Tapping into the computer systems and communications of the House and Senate Intelligence, Foreign Relations, Finance and Armed Services committees would be of particular interest to hackers because they handle critical data on the military, and ask agencies for highly sensitive information that is typically locked away from public view.

“I would be shocked if there wasn’t deep penetration of multiple committees and the FBI hadn’t already told them about it,” said Alan Paller, research director of the SANS Institute.

Even unclassified discussions about upcoming hearings and witness testimony from defense officials would provide valuable insight for cyber adversaries on the hunt for intelligence, Paller added.

In recent weeks, major U.S. companies like Facebook, Apple, Twitter, The New York Times and other media organizations have reported breaches on their computer networks. Computer security firm Mandiant on Tuesday revealed that an elite military unit of Chinese hackers based in Shanghai are likely behind a spate of successful cyberattacks against U.S. companies and the government.

The revelation about the elite Chinese hacker unit represents a broad shift in the way countries are waging war against one another and moving the battlefield to cyberspace.

“We used to do it with bombers and artillery shells, now they’re doing it with cyber warfare,” House Intelligence Committee Chairman Mike Rogers (R-Mich.) said at a conference earlier this month. Rogers has sounded alarm about the cyberattack capabilities of China, Russia, Iran and others.

The Senate Sergeant at Arms oversees the computer security of the upper chamber’s networks and email systems, while the House Information Resources unit for the Chief Administrative Officer provides cybersecurity for the lower chamber. Both offices declined to comment about the security measures they have in place or whether they’ve stepped up those measures in the wake of the recent hacker reports, presumably to keep hackers in the dark about the safeguards used to protect Congress’s computer networks.

“While many security measures are taken, we do not comment on what those are,” a spokesman for the Senate Sergeant at Arms said in an email.

Dan Weiser, a spokesman for the Chief Administrative Officer of the House, also declined to comment on the cybersecurity measures it has in place, but said House employees are trained on proper cyber hygiene annually.

“House employees take information security training on an annual basis,” said Weiser. “Other training and information is available to them as needed.”


Congressional committees take extra steps to secure sensitive data. A spokesman for the Senate Armed Services Committee, which handles classified information, said none of that critical data is stored on a computer system that’s hooked up to the Web.

“None of the classified information held by the committee is available on a computer that is connected to the Internet,” said the committee spokesman. “There is a way to send classified documents to the committee, but that system is managed by special arrangements as an extension of the classified network of the executive branch.”

Meanwhile, the Senate Homeland Security and Governmental Affairs Committee works with the Senate Sergeant at Arms when it comes to handling classified information.

Few hacker attacks on Congress have come to light in recent years.

LulzSec, a hacker group that is considered an offshoot of Anonymous, claimed it publicly posted internal data from the Senate’s public website in June 2011. Following that claim, the Senate Sergeant at Arms said an intruder gained unauthorized access to a public server that supports the website and that the information stored on that server is intended to be public. The Sergeant at Arms spokeman said the office took the opportunity to review its security posture after the incident.

Last May it was revealed that hackers had gained access to the personal information — including Social Security numbers and addresses — of roughly 123,000 federal employees who participate in the Thrift Savings retirement program. At a hearing this summer, then-Sen. Daniel Akaka (D-Hawaii) said 43 current and former members of Congress, himself included, were affected by the attack on the Federal Retirement Thrift Investment Board.

Additionally, Rep. Frank Wolf (R-Va.) reported that four computers in his personal office were compromised by an outside intruder in August 2006. Wolf said the attack stemmed from China and he believed his office was a target because of his ongoing criticism of the country’s human rights record.

Both the House and Senate networks have suffered breaches in the past, but the chambers’ cybersecurity professionals have notably stepped up their efforts to beef up Congress’s network security in the last couple years, according to James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies.

He said the security professionals on the Hill have paid closer attention to suspicious activity on the House and Senate networks, and worked on improving its authentication system so hackers impersonating congressional staffers are locked out.

“In the last year, they’ve put more effort into tightening things up,” Lewis said. “Once you get hacked, you get religion.”

“They have a lot of resources up there and they’re willing to spend,” he added.

Lewis said senators have previously told him about their office networks suffering security breaches. He noted that probing for Tibetan human rights activities has been another popular hacker activity spotted on congressional networks.


Despite these previous cyber incidents, Congress has failed to pass cybersecurity legislation. A comprehensive cybersecurity bill failed twice in the Senate last year after GOP members said it would apply burdensome new regulations on businesses.

President Obama issued a cybersecurity executive order last week amid the gridlock in Congress. The executive order intends to improve information sharing about cyber threats between government and industry and establish a framework of cybersecurity best practices that industry would elect to follow.

“[Lawmakers] know what the problem is. They just can’t get their act together politically,” Lewis said. “No one disputes there’s a problem, but the politics of the Hill get in the way of there being any solution.”

Read more:


White House rolls out Cyber espionage response

Thu, 2013-02-21 08:45 AM

By: Mark Rockwell

The White House Under took aim at curbing the electronic theft of U.S. companies’ intellectual property with a new strategy that improves coordination among U.S. intelligence, diplomatic and law enforcement agencies.

The step comes as evidence mounts against China as a major state sponsor of Cyber attacks and snooping. A groundbreaking report by Cyber security company Mandiant, released only days before, meticulously tracked illicit Cyber espionage activities to a bureau of the Chinese army that employs dozens, if not hundreds, of hackers.

Days before that report’s release, the White House had issue a much-anticipated executive order aimed at increasing critical infrastructure defenses against electronic attack.

The administration’s Strategy on Mitigating the Theft of U.S. Trade Secrets strategy, unveiled on Feb. 20 by Victoria Espinel, U.S. Intellectual Property Enforcement coordinator for the White House, which is part of the Office of Management and Budget.

Espinel said the new strategy coordinates and improves the U.S. government’s efforts to protect American companies and jobs. Espinel called the plan “a whole of government approach” aimed at stopping the theft of trade secrets by foreign competitors or foreign governments by any means – Cyber or otherwise.

The strategy, said Robert Hormats, undersecretary of state for economic growth, energy and the environment, at Washington event unveiling the strategy, said the U.S. would look to staunch the theft of intellectual property wherever it is threatened, including China. He added, however, that other groups in countries like Russia and India were also very active in intellectual property theft from U.S. companies.


The plan, said Espinel, will increase U.S. diplomatic engagement on the issue. She didn’t specifically mention trade sanctions, though. The U.S., she said, will convey concerns to countries with high incidents of trade secret theft “with coordinated and sustained messages from the most senior levels of the administration.” The U.S. government, she said, will also work to establish coalitions with other countries that have been targeted by Cyber thieves, as well as use trade policy “to press other governments for better protection and enforcement.”

The Department of Justice, she said, will step up its job of investigating and prosecuting trade secret theft by foreign competitors and foreign. The FBI and the intelligence community will also provide warnings and threat assessments to the private sector on information and technology that are being targeted for theft by foreign competitors and foreign governments.

The Obama administration, she said, will conduct a review of laws to determine if more changes are needed to enhance enforcement and will work with Congress to make those changes lasting and comprehensive. hacked to serve up banking malware

NBC said it was working to clear up the issues, which also affected some of its other websites

Jeremy Kirk

February 21, 2013 (IDG News Service)

Websites affiliated with U.S. broadcaster NBC were hacked for several hours on Thursday, serving up malicious software intended to steal bank account details.

On its own technology blog, NBC released a statement saying, “We’ve identified the problem and are working to resolve it. No user information has been compromised.”

Sites such as are a frequent target for hackers since the high volume of visitors offers a chance to infect many people in a short period of time.

Several computer security companies said the main website had been modified to serve up an iframe, which is a way to load content into a website from another domain.

The iframe loaded an exploit kit called Redkit, which tries to see if a visitor is running unpatched software, according to a blog post from Securi, a computer security company based in Menifee, California. The style of attack is known as a drive-by download and can infect a computer when a user merely views a website. was temporarily blacklisted by Google after the attack. Facebook also stopped directing users to Securi wrote that other NBC sites, including ones for TV talk show hosts Jimmy Fallon and Jay Leno, were also affected.

The hack follows the release of a report this week from security vendor Mandiant about a long-running hacking campaign allegedly based in Shanghai that targeted U.S. corporations, although it did not immediately appear connected with the problems at

Another computer security firm, SurfRight, wrote on its HitmanPro blog that the NBC attack loaded exploits that look for vulnerabilities in Oracle’s Java programming framework and Adobe’s PDF products. Oracle and Adobe have both released critical updates for their products this month, but hackers hope to hit users who have not updated their computers.

If the attack is successful, one of two malicious software programs is delivered, called Citadel or ZeroAccess. Citadel is a trojan designed to collect account credentials for banks including Bank of America, Wells Fargo, Chase and others, according to Fox-IT, a Dutch computer forensics company.

The version of Citadel analyzed by Fox-IT showed it was being detected by only three of 46 products on VirusTotal, a website where malicious software can be tested for detection against many of the popular security suites.

According to Symantec, ZeroAccess is an advanced rootkit, or a piece of malicious software that hides at a low level in a computer’s operating system. ZeroAccess, detected by Symantec in July 2011, can create its own hidden file system and download other malware to a computer.


Sequester will delay flights, LaHood warns

By Robert Schroeder, MarketWatch

WASHINGTON (MarketWatch) — Travelers should expect flight delays of up to 90 minutes at major U.S. airports if the automatic budget cuts known as the sequester are allowed to take effect, Transportation Secretary Ray LaHood warned on Friday.

LaHood said the government would beginning in April have to furlough Federal Aviation Administration workers one or two days a week as long as the sequester lasts, slowing down work at airports.

“It’s not possible to continue the same schedules with less people,” LaHood told reporters at the White House.

The transportation chief also said that air traffic control towers at more than 100 regional airports from Alabama to Wyoming could be closed if the cuts — totaling $85 billion across domestic and military programs in fiscal 2013 — go into effect on March 1. See list of regional airports from the FAA.

Congress has until March 1 to replace or postpone the sequester, which was originally due to kick in at the beginning of the year. The cuts for fiscal 2013 were delayed by last year’s fiscal-cliff agreement. Overall, the sequester calls for $1.2 trillion in cuts from fiscal 2013 to fiscal 2021.

LaHood said that his agency would need to cut about $1 billion in 2013, $600 million of which would come from the FAA. See LaHood letter to aviation associations.

Lawmakers are due back in Washington next week and are expected to work on bills to replace the sequester. President Barack Obama plans to travel to Newport News, Va., on Tuesday to discuss the impacts that the cuts would have, White House press secretary Jay Carney said Friday.



From → Uncategorized

Comments are closed.

%d bloggers like this: