CHINA AND AMERICA'S DANGEROUS BATTLE IN CYBERSPACE

Cybersecurity firm Crowdstrike has accused a unit of the Chinese military—apparently operating under a code name of “Putter Panda”—of engaging in “targeted economic espionage campaigns,” principally against U.S. and European industries. Those campaigns, it alleges, are part of a “decade-long economic espionage campaign [that] is massive and unrelenting.” This charge comes three weeks after U.S. Attorney General Eric Holder announced “an indictment against five officers of the Chinese People’s Liberation Army for serious cybersecurity breaches against six American victim entities.” He avowed that “state actors who engage in economic espionage…will be exposed for their criminal conduct and sought for apprehension and prosecution in an American court of law.” After warning that Holder’s accusation would undermine “China-U.S. cooperation and mutual trust,” a spokesman for the Chinese Foreign Ministry announced that China would be suspending the “activities of the China-U.S. Cyber Working Group,” a fledgling body that the two countries established last April. A few days later China ordered the country’s state-owned enterprises (SOEs) to sever ties with U.S. consulting firms such as McKinsey and Company and the Boston Consulting Group. This cycle of accusation and counteraccusation has become routine. The United States charges Chinese individuals or organizations with hacking into the networks of its companies and government organizations in order to gain secrets that privilege Chinese SOEs. China denies the allegations and declares that it is a victim of cyberattacks, often emanating from U.S. servers. CONTINUE READING...

ALSO: Chinese 'Putter Panda' hacking group outed by researchers

People's Liberation Army Unit 61486. Security researchers Crowdstrike claim to have turned the tables on a gang of Chinese hackers who may be connected to the country's military, releasing comprehensive information on the claimed members, as well as images of one person alleged to be involved. The group is known as "Putter Panda" by security researchers, and Crowdstrike believes it is located in Shanghai, China, housed in buildings belonging to the People's Liberation Army or PLA. Putter Panda is thought to have been active since 2007 at least. It targets American and European defence and satellite and aerospace industries, using exploits in popular applications such as Adobe Reader and Microsoft's Office productivity suite. After analysing malware samples, CrowdStrike found several email addresses for domain registrations containing the moniker 'cpyy'. The researchers went through image storage sites, blogs and other forums and discovered a man whose initials match the registrations, and who also had posted pictures of office buildings belonging to the Third General Staff Department, 12th Bureau, which the Project 2049 Institute claim is China's primary SigInt collection and analysis agency, with around 130,000 staff. According to Crowdstrike, cpyy also posted photographs with two PLA Type 07 officer's peak hats and of himself in uniform, strengthening the military connection. CONTINUE READING...

ALSO: Hackers face life sentences in Britain

To reflect the damage they might cause. Tough new penalties for computer hackers who jeopardise national security may come into effect in Britain under measures introduced in the Queen's Speech overnight. The UK Government wants life sentences to be imposed on hackers that sabotage computer networks and cause deadly civil unrest through cutting off food distribution, telecommunications networks or energy supplies, under a new Serious Crime Bill. The UK government will seek to amend the 1990 Computer Misuse Act "to ensure sentences for attacks on computer systems fully reflect the damage they cause." Currently, the law provides for a maximum sentence of ten years' imprisonment for those who commit the offence of impairing a computer. A new, aggravated offence of unauthorised access to a computer will be introduced into the Computer Misuse Act by the government, carrying far longer sentences. A hack that causes deaths, serious illness or injury, or is found to seriously damage Britain's national security will be punished by life in prison under the proposed new law. Environmental damage, or serious hurt to the economy through hacking could land offenders with a fourteen year stretch in gaol if the government gets its way. As of today, Britain has suffered no such serious cyber attacks. The UK government's National Security Strategy [PDF] nonetheless puts hacking on par with terrorists incidents, international miltiary crises and major accidents or natural hazards, as the country's highest priority risk. THIS IS THE FULL REPORT.

ALSO: The story of Edward Snowden is so unbelievable, sometimes you forget it's nonfiction

A man uses his cell phone to read updates about former US spy agency contractor Edward Snowden answering users' questions on Twitter in this photo illustration, in Sarajevo, on January 23, 2014. There've been so many revelations based on Edward Snowden's leaks, and so many stories about the National Security Agency's snooping that it's hard to keep it all straight. I mean, how do we write that first draft of history when history is still unfolding? This week, the NSA added a new wrinkle. In a letter to Congress, the agency revealed the resignation of an NSA civilian employee who admitted giving Snowden access he shouldn't have had. Snowden had previously said he didn't steal any passwords or trick his co-workers. So you can see the difficulties author Luke Harding must have had gathering information for his new book, "The Snowden Files." Harding, a journalist with The Guardian in Britain, says it's still not possible to paint a complete picture of this saga. CONTINUE READING...


READ FULL MEDIA REPORTS:
 

China and America's Dangerous Battle in Cyberspace

Move. Countermove. It's cyberspy vs. spy—but will things get out of control?
 

MANILA, JUNE 16, 2014 (NationalInterest.org) Ali Wyne - Cybersecurity firm Crowdstrike has accused a unit of the Chinese military—apparently operating under a code name of “Putter Panda”—of engaging in “targeted economic espionage campaigns,” principally against U.S. and European industries.

Those campaigns, it alleges, are part of a “decade-long economic espionage campaign [that] is massive and unrelenting.”

This charge comes three weeks after U.S. Attorney General Eric Holder announced “an indictment against five officers of the Chinese People’s Liberation Army for serious cybersecurity breaches against six American victim entities.”

He avowed that “state actors who engage in economic espionage…will be exposed for their criminal conduct and sought for apprehension and prosecution in an American court of law.”

After warning that Holder’s accusation would undermine “China-U.S. cooperation and mutual trust,” a spokesman for the Chinese Foreign Ministry announced that China would be suspending the “activities of the China-U.S. Cyber Working Group,” a fledgling body that the two countries established last April.

A few days later China ordered the country’s state-owned enterprises (SOEs) to sever ties with U.S. consulting firms such as McKinsey and Company and the Boston Consulting Group.

This cycle of accusation and counteraccusation has become routine.

The United States charges Chinese individuals or organizations with hacking into the networks of its companies and government organizations in order to gain secrets that privilege Chinese SOEs. China denies the allegations and declares that it is a victim of cyberattacks, often emanating from U.S. servers.

To move past this unproductive exchange, the two countries are increasingly trying to document their accusations.

Last March, for example, Laura Saporito and James Lewis of the Center for Strategic and International Studies prepared a report identifying “six groups and fourteen individuals, all but one connected to the Chinese government and most with connections to the PLA, as responsible for cyberespionage.”

The same month China announced that of “85 websites of public institutions and companies [that] were hacked from September 2012 to February 2013,” 39 of the attacks “were recorded from IPs within the United States.”

The Chinese report “also recorded 5,792 hacking attempts from U.S. IP addresses” between November 2012 and January 2013.

Even though forensic capabilities in cyberspace are improving, attribution remains a significant challenge.

Henry Farrell, an associate professor of political science and international affairs at George Washington University, explains that “[i]t is often possible for attackers to hide their origins, through various technical means. And even when forensic techniques can be used to trace an attack back…it is often impossible to tell whether the hackers were working, for example, for the Chinese government or military, or working on their own account.”

Complicating matters is that the conversation between the United States and China about challenges of cyberspace changed significantly a year ago, following leaks by former National Security Agency (NSA) contractor Edward Snowden.

On June 5, 2013, the Guardian reported that the NSA had been gathering in bulk the phone records of millions of U.S. Verizon customers. The next day, the Washington Post detailed the Agency’s Internet surveillance program, PRISM.

Snowden’s disclosures also exposed that the NSA had been spying on Chinese companies.

China has cited that fact—and, more generally, the revealed scope and functions of NSA surveillance—as evidence that U.S. accusations lack both credibility and sincerity.

While the United States continues to differentiate between foreign intelligence gathering, a universal practice, and commercial espionage, which it regards as illegitimate, China suggests that the United States is contriving the distinction to deflect attention away from its double standard.

FROM ITnews.com.au

Chinese 'Putter Panda' hacking group outed by researchers
Powered by SC Magazine  By Juha Saarinen on Jun 10, 2014 11:47 AM (2 days ago) Filed under Security



People's Liberation Army Unit 61486.

Security researchers Crowdstrike claim to have turned the tables on a gang of Chinese hackers who may be connected to the country's military, releasing comprehensive information on the claimed members, as well as images of one person alleged to be involved.

The group is known as "Putter Panda" by security researchers, and Crowdstrike believes it is located in Shanghai, China, housed in buildings belonging to the People's Liberation Army or PLA.

Putter Panda is thought to have been active since 2007 at least. It targets American and European defence and satellite and aerospace industries, using exploits in popular applications such as Adobe Reader and Microsoft's Office productivity suite.

After analysing malware samples, CrowdStrike found several email addresses for domain registrations containing the moniker 'cpyy'.

The researchers went through image storage sites, blogs and other forums and discovered a man whose initials match the registrations, and who also had posted pictures of office buildings belonging to the Third General Staff Department, 12th Bureau, which the Project 2049 Institute claim is China's primary SigInt collection and analysis agency, with around 130,000 staff.

According to Crowdstrike, cpyy also posted photographs with two PLA Type 07 officer's peak hats and of himself in uniform, strengthening the military connection.

In May this year, the United States commenced legal proceedings against another group of prolific hackers thought to be connected to the PLA in Shanghai, allegations that were strenously denied by the Chinese government.

That group, called Comment Panda, is believed by Crowdstrike to be connected to Putter Panda, with what the researchers say is "a degree of organisational overlap" between the two.

Chief executive and co-founder of Crowdstrike, George Kurtz, says that the documents were released to counter China's denials and statements that the country's government and military have never engaged in cyber theft of trade secrets.

"We believe that organisations, be they governments or corporations, global or domestic, must keep up the pressure and hold China accountable until lasting change is achieved," Kurtz said.

He called China's long economic espionage campaign "massive and unrelenting", saying it targetted companies and government in every part of the globe.

CrowdStrike has published a free technical analysis to support its claims.

Copyright © iTnews.com.au . All rights reserved.

Hackers face life sentences in Britain Powered by SC Magazine By Juha Saarinen on Jun 5, 2014 8:37 AM Filed under Security

To reflect the damage they might cause.

Tough new penalties for computer hackers who jeopardise national security may come into effect in Britain under measures introduced in the Queen's Speech overnight.

The UK Government wants life sentences to be imposed on hackers that sabotage computer networks and cause deadly civil unrest through cutting off food distribution, telecommunications networks or energy supplies, under a new Serious Crime Bill.

The UK government will seek to amend the 1990 Computer Misuse Act "to ensure sentences for attacks on computer systems fully reflect the damage they cause."

Currently, the law provides for a maximum sentence of ten years' imprisonment for those who commit the offence of impairing a computer. A new, aggravated offence of unauthorised access to a computer will be introduced into the Computer Misuse Act by the government, carrying far longer sentences.

A hack that causes deaths, serious illness or injury, or is found to seriously damage Britain's national security will be punished by life in prison under the proposed new law.

Environmental damage, or serious hurt to the economy through hacking could land offenders with a fourteen year stretch in gaol if the government gets its way.

As of today, Britain has suffered no such serious cyber attacks. The UK government's National Security Strategy [PDF] nonetheless puts hacking on par with terrorists incidents, international miltiary crises and major accidents or natural hazards, as the country's highest priority risk.

Copyright © iTnews.com.au . All rights reserved.

FROM PRI DOT ORG

The story of Edward Snowden is so unbelievable, sometimes you forget it's nonfiction PRI's The World Producer Bradley Campbell February 14, 2014 · 6:15 PM EST


edward-snowden.jpg Credit: Dado Ruvic/Reuters

A man uses his cell phone to read updates about former US spy agency contractor Edward Snowden answering users' questions on Twitter in this photo illustration, in Sarajevo, on January 23, 2014.
There've been so many revelations based on Edward Snowden's leaks, and so many stories about the National Security Agency's snooping that it's hard to keep it all straight.

I mean, how do we write that first draft of history when history is still unfolding?

This week, the NSA added a new wrinkle. In a letter to Congress, the agency revealed the resignation of an NSA civilian employee who admitted giving Snowden access he shouldn't have had. Snowden had previously said he didn't steal any passwords or trick his co-workers.

So you can see the difficulties author Luke Harding must have had gathering information for his new book, "The Snowden Files."

Harding, a journalist with The Guardian in Britain, says it's still not possible to paint a complete picture of this saga.

“We don’t still entirely know how this extraordinary thing happened,” he says. “We know what happened, Snowden swiping a huge number of documents from the NSA’s servers in Fort Meade while sitting in Hawaii. But I think the agency is still trying to find out how he did it.”

Other details missing in the Snowden narrative include the question most everyone wants to know: How did he end up in Moscow? Harding says it’s not entirely clear. He talked with Snowden’s lawyer who just said the reason is “complicated.”

Even without the full-account, "The Snowden Files," is the first accounting of what happened last year with Edward Snowden and the NSA. It’s a read that sometimes feels like fiction. There are elements involving plastic alligators, a man holding a Rubik’s cube and the destruction of computers by British spies that feel as though Harding plucked them straight out of Alan Furst’s head.

Harding says he wrote it as a thriller. You can tell. It’s fun. You can’t stop turning the pages. The goal with the book was to bring all the strands together for people who haven’t been following the story closely. But even for someone who has been following the story, it’s great to have the account put together into a whole.

So how did this idea for a book start?

According to Harding, days after Snowden released his tell-all video in Hong Kong, explaining to the world why he did what he did. At the time, the Guardian’s Editor-in-chief Alan Rusbridger pulled Harding aside and said a book is necessary.

“We felt this was a historical moment,” he says. “It’s something very special, something epochal.”

Harding says Snowden was the guy who pulled back the curtain on mass surveillance. He’s right. You can think Snowden a hero or a villain, but you can’t argue that he showed the world that most of our private communications are not really private. They’re being collected and stored and sifted through by the NSA and its contractors.

One of the challenges of telling such a story is that The Guardian is a character in the story. It can be tough to do rigorous reporting on the group that pays your bills.

But it doesn’t seem this way for Harding. He says it’s really Snowden’s story and the Guardian journalists who interacted with him. Theses journalists, Harding included, reported under tough conditions. The White House and British government applied pressure to the newspaper and its journalists.

“[The British government] more or less threatened to throw us all in jail,” he says.

And that lack of rights for the press is a big reason why Harding feels the UK needs a "first amendment." It doesn’t have anything of the sort, so the unthinkable happens. And by unthinkable I mean the government forcing Guardian journalists to destroy computers containing the leaked material in the basement of the Guardian offices.

Imagine if the feds did that to The New York Times.

So where does the story of Edward Snowden go from here? It’s tricky.

“There are no options. The Europeans are furious, but neither the Germans nor the French nor even the Scandinavians offered Snowden asylum,” he says. “Meanwhile, if he goes back to the US it’s pretty clear he will face espionage charges. So I think by default, he’s stuck.”

But that doesn’t mean there won’t be any more documents leaked. Prior to his book on Snowden, Harding worked on the Wikileaks story back in 2010. At the time, he and fellow journalists felt the massive document dump was the story to end all stories.

“We felt this would never happen again in our lifetime.”


Chief News Editor: Sol Jose Vanzi
© Copyright, 2014 by PHILIPPINE HEADLINE NEWS ONLINE
All rights reserved


PHILIPPINE HEADLINE NEWS ONLINE [PHNO] WEBSITE