1-27-15 Last week Der Spiegel published a new tranche of documents provided to the German weekly magazine by the former U.S. National Security Agency contractor, Edward Snowden. The documents are the first public confirmation that Chinese hackers have been able to extrapolate top secret data on the sources, the data breach already took place in 2007 at the prime subcontractor Lockheed Martin. A U.S. government official recently claimed that as of now, “classified F-35 information is protected and remains secure.”
The fifth generation F-35 Lightning II is the most advanced fighter jet currently in production in the world. Experts have long argued that the design of China’s newest stealth fighter, the J-31, as well as the Chengdu J-20 fighter jet, are in parts influenced by the F-35. Bloomberg reports that the chairman of the Chinese subsidiary producing the J-31 even boasted that the Chinese plane is superior to the American product. “The J-31 will finish it off in the sky,” boasted AVIC Chairman Lin Zuomin referring to the F-35. However most aviation experts are skeptical of this assertion.
The Snowden files outline the scope of Chinese F-35 espionage efforts, which focused on acquiring the radar design (the number and types of modules), detailed engine schematics (methods for cooling gases, leading and trailing edge treatments and aft deck heating contour maps) among other things. The document claims that many terabytes of data specific to the F-35 joint strike fighter program were stolen.
The Byzantine Hades hacks – the code name given to the attacks by U.S. investigators who traced the hacks back to a specific unit of the Chinese People’s Liberation Army first revealed by Wikileaks – have also targeted other programs and “cause serious damage to DoD interests,” according to a top secret power point presentation. The Chinese hackers were also successful in obtaining data on the B-2 stealth bomber, the F-22 jet, space-based lasers, missile navigation and tracking systems, as well as nuclear submarine/anti-air missile designs.
The power point furthermore lists at least 30,000 hacking incidents, more than 500 significant intrusions in DoD systems, at least 1600 DoD computers penetrated, and more than 600,000 user accounts compromised, in addition to over 300,000 user ID/passwords and 33,000 U.S. Air Force officer records compromised. The presentation makes the point of equating the amount of data extracted (50 terabytes) to be equal to five Libraries of Congress. Overall damage is estimated to be more than $100 million.
As usual the Chinese government has denied any involvement in the attacks. https://thediplomat.com/2015/01/new-snowden-documents-reveal-chinese-behind-f-35-hack/
………………………………………………..…
3-24-2016 Su was described in court documents as a wealthy Chinese businessman who owned a Beijing aviation technology company called Lode Tech. He was a permanent resident of Canada and owned homes in that country and China. According to court papers, Su worked with two Chinese hackers who "engaged in clandestine computer and network reconnaissance and intrusion operations." The two Chinese agents were not identified but were linked to "multiple organizations" in China, according to the court papers.
Michelle Van Cleave, former national counterintelligence executive within the office of the director of national intelligence, said the Su prosecution was a success but represents "a drop in a bucket that keeps getting bigger every year. The Chinese have a sophisticated network of tens of thousands human spies and computer hackers targeting American military and technological secrets. What they can’t acquire legally through trade, or creatively through mergers and acquisitions they are prepared to steal. And it’s getting harder all the time to stop them."
The two Chinese were listed as unindicted co-conspirators by prosecutors but were not identified by name or agency. The two Chinese agents emailed Su with stolen defense contractor file directories listing data from U.S. and foreign company networks that China had hacked. Su then advised the two Chinese agents on which specific technologies to target from the companies. The three obtained details on "dozens" of military projects, according to an FBI criminal complaint. Su also sought to sell the stolen U.S. technology obtained by the China-based hackers to state-owned companies in China.
The operation first gained access to some 630,000 Boeing computer files on the C-17 military transport aircraft technology in early 2009. The C-17 is the U.S. military’s main cargo aircraft. The data included details on the aircraft’s onboard computer….Regarding the F-35, the frontline U.S. jet fighter being developed in both Air Force, Navy and Marine Corps variants, the Chinese obtained the "Flight Test Plan" for the jet written by a U.S. defense engineer.
According to an FBI agent writing in the criminal complaint, Noel A. Freeman, a report by the spies stated that the stolen data would "allow us to rapidly catch up with U.S. levels" and will allow China to "stand easily on the giant’s shoulders.”…
An NSA document * states that China obtained more than 50 terabytes—a huge amount of data—from U.S. defense and government networks, including the F-35 radar and engine secrets. The data included numbers and types of F-35 radar modules and detailed engine schematics for the Lockheed Martin aircraft.
Chinese cyber spies also obtained export-restricted data through defense industrial espionage on the B-2 bomber, F-22, F-35, Space-based Laser and other weapons.
According to court papers in the Su case, the Chinese cyber espionage operation to obtain U.S. military technology used "hop points" for the cyber attacks in the United States, France, Japan and Hong Kong and was funded with the Chinese equivalent of more than $500,000.
…one court document said the case may be related to the arrest of a Boeing aerospace engineer Keith Gartenlaub, who was arrested in August 2014 on child pornography charges.
A court document in the case said the Su case may be related to the Gartenlaub case because "the cases arise out of the same conspiracy, common scheme, transaction, series of transactions or events.” https://freebeacon.com/national-security/china-hacked-f22-f35-jet-secrets/
………………….……….…………………
*
-Su Bin
...............................................................
...............................................................
3-25-2016 Su Bin, China-based businessman working in the aviation and aerospace field, faces a maximum of five years in prison and $250,000 in fines — or twice the gross gain or gross loss resulting from the offense, whichever is greatest — when he stands before Judge Christina Snyder for sentencing July 13, the statement said.
Charges were filed against Bin in 2014, and he was arrested in Canada on a warrant later that year.
“Su Bin admitted to playing an important role in a conspiracy, originating in China, to illegally access sensitive military data, including data relating to military aircraft that are indispensable in keeping our military personnel safe,” Assistant Attorney General for National Security John Carlin said in the statement. “This plea sends a strong message that stealing from the United States and our companies has a significant cost; we can and will find these criminals and bring them to justice.”
……….………….…………….………………………
2-20-17 The data the NSA collected by penetrating BYZANTINE CANDOR's networks had concrete forward-looking defensive value. It included information on the adversary's "future targets," including "bios of senior White House officials, [cleared defense contractor] employees, [United States government] employees" and more. It also included access to the "source code and [the] new tools" the Chinese used to conduct operations. The computers penetrated by the NSA also revealed information about the exploits in use. In effect the intelligence gained from the operation, once given to network defenders and fed into automated systems, was enough to guide and enhance the United States' defensive efforts.
This case alludes to important themes in network defense. It shows the persistence of talented adversaries, the creativity of clever defenders, the challenge of getting actionable intelligence on the threat, and the need for network architecture and defenders capable of acting on that information. But it also highlights an important point that is too often overlooked: not every intrusion is in service of offensive aims. There are genuinely defensive reasons for a nation to launch intrusions against another nation's networks….
the thwarting of a BYZANTINE HADES intrusion attempt that targeted four high-ranking American military leaders, including the Chief of Naval Operations and the Chairman of the Joint Chiefs of Staff; the NSA's network defenders saw the attempt coming and successfully prevented any negative effects. The files also include examples of successful defense against Anonymous and against several other code-named entities. …
Defensive-minded network intrusions, on the other hand, are not invasions, but intelligence efforts. Nations carrying out these sorts of intrusions are gathering information on other nations' capabilities and attempting to do so in a covert fashion. https://www.vice.com/en_us/article/4xbv7j/the-cybersecurity-dilemma-the-prevalence-and-dangers-of-defensive-hacking
…………….………….…………….……………………….
10-4-17 Titan Rain was followed by a rash of espionage incidents that originated in China and were given code names like “Byzantine Hades,” “GhostNet” and “Aurora.” The thieves were after a wide range of data.
They stole intellectual property, including Google’s source code and designs for weapons systems. They took government secrets, including user names and passwords. And they compromised data associated with Chinese human rights activists, including their email messages. Typically the intrusions started with spear-phishing.
In 2013 the American cyber-intelligence firm Mandiant, now part of FireEye, issued a landmark report on a Chinese espionage group it named “Advanced Persistent Threat 1.” According to the report, APT1 had stolen hundreds of terabytes of data from at least 141 organizations since 2006.
The Mandiant report gave details of the operations and provided evidence linking those thefts to Unit 61398 of the People’s Liberation Army – and named five officers of the unit. This was the first time any security firm had publicly disclosed data tying a cyberoperation against the U.S. to a foreign government. In 2014 the U.S. indicted the five Chinese officers for computer hacking and economic espionage
Mandiant described APT1 as “one of more than 20 APT groups with origins in China.” Many of these are believed to be associated with the government. A report from the nonprofit Institute for Critical Infrastructure Technology describes 15 state-sponsored advanced persistent threat groups, including APT1 and two others associated with PLA units. The report does not identify sponsors for the remaining groups….
In its 2015 Global Threat Report the American cyberintelligence firm CrowdStrike identified dozens of Chinese adversaries targeting business sectors that are key to the Five-Year Plan (2016-20). It found 28 groups going after defense and law enforcement systems alone. Other sectors victimized worldwide included energy, transportation, government, technology, health care, finance, telecommunications, media, manufacturing and agriculture. China’s theft of military and trade secrets has been so rampant that editorial cartoonists Jeff Parker and Dave Granlund depicted it as “Chinese takeout.” http://theconversation.com/how-the-chinese-cyberthreat-has-evolved-82469
No comments:
Post a Comment