2/19 Who Discovered "China Cyber Attacks"?

Digest note: Excerpts from digest issue a week ago, 2/11/13 Obama Claims Preemptive Cyberwar Power; US "target of massive China Cyber-espionage" http://www.burbankdigest.com/node/426, are followed by 2/19 US/CIA 'discovery China's Military behind attacks '

Obama claims broad preemptive cyber war powers
2/4/13 www.fastcompany.com/3005446/obama-granted-cyberwar-powers -
A secret legal review on the use of America's growing arsenal of cyberweapons concluded President Obama has the broad power to order a pre-emptive strike if the United States detects evidence of a major digital attack looming from abroad...as the administration moves, in the next few weeks, to approve the nation's first rules for how the military can defend, or retaliate, against cyberattack...will also govern how intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the US and, if the president approves, attack adversaries by injecting them with destructive code - even with no declared war. The rules will be highly classified, just as those governing drone strikes have been. John O. Brennan, Mr. Obama's chief counterterrorism adviser and nominee to run the CIA, played a central role in developing the administration's policies regarding drones and cyberwarfare....US Cyber Command (CYBERCOM) and computer network warfare is one of the few parts of the military budget expected to grow...Officials said the new cyberpolicies were guided by a decade of evolution in counterterrorism policy, particularly on the division of authority between the military and the intelligence agencies in deploying cyberweapons

10 days later....
China, the major 'threat' to US global dominance, which holds trillions of US debt, it would be laughable if not so desperately deadly
U.S. said to be target of massive cyber-espionage campaign
2/10/13 http://www.washingtonpost.com/world/national-security/us-said-to-be-targ...
A The National Intelligence Estimate assessment concluded the US is the target of a massive, sustained cyber-espionage campaign threatening the country’s economic competitiveness, according to individuals familiar with the report. The NIE identifies China as the country most aggressively seeking to penetrate the computer systems of U.S. businesses and institutions to gain access to data that could be used for economic gain. China staunchly rejected such allegations, saying the government neither condones nor carries out computer hacking.

state cyberterrorism
Newly discovered malware linked to Stuxnet, Flame
Researchers have identified a new kind of malicious software, Gauss that appears to be the creation of the same state-sponsored program that produced the viruses known as Stuxnet aimed at computers tied to Iran’s nuclear program. Stuxnet and Flame, believed to have been developed by the United States and Israel ...most likely a nation-state sponsored operation.”...It is unclear how Gauss is transmitted from computer to computer...But it does download monitoring software onto portable USB drives to collect information from uninfected machines to profile computers not connected to the Internet.

Software tracks people on social media created by defence firm
Exclusive: Raytheon's Riot program mines social network data like a 'Google for spies'
2/10/13 http://www.guardian.co.uk/world/2013/feb/10/software-tracks-social-media...
Raytheon...shared the technology with US government and industry...in 2010, to help build a national security system capable of analysing "trillions of entities" from cyberspace...
demonstrating the same social networks that helped propel Arab Spring revolutions can be a "Google for spies"...as means of monitoring and control. Using Riot it is possible to gain an entire snapshot of a person's life – their friends, the places they visit charted on a map – in little more than a few clicks of a button.... Raytheon's "principal investigator" Brian Urch explained in the video acquired by the Guardian, how photographs that users post on social networks may contain latitude and longitude details – automatically embedded by smartphones within "exif header data." Riot pulls out this information, showing not only the photographs posted... but also the location where photographs were taken...Riot can display on a spider diagram the associations and relationships of individuals by looking at who they have communicated with online over Twitter...mine data from Facebook and sift GPS location information from Foursquare, a mobile phone app used by more than 25 million people to alert friends of their whereabouts...can be used to display, in graph form, the top 10 places visited by tracked individuals and the times at which they visited them....Law enforcement data mining is legal in most countries. In February 2012 the FBI requested help developing a social-media mining application for monitoring "bad actors or groups"....Jared Adams, a spokesman for Raytheon's intelligence and information systems, said in an email: "Riot is a big data analytics system design we are working on with industry, national labs and commercial partners to help turn massive amounts of data into useable information to help meet our nation's rapidly changing security needs....In December, Riot was featured in a newly published patent Raytheon is pursuing for a system to gather data on people from social networks, blogs and other sources to identify whether they should be judged a security risk. In April, Riot was scheduled to be showcased at US government and industry national security conference for secret, classified innovations, listed under the category "big data – analytics, algorithms."According to records published by US government's trade controls department, the technology has been designated an "EAR99" item under export regulations, which means it "can be shipped without a licence to most destinations under most circumstances".

"US Needs Offensive Cyberwar Weapons "
10/4/12 General Keith Alexander, NSA director and US CYBERCOM commander: "If your defense is only to try to block attacks you can never be successful,"US Needs Offensive Weapons in Cyberwar" Gen. Alexander *
According to CNET , using a FOIA request, EPIC obtained 190 pages of Perfect Citizen files, at least 98 of which completely deleted for security reasons. The readable portions showed that defense company Raytheon received a $91 million contract to build Perfect Citizen and hire...hardware and software engineers to analyze and document vulnerability research against control systems and devices.

"Cyber threats are pretexts..."
Pentagon's Massive Expansion of 'Cyber-security' Unit is About Everything Except Defense
By Glenn Greenwald
The purpose of a surveillance state: The surveillance state impedes, deters, and chills any attempt to challenge state or corporate power. That is its purpose. It does that by design. Therefore, understanding what the surveillance state is and how it operates is essential.The US surveillance state is a full-scale merger of government and corporate America... The US government reflexively labels everything it does "classified" and "secret". There is supposed to be government transparency; individuals are supposed to live in a sphere of privacy. This basic tenet of democracy has been reversed.

China Pressured to Act Against N. Korea
2/19/13 http://www.voanews.com/content/china-faces-pressure-to-take-action-again...
The United States is calling for stronger sanctions at the UN Security Council. Monday the European Union announced measures to strengthen trade and economic sanctions against North Korea... China’s Foreign Ministry expressed resolute opposition to the test but wants Security Council deliberations to focus on moving toward denuclearization of the peninsula, stopping nuclear proliferation for peace and stability.


"may be", "is seen as" equivocation on bogus charges
China Army May Be Behind Web Attacks, U.S. Security Firm Says
2/19/13 Bloomberg News,
 “It is time to acknowledge the threat is originating in China,” Alexandria, Virginia-based Mandiant said. “Our research and observations indicate that the Communist Party of China is tasking the Chinese People’s Liberation Army to commit systematic cyber espionage and data theft against organizations around the world.”
A recently prepared U.S. secret intelligence assessment, described Feb.11 in the Washington Post , said the country’s economy is endangered by a massive and prolonged computer- espionage campaign from China....The attacks, mainly directed at U.S. companies, were carried out by a group that is “likely government sponsored” and is similar “in its mission, capabilities, and resources” to a unit of the People’s Liberation Army, Mandiant Corp. said in a report today. The details Mandiant disclosed can help corporations spot hackers in their own networks, ahead of similar government actions that would happen under an executive order signed Feb. 12 by President Barack Obama that calls for sharing of secret government information on the operations of Chinese hackers and other cyber threats. It directs the government to develop cybersecurity standards for companies operating the nation’s vital infrastructure....China’s Foreign Ministry said today China opposes computer hacking and that it is also a victim of attacks. The U.S.is the biggest attacker of China’s Internet, said Hong Lei.“It’s inaccurate and unprofessional to accuse the Chinese military of Internet attacks,” the Ministry of Defense said by fax today in response to a Bloomberg News request for comment on the Mandiant report. “China’s military has never supported hacking and the country has always cracked down on relevant criminals.”

Chinese Army Unit Is Seen as Tied to Hacking Against U.S.
2/19/13 Technology - Bits - The New York Times
A growing body of evidence - by American intelligence officials who say they have tapped into the activity of the army unit for years - leaves little doubt that an overwhelming percentage of attacks on American corporations, organizations and government agencies originate in and around the headquarters of the People's Liberation Army in Shanghai.
David E. Sanger, David Barboza and Nicole Perlroth of The New York Times report that an unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups - known to many of its victims in the United States as "Comment Crew" or "Shanghai Group.""Either they are coming from inside Unit 61398," said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, "or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood."
Other security firms that have tracked "Comment Crew" say they also believe the group is state-sponsored, and a recent classified National Intelligence Estimate, issued as a consensus document for all 16 of the United States intelligence agencies, makes a strong case that many of these hacking groups are either run by army officers or are contractors working for commands like Unit 61398, according to officials with knowledge of its classified content.
Increasingly its focus is on companies involved in the critical infrastructure of the United States - its electrical power grid, gas lines and waterworks. According to the security researchers, one target was a company with remote access to more than 60 percent of oil and gas pipelines in North America.
The United States government is planning to begin a more aggressive defense against Chinese hacking groups, starting on Tuesday. Under a directive signed by President Obama last week, the government plans to share with American Internet providers information it has gathered about the unique digital signatures of the largest of the groups, including Comment Crew and others emanating from near where Unit 61398 is based.

one year ago, same story, same US intelligence/cyberwar players,
U.S. Not Afraid To Say It: China's The Cyber Bad Guy
2/18/12 www.npr.org/ 2012/ 02/ 18/ 147077148/ chinas-hacking-of-u-s-remains-a-top-concern - "We know, and there's good evidence ... of very deliberate, focused cyber-espionage to capture very valuable research and development information, or innovative ideas, or source code or business plans for their own advantage," says Mike McConnell, former director of national intelligence and before that, director of the National Security Agency. Last month, McConnell co-authored an op-ed column in the Wall Street Journal, along with recently retired Deputy Defense Secretary William Lynn and former Secretary of Homeland Security Michael Chertoff: China's Cyber Thievery Is National Policy — And Must Be Challenged
China stands out as especially aggressive. "China does not care what other people think," says Richard Bejtlich, chief security officer at MANDIANT security company that helps firms deal with cyber-intrusions.... use computers at a press center in Beijing. ...One reason they were anxious to publicize China's cyber-espionage was to counter those who claimed there was little concrete evidence to link the Chinese definitively to major hacking activity. One problem in cyber-espionage investigation is that it can be almost impossible to trace a computer intrusion back to its source. MANDIANT'S Bejtlich says.. he can identify Chinese hackers just by the way they work... Bejtlich says "In our government, there are people who know exactly who these guys are. I've seen pictures of office buildings; there are pictures of individuals."

Ex-CIA Chief Calls for Less Cyber Secrecy | Defense News ...
Oct 6, 2011 ... The former head of the National Security Agency and CIA echoed experts who ... chief security officer at the cybersecurity company Mandiant.

Kevin Mandia | M-unition - Mandiant
Oct 31, 2012 ... Recently we hosted Mandiant's fifth Executive Threat Briefing of the year, ... (NSA ) and former director of the Central Intelligence Agency (CIA).

Executive Briefing with Retired General Michael Hayden ... - Mandiant Feb 29, 2012 ... On February 22nd Mandiant conducted a second executive breakfast in ... (NSA) and former director of the Central Intelligence Agency (CIA).

NSA | M-unition - Mandiant
Feb 29, 2012 ... On February 22nd Mandiant conducted a second executive breakfast in ... (NSA) and former director of the Central Intelligence Agency (CIA).

"...experts who have tested, used and proven the effectiveness of the open source tools... that work seamlessly with Solera Networks”
Solera Networks to Host Cybersecurity Event Featuring Former CIA and NSA Director, General Michael Hayden
Security Leaders to Share Insights on the Cyber Threat Landscape and the Role of New Big Data Security and Advanced Threat Protection Technologies
SAN FRANCISCO—November 13, 2012 — Solera Networks, the industry’s leading Big Data Security Intelligence and Analytics provider, announced it will host an exclusive cybersecurity event November 16, exploring the current cyber landscape. General Michael Hayden, now a principal at The Chertoff Group.. As director of the Central Intelligence Agency, General Hayden was responsible for overseeing the collection of information concerning the plans, intentions and capabilities of America’s adversaries; producing timely analysis for decision makers; and conducting covert operations to thwart terrorists and other enemies of the US. Prior to the CIA, General Hayden served as the country’s first Principal Deputy Director of National Intelligence  and was the highest-ranking intelligence officer in the armed forces...
A panel of influential security leaders moderated by The Chertoff Group’s Chief Strategy Officer Brian White will also engage in a lively and informative discussion regarding critical security issues facing organizations. Topics covered will include the challenges of big data, how to respond and recover from sophisticated cyber attacks and the role of real-time situational awareness and actionable intelligence in uncovering and combating advanced threats. The expert security panel will feature:
Steve Shillingford, CEO, Solera Networks
Art Gilliland, senior VP and general manager, Hewlett-Packard
Kevin Mandia, CEO, Mandiant
Bill Conner, CEO Entrust.

Report ties cyberattacks on U.S. computers to Chinese military
...“We have figured things out in an unclassified way that the government has known through classified means,” said Richard Bejtlich, Mandiant chief security officer, adding that the company shared the study with U.S. intelligence agencies before it was released...The Mandiant report coincides with the completion of a classified National Intelligence Estimate by U.S. intelligence agencies that concluded China was the most aggressive perpetrator of a massive campaign of cyber-espionage against commercial targets in the United States. It also comes days after President Obama issued an executive order aimed at better securing the computer networks run by critical U.S. industries, such as transportation and energy....
The Chinese military has repeatedly denounced accusations it engages in cyber-espionage, and did so again Tuesday. “Similar to other countries, China faces serious threats from cyberattack and is one of the main victims of cyberattacks in the world,” the Ministry of Defense said. “The Chinese army never supported any hacking activities. The accusation that the Chinese military engaged in cyberattacks is neither professional nor in accordance with facts. “Chinese Foreign Ministry spokesman Hong Lei also challenged the report’s findings. “Hacking attacks are transnational and anonymous,” and determining their origins is extremely difficult, We don’t know how this so-called report can be tenable.”

DHS to Outsource Open Source Intel
12.07.07 http://www.wired.com/dangerroom/2007/12/dhs-to-outsourc/#previouspost
The Department of Homeland Security is looking for a company that can monitor online terrorist chatter, providing:
Access to 24 hour monitoring and tracking of primary terrorist organizations websites, new addresses of terrorist websites including messages from militants groups in the Middle East, Asia and other regions. An updated terrorism library, access to publications, media, newsletter and current news including daily translation of the following services: Entire translated transcripts of terrorist leaders speeches, videos, and audio messages, as well as the original video and audio messages. Translations of terrorist books, magazines, fatwas, and military training manuals. Translations of terrorist communiqus, including copies of videos and audio messages associated with the communication. Translations of terrorist chatter discussing potential targets, methods of attack, and other relevant material. Searchable archive of all historical material.(...)
Sounds like what Rita Katz’s SITE Institute does. Why not expand the CIA’s incredibly successful Foreign Broadcast Information Service (now the DNI Open Source Center) which already does part of what this contract is talking about?

Exclusive: Google, CIA Invest in ‘Future’ of Real-Time Web Monitoring
Noah Schactman, http://www.wired.com/dangerroom/2010/07/exclusive-google-cia/
The investment arms of the CIA and Google are both backing a company that monitors the web in real time — and says it uses that information to predict the future. The company, Recorded Future, scours tens of thousands of websites, blogs and Twitter accounts to find the relationships between people, organizations, actions and incidents — both present and still-to-come. In a white paper, the company says its temporal analytics engine “goes beyond search ” by “looking at the ‘invisible links’ between documents that talk about the same, or related, entities and events.” The idea is to figure out for each incident who was involved, where it happened and when it might go down. Recorded Future then plots that chatter, showing online “momentum” for any given event...Which naturally makes the 16-person Cambridge, Massachusetts, firm attractive to Google Ventures, the search giant’s investment division, and to In-Q-Tel which handles similar duties for the CIA and the wider intelligence community...
Which naturally makes the 16-person Cambridge, Massachusetts, firm attractive to Google Ventures, the search giant’s investment division, and to In-Q-Tel which handles similar duties for the CIA and the wider intelligence community....It’s not the first time Google has done business with US spy agencies. Long before it reportedly enlisted the help of the National Security Agency to secure its networks, Google sold equipment to the secret signals-intelligence group . In-Q-Tel backed the mapping firm Keyhole, bought by Google in 2004 — and then became the backbone for Google Earth. This appears to be the first time, however, that the intelligence community and Google have funded the same startup, at the same time...
U.S. spy services have become increasingly interested in mining “open source intelligence” — information that’s publicly available, but often hidden in the daily avalanche of TV shows, newspaper articles, blog posts, online videos and radio reports....U.S. spy agencies, through In-Q-Tel, have invested in a number of firms to help them better find that information.
Visible Technologies crawls over half a million web 2.0 sites a day scraping more than a million posts and conversations taking place on blogs, YouTube, Twitter and Amazon.
Attensity applies the rules of grammar to the so-called “unstructured text” of the web to make it more easily digestible by government databases. Keyhole (now Google Earth) is a staple of the targeting cells in military-intelligence units.
Recorded Future strips from web pages the people, places and activities they mention. The company examines when and where these events happened (“spatial and temporal analysis”) and the tone of the document (“sentiment analysis”). Then it applies some artificial-intelligence algorithms to tease out connections between the players. Recorded Future maintains an index with more than 100 million events, hosted on Amazon.com servers.“We’re right there as it happens. We can assemble actual real-time dossiers on people.”
Both Google Ventures and In-Q-Tel made their investments in 2009, shortly after the company was founded....Both In-Q-Tel and Google Ventures have seats on Recorded Future’s board... Google Ventures did not return requests to comment for this article. In-Q-Tel Chief of Staff Lisbeth Poulos e-mailed: “We are pleased Recorded Future is now part of IQT’s portfolio of innovative startup companies who support the mission of the U.S. Intelligence Community.”

Open Source Intel Rocks — Sorry, It’s Classified
Open source intelligence may come from unclassified material that’s available to anyone with a TV or an internet connection. CIA chief Michael Hayden says the finished products have to be kept out of public view. They’re just too sensitive for average folks to see. "The information is unclassified. Our interest in it is not," Gen. Michael Hayden told the Director of National Intelligence Open Source Conference late last week. (Click here for audio .) "One irony of working the open source side of the intelligence business is that the better we do, the less we can talk about it." Just a few years ago, open source intelligence was a spy backwater... Today, the head of the Open Source Center, where public information is collected, now reports directly to Hayden — like the Directorate of Intelligence and National Clandestine Services chiefs. Open source material is included regularly in the President’s Daily Brief — the intelligence summary, delivered right to the Oval Office.