You might be popular, but are you Chinese hacker following your every move, no matter where you go popular?

No? It's cool. Not many people are. Read the rest

Hannu Rajaniemi is the Finnish-Scottish mathematician and science fiction writer whose debut, 2012's Quantum Thief was widely celebrated; now, in Summerland, Rajaniemi delivers new kind of supernatural historical spy procedural, set in a 1938 where the afterlife has been discovered, colonized and militarized. Read the rest

If you want an example of how big of a problem Chinese espionage is, you needn't look any further than the warnings that Canada and the United States have been throwing at corporations and governmental organizations about the use of gear built by tech companies with ties to the Chinese government.

Apparently, the issue extends beyond the use of smartphones and cellular networking hardware built by Huawei and ZTE: the US Government is thinking about conducting deep background checks on Chinese nationals coming to the United States in pursuit of their education. Spies! They're everywhere!

From IntelNews.Org:

...the Trump administration is reportedly considering the possibility of imposing deeper background checks and additional vetting on all Chinese nationals wishing to study in the US. Citing “a US official and three congressional and university sources”, Reuters said on Thursday that the measures would apply to all Chinese students wishing to register in undergraduate and graduate academic programs in the US. The news agency quoted a “senior US official” as saying that “no Chinese student who’s coming [to the US] is untethered from the state […. They all have] to go through a party and government approval process”. Reuters reported that the proposed plan includes a comprehensive examination of the applicants’ phone records and their presence on social media platforms. The goal would be to verify that the applicants are not connected with Chinese government agencies. As part of the proposed plan, US law enforcement and intelligence agencies would provide counterintelligence training to university officials.

In a new paper published in the journal Military Cyber Affairs researchers from the US Naval War College and Tel Aviv University document the use of BGP spoofing by China Telecom to redirect massive swathes of internet traffic through the company's routers as part of state military and commercial espionage efforts. Read the rest

With the midterm elections creeping up, everyone in the media's been busier than a cat trying to bury a turd in a marble floor watching for signs of Russian interference. Given the amount of chaos that Russia's cyber operatives have been responsible for over the past few years, this is totally understandable. However, it might be a good idea for the media to keep an eye on China's online comings and goings, as well.

According to a report released by the French government, Chinese cyber operatives have been hard at work attempting to compromise or enlist thousands of well-placed professionals and intellectuals online to leverage in the real world.

From IntelNews:

The report describes Chinese efforts to approach senior French scientists, business executives, academics and others, as “widespread and elaborate”, and warns that it poses an “unprecedented threat against the national interests” of the French state. It goes on to state that nearly 4,000 carefully selected French citizens have been approached by Chinese intelligence operatives via the LinkedIn social media platform. Of those nearly half, or 1,700, have leading posts in French industry, while the remaining 2,300 work in the public sector. In their totality, those targeted are involved nearly every area of industry and government administration, including those of nuclear energy, telecommunications, computing and transportation, said the report.

Uh Oh.

In many cases, the Chinese operatives used fake identities, pretending to be headhunters for overseas corporations and think tanks on LinkedIn. As part of the ruse, the ops would invite their targets on all-expenses-paid trips to China for job interviews or research symposiums – whatever turned their target's crank. Read the rest

Undercover is a World War II training film from the OSS, precursor to the CIA, would be enough to dissuade most people from a career in espionage. They enact numerous examples of tiny slip-ups that ended up blowing the covers of various spies and secret agents. Read the rest

With so many recent reports of hacks, software theft, and cloud-based security breaches, this "physical world" espionage case seems all the more mysterious. Read the rest

Bernard Barbier presided over DGSE, France's answer to NSA, during the agency's period of fast growth, spending €500M and adding 800 new staffers; in a recent speech to a French engineering university Ecole Centrale Paris, Barbier spilled a ton of secrets, apparently without authorisation. Read the rest

Trump at press conference yesterday: “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press. Let’s see if that happens.”

Response from Clinton camp: "This has to be the first time that a major presidential candidate has actively encouraged a foreign power to conduct espionage against his political opponent. That’s not hyperbole, those are just the facts. This has gone from being a matter of curiosity, and a matter of politics, to being a national security issue."

If Russia or any other country or person has Hillary Clinton's 33,000 illegally deleted emails, perhaps they should share them with the FBI!

— Donald J. Trump (@realDonaldTrump) July 27, 2016

Read the rest

The U.S. Justice Department is charging a Chinese national with economic espionage charges, saying he stole source code from an American company with the intent of transferring it to the Chinese government. He is reported to have been an employee of IBM at the time of the alleged crime. Read the rest

Legendary investigative journalist Duncan Campbell describes his life of being kidnapped by the London Metropolitan Police's Special Branch, being surveiled and harassed by UK spies and ministers, and reveals the identity of the whistleblower who leaked the details of ECHELON to him. Read the rest

A new Snowden leak details an NSA operation called SHOTGIANT through which the US spies infiltrated Chinese electronics giant Huawei -- ironically, because Huawei is a company often accused of being a front for the Chinese Peoples' Liberation Army and an arm of the Chinese intelligence apparatus. The NSA completely took over Huawei's internal network, gaining access to the company's phone and computer networks and setting itself up to conduct "cyberwar" attacks on Huawei's systems.

The program apparently reached no conclusion about whether Huawei was involved in espionage. However, the NSA did identify many espionage opportunities in compromising Huawei, including surveillance of an undersea fiber optic cable that Huawei is involved with. Read the rest

Wired's Kim Zetter rounds up some of the highlights from Untangling the Web: A Guide to Internet Research [PDF], an NSA guide to finding unintentionally published confidential material on the Web produced by the NSA and released in response to a Muckrock Freedom of Information Act request. As Zetter notes, the tactics discussed as described as legal, but are the kind of thing that weev is doing 3.5 years in a Federal pen for:

Want to find spreadsheets full of passwords in Russia? Type “filetype:xls site:ru login.” Even on websites written in non-English languages the terms “login,” “userid,” and “password” are generally written in English, the authors helpfully point out.

Misconfigured web servers “that list the contents of directories not intended to be on the web often offer a rich load of information to Google hackers,” the authors write, then offer a command to exploit these vulnerabilities — intitle: “index of” site:kr password.

“Nothing I am going to describe to you is illegal, nor does it in any way involve accessing unauthorized data,” the authors assert in their book. Instead it “involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution.” You know, sort of like the “hacking” for which Andrew “weev” Aurenheimer was recently sentenced to 3.5 years in prison for obtaining publicly accessible information from AT&T’s website.

Use These Secret NSA Google Search Tips to Become Your Own Spy Agency Read the rest

At the New York Times, Mark Mazzetti reports on the promotion of a C.I.A. officer "directly involved in the 2005 decision to destroy interrogation videotapes and who once ran one of the agency’s secret prisons." Read the rest

Russian security firm Kaspersky Lab claims to have uncovered a new "cyber-espionage toolkit" designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran. The researchers claim this new malware has been found infecting systems in other countries in the Middle East, and targets online financial systems. More at Wired Threat Level and Reuters. They're calling this one "Gauss." Read the rest

In case there was any doubt in your mind, the alleged $1T cost to America from cyberwar and the $250B cost to America from "cyber-theft of Intellectual property" are both total bullshit. Pro Publica breaks it down.

One of the figures Alexander attributed to Symantec — the $250 billion in annual losses from intellectual property theft — was indeed mentioned in a Symantec report, but it is not a Symantec number and its source remains a mystery.

McAfee’s trillion-dollar estimate is questioned even by the three independent researchers from Purdue University whom McAfee credits with analyzing the raw data from which the estimate was derived. "I was really kind of appalled when the number came out in news reports, the trillion dollars, because that was just way, way large," said Eugene Spafford, a computer science professor at Purdue.

Spafford was a key contributor to McAfee’s 2009 report, "Unsecured Economies: Protecting Vital Information" (PDF). The trillion-dollar estimate was first published in a news release that McAfee issued to announce the report; the number does not appear in the report itself. A McAfee spokesman told ProPublica the estimate was an extrapolation by the company, based on data from the report. McAfee executives have mentioned the trillion-dollar figure on a number of occasions, and in 2011 McAfee published it once more in a new report, "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency" (PDF).

In addition to the three Purdue researchers who were the report’s key contributors, 17 other researchers and experts were listed as contributors to the original 2009 report, though at least some of them were only interviewed by the Purdue researchers.