The FBI stops criminals from smuggling U.S. military technology to China
April 26, 2012
Two suspected Taiwanese drug smugglers have now been accused of an even more ambitious plot, this time to smuggle serious military technology, including no less than a U.S. drone out of the country and into China.
Hui Sheng Shen and Huan Ling Chang, who have both been in custody since February for allegedly smuggling methamphetamine into the U.S., will be formally charged with conspiracy to violate the Arms Export Control Act, according to an AP report.
The two were caught in an undercover FBI sting which captured them on tape claiming that their clients in the Chinese government were keen on acquiring U.S. drones as well as stealth technology, anti-aircraft systems and even an E-2 Hawkeye early warning aircraft.
The two suspects reportedly ignored the undercover Feds’ repeated cautioning that they would not like to profit from any equipment which would harm U.S. interests, with Shen saying, “I think that all items would hurt America.”
"The people we met, they come from Beijing. They work for the Chinese government-- some kind of intelligence company for the government, a bit like the C.I.A I guess," Shen reportedly told the agents. "They are spies."
Shen also boasted that he could use scuba divers to transport parts of the equipment underwater from the Port Newark-Elizabeth Marine Terminal to a ship awaiting offshore-– a similar technique to that which he allegedly used to smuggle drugs.
The two individuals had been under surveillance for a whole year and then were subsequently arrested a couple of months back for a rather less headline-grabbing investigation into counterfeit 'UGG' boots being smuggled into New Jersey.
The news will be of minor embarrassment to the Chinese authorities given that, as usual, there is apparently no concrete proof linking any official involvement in the plot.
But it does come just a few days after a Pentagon report accused the People’s Republic of China of “economic espionage” facilitated by widespread hacking and designed to accelerate the development of its military and space technology.
For its part, China was forced to strongly deny the allegations in the report, which claimed to have identified no less than 26 separate occasions since 2006 on which China tried to get ahold of space launch data and sensitive info on U.S. cruise missiles and other critical military equipment.
In other internet security news
For the second time in less than two months, hundreds of thousands of web sites have been hit again by an unexplained outage at DNS services provider ZoneEdit, with users seeing from five to six full days of downtime on their email messages and their web infrastructure.
While the 603,000 customer domains ZoneEdit looks after were all apparently still resolving during the outage, users were unable to log into their accounts to make updates to their zones since last Friday.
"I have a static IP being changed by my service provider this week," one loyal customer blogged. "With only two days left before the change and potentially 500 to 1000 users being affected, I am left with very tough choices.
"I will give ZoneEdit until tomorrow morning before I find an alternative service or host the DNS myself."
Two days ago, the company's website went offline completely, again without explanation. This morning, however, the site returned and users reported that they could once again log in and use their services.
ZoneEdit, which is owned by the domain name registrar Dotster, has provided updates on Twitter, albeit only once or twice a day and without any insight into what the problem is or how long it will take to resolve.
In its most recent tweet, it states: "We understand the seriousness of this issue and its effect on you. We are truly sorry. We have every person possible working to resolve it, and as fast as possible."
Even with the problem apparently resolved, customers still do not know what happened. Users have also predictably taken to Twitter to vent their frustration-– not only regarding the downtime but also about the lack of communication from the company.
Some have even speculated that the website may have been the victim of an attack or a DoS (denial of service) attack from the outside.
ZoneEdit has been providing low-cost DNS resolution services since 2000. According to HosterStats, 150,000 domain names use its DNS to make their websites and email work.
The company did not respond to a request for comment. It's not the first time ZoneEdit has similar issues. About seven weeks ago, ZoneEdit was hit with a similar DoS attack that crippled its DNS services for a number of hours, and rendered 500 to 600 websites unavailable.
In other internet security news
Internet highjacking and pirating today isn't just a threat to your bank account or personal computer-- it's a serious problem of national security, says Congress, and now it wants to take immediate action while it still can.
To be sure, spies from other countries and organized criminals are already inside of virtually every U.S. company's network, and some firms don't even know about it. The U.S. government's top cybersecurity advisors widely agree that cyber criminals and internet terrorists already have the capability to take down the country's critical financial, energy and communications infrastructure.
"The reality is that our current infrastructure is being colonized, whether we like it or not" says Tom Kellerman, former commissioner of President Obama's cyber security council.
"Worse, is the fact that governments no longer have a monopoly on this capability, and that's really the frightening element here. There is code out there that puts it in anyone's hands," added Kellerman.
Using the web to take over our infrastructure, turn off our electricity or release dangerous toxins would amount to a full-fledged war against the country or countries who initiated such an action.
Much of America's critical infrastructure is currently owned by businesses. Gaining intelligence on cyber threats-- both in advance and after an attack has been launched, requires strong cooperation from companies and, often, from private individuals.
That's why Congress is taking up as many as six different new cyber bills this week that deal with that issue: improving the overall security of our core infrastructure, but without infringing on the privacy of corporations and the people that work in those companies. And it won't be easy, since we all know how privacy is a strong subject in the U.S.
There are some key differences between the bills, and lawmakers are furiously trying to merge them together. The bill most policy analysts focus on right now and is the likeliest to pass is the Cyber Intelligence Sharing and Protection Act (CISPA), introduced by Representative Mike Rogers, chairman of the House Intelligence Committee.
It passed his committee with strong bipartisan support (a 17-1 vote) in December 2011, and it has more than 100 co-sponsors on both sides of the aisle.
At the bill's core are direct incentives for private businesses that control core, critical infrastructure, particularly in the finance and energy sectors. Those businesses would receive some compelling tax breaks if they share related data with one another and the U.S. government about potential attacks.
To be specific, there are rules that would force them to strip out any non-crucial information from customers or business partners. A rival Senate bill, sponsored by Senator Joseph Lieberman, would instead mandate information sharing through government regulation.
Not surprisingly, that bill is also supported by President Barack Obama, but most speakers at the conference thought it had little chance of passing, nevertheless.
Critics have attacked all six bills both for being too lenient on privacy and for being too rigorous at the same time. The bills have been blasted by both civil liberties organizations, and, interestingly, those in the intelligence community.
"All six bills on the Hill are grossly insufficient," said Mike McConnell, formerly President Bush's national intelligence director. "We say we don't want to infringe on privacy rights or burden industry in any way, so the result is we don't do anything."
At a corporate security conference in March, FBI Director Robert Mueller warned attendees: "There are only two types of companies: those that have already been hacked, and those that will be soon."
McConnell thinks it will take a "catastrophic event" to force changes. "We are incredibly vulnerable," he said. "If we don't make our policy makers think about this seriously, we'll be dealing with something like 9/11."
Other countries and organized crime have more and better intelligence on U.S. citizens and businesses than the U.S. government itself does, in McConnell's view. That's a major policy dilemma, and something that all U.S. citizens should take very seriously.
Privacy advocates like the American Civil Liberties Union counter that the Rogers bill would kick off a free-for-all in sharing of customer records. The bill would "create a cybersecurity exception to all privacy laws and allow companies to share the private and personal data they hold on their American customers with the government," the ACLU wrote in a December letter to Rogers and others in Congress.
It added: "We will vigorously oppose this legislation as inconsistent with the long tradition of Americans' reasonable expectations of privacy." Yet other internet security professionals stressed that we have to rethink privacy in a world where hackers have already infiltrated all our systems and know everything about us.
"And let's get real here," said Kellerman. "Let's be honest about this. We have 100,000 Big Brothers. Meanwhile, the United States is fighting this with one hand behind its back. We have been juvenile about the discussion of privacy."
"This is an issue of leadership. If we don't take it seriously, we're going to have a serious attack," added Kellerman.
"We have to change our perspective on what's permissible and what's not," said Colonel Cedric Leighton, a former military intelligence officer with the U.S. Air Force. "It's not a lost cause, but only if we know what we're facing."
The bills aren't perfect, but even opponents of the Rogers bill said something needs to be done, and done fast. "We don't all have to agree on everything to do something," said Howard Schmidt, President Obama's current cybersecurity coordinator.
"We talk about it and talk about and talk about it, and all we're doing is just admiring the problem. We need the authority to do the things we've been talking about for quite a while," he added.
In other internet security news
Kaspersky Lab security researcher Costin Raiu has discovered a new Mac OS X trojan virus again. Called Backdoor.OSX.SabPub.a or just SabPub, for short, the new virus uses Java exploits to infect a Mac computer, then connects to a remote Web site, and wait for instructions that include taking screenshots of the user's Mac and executing commands.
"The Java exploits appear to be pretty standard, however, and they have been obfuscated using Zelix Klass Master, a flexible and quite powerful Java obfuscator," said Raiu. "This was obviously done in order to avoid detection from anti-malware products."
Raiu's new discovery comes as Mac users are on high alert over the Flashback Trojan, which reportedly infected over 600,000 Macs globally in the past few weeks. That exploit, which also uses Java, is capable of nabbing user passwords and other information from their Web browser or some applications.
Apple on Friday released a tool designed to remove Flashback from infected computers. Prior to that launch, it was believed that 270,000 Mac desktops were infected with the Trojan, down significantly from its height.
In a follow-up post on Securelist yesterday, Raiu provided a bit more information on SabPub to help differentiate it from Flashback. He reported that there are at least two SabPub variants in the wild today, including one that dates back to February.
The malware appears to be delivered through targeted attacks, which should limit its ability to make widespread incursions in a manner very similar to Flashback.
Raiu also reported that the malware appears to be spreading through Word documents that exploit the CVE-2009-0563 security vulnerability related to a stack-based buffer overflow in Office on the Mac.
"The most interesting thing here is the history of the second SabPub variant. In our virus collection, it is named 8958.doc." Raiu said. "This suggests that it was extracted from a Word document or was distributed as a Doc-file."
Source: The FBI.
You can link to the Internet Security web site as much as you like.