Glider from the game of Life, rising from the left

Unity

Archives

Blogroll

Topic: #China

CIA Field Agent Cyberdefense Failed

2018-08-17⊺11:35:11-05:00

“Botched CIA Communications System Helped Blow Cover of Chinese Agents”
Zach Dorfman, Foreign Policy, August 15, 2018
https://foreignpolicy.com/2018/08/15/botched-cia-communications-system-helped-blow-cover-chinese-agents-intelligence/amp/

It was considered one of the CIA's worst failures in decades: Over a two-year period starting in late 2010, Chinese authorities systematically dismantled the agency's network of agents across the country, executing dozens of suspected U.S. spies. …

Now, nearly eight years later, it appears that the agency botched the communication system it used to interact with its sources, according to five current and former intelligence officials. …

When CIA officers begin working with a new source, they often use an interim covert communications system — in case the person turns out to be a double agent.

The communications system used in China during this period was internet-based and accessible from laptop or desktop computers, two of the officials said.

This interim, or “throwaway,” system, an encrypted digital program, allows for remote communication between an intelligence officer and a source, but it is also separated from the main communication system used with vetted sources, reducing the risk if an asset goes bad.

Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated. In theory, if the interim system were discovered or turned over to Chinese intelligence, people using the main system would still be protected — and there would be no way to trace the communication back to the CIA. But the CIA's interim system contained a technical error: It connected back architecturally to the CIA's main covert communications platform. When the compromise was suspected, the FBI and NSA both ran “penetration tests” to determine the security of the interim system. They found that cyber experts with access to the interim system could also access the broader cover communications system the agency was using to interact with its vetted sources, according to the former officials. …

U.S. intelligence officers were also able to identify digital links between the covert communications system and the U.S. government itself, according to one formal official — links the Chinese agencies almost certainly found as well. These digital links would have made it relatively easy for China to deduce that the covert communications system was being used by the CIA. In fact, some of these links pointed back to parts of the CIA's own website, according to the former official.

As a rule of thumb, it is now about three orders of magnitude more difficult to defend against computer and network intrusions than to carry out the intrusions themselves.

#Central-Intelligence-Agency #China #communications-security #espionage

Mass Surveillance of Uyghurs in China

2018-04-09⊺14:44:18-05:00

This particular work of oppression is conducted through a smartphone app, in an extravagantly inept way characteristic of government coders.

“Chinese Government Forces Residents to Install Surveillance App with Awful Security”
Joseph Cox, Motherboard, April 9, 2018
https://motherboard.vice.com/en_us/article/ne94dg/jingwang-app-no-encryption-china-force-install-urumqi-xinjiang

JingWang scans for specific files stored on the device, including HTML, text, and images, by comparing the phone's contents to a list of MD5 hashes. …

JingWang also sends a device's phone number, device model, MAC address, unique IMEI number, and metadata of any files found in external storage that it deems dangerous to a remote server. …

As for handling that data, … JingWang exfiltrated data without any sort of encryption, instead transferring it all in plaintext. The app updates are not digitally signed either, meaning they could be swapped for something else without a device noticing.

#surveillance #China #dystopia

Hashtag index

This work is licensed under a Creative Commons Attribution-ShareAlike License.

Atom feed

John David Stone (havgl@unity.homelinux.net)

created June 1, 2014 · last revised December 10, 2018