A Chinese Spy Wanted GE’s Secrets,

But the US Got China’s Instead

 

source: bloomberg.com  |  Image by Image by Arek Socha from Pixabay
How the arrest of a burned-out intelligence officer exposed an economic-espionage machine.

 

In January 2014, Arthur Gau, an aerospace engineer who was nearing retirement age, received an unexpected email from a long-lost acquaintance in China. Years before, Gau had made a series of trips from his home in Phoenix to speak at the Nanjing University of Aeronautics and Astronautics, or NUAA, one of China’s most prestigious research institutions. The original invitation had come from the head of a lab there studying helicopter design. Increasingly, however, Gau had heard from someone else, a man who worked at the university in a vague administrative capacity. Little Zha, as the man called himself, was the one who made sure Gau never had to pay his own airfare when he came to give talks. When Gau brought his mother on a 2003 visit, Zha arranged and paid for them to take a Yangtze cruise to see the river’s dramatically sculpted middle reaches before they were flooded by the Three Gorges Dam.

The relationship had ended awkwardly, though, when Zha offered Gau money to come back to China with information about specific aviation projects from his employer, the industrial and defense giant Honeywell International Inc. Gau ignored the request, and the invitations stopped.

Now, in 2014, Little Zha was reaching out again. The two started corresponding. In early 2016, Gau, whose interests extended far beyond avionics, said he’d planned a trip to China to visit some friends in the musical theater world. Zha was there that spring to meet him at the airport in Beijing. Waiting with him was a colleague Zha was eager for Gau to meet.

Xu Yanjun was on the tall side, at 5 feet 10 inches, with closely cropped hair, glasses, and a tendency toward bluntness. The three had dinner and met up again before Gau flew back to the US. Over pastries in Gau’s hotel room, they discussed Taiwanese politics—Gau grew up there—as well as the engineer’s evolving responsibilities at Honeywell. Late in the evening, Xu handed Gau $3,000 in cash. Gau would later testify that he tried to hand it back, but Xu was insistent. “And then, you know, back and forth, but I took it eventually.”The next year, Gau came back to China to give another lecture—this time a private one in a hotel room to several engineers and officials, including Xu. In preparation, Gau had emailed over PowerPoint slides containing technical information, including algorithms and other sensitive design data for the aircraft auxiliary power units Honeywell makes. “Because of the payment, I felt obligated,” he would later tell a judge.

Xu paid him $6,200 more, and two of his associates accompanied the visiting engineer on a two-day sightseeing trip to West Lake, famed for its picturesque gardens, islands, and temples. Gau was planning his next visit when, in the fall of 2018, agents from the FBI appeared at his home in Arizona to execute a search warrant. There would not be another trip. Xu, the agents explained, was not in Nanjing anymore. He wasn’t even in China. He was in Ohio, in a county jail awaiting trial.

Continue reading “A Chinese Spy Wanted GE’s Secrets…”

FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications

 

source: cnn.com  |  image: pexels.com

 

Washington (CNN)On paper, it looked like a fantastic deal. In 2017, the Chinese government was offering to spend $100 million to build an ornate Chinese garden at the National Arboretum in Washington DC. Complete with temples, pavilions and a 70-foot white pagoda, the project thrilled local officials, who hoped it would attract thousands of tourists every year.

But when US counterintelligence officials began digging into the details, they found numerous red flags. The pagoda, they noted, would have been strategically placed on one of the highest points in Washington DC, just two miles from the US Capitol, a perfect spot for signals intelligence collection, multiple sources familiar with the episode told CNN.
Also alarming was that Chinese officials wanted to build the pagoda with materials shipped to the US in diplomatic pouches, which US Customs officials are barred from examining, the sources said.

Federal officials quietly killed the project before construction was underway.    The Wall Street Journal first

reported about the security concerns in 2018.      The canceled garden is part of a frenzy of counterintelligence activity by the FBI and other federal agencies focused on what career US security officials say has been a dramatic escalation of Chinese espionage on US soil over the past decade.        Since at least 2017, federal officials have investigated Chinese land purchases near critical infrastructure, shut down a high-profile regional consulate believed by the US government to be a hotbed of Chinese spies and stonewalled what they saw as clear efforts to plant listening devices near sensitive military and government facilities.

Continue reading “FBI investigation:Huawei equipment could disrupt US nuclear comms”

Text scams surge as robocalls decline, report finds

source: usatoday.com  |  image: unsplash.com

 

You may have noticed receiving fewer robocalls over the past year, but a new report finds scammers are increasingly using a new way to reach consumers: text messages.

A report from the Consumer Watchdog office of the nonprofit U.S. PIRG is urging the Federal Communications Commission to pass new rules against robotexts, including requiring phone companies to block illegal text scams.

“Illegal robocalls and robotexts likely will never go away,” an excerpt from the report reads. “But they’ll continue to plague us as long as enforcement is lax, phone companies don’t try harder and enough consumers fall for scams to make it worthwhile for thieves.”

Spam texts have surged over the past year, jumping from 1 billion sent per month in July 2021, to more than 12 billion as of June, according to RoboKiller, a service specializing in blocking unwanted calls and texts.

Last year, acting FCC Chairwoman Jessica Rosenworcel proposed new rules requiring wireless carriers to block illegal texts.

In a statement released last October, the agency said complaints about unwanted text messages in 2020 more than doubled from the year before. 

“We’ve seen a rise in scammers trying to take advantage of our trust of text messages by sending bogus robotexts that try to trick consumers to share sensitive information or click on malicious links,” Rosenworcel said in last year’s statement.

The top scam texts of last year involved bogus delivery messages claiming to represent Amazon, the U.S. Postal Service or other companies. The messages say an order can’t be delivered or will arrive tomorrow, with a malicious link consumers click, the watchdog report said.

Others included fake messages from banks and texts related to the COVID-19 pandemic.

Meanwhile, the number of robocalls has declined over the past year, in part because of FCC rules requiring the use of technology to better identify robocalls and efforts by the agency and states to go after robocallers. 

 

Heads of FBI and MI5 issue strong warning about threat to the West from China

source: nbcnews.com  |  image:  pexels.com

Also, U.S. intelligence officials issued a report about Chinese attempts to influence local and state elections.

Speaking alongside his British counterpart in London, FBI Director Christopher Wray issued his starkest warning yet about the national security threat to the West from China, even as intelligence officials in Washington released a report about Beijing’s efforts to influence state and local politics in the U.S.

In a first-ever joint appearance Wednesday with the director of Britain’s MI5, the U.K.’s domestic intelligence agency, Wray raised the possibility that China might be inching closer to invading Taiwan, noting that Beijing has been taking steps to shield its economy from sanctions that would come after such a move.

“In our world, we call that kind of behavior a clue,” he said, adding that were an invasion to happen, “it would represent one of the most horrific business disruptions the world has ever seen.”

The Chinese Embassy in Washington did not respond to a request for comment. The Chinese Foreign Ministry said Wednesday, “In order to mislead the public, the U.S. has worked hand in glove with NATO to hype up competition with China and stoke group confrontation.”

Continue reading “Heads of FBI and MI5 issue strong warning about threat to the West from China”

Bad news: The cybersecurity skills crisis is about to get even worse

 

source: zdnet.com  |  image:  pixabay.com

 

New research suggests nearly a third of cybersecurity professionals are planning to quit the industry, at a time when companies are struggling to protect their networks from attacks.

 

Nearly a third of the cybersecurity workforce is planning to leave the industry in the near futurenew research suggests, leaving organizations in a troubling position as the threat landscape evolves “at an alarming rate”.

Cybersecurity firm Trellix commissioned a survey of 1,000 cybersecurity professionals globally and found that 30% are planning to change professions within two or more yearsOrganizations are already facing cybersecurity skills shortages, with not enough people having the skills and qualifications required to keep IT systems secure from breaches and other security threats.

Adding more fuel to the fire, organizations face a growing threat from cyber criminals and nation-state hackers, whose attacks are growing “in volume and sophistication”.

Trellix’s survey found that 85% of organizations report that a workforce shortage is impacting their ability to secure their IT systems and networks.

MIT Researchers Discover New Flaw in Apple M1 CPUs That Can’t Be Patched

source: thehackernews.com  |  image: pexels.com

A novel hardware attack dubbed PACMAN has been demonstrated against Apple’s M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems.

It leverages “speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity,” MIT researchers Joseph Ravichandran, Weon Taek Na, Jay Lang, and Mengjia Yan said in a new paper.

What’s more concerning is that “while the hardware mechanisms used by PACMAN cannot be patched with software features, memory corruption bugs can be,” the researchers added.

The vulnerability is rooted in pointer authentication codes (PACs), a line of defense introduced in arm64e architecture that aims to detect and secure against unexpected changes to pointers — objects that reference an address location in memory.

PACs aim to solve a common problem in software security, such as memory corruption vulnerabilities, which are often exploited by overwriting control data in memory (i.e., pointers) to redirect code execution to an arbitrary location controlled by the attacker.

Continue reading “MIT Researchers Discover New Flaw in Apple M1 CPUs That Can’t Be Patched”

Self-driving cars could be potential crime witnesses

source: axios.com, contributed by FAN Bill Amshey  |  image:  pixabay.com

 

The police in San Francisco see camera-laden autonomous vehicles as potential witnesses in their criminal investigations, setting off alarm bells for privacy advocates, VICE reports.

Why it matters: As Axios has reported, self-driving cars capture and store huge databases of images so that they can train their algorithms and become better drivers. What that means is that bystanders are often captured in the footage, raising privacy concerns.

Continue reading “Self-driving cars could be potential crime witnesses”

Cyber warfare gets real for satellite operators

source: spacenews.com  |  image: pixabay.com

Recent network attacks in Ukraine have been ‘an eye opener for everybody’

WASHINGTON — The U.S. government on March 17 advised satellite operators to put their guard up in the wake of a cyberattack that disrupted internet services in Europe provided by Viasat’s KA-SAT.

“Given the current geopolitical situation, the Cybersecurity and Infrastructure Security Agency requests that all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity,” said CISA, an organization within the Department of Homeland Security. 

Following CISA’s advisory, the Satellite Industry Association on March 18 issued a statement of “commitment to cybersecurity best practices” and expressed concern about “evolving attacks by criminals, terrorists, and nation states.”

Continue reading “Cyber warfare gets real for satellite operators”

Blue, yellow and gray zone: The cyber factor in Ukraine

source: c4isrnet.com  |  image: pexels.com

 

WASHINGTON — As Russia massed troops along its border with Ukraine over the last few months, it was unclear whether Russian President Vladimir Putin would invade. But if he did, experts warned, Russia would bombard the nation with a series of cyberattacks to sow confusion and weaken its resolve.

On Feb. 24, Putin unveiled his plans. Moscow’s war machine rolled into the Eastern European nation. The combined Russian air, land and sea assault was preceded by waves of cyberattacks, the sort of gray-zone meddling analysts and defense officials had foreseen. Websites were hamstrung. Malware coursed through computers. Communications were hampered.

But the full-fledged cyberwar some feared has not materialized. There has been no digital devastation of critical infrastructure, no damning disinformation.

“Apparently, it’s less than we thought would have happened at this point,” said Charles Munns, a retired U.S. Navy vice admiral who has advised the Defense and Energy departments. “It’s more of a 20th century invasion, with tanks and missiles and airplanes.”

A brief cyber history of Ukraine

Both Russia and Ukraine have a history with cyberattacks — the former leveraging the domain to wreak havoc, and the latter often finding itself on the receiving end.

Continue reading “Blue, yellow and gray zone: The cyber factor in Ukraine”

War in Ukraine Brings Out Scammers Trying to Exploit Donations

source: cnet.com | Photo by Katie Godowski from Pexels

 

The world has responded to Russia’s invasion of Ukraine with an outpouring of support for the Ukrainian people. That hasn’t escaped the notice of scammers, who are all too willing to take advantage of people’s desire to help.

One scam email sports a logo in the blue and yellow colors of the Ukrainian flag. It asks for donations to a humanitarian organization in the form of US dollars and a handful of cryptocurrencies. Other bogus emails ask recipients to send money to help children or to buy weapons for the Ukrainian military.

Fake charity websites are popping up, too. Researchers at ESET, a Slovakia-based antivirus company, said they’d discovered a handful of sites using the colors of Ukraine’s flag and dramatic images of soldiers and explosions. The websites solicit “aid,” ESET said, but they don’t provide specifics as to how the money will be used.

Continue reading “War in Ukraine Brings Out Scammers Trying to Exploit Donations”