Eric Holder yesterday announced: “Today, we are announcing an indictment against five officers of the Chinese People’s Liberation Army for serious cybersecurity breaches against six American victim entities.”
The five officers are known by the aliases UglyGorilla, Jack Sun, Lao Wen, hzy_1hx and KandyGoo. They are members of the PLA’s military unit 61398 (you may recall that this is the unit accused by Mandiant last year as being the source of the APT1 hacking group). They stand accused of using spearphishing to penetrate six US companies (Westinghouse Electric, Alcoa, Allegheny Technologies Incorporated, U.S. Steel, the United Steelworkers Union and SolarWorld) to conduct economic espionage.
“This is a tactic that the U.S. government categorically denounces,” said Holder. “As President Obama has said on numerous occasions, we do not collect intelligence to provide a competitive advantage to U.S. companies, or U.S. commercial sectors.” This is from the man who lied to Congress.
It is also inaccurate. The Snowden files have shown that the NSA has bugged trade negotiations; and trade negotiations are quite plainly ‘economic’ – with US industry likely to benefit. And of course the NSA’s hacking of Chinese servers, and excluding Huawei over fears that it might be backdoored while it proceeded to backdoor Cisco equipment has sort of ceded the moral high ground.
I asked FireEye, which now owns Mandiant, if it had supplied any of the information used by the FBI in its indictment. A spokesperson told me, “The US government just used information from the APT1 report which was published. We did not actively provide information. We believe this was a natural escalation after the revelation – the PLA group went quiet but now are very active again so was only a matter of time.”
But there may be another reason for the delay between Mandiant’s initial report and this indictment… Generally speaking, law enforcement needs a victim complaint over intelligence of a crime before it can take action against the suspected criminal; so it has had to wait for the hacked companies to investigate and complain before it could commence the indictment proceedings.
Luis Corrons, technical director at PandaLabs, finds this a frequent problem. “This year I have handed LEA information about 3 different criminal cases; and all 3 of them have real evidence of who is behind them. But if there is no official complaint from the victims, nothing happens. One of the cases is multinational – the local LE tried to convince a Spanish company who was victim to present a complaint, but it didn’t want to. Now the LEA is trying in different countries trying to convince victims to present a complaint.
“But this is not the only problem,” he continued.” Some investigations are really complex, and while for me it can be ‘easy’ to gather evidences, for an LEA to do it in the proper and legal way can take months or even years.”
If that’s the case here, this indictment is actually quite speedy.
But is it wise?
Much of the security industry is in favour of the US action. “This really could be a landmark moment that has the potential to change the way in which we respond to the growing threat presented by digital criminality,” said Martin Sutherland, managing director of BAE Systems Applied Intelligence, in an emailed statement. “This current case is encouraging and sets an interesting precedent for other countries combating digital crime.”
“The US government is toughening up its language against nation-state and industrial cyber-espionage,” said Bob West, chief trust officer at CipherCloud in another email. “We’re calling out the Chinese government for its role fostering theft of American intellectual property and doing it by naming specific hackers with military ties.”
“While I doubt that foreign military commanders who are prosecuted by the Department of Justice will be successfully apprehended and brought to justice,” said Tom Cross, director of security research at Lancope, “these prosecutions do send a clear message regarding what sort of behavior the United States views as unacceptable.”
In each case I asked a few questions. Most pertinent was this:
Is it not pure hypocrisy? We know from the Snowden files that the NSA has hacked Chinese servers. Holder says ‘we do not do it for economic advantage’. Leaving aside any cynicism over such a statement, isn’t it irrelevant? Holder is saying that the accused have broken US laws; but the US breaks Chinese laws. So what is the legal difference?
I have not had a reply. In fairness, it probably has as much to do with trans-Atlantic time zones as a disinclination to respond; and I will update this post with any replies that I get.
However, it is the problem I have with the US action. It is a nation that claims to uphold the rule of law – but only the rule of US law. This action says to the world, you must all abide by our laws, but our laws are the only ones that we need abide by.
Last week I proposed an experiment. Index on Censorship had discussed what it calls ‘censorship by omission’; suggesting that a form of censorship exists in Britain through simple lack of information. This is censorship by omission rather than censorship by suppression.
At the same time, Der Spiegel published details from the Snowden files indicating that GCHQ had been involved in hacking German satellite communications companies. Glenn Greenwald described it in The Intercept:
One undated document shows how British GCHQ operatives hacked into the computer servers of the German satellite communications providers Stellar and Cetel, and also targeted IABG, a security contractor and communications equipment provider with close ties to the German government. The document outlines how GCHQ identified these companies’ employees and customers, making lists of emails that identified network engineers and chief executives. It also suggests that IABG’s networks may have been “looked at” by the NSA’s Network Analysis Center.
My ‘experiment’ was simple. We know that the UK government has been trying to suppress reporting on GCHQ revelations through its involvement in the physical destruction of hard disks at The Guardian. So, I suggested, “Over the next few days it will be worth seeing just how much coverage this very major, very important story actually generates in the British mainstream press.”
The result? None.
It’s not a scientific experiment because I haven’t read all of the British mainstream national press from cover to cover since that time. Instead, this morning I used Google and searched on keywords from the Greenwald paragraph:
GCHQ Stellar Cetel IABG germany satellite communications
Searching the web got 3390 returns. In the top four pages (that’s all I checked) there is no single national British newspaper included. (My ‘experiment’ came in at #10, last on the first page.)
Searching the news had just five hits: Register, Help Net Security, IT News, TIME and Engadget.
Nothing whatsoever from any of the British national press.
The conclusion has to be that Britain suffers under a regime of censorship by omission. What we don’t know is how much of this ‘omission’ is effected by government pressure, nor whether Google has been persuaded to reduce the search rankings of any published articles — making it actually censorship by suppression.
In a report on China’s concerns over NSA spying on Huawei, The BBC stated yesterday,
Edward Snowden fled to Hong Kong last year and has since been granted asylum in Russia.
He continues to release information that claims to reveal the global activities of the NSA.
This is false. Snowden handed the documents to journalists to decide what should and should not be released. His legal representative Ben Wizner explained this very clearly:
You know, the number of documents that Edward Snowden has made available to the public is zero. What he did is give information to journalists, with the instruction that they and their editors, in consultation, where necessary, with government officials, decide what was in the public interest to publish, and to withhold information that would be harmful to publish.
It is the newspapers and the journalists concerned who are releasing the information, not Edward Snowden.
But come to think of it, I long ago ceased expecting better of the BBC.
On Monday this week Christopher Soghoian will hold a virtual conversation with Edward Snowden during SXSW 2014. Not everybody is pleased. Congressman Michael Richard Pompeo (Kansas) has written to the organizers requesting that the invitation to Snowden be withdrawn.
People of the world, I urge you to read Pompeo’s letter in full (click the image on the right), to witness authoritarian doublespeak claptrap at its best.
People of Kansas — just get rid of him.
Pompeo writes, “In case you did not have access to the full facts in making your initial decision to extend your invitation, I want to call a few undisputed facts about the actions taken by Mr Snowden to your attention…”
OK, let’s have a look at Pompeo’s ‘undisputed facts’.
Only a tiny sliver of the materials stolen by Mr Snowden had anything to do with United States telecommunications or the privacy rights of Americans.
That ‘tiny sliver’ shows that the NSA interprets the law to allow it to spy on all Americans at all times. A recent example of the extent of NSA legal contortions will suffice to demonstrate. The spy agency discussed the feasibility of classifying Wikileaks as a “malicious foreign actor” for surveillance purposes. “If the foreign IP is consistently associated with malicious cyber activity against the U.S., so, tied to a foreign individual or organization known to direct malicious activity our way, then there is no need to defeat any to, from, or about U.S. Persons. This is based on the description that one end of the communication would always be this suspect foreign IP, and so therefore any U.S. Person communicant would be incidental to the foreign intelligence task.”
This argument could be applied to any ‘dubious’ website that ever questions US foreign and domestic policy. The Pirate Bay was discussed. Others could easily be included. RT? Al Jazeera? If the argument were applied, then any American visitor to any such circumscribed website would become a legitimate target of surveillance; and the NSA document makes it clear that is the primary purpose – a method of circumventing US law. Americans should remember, this surveillance would not simply be metadata, but actual content.
So, Pompeo’s ‘tiny sliver’ clearly demonstrates that all Americans are to be considered targets at all times. But just in semantic terms, how can it be an ‘undisputed fact’ when the vast majority of the documents have not yet been disclosed?
I would here appeal to the American people. Just consider the utter contempt that the NSA shows towards all foreigners. I am a foreigner, a journalist and a blogger – and I am a legitimate target for the NSA. This cannot be right. You have a strong sense of ‘freedom’. Much of that stems from the Declaration of Independence, which most famously states:
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.
It says ‘all men’, not just ‘all Americans’. Should that not include me? Am I to be excluded from your view of freedom? (Lest you believe me a hypocrite, let me just say that I believe that the UK and GCHQ is far worse – you at least are discussing this; open discussion here has effectively been squashed by the UK government.)
Mr. Snowden cares more about personal fame than personal privacy
I would question that. He handed the documents to a journalist and has played no part in their publication. He does not seek out publicity nor interviews; but grants them when requested and if possible.
Mr. Snowden gives real whistleblowers a bad name
Excuse me? If he had attempted the official routes he would rapidly have been silenced. I don’t know about the US, but I strongly believe it to be similar to the UK, where potential whistleblowers tend to get suicided (Dr David Kelly and Gareth Williams are two relatively recent examples). Official whistleblowing routes are simply not an option at this level. If he were in the UK, his best bet for survival would be to feign madness – consider David Icke (who espouses the Lizard conspiracy) and David Shayler (who told the world he was the Messiah).
When I served in the Army along the Iron Curtain we had a word for a person who absconds with information and provides it to another nation: traitor. We also had a name for a person who chooses to reveal secrets he had personally promised to protect: common criminal. Mr. Snowden is both a traitor and a common criminal.
This is the biggest lie of all put forward by NSA apologists from Obama downwards. Snowden is charged under the Espionage Act, which makes him a traitor. But the Espionage Act is a law subservient, as all laws are, to the US Constitution. There are some who say that NSA actions are constitutional; but there is a growing legal, ethical and moral view that it at least contravenes the Fourth Amendment.
I suspect that all Americans consider themselves bound by the US Oath of Allegiance. I know that all who work in or for government – and that includes Obama, Pompeo and Edward Snowden, are so bound. That oath includes, “I will support and defend the Constitution and laws of the United States of America against all enemies, foreign and domestic.”
The Constitution is primary, and if Snowden believed (as many academics and legal minds also believe) that the NSA was acting in defiance of the Constitution, then he was duty bound to try to defend the Constitution. By that same token, those who support the NSA in breach of the Constitution are themselves in breach of their Oath of Allegiance – and that makes them, not Snowden, the traitors.
It is perfectly reasonable to question Snowden’s actions, and to have any view you like on them. But to twist reality to blacken his name and dampen open discussion is, frankly, pretty despicable.
The European Parliament’s civil liberties committee voted today on its report into the ‘NSA scandal’. It is, as so often in politics, a curate’s egg of a result. The report itself was approved. Jan Philipp Albrecht comments,
Aspects of the final report were… positive however, notably the call for the suspension of the ‘Safe Harbour’ decision, which facilitates the transfer of EU citizens’ data to US authorities by private operators. This is a legitimate response to the mass surveillance of EU citizens by the NSA and the lack of recourse for EU citizens in the US.
But he was disappointed in the rejection of a Green amendment that called “on EU Member States to drop criminal charges, if any, against Edward Snowden and to offer him protection from prosecution, extradition or rendition by third parties, in recognition of his status as whistleblower and international human rights defender.” Albrecht attacked this failure, and promised to fight on.
Centre-right and socialist MEPs have voted to leave whistleblower Edward Snowden in the lurch by rejecting an amendment calling for Snowden to be granted protection in the EU. Edward Snowden’s brave revelations have provided the basis for this inquiry and failing to recognise this vital contribution by calling for his protection is a display of cowardice, which is borne out of a desire not to offend the US. This is a cop-out.
Honestly, I really had hoped that this jingoistic, gung-ho, impericolonial nationalism had long since been consigned to the dustcart of 19th century gun-boat history. In fact, I had to read it several times to make sure it wasn’t a clever send-up of a bygone age. But no, I fear this idiot actually believes in what he says:
In another sense, however, the Snowden case has revealed something of which GCHQ feels very proud. Since September 11 2001, Cheltenham has conquered the internet. The great soup in which terrorists splash around has not proved beyond reach. An organisation with an annual budget of approximately £750 million has cracked an entity on which $3 trillion a year is spent. It is our biggest achievement in the field since Bletchley Park — indeed, in volume terms, infinitely bigger. This makes GCHQ of truly global importance — we are talking, after all, about the World Wide Web.
Time for GCHQ to come out of the shadows
I just find it unbelievable that anybody can think that this attitude is acceptable.
Over the weekend, US Senator Mike Rogers intimated that Edward Snowden had been working for the Russians. “Let me just say this,” he said. “I believe there’s a reason he ended up in the hands, the loving arms, of an FSB agent in Moscow. I don’t think that’s a coincidence.”
Rogers offered no evidence to support this claim other than Snowden had clearly planned his flight to Hong Kong and would have been incapable of doing this without help; and didn’t have the technical expertise to perform the hack on his own (but still no supporting evidence for either assertion).
Nevertheless, the Independent Journal Review seems to have accepted this hook, line and sinker:
This has been suspected by many others as well. Either the fact that Snowden was able to get easy access to such secretive information means it’s very poorly guarded and could be easily abused, or he was receiving aid from Russia in order to hack the NSA’s files.
Congressman Gives Reasons Why He Thinks Russia Helped Snowden Leak
So there we have, in black and white and therefore without a doubt: Edward Snowden was not a whistleblower – he is a Russian Spy!
The mind, as they say, boggles.