BEIJING (Reuters) – China passed a counter-espionage law on Saturday aimed at tightening state security and helping build a “comprehensive” national security system, state media reported.
The law will allow authorities to seal or seize any property linked to activities deemed harmful to the country, the Xinhua news agency said.
Authorities can also ask organizations or individuals to stop or modify any behavior regarded as damaging to China’s interests, Xinhua said. Refusal to comply would allow enforcement agencies to confiscate properties.
Possession of espionage equipment, as defined by the state security department, had also been made illegal, Xinhua said. The news agency gave no further details.
As China already has broad laws governing state secrets and security, it was not clear to what extent the new law – passed by revising and re-naming a previous national security law for the first time in 21 years – would enhance policing powers.
The revised security law followed a Communist Party meeting last month that promised to allow courts more independence and curtail officials’ influence over legal cases, though the vows were criticized by some as lacking in substance.
Parliament also revised an “administrative procedure law” that would expand peoples’ right to sue the government.
The defendants in these legal cases, such as government officials, would be fined or detained if they “force a plaintiff to withdraw the suit through illegal means such as threats or fraud”, Xinhua said.
(Reporting by Koh Gui Qing; Editing by Robert Birsel)
A Long Island firm is helping Kazakhstan and Uzbekistan clamp down on dissent
American companies are supplying technology that the governments of Kazakhstan and Uzbekistan are using to spy on their citizens’ communications and clamp down on dissent, according to a new report from the UK-based advocacy group Privacy International.
Verint Systems, a manufacturer of surveillance systems headquartered in Melville, N.Y., has sold software and hardware to Kazakhstan and Uzbekistan that is capable of mass interception of telephone, mobile, and Internet networks, the group alleged in its Nov. 20 report. It also provided the training and technical support needed to run them, the report said.
Verint, which claims customers in 180 nations, in turn sought decryption technology made by a firm in California, Netronome, as it helped the Uzbek government attempt to crack the encryption used by Gmail, Facebook, and other popular sites, according to the report.
The report’s overall message is that countries in Central Asia – including also Turkmenistan and Kyrgyzstan – regarded as among the world’s most autocratic are getting Western help to install, on a much smaller scale, some of the same advanced mass interception techniques that Edward Snowden revealed are used by the National Security Agency.
Those acquisitions have been facilitated in part by loose export controls over surveillance technology. To be subject to U.S. export restrictions, products must appear on a Commerce Department control list — and the key components of the surveillance products described in the Privacy International report do not appear to be on those lists, according to report co-author Edin Omanovic.
Products that can lay the foundation for mass surveillance are not restricted by special export controls if they are sold in an off-the-shelf, unaltered state, according to Eva Galperin, a global policy analyst at the Electronic Frontier Foundation, a non-profit digital rights foundation.
While many of the group’s sources are not listed in the report, and its claims therefore cannot all be confirmed, the report says that staff members interviewed activists in the region who recounted that transcripts of their private communications were used to convict and imprison them on charges of conspiracy.
Recent U.S. State Department reports for Kazakhstan and Uzbekistan describe a pattern of state-sponsored torture, inhumane treatment of prisoners, arbitrary arrest, and limited civil liberties in both countries. The State Department’s report on Uzbekistan specifically accused authorities there of detaining and prosecuting activists and journalists for politically motivated reasons. In the Kazakhstan report, “severe limits on citizens’ rights to change their government” was listed as a significant human rights problem.
Kathleen Sowers, an assistant to the general manager of Verint Systems, said in a telephone conversation on Nov. 20 that all of the company’s senior personnel were traveling and could not be reached for comment. Netronome spokeswoman Jennifer Mendola said in an email that the company had “no information on the matter” described in the Privacy International report. The company complies with all applicable laws of the United States and every other jurisdiction in which it operates, and “does not condone any violation of human rights or personal privacy,” she added.
Privacy International, a 24-year-old registered charity in the United Kingdom, publishes investigations and studies about digital privacy. It has challenged the legality of Britain’s spy agency using information obtained from the U.S. National Security Agency’s PRISM surveillance program to conduct mass surveillance of British citizens.
Several of the firms alleged to have exported snooping gear to the region have Israeli connections. Verint’s exports, for example, were dispatched by its Israeli subsidiary, according to the report. According to Omanovic, multiple sources had told his group that the transfers had been approved by the Israeli government. Israel and Kazakhstan signed an agreement for defense trade and cooperation at the beginning of 2014. A spokesman at the Israeli embassy in Washington did not have any immediate comment.
The report also said the Israeli firm NICE Systems has supplied monitoring systems with mass surveillance capabilities to the Kazakh and Uzbek regimes. Erik Snyder, NICE’s director of Corporate Communications, told the group in response that NICE provides law enforcement agencies and intelligence organizations with solutions for lawful communication interception, collection, processing, and analysis, but that it “does not operate these systems, and has no access to the information gathered.”
Some of the U.S. companies named in the report allegedly provided the Central Asian governments with technology that has less controversial purposes. Sunnyvale, CA-based Juniper Networks manufactured broadband equipment that Kazakhstan has been using to transmit data, according to the report, and a surveillance system that actively monitors internet users is now operating from that equipment. But the report makes no claim about Juniper’s complicity in surveillance. Juniper spokeswoman Danielle Hamel said she would look into the claim but then did not respond further.
The sole international agreement that includes regulations for the export of mass surveillance technologies – known as the Wassenaar arrangement — is non-binding on its 41 signatories. Israel is not a signatory, but says it uses Wassenaar’s control list as a guide, according to Privacy International’s Omanovic.
In October 2014, the European Commission amended its export controls to impose extra licensing requirements on monitoring and interception technologies. But the U.S. has not enacted its own controls on such exports.
Rep. Chris Smith (R-N.J.) has introduced several versions of a bill entitled “The Global Online Freedom Act,” meant to “prevent United States businesses from cooperating with repressive governments in transforming the Internet into a tool of censorship and surveillance.” But he has not been able to get the bill approved even by the subcommittee on Africa, Global Health, Global Human Rights and International Organizations that he chairs.
Security researchers say they have uncovered a cyber espionage ring focused on stealing corporate secrets for the purpose of gaming the stock market, in an operation that has compromised sensitive data about dozens of publicly held companies.
Cybersecurity firm FireEye, which disclosed the operation Monday, said that since the middle of last year, the group has attacked email accounts at more than 100 firms, most of them pharmaceutical and healthcare companies.
Victims also include firms in other sectors, as well as corporate advisors including investment bankers, attorneys and investor relations firms, according to FireEye.
The cybersecurity firm declined to identify the victims. It said it did not know whether any trades were actually made based on the stolen data.
Still, FireEye Threat Intelligence Manager Jen Weedon said the hackers only targeted people with access to highly insider data that could be used to profit on trades before that data was made public.
They sought data that included drafts of U.S. Securities and Exchange Commission filings, documents on merger activity, discussions of legal cases, board planning documents and medical research results, she said.
“They are pursuing sensitive information that would give them privileged insight into stock market dynamics,” Weedon said.
The victims ranged from small to large cap corporations. Most are in the United States and trade on the New York Stock Exchange or Nasdaq, she said.
An FBI spokesman declined comment on the group, which FireEye said it reported to the bureau.
Home Depot faces dozens of lawsuits related to data breach Home Depot Inc. faces at least 44 lawsuits in the U.S. and Canada over a massive data breach this year that affected 56 million debit and credit cards. Home Depot Inc. faces at least 44 lawsuits in the U.S. and Canada over a massive data breach this year that affected 56 million debit and credit cards.
The security firm designated it as FIN4 because it is number 4 among the large, advanced financially motivated groups tracked by FireEye.
The hackers don’t infect the PCs of their victims. Instead they steal passwords to email accounts, then use them to access those accounts via the Internet, according to FireEye.
They expand their networks by posing as users of compromised accounts, sending phishing emails to associates, Weedon said.
FireEye has not identified the hackers or located them because they hide their tracks using Tor, a service for making the location of Internet users anonymous.
FireEye said it believes they are most likely based in the United States, or maybe Western Europe, based on the language they use in their phishing emails, Weedon said.
She said the firm is confident that FIN4 is not from China, based on the content of their phishing emails and their other techniques.
Researchers often look to China when assessing blame for economically motivated cyber espionage. The United States has accused the Chinese government of encouraging hackers to steal corporate secrets, allegations that Beijing has denied, causing tension between the two countries.
Weedon suspects the hackers were trained at Western investment banks, giving them the know-how to identify their targets and draft convincing phishing emails.
“They are applying their knowledge of how the investment banking community works,” Weedon said.
“This secrecy must stop”: Greens justice spokesman David Shoebridge. Photo: Darren Pateman
The police bugging scandal that has plagued top levels of the NSW force for more than a decade will be examined by a NSW parliamentary inquiry with concerns the Ombudsman has taken too long to finalise his investigation.
The state government tasked the Ombudsman in October 2012 with inquiring into allegations surrounding illegal bugging by the NSW Police’s Special Crime and Internal Affairs and the NSW Crime Commission between 1999 and 2001 and the investigation that followed into it.
But after more than two years, the $3 million inquiry, dubbed Operation Prospect and held behind closed doors, has released no specific details.Â
Now, The Shooters and Fishers Party, with the support of Labor and The Greens, will establish an inquiry that will examine the bugging allegations, the subsequent police investigation into those allegations and the Ombudsman’s inquiry. It will report by February 2015.
Shadow attorney-general Paul Lynch said Labor was in support of the inquiry because the original matters involving allegations of police bugging “were extremely serious”.
“It’s taken way too long to get to this stage,” he said. “These things will undoubtedly benefit from ventilation in public”.
The Greens justice spokesman David Shoebridge said the inquiry would remove the secrecy behind the police bugging scandal which has affected the most senior ranks of the NSW Police.
The current Commissioner, Andrew Scipione, and a current Deputy Commissioner, Catherine Burn, worked at SCIA at relevant times. One of the detectives SCIA was bugging was Nick Kaldas, now also a Deputy Commissioner.
“What we have is a secret police investigation that obtained secret warrants, that was then reviewed by a secret police investigation and is now being considered by a seemingly endless secret Ombudsman’s inquiry,” Mr Shoebridge said. “This secrecy must stop.”
Between 1999 and 2001, the  SCIA and the crime commission ran a covert investigation codenamed Operation Mascot into allegedly corrupt NSW police.
Central to Mascot was a serving NSW police officer, codenamed M5, who went to work for SCIA and the commission, wearing a wire to bug his colleagues, some of whom were undoubtedly corrupt. But many of those he sought to entrap were honest police.
Some listening device warrants obtained by SCIA and the commission contained more than 100 names, mainly of former and serving police.
In many cases, the affidavits presented to Supreme Court judges contained no information whatsoever that would justify the bugging, and Fairfax Media has established that some of the information in the affidavits was false.
Many police involved in the case believe numerous criminal offences have been committed by some officers of the SCIA and the commission.
Complaints by police, including some from within SCIA itself, were internally investigated by NSW police from Strike Force Emblems as far back as 2004. But inquiries were stymied by the secrecy provisions of the NSW Crime Commission, which refused to co-operate or hand over crucial documents.
Successive governments refused to release the Emblems reports – but they were obtained by Fairfax Media. The reports said “criminal conduct” and revenge might have been behind the mass bugging.
The first Emblems report found there may have been “criminal conduct” involved in the bugging of 100 serving and former police.
Even M5, the NSW police officer doing the undercover bugging, confessed that in some cases he was “settling old scores” and “assisting, nurturing corruption”.
LONDON (Reuters) – Telecommunications firm Cable Wireless helped Britain eavesdrop on millions of Internet users worldwide, Channel 4 reported on Thursday, citing previously secret documents leaked by a fugitive former U.S. National Security Agency contractor.
Cable Wireless, which was bought by Vodafone in 2012, provided British spies with traffic from rival foreign communications companies, Britain’s Channel 4 television said, citing documents stolen by Edward Snowden.
Channel 4 said Cable Wireless gave Britain’s GCHQ eavesdropping agency access by renting space on one of the arteries of global communications, a cable that runs to the southern English region of Cornwall.
The Channel 4 report, which was impossible to immediately verify given the secrecy of the surveillance programmes, said Cable Wireless carried out surveillance on Internet traffic through its networks on behalf of British spies.
The documents cited in the report were not shown on Channel 4’s web site. But previous disclosures by Snowden have illustrated the scale of U.S. and British eavesdropping on everything from phone calls and emails to Internet and social media.
Some telecommunications and Internet companies in Britain and the United States were asked or forced to cooperate with the eavesdropping programmes, according to previous media reports.
When asked for comment on the Channel 4 report, Vodafone said in a statement that it had examined the history of Cable Wireless compliance and found no evidence that would substantiate the allegations.
“We have found no indication whatsoever of unlawful activity within Vodafone or Cable Wireless and we do not recognise any of the UK intelligence agency programmes identified,” it said in a statement. “Furthermore, Vodafone does not own or operate the cables referred to.”
It added that national laws require it to disclose some information about its customers to law enforcement agencies or other government authorities when asked to do so.
In the wake of the Snowden revelations, GCHQ was accused by privacy groups and some lawmakers of illegally monitoring electronic communications.
British ministers denied any illegality and top spies dismissed suspicions of sinister intent, saying they sought only to defend the liberties of Western democracies. GCHQ declined to comment on the Channel 4 report.
Andrew Parker, director general of MI5, Britain’s domestic security service, warned last year that the revelations from Snowden, who now lives in Moscow, were a gift to terrorists because they had exposed GCHQ’s ability to track, listen and watch plotters.
(Reporting by Guy Faulconbridge and Kate Holton; Editing by Mark Heinrich)
