Google y China
Cable sobre los ciberataques chinos a Alemania
Berlín denuncia espionaje a instituciones políticas y militares
| ID: | 176548 |
| Date: | 2008-11-03 18:12:00 |
| Origin: | 08STATE116943 |
| Source: | Secretary of State |
| Classification: | SECRET//NOFORN |
| Dunno: | 08BELFAST137 |
| Destination: | ORIGIN DS-00 INFO LOG-00 MFA-00 EEB-00 AF-00 AIT-00 A-00 CIAE-00 INL-00 DNI-00 DODE-00 DOEE-00 WHA-00 EAP-00 DHSE-00 EUR-00 OIGO-00 OBO-00 TEDE-00 INR-00 IO-00 JUSE-00 LAB-01 L-00 MMP-00 MOFM-00 MOF-00 NEA-00 DCP-00 ISN-00 NSCE-00 NSF-01 OES-00 OIG-00 P-00 ISNE-00 DOHS-00 FMPC-00 SP-00 IRM-00 SSO-00 SS-00 DPM-00 USSS-00 NCTC-00 CBP-00 DSCC-00 PRM-00 DRL-00 SCA-00 SAS-00 FA-00 /002R P 031812Z NOV 08 FM SECSTATE WASHDC TO SECURITY OFFICER COLLECTIVE PRIORITY AMEMBASSY TRIPOLI PRIORITY INFO AMCONSUL CASABLANCA PRIORITY XMT AMCONSUL JOHANNESBURG AMCONSUL JOHANNESBURG |
S E C R E T STATE 116943 NOFORN E.O. 12958: DECL: MR TAGS: ASEC SUBJECT: DIPLOMATIC SECURITY DAILY Classified By: Derived from Multiple Sources SECRET//FGI//NOFORN//MR Declassify on: Source marked 25X1-human, Date of source: October 30, 2008 1. (U) Diplomatic Security Daily, November 1-3, 2008 2. (U) Significant Events ) Paragraphs 7-13 3. (U) Key Concerns ) Paragraphs 14-18 4. (U) Threats & Analysis ) Paragraphs 19-31 5. (U) Cyber Threats ) Paragraphs 32-45 6. (U) Suspicious Activity Incidents ) Paragraphs 46-49 7. (U) Significant Events 8. (SBU) EUR - Ireland - Emergency Action Committee (EAC) Belfast met October 31 to discuss the armed forces homecoming parade scheduled for November 2 and the planned simultaneous counter-demonstrations by Sinn Fein and the dissident republican group Eirigi. Discussions centered on the parade route and the possibility of confrontations and violence in different areas, as well as the presence of AmCits along the parade and demonstration routes. The EAC decided the U.S. Consulate General should release a Warden Message to warn AmCits in Belfast. (Belfast 0137) 9. (SBU) Sweden - Approximately 12 to 15 protesters, carrying banners and flags requesting fair treatment for the &Cuban Five8 in Guantanamo Bay, Cuba, made an unscheduled appearance at U.S. Embassy Stockholm November 1. The group emerged from the nearby German Embassy and stopped briefly in front of Post. The RSO monitored the group; they did not attempt to contact Embassy officials, but appeared more interested in photographing the front of Post. The protesters departed within a few minutes before Embassy police could respond. No damages or injuries were reported. (RSO Stockholm Spot Report) 10. (S//NF) NEA - Egypt - EAC Cairo convened October 20 to review recent threat reporting and access any threats specific to the planned visit by U.S. Secretary of State Condoleezza Rice on November 8 and 9. The EAC agreed there is no new, specific, and/or credible threat to U.S. interests in Egypt, but also assessed that Egypt remains a very tempting target for both indigenous and transnational terrorist elements. EAC members also agreed to enhance security measures at the American Presence Post in Alexandria. The EAC continues to assess the Government of Egypt,s (GoE) counterterrorism efforts as effective, and Post has a close relationship with the GoE on security matters. (Appendix 1) 11. (S//NF) Kuwait - EAC Kuwait City convened November 2 to discuss the security impact of recent threat reporting, Embassy Kuwait election coverage, U.S. Marine Corps Birthday Ball, and the upcoming visit of the former U.S. President William J. Clinton. The EAC was briefed on the recent reporting of possible terrorist surveillance of housing areas within Kuwait City. Post is coordinating the release of this information to the Kuwait Security Service for further action. The RSO stated the Local Guard Force (LGF) Mobile Patrol unit will increase coverage in the housing occupied by Chief of Mission personnel within the named areas, defensive counterintelligence training with be given to locally employed staff, and a Security Notice reminding personnel to remain vigilant in their personal security procedures will be released. The EAC concluded that Post,s current security posture is appropriate for the planned events. (Appendix 2) 12. (S//NF) EAP - Indonesia - EAC Jakarta convened October 30 to discuss the security implications of the anticipated execution of the Bali bombers. The Government of Indonesia (GoI) recently announced they would be executed during the first week of November. Rumors are circulating around Jakarta that retaliatory attacks and demonstrations by those who support the bombers are possible. However, there is no specific or credible information regarding the planning of these types of attacks. One report mentioned possible suicide bomber attacks on shopping malls in Jakarta, specifically the Kelapa Gading mall in northern Jakarta, but without details. The U.S. Embassy assesses the likelihood of a terrorist attack conducted against U.S. or other Western interests in direct response to the executions is low. (Appendix source 3) 13. (SBU) SCA - Pakistan - A motorcade carrying Pakistani Deputy Inspector General of Police Syed Akhtar Ali Shah was targeted by a suicide vehicle-borne improvised explosive device (IED) attack in Marden Province on October 31 at around 2:30 p.m. Ali Shah and 20 others were wounded, and nine police officers were killed in the attack. On November 1, at approximately 2:33 a.m., an explosion occurred at a police substation approximately 2,000 meters from the U.S. Consulate Peshawar residential area and official annexes. One police officer was killed and several other individuals were badly wounded. It is undetermined at this time whether the explosion was from a rocket or an explosion charge placed at the structure. The RSO will monitor these attacks. (RSO Peshawar Spot Report) 14. (U) Key Concerns 15. (S//FGI//NF) NEA - Lebanon - Al-Qa,ida affiliate to attack U.S. Embassy motorcade: According to a source of the Jordanian General Intelligence Directorate, as of mid-October, al-Qa,ida-affiliated elements in the Ayn al-Hilwah Palestinian refugee camp plan to attack a U.S. Embassy motorcade in Beirut. The men planning the operation had already collected an unspecified amount of explosives and a white 1983 Mercedes, which was currently inside the Shatila Palestinian refugee camp. The Mercedes was to be rigged with the explosives. (Appendix source 4) 16. (S//FGI//NF) SCA - Maldives - Continued monitoring of al-Qa,ida associates: The Maldives Police Service continued to investigate and monitor the activities of Maldives-based al-Qa,ida associates Yoosuf Izadhy, Easa Ali, and Hasnain Abdullah Hameedh (a.k.a. Hameed). Izadhy was reportedly in contact with a militant group in Waziristan, which allegedly maintained unspecified links to al-Qa,ida. Izadhy was clandestinely working to recruit others into his organization, specifically seeking individuals who had undergone basic terrorism training in Pakistan. Izadhy planned to create a terrorist group in the Maldives with the assistance of the Waziristan-based group. Izadhy planned to send his members to Waziristan for training. Hameedh was in close contact with a number of individuals who had undergone training in Pakistan, including individuals who were members of Jamaat-ul Muslimeen and completed basic and advanced training by Lashkar-e-Tayyiba (LT) in Pakistan. They followed the ideology of Abu Easa. 17. (S//FGI//NF) DS/TIA/ITA notes, while the operational aspirations of Yoosuf Izadhy (Terrorist Identities Datamart Environment (TIDE) number 17312323), Easa Ali (TIDE number 17312652), and Hasnain Abdullah Hameedh (TIDE number 20686145) are unclear; past reporting suggests Maldivian extremists have demonstrated interest in actively participating in global jihadi activities by attempting to arrange travel and terrorist training in Pakistan. While many Maldivian participants of extremist online forums aimed to ultimately fight Coalition forces in Iraq and Afghanistan, mid-October 2007 debrief information following the September 29 bombing in Male that targeted tourists indicates at least two of the operatives participated in the attack in exchange for travel from the islands after the operation and arranged study at a madrassa in Pakistan. 18. (S//NF) Specific links to al-Qa,ida remain unclear; although, reporting from May detailed recruitment activity by Maldivian national Ahmed Zaki of Maldivians into the Kashmiri extremist group LT madrassas and training camps in Pakistan. A variety of reports from 2006 details linkages between Maldivians belonging to a group known as Jama-ah-tul-Muslimeen (JTM) and individuals participating in an anti-American Islamic extremist online forum called Tibyan Publications. JTM is an extremist group based in the UK that follows an extremist ideology known as Takfiir that actively encourages violent jihad and supports criminality against apostate states. (Appendix sources 5-18) 19. (U) Threats & Analysis 20. (S//NF) WHA - Mexico - Violence spikes again in Tijuana: According to a mid-level Baja California state police official, a turf war between the Arellano Felix Organization (AFO) and the Sinaloa Cartel has caused another increase in violence in Tijuana. The Mexican Government,s counternarcotics efforts -- in the form of 3,300 military and police assets patrolling the area under Operation Tijuana -- have severely weakened the AFO,s operations. The Sinaloa Cartel, hoping to capitalize on the AFO,s weaknesses, is battling for control of Tijuana,s drug plaza. While the AFO assassins are skilled, Sinaloa Cartel hit men are poorly trained and have no aversion to public shootings; however, if the Sinaloa Cartel successfully ousts the AFO from Tijuana, DS/TIA/ITA notes the levels of violence should decrease. While residents and visitors are not being targeted, the likelihood of being in the wrong place at the wrong time is of increasing concern. Cartel targets are being killed during daytime hours in public areas of Tijuana, including restaurants, shopping centers, and near school buildings. The DoS, Travel Alert for Mexico was extended for six months on October 14 to reflect the current and widely reported crime and violence occurring throughout Mexico. (Open sources; Appendix sources 19-20) 21. (U) AF - Cameroon - An examination of the background, goals, and tactics of the Niger Delta Defense and Security Council and the Bakassi Freedom Fighters: (S//NF) The October 31 kidnapping of approximately 10 hostages off the shores of the Bakassi Peninsula has magnified the role of two groups -- the Bakassi Freedom Fighters (BFF) and the Niger Delta Defense and Security Council (NDDSC) -- in the increasing insecurity in the Bakassi. The kidnappings, an overview of the NDDSC,s and BFF,s background, and an examination of their past operations, highlight the groups, possible intent to use novel, deadly, and unprecedented tactics to achieve their goals. 22. (SBU) In the early morning of October 31, a group of armed men in three boats attacked a French Total vessel named Bourbon Sagita, which was located off the Cameroonian shore between Bakassi and Limbe. Although no Americans were directly impacted, at least seven French citizens, one Tunisian, one Senegalese, and several Cameroonian nationals were kidnapped; five remaining oil workers were left on the boat. Nobody was injured in the attack. 23. (SBU) According to unconfirmed media reports, shortly after the raid, the BFF, part of a larger and shadowy alliance of the NDDSC, claimed responsibility for the attacks and threatened to kill the hostages, stating, &The 10 are in our hands. If you don,t tell the government of Cameroon to come here and discuss with us, we will kill them all in three days.8 On November 1, the NDDSC/BFF withdrew the threat, but stated it would hold the hostages until the government opened negotiations with them. 24. (S//NF) The NDDSC/BFF is likely referring to discussions over the status of the Bakassi Peninsula in its statement. The region was transferred from Nigeria to Cameroon on August 14, per an International Court of Justice ruling. According to e-mails it sent to media outlets, the NDDSC/BFF merged into an official alliance at the end of July in an attempt to forestall the hand over. Led by Commander Ebi Dari and General A.G. Dasuo, who claim they are fighting for &self-determination and freedom8 of the Bakassi Peninsula which contains a majority of Nigerian citizens. They are also demanding that two of their fighters captured in July be released and that Nigerians on the Bakassi Peninsula be compensated. 25. (S//NF) An intelligence and open media search of the BFF provided negligible results. Meanwhile, although little background information is known about the NDDSC, it claims to have approximately 1,050 fighters. It has been in existence since at least 2002 and previously conducted low-level attacks against Cameroonian troops on the Bakassi. It can also be linked to three deadly operations prior to the hand over of the controversial region. In the most macabre raid, on June 9, the NDDSC allegedly killed and mutilated six members of a Cameroonian delegation visiting the Peninsula, including the deputy subregional commander. It also claimed responsibility for a November 2007 raid on a Cameroonian military outpost which killed 21 soldiers; this claim remains unconfirmed. (Please see the July 26 DS Daily for further information on the pre-hand over security incidents in the Bakassi.) 26. (S//NF) Although the post-hand over period has been defined by a series of attacks, the NDDSC/BFF has released statements denying culpability in some of those operations. These include a September 28 bank robbery in Limbe and a September 13 attack against a trawler off the Bakassi Peninsula. The NDDSC/BFF may be responsible for some post-hand over operations, while others may have been conducted by different militants in the region, including in the Niger Delta. Despite similar tactics in all these operations, including the use of speedboats carrying heavily armed masked men, at this time, there are no clear indications the NDDSC/BFF has a defined relationship with the Movement for the Emancipation of the Niger Delta (MEND) or any other prominent Niger Delta group. 27. (S//NF) Instead, the series of raids by the NDDSC/BFF may possibly signify new tactics being pursued in the Bakassi region. In its early raids, the NDDSC/BFF primarily used deadly and brutal force against the Cameroonian military, but often spared expatriates and civilians. Two recent attacks, however -- the June 9 attack and the October 31 hostage-taking operation -- have demonstrated its desire to expand its targets. In the June 6 raid, the NDDSC targeted a political delegation and mutilated a deputy subregional commander, the equivalent of a governor. It is unclear if the NDDSC was directly targeting the governor; but, nevertheless, the group demonstrated its desire to also kill politicians. For its part, the October 31 attacks was the first kidnapping of expatriates off the coast of Cameroon. 28. (S//NF) Also of concern is the NDDSC/BFF,s intent to hold hostages indefinitely after initially threatening to kill them. Whereas MEND and other Delta groups kidnapped hostages primarily to garner ransom money or to force oil companies to scale back operations, they had seldom directly harmed or threatened to kill hostages. They also often released hostages shortly after their capture. Moreover, given its intent to hold the hostages for a political objective, the NDDSC/BFF may find it convenient to continue operations against expatriates in the region to pressure the Cameroonian Government and to ensure that its political demands are met. (Open sources; Yaound 1071; 0754; 0706; Appendix sources 21-28) 29. (S//FGI//NF) SCA - Bangladesh - Rejection of IDP to register for December elections: As of late October, the Bangladeshi Election Commission was set to reject the Islamic Democratic Party,s (IDP,s) attempt to register for the December parliamentary elections. The IDP is a nascent political party formed by senior members of the Islamic terrorist group Harakat-ul-Jihad-i-Islami Bangladesh (HUJI-B). Bangladesh,s Directorate General of Forces Intelligence (DGFI) supported the formation of the IDP as a way to bring HUJI-B into the mainstream and reported it tightly monitored the group,s activities; although, HUJI-B has never renounced the use of violence to implement its vision of transforming Bangladesh into a Muslim theocracy. According to U.S. Embassy Dhaka, which strongly opposed the creation of the IDP, the party and its leadership will likely be angered by the decision and may respond with violence possibly against the commission or the U.S. Mission or interests. 30. (S//NF) Arrests and monitoring have undoubtedly hindered HUJI-B,s capabilities in recent years, and it is entirely plausible the group is pursuing the creation of a political wing to improve its ability to support and carry out terrorist activity. A late-September assessment from Bangladesh,s National Security Intelligence Organization (NSI) voiced concern that the party,s creation would free extremists to pursue extremist activity under the cover of a moderate front organization. Indeed, there are no indications IDP would garner a significant number of votes. Analysis from the DoS, Office of Research noted the majority of Bangladeshis want Awami League and Bangladesh National Party leaders Sheikh Hasina and Khaleda Zia to participate in the December elections. Interestingly, 80 percent stated they would ignore a call by either party to boycott the vote. One-third further stated they would join street protests in the face of a cancellation of elections. 31. (S//FGI//NF) Although there is little information available regarding HUJI-B,s current capabilities, its membership likely does retain the ability to manufacture and use explosives and has previously favored targeting high-profile individuals for attack. While there is no specific reporting at the present time detailing plots against U.S. interests in Bangladesh, the group has publicly articulated its anti-Western and -Indian stance, including signing Usama Bin Ladin,s 1998 fatwa against the West. In regards to HUJI-B,s capabilities, DGFI,s, Rapid Action Battalion,s (RAB,s), and NSI,s assessments vary significantly. Following the early-March U.S. designation of HUJI-B as a foreign terrorist organization, RAB assessed HUJI-B would not respond with violence due to the severe degradation of the group,s capability and leadership structure from arrests and active surveillance. Some member who wanted to independently attack Western interests, however, remained technically capable of carrying out low-level attacks using small arms, grenades, and IEDs. DGFI likewise reported HUJI-B was &an organization on the run8 and that it did not pose a threat to U.S. interests in Bangladesh. NSI conversely assessed HUJI-B would react violently to the designation and would attempt to conduct an attack against the U.S. official presence in Dhaka; although, there was no information available detailing such an operation. Thus far, HUJI-B has not carried out an attack against American interests in Bangladesh, but the group has been linked to assassination attempts on intellectuals, journalists, and politicians, including two thwarted attempts on the life of Prime Minister Sheikh Hasina during public addresses and a grenade attack that injured the British high commissioner in May 2004. (&Bangladeshis have high hopes for national elections,8 DoS Office of Research; Appendix sources 29-40) 32. (U) Cyber Threats 33. (S//REL TO USA, FVEY) WHA - CTAD comment: On October 16, at least one e-mail account within the Government of Canada received a Trojanized message from a Yahoo account claiming to represent a U.S. embassy. The bogus subject line was an invitation for a private meeting with a named DoS employee. The attached Microsoft Word document was a malicious &invitation8 file that, when opened, attempts to beacon and create a connection to &jingl.cable.nu8 via port 8080. The &cable.nu8 domain remains one of concern, as it has historically been associated with activity from Chinese hacker organizations. 34. (U) EUR - CTAD comment: The European Commission (EC) this week proposed legislation to establish a Critical Infrastructure Warning Information Network (CIWIN) to improve information sharing among European Union (EU) member nations. The proposed legislation would enable the EC to launch and manage the CIWIN, a secure information technology (IT) system aimed at sharing knowledge on threats, vulnerabilities, and protection of critical infrastructures. The CIWIN would be a voluntary tool for transmitting sensitive information and would also include a rapid alert system for critical infrastructure, allowing EU nations to post alerts on immediate threats. 35. (U) AF - CTAD comment: Sudanese law enforcement recently reported the arrest of three hackers who have allegedly attacked more than 300 government and public websites during the last few months. Among the hacked sites was that of the National Telecommunication Corporation, which is responsible for oversight of telecommunication service providers as well as many other aspects of Sudanese IT and network stability. The three highly skilled hackers, all of whom are Sudanese, reportedly caused significant damage to their targets, but their motivation for the attacks and any potential group affiliations are yet undetermined. 36. (C) NEA - CTAD comment: On October 21, officials from the Kuwaiti Central Agency for Information (CAIT) and the National Security Bureau (NSB) expressed concerns for foreign and domestic threats to Kuwaiti information systems. According to these organizations, some of the issues plaguing Government of Kuwait (GoK) networks are suspected attacks from Iranian hackers, insider corruption and misuse of resources, and a lack of sufficient interagency coordination and guidance for monitoring users, activities and investigating incidents. For example, the groups, inability to adequately examine malicious software (malware) injections or internal abuse of system access continues to hinder the GoK,s capacity to ensure the protection of sensitive information. Therefore, the CAIT and NSB are interested in learning more about U.S. cyber security programs as well as receiving additional training and support. 37. (S//NF) EAP - CTAD comment: Between September 29 and October 2, a conference was held by the German Federal Office for the Protection of the Constitution (BfV). During this conference, the BfV delivered a briefing on its analysis of the cyber threat posed by the People,s Republic of China (PRC), which appears to mirror conclusions drawn by the U.S. Intelligence Community. The BfV surmises the intention of PRC actors is espionage, and the primary attack vector used in their malicious activity is socially engineered e-mail messages containing malware attachments and/or embedded links to hostile websites. According to reporting, &from October 2006 to October 2007, 500 such e-mail operations were conducted against a wide range of German organizations,8 and the attacks appear to be increasing in scope and sophistication. The socially engineered e-mail messages delivered to German computer systems were spoofed to appear to come from trusted sources and contain information &targeted specifically to the recipient,s interests, duties, or current events.8 This malicious activity has targeted a wide variety of German organizational levels to include &German military, economic, science and technology, commercial, diplomatic, research and development, as well as high-level government (ministry and chancellery) systems.8 In addition, German intelligence reporting indicates an increase in activity was detected immediately preceding events such as German Government, or commercial, negotiations involving Chinese interests. 38. (U) SCA - CTAD comment: The National Science Foundation and the Pakistan Higher Education Commission recently announced the establishment of a Pakistan extension to an international high-speed network already connecting U.S. and EC systems. The new portion of the network links Pakistani scientists and students to facilities in the U.S. through additional connections to Singapore and Japan. This project emerged from February 2007 discussions of the U.S.-Pakistan Joint Committee on Science and Technology that sought to promote cooperation and innovation among education and business sectors. (Open sources; Appendix sources 41-43) 39. (S//NF) Worldwide - BC conducting CNE on USG systems: 40. (S//NF) Key highlights: BC actively targets USG and other organizations via socially engineered e-mail messages. BC actors recently compromised the systems of a U.S. ISP to carry out CNE on a USG network. Additional IP addresses were identified this month as compromised and used for BC activity. BC has targeted DoS networks in the past and may again in the future via spoofed e-mail. 41. (S//REL TO USA, FVEY) Source paragraph: &Byzantine Candor (BC) actors have compromised multiple systems located at a U.S. Internet service provider (ISP) and have used the systems as part of BC,s U.S.-based attack infrastructure since at least March, targeting multiple victims including at least one USG agency.8 42. (S//NF) CTAD comment: Since late 2002, USG organizations have been targeted with social-engineering online attacks by BC actors. BC, an intrusion subset of Byzantine Hades activity, is a series of related computer network intrusions affecting U.S. and foreign systems and is believed to originate from the PRC. BC intruders have relied on techniques including exploiting Windows system vulnerabilities and stealing login credentials to gain access to hundreds of USG and cleared defense contractor systems over the years. In the U.S., the majority of the systems BC actors have targeted belong to the U.S. Army, but targets also include other DoD services as well as DoS, Department of Energy, additional USG entities, and commercial systems and networks. BC actors typically gain initial access with the use of highly targeted socially engineered e-mail messages, which fool recipients into inadvertently compromising their systems. The intruders then install malware such as customized keystroke-logging software and command-and-control (C&C) utilities onto the compromised systems and exfiltrate massive amounts of sensitive data from the networks. This month, BC actors attempted to compromise the network of a U.S. political organization via socially engineered e-mail messages (see CTAD Daily Read File dated October 16). 43. (S//REL TO USA, ACGU) CTAD comment: Also discovered this month by USG analysts was the compromise of several computer systems located at a commercial ISP within the United States. According to Air Force Office of Special Investigations (AFOSI) reporting, hackers based in Shanghai and linked to the PRC,s People,s Liberation Army (PLA) Third Department have been using these compromised systems as part of the larger BC attack infrastructure to facilitate computer network exploitation (CNE) of U.S. and foreign information systems. Since March, the responsible actors have used at least three separate systems at the unnamed ISP in multiple network intrusions and have exfiltrated data via these systems, including data from at least one USG agency. AFOSI reporting indicates, on March 11, BC actors gained access to one system at the ISP, onto which the actors transferred multiple files, including several C&C tools. From here, the intruders used the tools to obtain a list of usernames and password hashes for the system. Next, on April 22, BC actors accessed a second system at the ISP, where they transferred additional software tools. From April through October 13, the BC actors used this computer system to conduct CNE on multiple victims. During this time period, the actors exfiltrated at least 50 megabytes of e-mail messages and attached documents, as well as a complete list of usernames and passwords from an unspecified USG agency. Additionally, multiple files were transferred to the compromised ISP system from other BC-associated systems that have been previously identified collecting e-mail messages from additional victims. The third system at the U.S. ISP was identified as compromised on August 14, when BC actors transferred a malicious file onto it named &salaryincrease-surveyandforecast.zip.8 According to AFOSI analysis, BC actors use this system to host multiple webpages that allow other BC-compromised systems to download malicious files or be redirected to BC C&C servers. 44. (S//REL TO USA, FVEY) CTAD comment: Additional DoD reporting this month indicates BC actors have used multiple other systems to conduct CNE against U.S. and foreign systems from February through September. A October 23 DoD cable states Shanghai-based hackers associated with BC activity and linked to the PLA have successfully targeted multiple U.S. entities during this time period. The cable details dozens of identified Internet Protocol (IP) addresses associated with BC activity as well as the dates of their activity. All of the IP addresses listed resolve to the CNC Group Shanghai Province Network in Shanghai, and all the host names of the addresses contained Asian keyboard settings as well as China time zone settings. Most of these IP addresses were identified as responsible for direct CNE of U.S. entities, including unspecified USG organizations, systems and networks. Interestingly, although the actors using each IP address practiced some degree of operational security to obfuscate their identities, one particular actor was identified as lacking in these security measures. On June 7, the BC actor, using an identified IP address, was observed using a Taiwan-based online bulletin board service for personal use. 45. (S//NF) CTAD comment: BC actors have targeted the DoS in the past on multiple occasions with socially engineered e-mail messages containing malicious attached files and have successfully exfiltrated sensitive information from DoS unclassified networks. As such, it is possible these actors will attempt to compromise DoS networks in the future. As BC activity continues across the DoD and U.S., DoS personnel should practice conscientious Internet and e-mail use and should remain informed on BH activity. (Appendix sources 44-46) 46. (U) Suspicious Activity Incidents 47. (SBU) EUR - Azerbaijan - A vehicle with Iranian license plates was parked adjacent to U.S. Embassy Baku October 29. The driver was the only occupant in the car. Another subject appeared and got into the car, which then took off. The police have been asked to check the vehicle registration. Post is awaiting the results. (SIMAS Event: Baku-00507-2008) 48. (SBU) EAP - Taiwan - An Asian male with a professional video camera stood across the street from the American Institute in Taiwan (AIT) October 29. He filmed a number of buildings in the area and possibly the AIT. After a few minutes, the subject departed the area on a motor scooter. (SIMAS Event: Taipei-00194-2008) 49. (SBU) Taiwan - An Asian male stood in front of the Bank of Taiwan and photographed various buildings -- including the AIT -- on October 31. An LGF member stopped and questioned the man, who refused to show identification or the pictures he took. He left the area on foot shortly afterward. (SIMAS Event: Taipei-00195-2008) SECRET//FGI//NOFORN//MR Full Appendix with sourcing available upon request. RICE |
Traduce este documento »
Traducción automática. Puede que el texto traducido no sea fiel al original
Tu suscripción se está usando en otro dispositivo
¿Quieres añadir otro usuario a tu suscripción?
Si continúas leyendo en este dispositivo, no se podrá leer en el otro.
FlechaTu suscripción se está usando en otro dispositivo y solo puedes acceder a EL PAÍS desde un dispositivo a la vez.
Si quieres compartir tu cuenta, cambia tu suscripción a la modalidad Premium, así podrás añadir otro usuario. Cada uno accederá con su propia cuenta de email, lo que os permitirá personalizar vuestra experiencia en EL PAÍS.
En el caso de no saber quién está usando tu cuenta, te recomendamos cambiar tu contraseña aquí.
Si decides continuar compartiendo tu cuenta, este mensaje se mostrará en tu dispositivo y en el de la otra persona que está usando tu cuenta de forma indefinida, afectando a tu experiencia de lectura. Puedes consultar aquí los términos y condiciones de la suscripción digital.
