The CI Shield Your Counterintelligence News Source

Volume 2, Issue 30 20 August, 2010

Hawaii man's China military secrets trial to begin AP, 6 Apr 10: HONOLULU – Jury selection in the trial of a former B-2 stealth

bomber engineer from Maui who is accused of selling military secrets to China is scheduled to begin in federal court Tuesday, with opening state- Overview: This newsletter presents real ments expected on Wednesday. Noshir Gowadia has pleaded not guilty to 21 counts, including conspiracy, violating the arms export control act world examples of threats posed against and money laundering. The indictment accuses Gowadia of helping China design a cruise missile with stealth capabilities. The trial comes some corporate proprietary and U.S. military 4 1/2 years after Gowadia's arrest and more than three years after his trial technologies. was originally scheduled to be held. The 66-year-old Haiku resident has been in federal detention since his October 2005 arrest because a judge ruled he was a flight risk. The trial is expected to last at least two months. Larry M. Wortzel, commissioner of the U.S.-China Goal: Educate readers Economic and Security Review Commission, said the trial will be closely watched by the for methods used to intelligence community, the FBI, and military because it's one of a series of major cases exploit, compromise, involving Chinese spying on the U.S. Prosecutors allege Gowadia helped design an ex- and / or illegally obtain haust nozzle for China that gives off less heat, making it difficult for infrared detectors to information or find the missile. They say Gowadia pocketed $110,000 over two years for his exhaust nozzle technologies design. The indictment alleges he made six trips to China from 2003 to 2005, conspiring to conceal some of his visits by getting border agents to leave immigration stamps off his passport. He's also accused of attempting to sell classified stealth technology to the Swiss Source: This newsletter government and to businesses in Israel and Germany. Gowadia moved to the U.S. from incorporates open India in the 1960s for postgraduate work. In 1968 he joined defense contractor Northrop source news articles as Corp., now Northrop Grumman Corp., where he designed elements of the B-2. He be- a training method to came a U.S. citizen in the 1970s and retired from Northrop in 1986, two years before the B-2 educate readers on made its public debut. security matters in compliance with USC GhostNet 2.0 espionage network uses cloud services Title 17, section 107, Heise Security, 6 Apr 10: Espionage network GhostNet, first identified Paragraph a. about a year ago, is much larger and more sophisticated than previ- ously assumed. This is according to a study entitled "Shadows in the Cloud", released today (Tuesday) by the Munk Centre for International Studies, the Information Warfare Monitor, the SecDev Group and the INSIDE THIS ISSUE Shadowserver Foundation. GhostNet is essentially a botnet for distribut- ing and controlling spyware. In March 2009, whilst investigating a com- puter system belonging to the Tibetan government-in-exile in India, researchers at the To- ronto-based Munk Centre for International Studies discovered the largest computer- Hawaii man's China military 1 controlled espionage network ever seen. The network, which they dubbed GhostNet, was secrets trial to begin controlled almost exclusively by computers located in China and had infiltrated 1,295 GhostNet 2.0 espionage 1 computers in 103 countries over a two year period. According to the new study, the espio- network uses cloud services nage attack was primarily directed against India, the Tibetan government-in-exile and the China denies Canadian 2 United Nations. On following the trail of evidence, the researchers came across Indian hacker claims government documents marked as 'secret' and 'confidential' which were concerned with Taiwan man pleads guilty in 2 subjects including the security situation in Indian states and India's relationships with other Iran missile case countries. 1,500 e-mails from the Dalai Lama's office were intercepted between January Macau resident convicted in US 3 and November 2009. According to the study, the attackers used cloud technologies and of illegal defense exports social networks, such as Twitter, Google Groups and blogs, to communicate with the bot- Marine Sentenced for 3 net and spy bots to make their infrastructure as reliable as possible. The attackers' traces Passing Secrets are reported to lead to Chengdu province in Southwest China. The Chinese government immediately rejected any suggestion that it may have been involved. Chinese Foreign German spy jailed for giving 4 secrets to gay lover Ministry spokeswoman Jiang Yu told the Peking press that China denied any involvement in cyber-crimes and was taking action against hackers. She added that attacks of this Alleged Wikileaks Mole 4 type are an international problem. Indicted

Couple charged over hybrid 4 car industrial espionage plot Page 1 The CI Shield

China denies Canadian hacker claims AFP, 7 Apr 10: China on Tuesday denied that hackers based in the country tar- geted Indian government computers and accessed military secrets, weeks after Google effectively shut its China search engine over cyberattacks. The denial came after Canadian researchers claimed that a China-based online spying net- work leveraged popular Web services such as Twitter, Google Groups and Yahoo! Mail to steal information from the New Delhi government and other Indian net- The views expressed works. "Some reports have, from time to time, been heard of insinuating or criticizing the Chinese in articles obtained government... I have no idea what evidence they have or what motives lie behind," said Chinese Foreign Ministry spokeswoman Jiang Yu. "Hacking is an international issue and should be dealt with from public sources by joint efforts from around the world," Jiang was quoted as saying by the state Xinhua news within this product do agency during a regular news briefing. The Canadian claims coincide with Indian Foreign Minister not necessarily reflect S.M. Krishna's visit to China for talks with senior officials including President Hu Jintao and Prime Min- those of the ister Wen Jiabao. US Internet giant Google announced March 22 that it was redirecting mainland Chinese users to an uncensored site in Hong Kong, making good on an earlier pledge not to go New Mexico along with the Communist Party government's censorship rules. Google's decision to defy Beijing Counterintelligence was based on what it called concerns over censorship and cyberattacks it said originated from Working Group China. Researchers at the University of Toronto's Citizen Lab said they documented a "complex ecosystem of cyber espionage that systematically compromised government, business, academic and other computer networks in India, the Offices of the Dalai Lama, the United Nations, and sev- eral other countries." Data stolen from dozens of hacked computers mostly in India contained sen- sitive information about missile systems, Sino-Indian relations, as well as personal, financial and busi- ness information of citizens from 31 countries. Researchers traced the cyberattacks to servers in Chengdu, China. The New Mexico Counterintelligence Taiwan man pleads guilty in Iran missile case AP, 14 May 2010: MIAMI — A Taiwanese businessman pleaded guilty Thurs- Working Group day to federal charges arising from an undercover investigation into the (NMCIWG) is illegal export to Iran of items that can be used for missiles, unmanned comprised of drones and other military purposes. Yi-Lan Chen, 40, pleaded guilty to con- counterintelligence, spiring to violate the U.S. embargo against Iran and attempting to export prohibited goods that have dual civilian and military uses. Chen, a citizen cyber, intelligence of Taiwan who used the name "Kevin Chen," also entered guilty pleas on analysts, legal, and behalf of his Landstar Tech Co. The maximum prison term for each count is security professionals 20 years, but Chen will likely receive a much lighter sentence because he is cooperating with an ongoing investigation into banned exports to Iran. U.S. District Judge Adalberto Jordan set sen- in the New Mexico tencing for July 30. Chen also faces more than $2 million in fines. Chen, dressed in a tan prison business community jumpsuit, said little at the hearing except to quietly answer Jordan's questions through a Mandarin Chinese translator. Chen was arrested in February in Guam in the midst of a transaction to ship to Iran some 8,500 glass-to-metal seals and 120 military-grade connectors. Commerce Department investigators said he had arranged at least 30 banned shipments to Iran since 2007, falsely telling U.S.-based suppliers in Lakewood, N.J., Cincinnati and elsewhere that the goods were destined for Hong Kong or Taiwan. In one August 2009 e-mail exchange with a buyer in Tehran, Iran, Chen de- The NMCIWG scribed his practices this way: "As you know we cannot tell USA this connector is for you. So we have to tell a white lie to USA that this is for our factory in Hong Kong." Court documents show that membership includes investigators learned of Chen's activities after he tried to arrange for the export of 2,000 detonators representatives from through an unnamed California company. Search warrants were obtained for Chen's e-mail ac- these agencies: 902nd counts from South Florida judges, which is one reason he was brought to Florida to face the charges. The e-mails show Chen shipped two P200 Turbine engines and spare parts to Iran via MI, AFOSI, AFRL, Hong Kong in 2007, labeling them on an invoice as "a starter for a car and wheels." The engines DCIS, DOE, DSS, can be used in model aircraft but also for military drones. In October 2009, Chen began communi- DTRA, FBI, ICE, MDA, cating via e-mail with a Fort Lauderdale-based undercover federal agent posing as representative NAG, NCIS, Sandia of a supplier company. The undercover agent described to Chen how he was able to get around U.S. rules on the embargo against Iran. In one December 2009 e-mail, Chen mentioned that he Labs, and the U.S. didn't want to try to obtain big-ticket items. "What we want is to do the business by means of safe Attorney’s Office and low profile then nobody gets hurt," he wrote, according to court documents.

Source: http://www.google.com/hostednews/ap/article/

Page 2 The CI Shield

Macau resident convicted in US of illegal defense exports AFP, 13 May 2010: LOS ANGELES — A Macau resident has been convicted of trying to illegally export communications, encryption and GPS equip- ment used by the US military and NATO forces, the Department of Justice said Wednesday. Chi Tong Kuok, also known as Edison Kuok, was convicted by a federal jury in San Diego, south of here, on Tuesday of trying to export defense articles to Macau and Hong Kong without a license, the depart- ment said in a statement. Kuok, a Portuguese citizen who lives in Macau, was arrested in Atlanta in June 2009 following an operation which involved undercover agents of The NMCIWG also the US Immigration and Customs Enforcement agency. He was convicted of conspiring to export defense articles without a license, smuggling goods from the United States, money laundering and produces a daily other charges. The Justice Department did not mention the ultimate destination for the equipment Cyber Threat Kuok was seeking, but Wired magazine quoted a government affidavit in the case as saying he newsletter for was acting at the direction of Chinese officials. "This conviction underscores the threat posed by illicit efforts to obtain sensitive US technology and the need for continued vigilance against such Information schemes," David Kris, assistant attorney general for national security, said. "The military encryption Technology and technology at the heart of this conspiracy is controlled for good reason," Kris said. "The United Security States is engaged in a daily cat and mouse game to keep sensitive technology from falling into Professionals. To the hands of those who might seek to harm America or its allies," added Department of Homeland Security assistant secretary John Morton. "The enforcement of arms export controls keeps America subscribe to this safe, and Kuok's arrest and conviction have done just that when sensitive encryption technology is newsletter please not taken overseas by someone whose interests are not in line with those of the United States," Mor- click HERE. ton said. According to court documents, Kuok contacted a company in Britain in 2006 to obtain components related to the VDC-300 data controller, a device made by a California defense con- tractor which is used by the US and NATO militaries to route data to and from tactical radios. The Justice Department said the British company referred Kuok to the ICE, which carried out negotia- tions with him for more than two years through email. It said Kuok also sought to obtain a PSN-13, a Global Positioning System device used by the US and NATO, and a PRC-148, a multi-band hand- held radio system manufactured by Thales Communications that was originally designed for US Special Operations Command. He also sought to obtain a CYZ-10, which is used by US and NATO forces to load encryption software into communication devices such as tactical radios to allow them to communicate securely. Kuok also attempted to buy a KG-175 Taclane Encryptor, a Gen- To subscribe to this eral Dynamics device made under contract with the National Security Agency for use by the US espionage newsletter military which encrypts Internet Protocol communications, it said. Sentencing was set for August 23. please click HERE. Kuok could face up to five years in prison for conspiracy to smuggle goods from the United States and exporting defense articles without a license and up to 10 years for smuggling goods from the United States. Attempted export of defense articles without a license is punishable by up to 10 In the email text years in prison while money laundering carries a sentence of up to 20 years in prison. Source: please include the http://www.google.com/hostednews/afp/article/ALeqM5gfRebJyqnl7CglYEgPOEJbTHM9Mg name of your Marine Sentenced for Passing Secrets employer, your name / AP, 14 May 2010: CAMP PENDLETON, Calif. - A Camp Pendleton Marine officer job title / phone who leaked intelligence documents to the Los Angeles County Sheriff's Depart- number and if you are ment has been sentenced to 90 days in confinement. Maj. Mark Lowe also was sentenced Thursday to a reprimand and ordered to forfeit $6,000 in pay. He interested in having a pleaded guilty in a military trial to dereliction of duty and conduct unbecom- NMCIWG ing an officer. Lowe and four others were accused of passing secret informa- representative contact tion to a sheriff's anti-terrorism unit between 2003 and 2004. Court testimony you for additional says some of the material came from the CIA. Col. Larry Richards is awaiting trial in the case, while three lower-ranking Marines either pleaded guilty or cyber security or were convicted. Source: http://www.military.com/news/article/marine-sentenced-for-passing- counterintelligence secrets.html?ESRC=topstories.RSS assistance.

Page 3 The CI Shield

German spy jailed for giving secrets to gay lover AFP, 26 May 10: A German court on Wednesday jailed a former agent for two years and three months for passing state secrets on to his gay partner while gathering intelligence in Kosovo. Anton Robert K., 43, was found guilty of revealing to Murat A., 29, whom he had hired as an interpreter, the names of other agents be- tween 2005 and 2008 and a report by an employee of Britain's Reminder: If you are Secret Intelligence Service (SIS). He was also convicted of fraud asked to provide for illegally claiming expenses, as was Murat A., a Macedonian, sensitive / classified who was given a suspended jail sentence of 14 months by the information that the court in Munich, southern Germany. Press reports said the German intelligence agency, the requestor is not Bundesnachrichtendienst (BND), was alerted to the relationship by the agent's wife finding out her authorized to receive, husband had replaced her name with the interpreter's on his life insurance policy. IMMEDIATELY notify your organization’s Alleged Wikileaks Mole Indicted counterintelligence Maximum PC, 7 Jul 10: A 22-year-old Army intelligence analyst accused officer or security of having leaked classified information to Wikileaks was indicted on Mon- manager day. Private First Class Bradley E. Manning has been in military custody in Kuwait ever since his arrest on May 29. He allegedly leaked a controver- sial video of a U.S. Apache helicopter attacking a group of Iraqi civilians. Much to the military chagrin's, the video surfaced on Wikileaks in April. The video revealed that the attack occurred after the pilot confused a Reminder: Email lensman for a RPG-toting insurgent. The ensuing fusillade accounted for poses a serious threat the deaths of two Reuters employees. Manning now faces two criminal to sensitive charges under the Uniform Code of Military Justice. ―The first charge, under Article 92 of the UCMJ, information. If you is for violating a lawful Army regulation by transferring classified data onto his personal computer receive an email that and adding unauthorized software to a classified computer system,‖ reads a United States Division seems suspicious do Center news release. The other charge, under Article 134, pertains to the unauthorized transfer of NOT open, delete, such classified data to third parties. ―The command will appoint an officer to preside over an Arti- print, or forward the cle 32 investigation, which is similar to a civilian grand jury hearing. The investigating officer will email without the make findings and recommendations that the chain of command considers in determining assistance of your whether to refer the case to trial by court-martial.‖ Source: http://www.maximumpc.com/article/ organization’s news/alleged_wikileaks_mole_indicted counterintelligence officer or security Couple charged over hybrid car industrial espionage plot manager The Register, 23 Jul 10: A Michigan couple faces charges of stealing indus- trial secrets on hybrid cars from GM before attempting to sell the data to a Chinese auto manufacturer. Yu Qin, 49, and his wife, Shanshan Du, 51, of Troy, Michigan have been charged with four offences, including unau- thorised possession of trade secrets and wire fraud under an indictment Reminder: If you are unsealed on Thursday. GM reportedly places a value of $40m on the sto- traveling out of the len documents. Former GM worker Du allegedly copied thousands of sen- U.S., attending a sitive documents onto a hard disk after she was offered a severance scientific conference, agreement in January 2005. This hard drive was used by Millennium Technology International, a participating in a firm run by the two defendants, which months later allegedly offered hybrid vehicle technology to DoD / scientific test Chery Automobile in China. The circumstances of the case raise serious questions about the secu- event or hosting a rity controls applied by GM to safeguard its research around the time of the alleged data theft. In foreign national to May 2006 the couple's home was raided, leading to the recovery of computers containing indus- your home or facility trial secrets, according to prosecutors. The couple allegedly attempted to shred presumably in- you need to criminating documents and dump them after their initial arrests, alleged misdeeds that have re- immediately notify sulted in an obstruction of justice charge. The defendants appeared in federal court on Thursday your organization’s for arraignment on charges punishable by up to 20 years imprisonment and heavy fines on convic- counterintelligence tion. "As our auto industry works to find new areas of innovation, such as hybrid technology, we will officer or security not tolerate the theft of our trade secrets from foreign competitors," said Barbara McQuade, manager to receive a United States Attorney for the Eastern District of Michigan. "We will aggressively prosecute people threat briefing who steal from the investment that our auto industry has made in research and development." Source: http://www.theregister.co.uk/2010/07/23/hybrid_car_espionage_scam/

Page 4