This is the blog of British investigative journalist Jason Lewis.
It features articles from my time as Investigations Editor of the Sunday Telegraph and Whitehall and Security Editor of the Mail on Sunday.
I specialise in writing on intelligence and security matters, human and civil rights and the activities of the British State.
Monday, 12 March 2012
China spies on NATO
NATO breached by Facebook friend
March 10, 2012
James Stavridis ... NATO's most senior officer. Photo: AP
Washington: When the "friend request" appeared on their Facebook accounts, the military officers and government officials in Britain, America and their allies must have been flattered.
Who would not want to be considered a personal friend of NATO's most senior officer, the Supreme Allied Commander, Admiral James Stavridis?
There was nothing to arouse their suspicion but when they accepted the request, they had in reality become "friends" of a fake admiral whose electronic profile was painstakingly constructed by foreign spies.
Classified briefings suggest they were working for the Chinese state.
Neither Facebook nor NATO would disclose just how many people had fallen for the scam but it was clear the number was significant - and so are the implications.
The spies who ran the fake profile gained access to a treasure trove of personal details: email addresses, the names of family members, personal pictures, and possibly even phone numbers and the details of the victims' movements.
The information could lead to attempts at blackmail, while the personal information could be used for hackers to try to crack the passwords used on encrypted systems. Many people use the names of their children or their wives in passwords - precisely the kind of details that Facebook accounts are full of.
While no Nato officer would put genuine secrets on Facebook, the security implications were clear.
For NATO it was a major embarrassment which emphasises just how the nature of spycraft has changed from the days before the internet. As a result they have told military officers and diplomats who work for NATO that they should establish their own social networking profiles - in case the sting is repeated.
Admiral Stavridis, who was in charge of operations in Libya to bring about the end of Muammar Gaddafi's regime, now has an official Facebook site while the bogus one has been deleted.
Senior NATO staff were warned about the fake account late last year and made representations to Facebook.
It is understood that Facebook uses sophisticated techniques to identify bogus accounts which, it says, have very different footprints from genuine Facebook users. A spokesman said: "After the profile was reported to us, it was taken down as soon as we were notified and investigated the issue."
Last night officials at the Supreme Headquarters Allied Powers Europe (Shape), confirmed Admiral Stavridis had been a target.
They refused to be drawn on the origin of the security breach, although other senior security sources confirmed that it had been traced to China.
A spokesman for Shape said: "This type of compromising attempts is called 'social engineering' and has nothing to do with 'hacking' or 'espionage'.
"Discussions/chats/postings on Facebook are of course only about unclassified topics."
A NATO official added: "There have been several fake supreme allied commander pages. Facebook has co-operated in taking them down. We are not aware that they are Chinese.
"The most important thing is for Facebook to get rid of them. First and foremost we want to make sure that the public is not being misinformed. Social media played a crucial role in the Libya campaign last year.
"It reflected the groundswell of public opposition, but also we received a huge amount of information from social media in terms of locating Libyan regime forces. It was a real eye-opener. That is why it is important the public has trust in our social media."
The "spear fishing" exercise is the latest tactic in the use of the internet to spy on Western figures. Among the items stolen are said to be the secrets of stealth aircraft, submarine technology, the space programme and solar energy.
British institutions are equally vulnerable and Chinese hackers have accessed the House of Commons secure computer network.
Shawn Henry, the FBI's executive assistant director in charge of targeting cyber crime, said: "We see thousands of breaches every month across all industry and retail, infrastructure and across all sectors.
"We know that the capabilities of foreign states are substantial and we know the type of information that they are targeting."
Some hawkish figures in the US fear that a hostile country or terror group might launch a "cyber war" against them, attempting to attack and destroy military and civil infrastructure using computer viruses or other electronic weapons.
However, most experts think this is unlikely.
It is similar to the "Night Dragon" attacks which targeted executives of some of the world biggest oil and gas companies.
The names of the firms involved have not been disclosed. Their reluctance is widespread as companies fear disclosure will damage customer confidence and their share price. The attackers targeted the Western firms' public websites as well as specific individuals using Facebook and other social networking sites. The hackers tried to dupe victims into revealing login names and passwords.
The hackers were traced to China and investigators found the attacks only took place on week days between 9am and 5pm, suggesting they were working at an office or a government facility.
Dmitri Alperovich, a security expert who helped uncover the "Night Dragon" breach, says Western businesses and governments are routinely being targeted.
He said: "They will know your strategy, your price list, everything to undercut and beat you. The Chinese are using every trick in the book.
"They stole emails between executives about high level negotiations?... If they know your strategy they can't lose."
Last year an employee at a key US computer security firm, RSA, opened a personal email with the subject line "2011 Recruitment Plan" and clicked on the attached Excel spreadsheet.
The attachment contained a virus, apparently engineered by the Chinese, which breached RSA's systems.
RSA's customers include the White House, the Central Intelligence Agency, the National Security Agency, the Pentagon and the Department of Homeland Security (DHS), as well as organisations around the world.
The breach meant it had to contact its customers to warn them of the security risk.
Bruce McConnell, the US Department for Homeland Security's director of cyber security, said: "The internet is civilian space. It is a marketplace. Like the market in Beirut in the 70s, it will sometimes be a battleground."
He likened his department's job to attempts to coordinate the civilian response to a hurricane.
But "unlike in a hurricane, we are responding to incidents every day," he added.