Why Threat Intelligence?
Dr. Darren Hayes
Agenda
•
•
•
•
Executive Branch
National Security Strategy (NSS)
Russian Intelligence
Chinese Espionage
• Congressional Legislation
What Does a National Security Strategy
Consist of?
• National Security Strategy Signed by President
• Strategic Direction of the Country
• Strategies to Deal with Security Threats
• Ways to Strengthen National Power
•
•
•
•
Diplomatic
Informational
Military
Economic
• Maintain Advantage Over Nation / Bloc of Nations / State Actor
National Defense Strategy
• Domains of Dominance Challenged
• Air, Land, Sea, Space & Cyberspace
• Threats from Adversaries
• Information Warfare
• Proxy Operations
• New Technologies will Change Warfare
•
•
•
•
Big Data
AI
Robotics
Autonomy
National Defense Strategy
• Non-state Threats
• Terrorists
• Organized Criminals
• Hackers
• National Security Innovation Base
• Academia
• Private Sector
• National Labs
Russian Intelligence: FSB
• Formerly known as The Dzerzhinsky Higher School of the KGB
• Educates Russian Intelligence for Careers with Federal Security
Service of Russian Federation (FSB)
• Eugene Kaspersky, Technical Faculty of FSB Academy
Russian Intelligence
• GRU (Intelligence Directorate of Russian Forces)
• Military Intelligence
• Cyber Espionage
• SVR (Foreign Intelligence Service)
• Equivalent of CIA / NSA or MI6 (British Security Intelligence Service)
• Center for Research of Military Strength of Foreign Countries
Russian Intelligence: SVR
•
•
•
•
Focused on Foreign Espionage
Based in Moscow
Works Closely with GRU
Conducts Electronic Surveillance
•
•
•
•
Military, Strategic, Scientific, Economic, Technology Espionage
Protect Russian Interests Abroad
Recruitment of Russians Living Abroad
1992 – Secret Intelligence Agreement with China
Robert Hanssen
• Born 1944
• Worked for the FBI
• Spied for Soviet & Russian Intelligence (1979 – 2001)
• Approached the GRU in 1979
• Compromised KGB Agents working for US Intelligence
• Disclosed Eavesdropping Tunnel Built by FBI under
Soviet Embassy in Washington DC
• 2001 – Arrested & Sentenced to 15 Life Sentences
Aldrich Ames
•
•
•
•
Born 1941
Worked with CIA
Became a KGB Double-Agent
Compromised US Assets in Russia
• Life in Prison without Parole
Aldrich Ames
•
•
•
•
Suspicion about Purchases with a $60,000 Salary
$540,000 house in Arlington, Virginia, paid for in cash
$50,000 Jaguar luxury car
Home remodeling and redecoration costs of $99,000
• Monthly phone bills exceeding $6,000, mostly calls by Ames's wife
to her family in Colombia
• Premium credit cards, on which the minimum monthly payment
exceeded his monthly salary
Maria Butina
• Infiltrated NRA
• 2018 – Pled Guilty to Espionage
• Pushed for Closer Ties with
Russia
Legislation - Espionage
• Espionage Act of 1917
• 18 USC § 792 et seq.
• Economic Espionage Act of 1996
• 18 U.S.C. § 1831 – 1839
• Section 1831 – Economic Espionage
• Section 1832 – Theft of Trade Secrets
• Arms Export Control Act (AECA)
• 22 U.S.C. 2778
Espionage Cases: USAF
•
•
•
•
Noshir Gowadia
B-2 Stealth Bomber Engineer
Sold Military Secrets to China
Sentenced to 32 Years
• Guilty on 14 Counts
• Communicating National Defense Information to Aid a Foreign Nation
• Arms Export Control Act
Espionage Cases: USAF
•
•
•
•
John Reece Roth
Sentenced to 48 Months
Violated Arms Export Control Act
Conspired to Export Technical Information Relating to a U.S. Air
Force to China
• Unmanned Aerial Vehicle (UAV) → Drone
Espionage Cases: NASA
• Dongfan "Greg" Chung
• Stole Restricted Technology & Trade Secrets
• Space Shuttle Program & Delta IV Rocket
• Sentenced to 16 Years in Federal Prison
• Found Guilty
• Conspiracy to Commit Economic Espionage
• 6 Counts of Economic Espionage to Benefit a Foreign Country
• Acting as an Agent of People’s Republic of China
China
• MPS – Domestic Intelligence
• MSS – HUMINT Operations
• Students, Diplomats, Businessmen, Scientists
• MID – HUMINT Relating to Technical Information
• Trade Shows
• Military
• People's Liberation Army (PLA) General Staff Department (GSD)
Third Department (A.K.A. 3PLA) ~ NSA
• SIGINT Ops
China – PLA Covert Espionage
•
•
•
•
Peoples Liberation Army
PLA General Staff Department (GSD)
Responsibilities:
HUMINT
• Theft & Intelligence
• SIGINT
• Phone Call Intercepts
• Launching Cyber Attacks
• ELINT
• Intercepting Satellite & Radar Communications
China – PLA Overt Espionage
•
•
•
•
Overseas Influence
Targets Influential People in Community
Overseas Chinese Affairs Office – Tracks Expats
Work with Tongs & Community Associations
• Work with Triads & OCGs
China – Financial Motivation
• 70% of Military Operating Expenses Covered by State Budget
• PLA Must Make Up Difference
• 2010 – 3,200 Military Front Companies Operating in USA
• Dedicated to IP Theft
• All Companies in China with 50+ Employees Required to Pay a
Chinese Communist Party Liaison
• Project 863
• Funding Available for IP Theft of US Technology
• Targets: Biotech, Energy, Telecom, Laser Tech, Space
China – Facilitating Espionage
• Study Abroad Programs
• Chinese Students in Foreign Universities
• Students Traveling to China
• http://www.theepochtimes.com/n3/968736-chinese-student-spiesoverwhelm-us/
• Foreign Recruits
• Front Companies
• Huawei & ZTE
• http://www.bloomberg.com/news/articles/2012-10-07/huawei-zteprovide-opening-for-china-spying-report-says
China
•
•
•
•
•
•
•
•
•
F-35
Cost = $400 bn
F-35 Helmet = $400k
Max. Speed = 1,119 mph
USA with Funding from UK, Italy, Australia, etc.
Chinese Hackers → Lockheed Martin
FC-31
Both Carry Guided & Unguided Missiles
Both Use Two Tracking Mirrors
China – OPM Breach
•
•
•
•
Office of Personnel Management (OPM)
5.6 Fingerprints Stolen
21.5 Million Social Security Numbers Stolen
SFS-86 Form Information Stolen
•
•
•
•
•
Applications for Security Clearance
127-Page Form
Arrests
Drug Use
Mental Illness
• CIA Officers in Beijing Pulled
China - Operation Iron Tiger
•
•
•
•
Cyber Espionage Attack on US Defense Contractors
Stole IP, Emails, Strategic Planning Documents
Group - Panda Emissary APT
Attacks on Unpatched Vulnerabilities
• Java (CVE-2011-3544 & CVE-2010-0738)
• Compromised 100+ Websites
• http://securityaffairs.co/wordpress/40199/cybercrime/operation-iron-tiger.html
Cybersecurity Information Sharing Act of 2015
• Obama Administration
• Permits Sharing of Internet Communications between Government
& Private Sector
• Cyber Threat Information Sharing
• Indemnification for Businesses
• https://www.congress.gov/bill/114th-congress/senate-bill/754
President Biden’s Executive Order
• President Signs Executive Order Charting New Course to Improve
the Nation’s Cybersecurity and Protect Federal Government
Networks
• https://www.whitehouse.gov/briefing-room/statementsreleases/2021/05/12/fact-sheet-president-signs-executive-order-chartingnew-course-to-improve-the-nations-cybersecurity-and-protect-federalgovernment-networks/
Questions