Finished reading @zachsdorfman's 3-part series on espionage dance between China/CIA. Packed w/great reporting/detail Zach fleshes out how mutual spying and power dynamics unfolded over last decade w/ focus on massive hacking campaigns. Highly recommend foreignpolicy.com/2020/12/21/chi…
Here's part 2 - How U.S. intelligence on China was at a nadir as Xi was rising. foreignpolicy.com/2020/12/22/chi…
And part 3 - how China's intelligence services co-opted its tech companies to assist with processing the massive amounts of data China has stolen through hacking ops foreignpolicy.com/2020/12/23/chi…
I particularly liked the detail about how the CIA supplied Chinese spy recruits with bribery money that they could use to climb their way up the corrupt Chinese bureaucracy ladder where they would be in more influential positions and have access to better intel to provide the US
“Paying their bribes was an example of long-term thinking that was extraordinary for us. Recruiting foreign military officers is nearly impossible. [So this] was a way to exploit the corruption to our advantage" and move spies up the chain of command to make them more valuable.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Kim Zetter

Kim Zetter Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @KimZetter

6 Jan
PBS Newshour reporter describes protesters shattering the glass on doors to the Capitol building, you can hear the pounding on the front door of the US Capitol in the background as she speaks - no police in the area where she's reporting
"Protestors are using the staff of an American flag to try to break through these windows," reporter says. She's talking about protestors at a balcony door/window.
She now reports that protestors are inside the building. Lawmakers have been moved to a safer location.
Read 21 tweets
4 Jan
I've seen a lot of misinfo published since the election by well-meaning people who, in trying to counter false election-fraud claims, overstate the current state of election security/integrity. Here's a good piece by experts that lays out the facts👇 barrons.com/articles/elect…
"Even though there is no compelling evidence the 2020 vote was rigged, U.S. elections are insufficiently equipped to counter such claims because of a flaw in American voting. The way we conduct elections does not routinely produce public evidence that outcomes are correct."
"We need evidence-based...processes that create strong public evidence that the reported winners really won and the reported losers really lost...

Currently, only 4 states (Colorado, Nevada, Rhode Island, and Virginia) have statutory requirements for risk-limiting audits"
Read 6 tweets
24 Dec 20
New: SolarWinds backdoor infected at least 15 entities in critical infrastructure incl electric/oil/gas/manufacture + 3 managed service providers for crit infr. No evidence hackers used backdoor to enter but may be difficult to tell due to lack of logging theintercept.com/2020/12/24/sol…
Managed service providers can have authorized remote access directly into critical infr + privileges that let them alter network, install software, and control critical operations. This means hackers who breach a provider can potentially use that provider’s credentials and access
“If [provider] has access to a network, and it’s bi-directional, it’s usually for more sensitive equipment like turbine control, and you could actually do disruptive actions," @RobertMLee told me. "But just because you have access...doesn’t mean they can then flip off the lights”
Read 9 tweets
22 Dec 20
Per briefing today on SolarWinds hack, @RonWyden says IRS was not compromised or taxpayer data affected. However, hack of Treasury Department "appears to be significant." Treasury breach began in July, "the full depth of which isn’t known."
Microsoft notified Treasury Dept that dozens of email accounts were compromised. Additionally the hackers broke into systems in the Departmental Offices division of Treasury, home to Treasury's highest-ranking officials. Treasury still doesn't know precisely what info was stolen.
.@RonWyden on SW: “[A]fter yrs of gov officials advocating for encryption backdoors and ignoring warnings from [infosec] experts who said...encryption keys [are targets] for hackers, the USG has..suffered a breach that seems to involve...stealing encryption keys from USG servers”
Read 11 tweets
18 Dec 20
New: SolarWinds hackers did test-run of spy operation in Oct 2019, when malicious SolarWinds files were first downloaded by customers. That version didn't have backdoor in it, however. Indicates hackers were in SolarWinds network in 2019, if not earlier. news.yahoo.com/hackers-last-y…
Investigators have so far found no evidence the attackers did anything to infected machines once the malicious Oct 2019 SolarWinds software was installed; suggests this was just a dry-run to test that their malicious files would deliver to customer machines and not be detected.
I also clarify in story how FireEye first discovered breach. It occurred when the hackers, who already had an employee's credentials, used those to register their own device to FireEye's multi-factor authentication system so they could receive the employee's unique access codes.
Read 7 tweets
18 Dec 20
Wow, this is bold. Employee of a US telecom, who was based in China, has been charged w/ disrupting video-conference meetings held in May and June this year by parties in the US to commemorate the June 4, 1989 Tiananmen Square massacre in China. justice.gov/opa/pr/china-b…
"No company with significant business interests in China is immune from the coercive power of the Chinese Communist Party. The Chinese Communist Party will use those within its reach to sap the tree of liberty, stifling free speech in China, the United States and elsewhere"
"The allegations in the complaint lay bare the Faustian bargain that the PRC government demands of U.S. technology companies doing business within the PRC’s borders, and the insider threat that those companies face from their own employees in the PRC”
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!