OPM breach was one of the worst things to happen to national security recently. They weren't pointing any fingers for a while, but suspected the Chinese to have something to do with it. It looks like they are a lot more sure now.
OPM asks applicants very personal questions to see if they are being honest. The leak included information on government employee's that have clearance about infidelity, drug use, debt, and other sensitive topics for people working in very sensitive positions. Also more benign stuff like every place they have ever lived and people they had contact with while living in those places. That information could be used in a lot of ways.
It was such a massive breach and it was surprising how little press it got. The "Russians" hacking the election with flaky evidence has gotten magnitudes more of coverage.
And here is detailed information about current and present government employees, many in the intelligence agencies, tens of millions of people total probably. Including biometric data like fingerprints, deeply personal stuff like past transgressions, addictions, financial trouble, health information -- these are things that could be used to approach or entrap someone in a blackmail scheme. And comparatively it was barely a blip in the news.
CIA if I remember correctly was the only not affected. But it is not unheard of people moving between agencies so there is still risk there.
Some reminders: everyone is innocent until proven guilty in a court of law in the USA.
there have been quite a few people arrested now who traveled from a non-extradition country to an extradition one (btce guy, this guy, malwarenews guy [though he was UK])
it seems someone in the US thinks it's fun to just swipe people up on suspicion, so let's try not to assume they're instantly guilty
In theory, a reasonable suspicion is established by the prosecution, and approved by a judge, prior to a warrant being issued. This is often further reviewed, by a judge, prior to the extradition request.
I make no claims about this specific case, but that's how it's supposed to work. There have been cases of unlawful renditions, but this doesn't appear to be that and those matters don't usually show up in court. It's not perfect, but reasonable suspicion is what warrants are based on.
I don't necessarily disagree with what you said, but the variable "reasonable" here is of course up for debate, since suspicion is very easy to have.
We don't know the specifics, yes, but the evidence presented in these types of cases is not exactly compelling.
MalwareNews kid made a tweet about some malware.
The Temple professor who was also a Chinese national was wrongfully arrested while "trying to flee the USA with trade secrets." He is now suing the FBI.
BTC-E guy was snatched up in Greece after traveling from Russia for vacation. We don't know the details, but presumably if he really thought he was a truly wanted cyber criminal, he would have never left.
And Gottfrid Svartholm was extradited from Cambodia to Sweden, without an extradition treaty!!!! All so he could be tried for copyright crimes against US corporations.
So, for these reasons, I am hesitant to say that this Chinese guy in particular without a doubt is guilty, just because he was arrested (snatched up.)
People are not "just swiped up". A grand jury is presented with base facts and asked to issue an indictment so that the suspects can be arrested. Without the issuance of a True Bill (indictment) the investigation must continue but no arrests can be made. Since they apparently received the indictment and warrants issued arrests were made. Now it goes to court where the prosecution must prove guilt beyond a reasonable doubt.
If these people did nothing wrong they will have the opportunity to present their defense. But just an aside, these are not the only occurances where our law enforcement must wait for individuals to leave a non-extradition country in order to gain access to make an arrest. It happens with suspected drug dealers, murders, etc
Please see my other comment for more context about the USA's shoddy record as of late.
I don't disagree with you that we have a process, but apparently these warrants and indictments aren't particularly difficult to get. Maybe there is a bias towards granting indictments against foreign nationals?
Or maybe I am completely wrong, and the feds did an amazing job finding a true criminal.
Based on past evidence, I am not holding my breath that this time the feds have really found a criminal. See my other comment for a recent list, especially the one of the Chinese-national professor who worked at Temple.
So, for that reason, I refuse to take any US indictment seriously, unless the evidence is painfully clear (El Chapo.)
The article lists the malware family as Sakura but the breaches appear to involve to a RAT called Sakula. [1] There does appear to be an exploit kit named Sakura, but it not associated with any APT campaigns.
9 comments
[ 3.5 ms ] story [ 31.4 ms ] threadOPM asks applicants very personal questions to see if they are being honest. The leak included information on government employee's that have clearance about infidelity, drug use, debt, and other sensitive topics for people working in very sensitive positions. Also more benign stuff like every place they have ever lived and people they had contact with while living in those places. That information could be used in a lot of ways.
It was such a massive breach and it was surprising how little press it got. The "Russians" hacking the election with flaky evidence has gotten magnitudes more of coverage.
And here is detailed information about current and present government employees, many in the intelligence agencies, tens of millions of people total probably. Including biometric data like fingerprints, deeply personal stuff like past transgressions, addictions, financial trouble, health information -- these are things that could be used to approach or entrap someone in a blackmail scheme. And comparatively it was barely a blip in the news.
CIA if I remember correctly was the only not affected. But it is not unheard of people moving between agencies so there is still risk there.
there have been quite a few people arrested now who traveled from a non-extradition country to an extradition one (btce guy, this guy, malwarenews guy [though he was UK])
it seems someone in the US thinks it's fun to just swipe people up on suspicion, so let's try not to assume they're instantly guilty
I make no claims about this specific case, but that's how it's supposed to work. There have been cases of unlawful renditions, but this doesn't appear to be that and those matters don't usually show up in court. It's not perfect, but reasonable suspicion is what warrants are based on.
We don't know the specifics, yes, but the evidence presented in these types of cases is not exactly compelling.
MalwareNews kid made a tweet about some malware.
The Temple professor who was also a Chinese national was wrongfully arrested while "trying to flee the USA with trade secrets." He is now suing the FBI.
BTC-E guy was snatched up in Greece after traveling from Russia for vacation. We don't know the details, but presumably if he really thought he was a truly wanted cyber criminal, he would have never left.
And Gottfrid Svartholm was extradited from Cambodia to Sweden, without an extradition treaty!!!! All so he could be tried for copyright crimes against US corporations.
So, for these reasons, I am hesitant to say that this Chinese guy in particular without a doubt is guilty, just because he was arrested (snatched up.)
If these people did nothing wrong they will have the opportunity to present their defense. But just an aside, these are not the only occurances where our law enforcement must wait for individuals to leave a non-extradition country in order to gain access to make an arrest. It happens with suspected drug dealers, murders, etc
I don't disagree with you that we have a process, but apparently these warrants and indictments aren't particularly difficult to get. Maybe there is a bias towards granting indictments against foreign nationals?
Or maybe I am completely wrong, and the feds did an amazing job finding a true criminal.
Based on past evidence, I am not holding my breath that this time the feds have really found a criminal. See my other comment for a recent list, especially the one of the Chinese-national professor who worked at Temple.
So, for that reason, I refuse to take any US indictment seriously, unless the evidence is painfully clear (El Chapo.)
1. https://www.crowdstrike.com/blog/ironman-deep-panda-uses-sak...
The grugq's response on this matter -
"The chilling effect of the US charging tool developers for the actions of their clients are detrimental to securing the Internet."[1]
So what we may have is 3rd party vendors being personally liable for their involvement in government espionage activities.
[1] https://twitter.com/thegrugq/status/901833246505185282