U.S. spy chiefs warn Senate on many threats to the United States

FBI Director Christopher Wray, CIA Director Gina Haspel, Director of National Intelligence Dan Coats, Defense Intelligence Agency (DIA) Director Gen. Robert Ashley, National Security Agency (NSA) Director Gen. Paul Nakasone and Robert Cardillo, director of the National Geospatial-Intelligence Agency, testify to the Senate Intelligence Committee hearing about "worldwide threats" on Capitol Hill in Washington, U.S., January 29, 2019. REUTERS/Joshua Roberts

By Patricia Zengerle and Doina Chiacu

WASHINGTON (Reuters) – China and Russia pose the biggest risks to the United States, and are more aligned than they have been in decades as they target the 2020 presidential election and American institutions to expand their global reach, U.S. intelligence officials told senators on Tuesday.

The spy chiefs broke with President Donald Trump in their assessments of the threats posed by North Korea, Iran and Syria. But they outlined a clear and imminent danger from China, whose practices in trade and technology anger the U.S. president.

While China and Russia strengthen their alliance, Director of National Intelligence Dan Coats said some American allies are pulling away from Washington in reaction to changing U.S. policies on security and trade.

The directors of the CIA, FBI, National Security Agency and other intelligence agencies flanked Coats at the Senate Intelligence Committee hearing. They described an array of economic, military and intelligence threats, from highly organized efforts by China to scattered disruptions by terrorists, hacktivists and transnational criminals.

FBI Director Christopher Wray, CIA Director Gina Haspel, Director of National Intelligence Dan Coats, Defense Intelligence Agency (DIA) Director Gen. Robert Ashley, National Security Agency (NSA) Director Gen. Paul Nakasone and Robert Cardillo, director of the National Geospatial-Intelligence Agency, testify to the Senate Intelligence Committee hearing about "worldwide threats" on Capitol Hill in Washington, U.S., January 29, 2019. REUTERS/Joshua Roberts

FBI Director Christopher Wray, CIA Director Gina Haspel, Director of National Intelligence Dan Coats, Defense Intelligence Agency (DIA) Director Gen. Robert Ashley, National Security Agency (NSA) Director Gen. Paul Nakasone and Robert Cardillo, director of the National Geospatial-Intelligence Agency, testify to the Senate Intelligence Committee hearing about “worldwide threats” on Capitol Hill in Washington, U.S., January 29, 2019. REUTERS/Joshua Roberts

“China, Russia, Iran, and North Korea increasingly use cyber operations to threaten both minds and machines in an expanding number of ways – to steal information, to influence our citizens, or to disrupt critical infrastructure,” Coats said.

“Moscow’s relationship with Beijing is closer than it’s been in many decades,” he told the panel.

The intelligence officials said they had protected the 2018 U.S. congressional elections from outside interference, but expected renewed and likely more sophisticated attacks on the 2020 presidential contest.

U.S. adversaries will “use online influence operations to try to weaken democratic institutions, undermine alliances and partnerships, and shape policy outcomes,” Coats said.

The intelligence chiefs’ assessments broke with some past assertions by Trump, including on the threat posed by Russia to U.S. elections and democratic institutions, the threat Islamic State poses in Syria, and North Korea’s commitment to denuclearize.

Coats said North Korea is unlikely to give up its nuclear weapons. Trump has said the country no longer poses a threat.

Coats also said Islamic State would continue to pursue attacks from Syria, as well as Iraq, against regional and Western adversaries, including the United States. Trump, who plans to withdraw U.S. troops from Syria, has said the militant group is defeated.

The intelligence officials also said Iran was not developing nuclear weapons in violation of the 2015 nuclear agreement, even though Tehran has threatened to reverse some commitments after Trump pulled out of the deal.

Senators expressed deep concern about current threats.

“Increased cooperation between Russia and China – for a generation that hasn’t been the case – that could be a very big deal on the horizon in terms of the United States,” said Senator Angus King, an independent who caucuses with Democrats.

CHINA BIGGEST COUNTERINTELLIGENCE THREAT

The officials painted a multifaceted picture of the threat posed by China, as they were questioned repeatedly by senators about the No. 2 world economy’s business practices as well as its growing international influence.

“The Chinese counterintelligence threat is more deep, more diverse, more vexing, more challenging, more comprehensive and more concerning than any counterintelligence threat I can think of,” FBI Director Christopher Wray said.

He said almost all the economic espionage cases in the FBI’s 56 field offices “lead back to China.”

Coats said intelligence officials have been traveling around the United States and meeting with corporate executives to discuss espionage threats from China.

He said China has had a meteoric rise in the past decade, adding, “A lot of that was achieved by stealing information from our companies.”

Speaking in Beijing, Chinese foreign ministry spokesman Geng Shuang said he hoped the United States would abandon its zero-sum thinking and work with China, Russia and the rest of the international community to ensure global security.

Tuesday’s testimony came just a day after the United States announced criminal charges against China’s Huawei Technologies Co Ltd [HWT.UL], escalating a fight with the world’s biggest telecommunications equipment maker and coming days before trade talks between Washington and Beijing.

Coats also said Russia’s social media efforts will continue to focus on aggravating social and racial tensions, undermining trust in authorities and criticizing politicians perceived to be anti-Russia.

Senator Mark Warner, the panel’s top Democrat, said he was particularly concerned about Russia’s use of social media “to amplify divisions in our society and to influence our democratic processes” and the threat from China in the technology arena.

The Senate Intelligence Committee is one of several congressional panels, along with Special Counsel Robert Mueller, investigating whether there were any connections between Trump’s 2016 and Russian efforts to influence the election.

Russia denies attempting to influence U.S. elections, while Trump has denied his campaign cooperated with Moscow.

Coats declined to respond when Democratic Senator Ron Wyden asked whether Trump’s not releasing records of his discussions with Russian President Vladimir Putin put U.S. intelligence agencies at a disadvantage.

“To me from an intelligence perspective, it’s just Intel 101 that it would help our country to know what Vladimir Putin discussed with Donald Trump,” Wyden said.

(Reporting by Patricia Zengerle and Doina Chiacu; Additional reporting by Ben Blanchard in Beijing; editing by Mary Milliken and Jonathan Oatis)

Special Report: How Iran spreads disinformation around the world

FILE PHOTO: Iran's national flags are seen on a square in Tehran

By Jack Stubbs and Christopher Bing

LONDON/WASHINGTON (Reuters) – Website Nile Net Online promises Egyptians “true news” from its offices in the heart of Cairo’s Tahrir Square, “to expand the scope of freedom of expression in the Arab world.”

Its views on America do not chime with those of Egypt’s state media, which celebrate Donald Trump’s warm relations with Cairo. In one recent article, Nile Net Online derided the American president as a “low-level theater actor” who “turned America into a laughing stock” after he attacked Iran in a speech at the United Nations.

Until recently, Nile Net Online had more than 115,000 page-followers across Facebook, Twitter and Instagram. But its contact telephone numbers, including one listed as 0123456789, don’t work. A Facebook map showing its location dropped a pin onto the middle of the street, rather than any building. And regulars at the square, including a newspaper stallholder and a policeman, say they have never heard of the website.

The reason: Nile Net Online is part of an influence operation based in Tehran.

It’s one of more than 70 websites found by Reuters which push Iranian propaganda to 15 countries, in an operation that cybersecurity experts, social media firms and journalists are only starting to uncover. The sites found by Reuters are visited by more than half a million people a month and have been promoted by social media accounts with more than a million followers.

The sites underline how political actors worldwide are increasingly circulating distorted or false information online to influence public opinion. The discoveries follow allegations that Russian disinformation campaigns have swayed voters in the United States and Europe. Advisers to Saudi Arabia’s crown prince and the army in Myanmar are also among those using social media to distribute propaganda and attack their enemies. Moscow has denied the charges; Riyadh and Yangon have not commented.

Former CIA director John Brennan told Reuters that “countries around the globe” are now using such information warfare tactics.

“The Iranians are sophisticated cyber players,” he said of the Iranian campaign. “There are elements of the Iranian intelligence services that are rather capable in terms of operating (online).”

Traced by building on research from cybersecurity firms FireEye and ClearSky, the sites in the campaign have been active at different times since 2012. They look like normal news and media outlets, but only a couple disclose any Iranian ties.

Reuters could not determine whether the Iranian government is behind the sites; Iranian officials in Tehran and London did not reply to questions.

But all the sites are linked to Iran in one of two ways. Some carry stories, video and cartoons supplied by an online agency called the International Union of Virtual Media (IUVM), which says on its website it is headquartered in Tehran. Some have shared online registration details with IUVM, such as addresses and phone numbers. Twenty-one of the websites do both.

Emails sent to IUVM bounced back and telephone numbers the agency gave in web registration records did not work. Documents available on the main IUVM website say its objectives include “confronting with remarkable arrogance, western governments and Zionism front activities.”

Nile Net Online did not respond to questions sent to the email address on its website. Its operators, as well as those of the other websites identified by Reuters, could not be located. Previous owners identified in historical registration records could not be reached. The Egyptian government did not respond to requests for comment.

“UNSPOKEN TRUTH”

Some of the sites in the Iranian operation were first exposed in August by companies including Facebook, Twitter and Google’s parent, Alphabet after FireEye found them. The social media companies have closed hundreds of accounts that promoted the sites or pushed Iranian messaging. Facebook said last month it had taken down 82 pages, groups and accounts linked to the Iranian campaign; these had gathered more than one million followers in the United States and Britain.

But the sites uncovered by Reuters have a much wider scope. They have published in 16 different languages, from Azerbaijani to Urdu, targeting Internet users in less-developed countries. That they reached readers in tightly controlled societies such as Egypt, which has blocked hundreds of news websites since 2017, highlights the campaign’s reach.

The Iranian sites include:

* A news site called Another Western Dawn which says its focus is on “unspoken truth.” It fooled the Pakistani defense minister into issuing a nuclear threat against Israel; * Ten outlets targeting readers in Yemen, where Iran andU.S. ally Saudi Arabia have been fighting a proxy conflict since civil war broke out in 2015; * A media outlet offering daily news and satirical cartoons in Sudan. Reuters could not reach any of its staff; * A website called Realnie Novosti, or “Real News,” for Russian readers. It offers a downloadable mobile phone app but its operator could not be traced. The news on the sites is not all fake. Authentic stories sit alongside pirated cartoons, as well as speeches from Iran’s Supreme Leader Ayatollah Ali Khamenei. The sites clearly support Iran’s government and amplify antagonism to countries opposed to Tehran – particularly Israel, Saudi Arabia and the United States. Nile Net’s “laughing stock” piece was copied from an Iranian state TV network article published earlier the same day.

Some of the sites are slapdash. The self-styled, misspelled “Yemen Press Agency” carries a running update of Saudi “crimes against Yemenis during the past 24 hours.” Emails sent to the agency’s listed contact, Arafat Shoroh, bounced back. The agency’s address and phone number led to a hotel in the Yemeni capital, Sana’a, whose staff said they had never heard of Shoroh.

The identity or location of the past owners of some of the websites is visible in historical Internet registration records: 17 of 71 sites have in the past listed their locations as Iran or Tehran, or given an Iranian telephone or fax number. But who owns them now is often hidden, and none of the Iranian-linked operators could be reached.

More than 50 of the sites use American web service providers Cloudflare and OnlineNIC – firms that provide website owners with tools to shield themselves from spam and hackers. Frequently, such services also effectively conceal who owns the sites or where they are hosted. The companies declined to tell Reuters who operates the sites.

Under U.S law, hosting and web services companies are not generally liable for the content of sites they serve, said Eric Goldman, co-director of the High Tech Law Institute at Santa Clara University. Still, since 2014, U.S. sanctions on Iran have banned “the exportation or re-exportation, directly or indirectly, of web-hosting services that are for commercial endeavors or of domain name registration services.”

Douglas Kramer, general counsel for Cloudflare, said the services it provides do not include web-hosting services. “We’ve looked at those various sanctions regimes, we are comfortable that we are not in violation,” he told Reuters.

A spokesman for OnlineNIC said none of the sites declared a connection to Iran in their registration details, and the company was in full compliance with U.S. sanctions and trade embargoes.

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) declined to comment on whether it planned an investigation.

ANOTHER WESTERN DAWN

The Kremlin is widely seen as the superpower in modern information warfare. From what is known so far, Russia’s influence operation – which Moscow denies – dwarfs Iran’s. According to Twitter, nearly 4,000 accounts connected to the Russian campaign posted over 9 million tweets between 2013 and 2018, against over 1 million tweets from fewer than 1,000 accounts believed to originate in Iran.

Even though the Iranian operation is smaller, it has had impact on volatile topics. AWDnews – the site with the focus on “unspoken truth” – ran a false story in 2016 which prompted Pakistan’s defense minister to warn on Twitter he had the weapons to nuke Israel. He only found out that the hoax was part of an Iranian operation when contacted by Reuters.

“It was a learning experience,” said the deceived politician, 69-year-old Khawaja Asif, who left Pakistan’s government earlier this year. “But one can understand that these sorts of things happen because fake news has become something huge. It’s something which anyone is capable of now, which is very dangerous.”

Israeli officials did not respond to a request for comment.

AWDnews publishes in English, French, Spanish and German and, according to data from web analytics company SimilarWeb, receives around 12,000 unique visitors a month. Among others who shared stories from AWDnews and the other websites identified by Reuters were politicians in Britain, Jordan, India, and the Netherlands; human-rights activists; an Indian music composer and a Japanese rap star.

In August 2015, an official account for a European department of the World Health Organization (WHO) tweeted an AWDnews story. Annalisa Buoro, secretary for the WHO’s European Office for Investment for Health and Development, said the person running the department’s Twitter account at the time did not know the website was part of an Iranian campaign.

She said the tweet had gone out when the account had a relatively small following, limiting the damage, but “on the other hand, I am very concerned … because as a UN agency we have a huge responsibility.”

JOBS FOR WOMEN

FireEye, a U.S. cybersecurity firm, originally named six websites as part of the Iranian influence operation. Reuters examined those sites, and their content led to the Tehran-based International Union of Virtual Media.

IUVM is an array of 11 websites with names such as iuvmpress, iuvmapp and iuvmpixel. Together, they form a library of digital material, including mobile phone apps, items from Iranian state media and pictures, video clips and stories from elsewhere on the web, which support Tehran’s policies.

Tracking usage of IUVM content across the Internet led to sites which have used its material, registration details, or both. For instance, 22 of the sites have shared the same phone number, which does not work and has also been listed for IUVM. At least seven have used the same address, which belongs to a youth hostel in Berlin. Staff at the hostel told Reuters they had never heard of the sites in question. The site operators could not be reached to explain their links with IUVM.

Two sites even posted job advertisements for IUVM, inviting applications from women with “ability to work effectively and knowledge in dealing with social networks and (the) Internet.”

DEMOLISHED HOME

One of IUVM’s most popular users is a site called Sudan Today, which SimilarWeb data shows receives almost 150,000 unique visitors each month. On Facebook, it tells its 57,000 followers that it operates without political bias. Its 18,000 followers on Twitter have included the Italian Embassy in Sudan, and its work has been cited in a report by the Egyptian Electricity Ministry.

The office address registered for Sudan Today in 2016 covers a whole city district in north Khartoum, according to archived website registration details provided by WhoisAPI Inc and DomainTools LLC. The phone number listed in those records does not work.

Reuters could not trace staff members named on Sudan Today’s Facebook page. The five-star Corinthia hotel in central Khartoum, where the site says it hosted an anniversary party last year, told Reuters no such event took place. And an address listed on one of its social media accounts is a demolished home.

Sudan used to be an Iranian ally but has changed sides to align itself with Saudi Arabia, costing Tehran a foothold in the Horn of Africa just as it becomes more isolated by the West. In that environment, Iran sees itself as competing with Israel, Saudi Arabia and the United States for international support, and is taking the fight online, said Ariane Tabatabai, a senior associate and Iran expert at the Center for Strategic and International Studies in Washington, D.C.

Headlines on Sudan Today’s homepage include a daily round-up of stories from local newspapers and Ugandan soccer results. It also features reports on bread prices – which doubled in January after Khartoum eliminated subsidies, triggering demonstrations.

Ohad Zaidenberg, senior researcher at Israeli cybersecurity firm ClearSky, said this mixture of content provides the cover for narratives geared at influencing a target audience’s attitudes and perceptions.

The site also draws attention to Saudi Arabia’s military actions in Yemen. Since Sudanese President Omar al-Bashir ended his allegiance with Iran he has sent troops and jets to join Saudi-led forces in the Yemeni conflict.

One cartoon from IUVM published by Sudan Today in August shows Donald Trump astride a military jet with an overflowing bag of dollar bills tucked under one arm. The jet is draped with traditional Saudi dress and shown dropping bombs on a bloodstained map of Yemen. The map is littered with children’s toys and shoes.

Turkish cartoonist Mikail Çiftçi drew the original. He told Reuters he did not give Sudan Today permission to use it.

Alnagi Albashra, a 28-year-old software developer in Khartoum, said he likes to read articles on Sudan Today in the evenings when waiting for his baby to fall asleep. But he and three other Sudan Today readers reached by Reuters had no idea who was behind the site.

“This is a big problem,” he said. “You can’t see that they are not in Sudan.”

Government officials in Khartoum, the White House, the Italian Embassy and the Egyptian Electricity Ministry did not respond to requests for comment.

BACKBONE

It is unclear who globally is tasked with responding to online disinformation campaigns like Iran’s, or what if any action they should take, said David Conrad, chief technology officer at ICANN, a non-profit which helps manage global web addresses.

Social media accounts can be deleted in bulk by the firms that provide the platforms. But the Iranian campaign’s backbone of websites makes it harder to dismantle than social media because taking down a website often requires the cooperation of law enforcement, Internet service providers and web infrastructure companies.

Efforts by social media companies in the United States and Europe to tackle the campaign have had mixed results.

Shortly after being contacted by Reuters, Twitter suspended the accounts for Nile Net Online and Sudan Today. “Clear attribution is very difficult,” a spokeswoman said but added that the company would continue to update a public database of tweets and accounts linked to state-backed information operations when it had new information.

Google did not respond directly to questions about the websites found by Reuters. The company has said it identified and closed 99 accounts which it says are linked to Iranian state media. “We’ve invested in robust systems to identify influence operations launched by foreign governments,” a spokeswoman said.

Facebook said it was aware of the websites found by Reuters and had removed five more Facebook pages. But a spokesman said that based on Facebook user data, the company was not yet able to link all the websites’ accounts to the Iranian activity found earlier. “In the past several months, we have removed hundreds of Pages, Groups, and accounts linked to Iranian actors engaging in coordinated inauthentic behavior. We continue to remove accounts across our services and in all relevant languages,” he said.

Accounts linked to the Iranian sites remain active online, especially in languages other than English. On Nov. 30, 16 of the Iranian sites were still posting daily updates on Facebook, Twitter, Instagram or YouTube – including Sudan Today and Nile Net Online. Between them, the social media accounts had more than 700,000 followers.

(Additional reporting by Nadine Awadalla in Cairo, Erich Knecht and Khalid Abdelaziz in Khartoum, Bozorgmehr Sharafedin Nouri and Ryan McNeill in London; Edited by Sara Ledwith)

Russia the main suspect in U.S. diplomats’ illness in Cuba: NBC

FILE PHOTO: Cuban employees enter the U.S. Embassy in Havana, Cuba, August 22, 2018. REUTERS/Stringer

WASHINGTON (Reuters) – Russia is the main suspect in U.S. agencies’ investigation of mysterious illnesses in American personnel in Cuba and China, NBC News reported on Tuesday.

Evidence from communications intercepts has pointed to Moscow’s involvement during the investigation involving the FBI, CIA and other agencies, NBC reported, citing three unidentified U.S. officials and two other people briefed on the probe.

The evidence, however, is not conclusive enough for the United States to assign blame publicly to Moscow, according to the NBC report.

The FBI said it did not have a comment on the NBC report. A U.S. government source familiar with official assessments said intelligence agencies would not confirm the report.

U.S. officials said in July that they are still investigating health problems at the U.S. Embassy in Cuba, and do not know who or what was behind the mysterious illnesses, which began in 2016 and have affected 26 Americans.

State Department spokeswoman Heather Nauert told Reuters on Tuesday, “We have made no determination on who or what is responsible for the health attacks.”

Symptoms have included hearing loss, tinnitus, vertigo, headaches and fatigue, a pattern consistent with “mild traumatic brain injury,” State Department officials have said.

The State Department said in June it brought a group of diplomats home from Guangzhou, China, over concern they were suffering from a mysterious malady resembling brain injury.

Cuban officials, who are conducting their own investigation, have denied involvement.

The United States believes sophisticated electromagnetic weapons may have been used on government workers, possibly in conjunction with other technologies, NBC reported.

The U.S. military has been trying to reverse-engineer the weapon or weapons used to harm the diplomats, including by testing various devices on animals, NBC said, citing Trump administration officials, congressional aides, and others.

Part of the work is being done at the directed energy research program at Kirtland Air Force Base in New Mexico, where the military has giant lasers and laboratories to test high-power electromagnetic weapons, including microwaves, NBC said.

(Reporting by Doina Chiacu, Lesley Wroughton, Mark Hosenball; Editing by Susan Thomas and Dan Grebler)

Exclusive: Chief U.S. spy catcher says China using LinkedIn to recruit Americans

Small toy figures are seen between displayed U.S. flag and Linkedin logo in this illustration picture, August 30, 2018. To match Exclusive LINKEDIN-CHINA/ESPIONAGE REUTERS/Dado Ruvic/Illustration

By Warren Strobel and Jonathan Landay

WASHINGTON (Reuters) – The United States’ top spy catcher said Chinese espionage agencies are using fake LinkedIn accounts to try to recruit Americans with access to government and commercial secrets, and the company should shut them down.

William Evanina, the U.S. counter-intelligence chief, told Reuters in an interview that intelligence and law enforcement officials have told LinkedIn, owned by Microsoft Corp., about China’s “super aggressive” efforts on the site.

He said the Chinese campaign includes contacting thousands of LinkedIn members at a time, but he declined to say how many fake accounts U.S. intelligence had discovered, how many Americans may have been contacted and how much success China has had in the recruitment drive.

German and British authorities have previously warned their citizens that Beijing is using LinkedIn to try to recruit them as spies. But this is the first time a U.S. official has publicly discussed the challenge in the United States and indicated it is a bigger problem than previously known.

Evanina said LinkedIn should look at copying the response of Twitter, Google and Facebook, which have all purged fake accounts allegedly linked to Iranian and Russian intelligence agencies.

“I recently saw that Twitter is cancelling, I don’t know, millions of fake accounts, and our request would be maybe LinkedIn could go ahead and be part of that,” said Evanina, who heads the U.S. National Counter-Intelligence and Security Center.

It is highly unusual for a senior U.S. intelligence official to single out an American-owned company by name and publicly recommend it take action. LinkedIn boasts 562 million users in more than 200 counties and territories, including 149 million U.S. members.

Evanina did not, however, say whether he was frustrated by LinkedIn’s response or whether he believes it has done enough.

LinkedIn’s head of trust and safety, Paul Rockwell, confirmed the company had been talking to U.S. law enforcement agencies about Chinese espionage efforts. Earlier this month, LinkedIn said it had taken down “less than 40” fake accounts whose users were attempting to contact LinkedIn members associated with unidentified political organizations. Rockwell did not say whether those were Chinese accounts.

“We are doing everything we can to identify and stop this activity,” Rockwell told Reuters. “We’ve never waited for requests to act and actively identify bad actors and remove bad accounts using information we uncover and intelligence from a variety of sources including government agencies.”

Rockwell declined to provide numbers of fake accounts associated with Chinese intelligence agencies. He said the company takes “very prompt action to restrict accounts and mitigate and stop any essential damage that can happen” but gave no details.

LinkedIn “is a victim here,” Evanina said. “I think the cautionary tale … is, ‘You are going to be like Facebook. Do you want to be where Facebook was this past spring with congressional testimony, right?'” he said, referring to lawmakers’ questioning of Facebook CEO Mark Zuckerberg on Russia’s use of Facebook to meddle in the 2016 U.S. elections.

China’s foreign ministry disputed Evanina’s allegations.

“We do not know what evidence the relevant U.S. officials you cite have to reach this conclusion. What they say is complete nonsense and has ulterior motives,” the ministry said in a statement.

EX-CIA OFFICER ENSNARED

Evanina said he was speaking out in part because of the case of Kevin Mallory, a retired CIA officer convicted in June of conspiring to commit espionage for China.

A fluent Mandarin speaker, Mallory was struggling financially when he was contacted via a LinkedIn message in February 2017 by a Chinese national posing as a headhunter, according to court records and trial evidence.

The individual, using the name Richard Yang, arranged a telephone call between Mallory and a man claiming to work at a Shanghai think tank.

During two subsequent trips to Shanghai, Mallory agreed to sell U.S. defense secrets – sent over a special cellular device he was given – even though he assessed his Chinese contacts to be intelligence officers, according to the U.S. government’s case against him. He is due to be sentenced in September and could face life in prison.

While Russia, Iran, North Korea and other nations also use LinkedIn and other platforms to identify recruitment targets, the U.S. intelligence officials said China is the most prolific and poses the biggest threat.

U.S. officials said China’s Ministry of State Security has “co-optees” – individuals who are not employed by intelligence agencies but work with them – set up fake accounts to approach potential recruits.

They said the targets include experts in fields such as supercomputing, nuclear energy, nanotechnology, semi-conductors, stealth technology, health care, hybrid grains, seeds and green energy.

Chinese intelligence uses bribery or phony business propositions in its recruitment efforts. Academics and scientists, for example, are offered payment for scholarly or professional papers and, in some cases, are later asked or pressured to pass on U.S. government or commercial secrets.

Some of those who set up fake accounts have been linked to IP addresses associated with Chinese intelligence agencies, while others have been set up by bogus companies, including some that purport to be in the executive recruiting business, said a senior U.S. intelligence official, who requested anonymity in order to discuss the matter.

The official said “some correlation” has been found between Americans targeted through LinkedIn and data hacked from the Office of Personnel Management, a U.S. government agency, in attacks in 2014 and 2015.

The hackers stole sensitive private information, such as addresses, financial and medical records, employment history and fingerprints, of more than 22 million Americans who had undergone background checks for security clearances.

The United States identified China as the leading suspect in the massive hacking, an assertion China’s foreign ministry at the time dismissed as `absurd logic.`

 

UNPARALLELED SPYING EFFORT

About 70 percent of China’s overall espionage is aimed at the U.S. private sector, rather than the government, said Joshua Skule, the head of the FBI’s intelligence division, which is charged with countering foreign espionage in the United States.

“They are conducting economic espionage at a rate that is unparalleled in our history,” he said.

Evanina said five current and former U.S. officials – including Mallory – have been charged with or convicted of spying for China in the past two and a half years.

He indicated that additional cases of suspected espionage for China by U.S. citizens are being investigated, but declined to provide details.

U.S. intelligence services are alerting current and former officials to the threat and telling them what security measures they can take to protect themselves.

Some current and former officials post significant details about their government work history online – even sometimes naming classified intelligence units that the government does not publicly acknowledge.

LinkedIn “is a very good site,” Evanina said. “But it makes for a great venue for foreign adversaries to target not only individuals in the government, formers, former CIA folks, but academics, scientists, engineers, anything they want. It’s the ultimate playground for collection.”

(Reporting by Warren Strobel and Jonathan Landay; Additional reporting by John Walcott; Editing by Kieran Murray and Ross Colvin)

Man arrested in wave of package bombs in Washington, D.C

Thanh Cong Phan, 43, is shown in this undated booking photo provided March 28, 2018. Yolo Country Sheriff's Office/Handout via REUTERS

WASHINGTON (Reuters) – A Washington state man has been arrested in connection with a series of package bombs sent to U.S. military installations and a CIA mail office in the Washington, D.C., area earlier this week, the FBI said on Tuesday.

The suspect, Thanh Cong Phan, 43, was arrested on Monday at his home in Everett, Washington, by federal agents and sheriff’s deputies, the Federal Bureau of Investigation said in a statement.

A U.S. security official said Phan had a history of writing incoherent letters to government officials and was believed to have mental problems. The official declined to be named during an ongoing investigation.

Court documents made public on Tuesday afternoon showed that Phan had been charged in U.S. District Court in Seattle with one count of shipping explosive materials.

Suspicious packages were received on Monday at mail processing sites at Fort Belvoir, Virginia; Joint Base Anacostia-Bolling, which is a Navy-Air Force facility in the District of Columbia; and Fort Lesley J. McNair in the U.S. capital, the agency said.

The packages also turned up at mail facilities at the Naval Surface Warfare Center in Dahlgren, Virginia, and the Central Intelligence Agency in Langley, Virginia. None of them detonated.

“It is possible that further packages were mailed to additional mail processing facilities in the Washington, D.C., metropolitan area,” the FBI said. The packages were being analyzed at the FBI laboratory at Quantico, Virginia.

Ashwin Cattamanchi, a federal public defender representing Phan, declined to comment when reached by phone.

Officials at Fort McNair evacuated a building after one of the packages was delivered, a spokesman said. An Army bomb squad confirmed that the package tested positive for explosive residue and determined a fuse was attached, he said.

Earlier in March in a separate incident at a U.S. military base, a man died after driving a minivan through the gate of Travis Air Force Base in California and igniting propane tanks and gasoline cans.

Several package bombs left on doorsteps and some sent from a Federal Express office detonated in Austin, Texas, leaving two people dead and others injured. The suspected bomber blew himself up as police closed in on him.

(Reporting by Mark Hosenball, Ian Simpson and Dan Whitcomb; editing by Scott Malone, Marguerita Choy and Cynthia Osterman)

Fewer Russian spies in U.S. but getting harder to track

FILE PHOTO: A sign at the gated entrance of the Consulate General of the Russian Federation in Seattle, Washington, U.S., March 26, 2018. REUTERS/Lindsey Wasson/File Photo

By Warren Strobel and John Walcott

WASHINGTON (Reuters) – The U.S. decision to expel 60 alleged spies is unlikely to cripple Russian spying in the United States because others have wormed and hacked their way into American companies, schools, and even the government, current and former U.S. officials said.

Moscow’s spy services still use the cover of embassies and consulates, as Washington does. But they also recruit Russian emigres, establish front companies, dispatch short-term travelers to the United States, recruit Americans, and penetrate computer networks, the officials said.

“Russia used to have one way of doing things. Now, Putin is – let a thousand flowers bloom,” a former senior U.S. official said in a recent interview, describing Moscow’s move to a more multifaceted approach under President Vladimir Putin, a former Soviet spy himself.

The FBI follows the movements and monitors the communications of suspected foreign spies, but the increased Russian presence and the advent of commercially available encrypted communications are an added challenge to the FBI’s counter-espionage force, said the officials, some of whom spoke on condition of anonymity to discuss the sensitive topic.

As one U.S. official put it when asked if Russian spying is a harder target: “It’s more complex now. The complexity comes in the techniques that can be used.”

While the CIA tracks foreign spies overseas and the National Security Agency monitors international communications, the FBI is responsible for spy-catching inside the United States.

The White House on Monday said it would expel 60 Russian diplomats, 12 of them at the U.N. mission, and close the Russian consulate in Seattle as part of a multi-nation response to the Kremlin’s alleged nerve agent attack on a former Russian spy in Britain.

Briefing reporters, a senior U.S. official said there were “well over” 100 Russian spies posing as diplomats in the United States before the expulsion order.

A veteran U.S. official charged with keeping tabs on Russian espionage said the administration downplayed the number of suspected Russian spies working under diplomatic cover to avoid giving the Russians a clearer picture of how many people are under surveillance.

The actual number varies over time, but “it averages more like 150 or so,” the official said.

“We’ve got a very, very, very good counter-intelligence apparatus,” said Robert Litt, a former general counsel for the U.S. Director of National Intelligence. “There are a lot of people in the FBI whose job it is to track these people – and they’re very good at it.”

TAKES TEN TO TANGO

Still, it can take 10 or more U.S. trained FBI and local law enforcement officers to keep tabs on one trained spy for a 24-hour period – covering back entrances to buildings and multiple elevators, and being alert for changes in clothes, cars and even hairpieces, the same official said.

One Russian tactic is sending a large number of people, including just one or two intelligence officers, streaming out of a diplomatic mission at once, making it harder for the FBI to decide whom to follow, said a former U.S. intelligence officer, also speaking on the condition of anonymity.

Microsoft Corp. was one target of the Russian espionage operation in Seattle, U.S. officials familiar with the expulsions said. One goal was identifying targets for recruitment in the company’s coding operations because the company’s products are used in so many applications, they said.

Microsoft declined comment.

In 2010, Alexey Karetnikov, a 23-year-old Russian spy who had worked at testing computer code in Microsoft’s Richmond, Wash., headquarters, was deported by an immigration judge.

Several of the officials traced the Kremlin’s more aggressive spying approach to Putin’s 2012 return to the presidency, and Moscow’s 2014 seizure of Crimea and intervention in eastern Ukraine.

“We observed a commensurate uptick in Russian intelligence and espionage activity in the U.S. and across Europe, although few analysts connected the dots,” said Heather Conley, a former State Department official now at the Center for Strategic and International Studies think tank.

Michael Rochford, a former FBI chief for espionage, said the mass expulsion of suspected spies posing as diplomats will affect Russia’s security services and dent morale at their Moscow headquarters.

After past expulsions, he said, Russian spies have handed their operations over to officers who remain behind, or to “illegals” – long-term agents with no demonstrable connections to the Russian government.

The risk, he said, is that when Moscow replaces the expelled personnel, it will not be clear who the new spies are.

“Sometimes it’s better to know who they are and follow them,” he said.

(Additional reporting by Jonathan Landay; Editing by Mary Milliken and James Dalgleish)

CIA director expects Russia will try to target U.S. mid-term elections

CIA Director Mike Pompeo delivers remarks at "Intelligence Beyond 2018," a forum hosted by the American Enterprise Institute for Public Policy Research, in Washington, U.S., January 23, 2018.

LONDON (Reuters) – CIA Director Mike Pompeo said Russia will target U.S. mid-term elections later this year as part of the Kremlin’s attempt to influence domestic politics across the West, and warned the world had to do more to push back against Chinese meddling.

Russia has been accused of meddling in the 2016 U.S. presidential election and Special Counsel Robert Mueller is investigating the allegations, which Moscow denies, and whether there was any collusion involving President Donald Trump’s associates.

In an interview with the BBC aired on Tuesday, U.S. intelligence chief Pompeo said Russia had a long history of information campaigns and said its threat would not go away.

Asked if Russia would try to influence the mid-term elections, he said: “Of course. I have every expectation that they will continue to try and do that.

“But I am confident that America will be able to have a free and fair election. That we’ll push back in a way that is sufficiently robust that the impact they have on our election won’t be great.”

He also said the Chinese posed a threat of equal concern, and were “very active” with a world class cyber capability.

“We can watch very focused efforts to steal American information, to infiltrate the United States with spies, with people who are going to work on behalf of the Chinese government against America,” he said.

“We see it in our schools, in our hospitals and medical systems, we see it throughout corporate America. These efforts we have to all be more focused on. We have to do better at pushing back against Chinese efforts to covertly influence the world.”

GLOBAL INFLUENCE

The Kremlin, which under Vladimir Putin has clawed back some of the global influence lost when the Soviet Union collapsed, has denied meddling in elections in the West. It says anti-Russian hysteria is sweeping through the United States and Europe.

In the interview, Pompeo also repeated his message that North Korea was close to developing missiles which could be used in a nuclear attack on the United States.

“I think that we collectively, the United States and our intelligence partners around the world, have developed a pretty clear understanding of (North Korean leader) Kim Jong Un’s capability,” he said.

“We talk about him having the ability to deliver a nuclear weapon to the United States in a matter of a handful of months.”

The CIA chief defended Trump over accusations from a book which suggested the president was unfocused, unprepared and unfit for his office.

“It’s absurd, the claim that the president isn’t engaged and doesn’t have a grasp on these important issues is dangerous and false,” Pompeo said.

Asked if Trump’s use of Twitter posed any national security issues, he said: “Hasn’t caused us any trouble.”

He added: “We deliver nearly every day, personally, to the president the most exquisite truth that we know from the CIA. Whatever the facts may be we deliver them unvarnished as accurately and as forcefully as we can.”

(Reporting by Guy Faulconbridge, editing by Michael Holden and Janet Lawrence)

Trump releases some JFK files, blocks others under pressure

Trump releases some JFK files, blocks others under pressure

By Steve Holland and Jeff Mason

WASHINGTON (Reuters) – U.S. President Donald Trump on Thursday ordered the unveiling of 2,800 documents related to the 1963 assassination of President John F. Kennedy but yielded to pressure from the FBI and CIA to block the release of other records to be reviewed further.

Congress had ordered in 1992 that all remaining sealed files pertaining to the investigation into Kennedy’s death should be fully opened to the public through the National Archives in 25 years, by Oct. 26, 2017, except for those the president authorized for further withholding.

Trump had confirmed on Saturday that he would allow for the release of the final batch of once-classified records, amounting to tens of thousands of pages, “subject to the receipt of further information.”

But as the deadline neared, the administration decided at the last minute to stagger the final release over the next 180 days while government agencies studied whether any documents should stay sealed or redacted.

The law allows the president to keep material under wraps if it is determined that harm to intelligence operations, national defense, law enforcement or the conduct of foreign relations would outweigh the public’s interest in full disclosure.

More than 2,800 uncensored documents were posted immediately to the National Archives website on Thursday evening – a staggering, disparate cache that news outlets began poring through seeking new insights into a tragedy that has been endlessly dissected for decades by investigators, scholars and conspiracy theorists.

The rest will be released “on a rolling basis,” with “redactions in only the rarest of circumstances,” by the end of the review on April 26, 2018, the White House said in a statement.

In a memo to government agency heads, Trump said the American people deserved as much access as possible to the records.

“Therefore, I am ordering today that the veil finally be lifted,” he wrote, adding that he had no choice but to accept the requested redactions for now.

A Central Intelligence Agency spokesman told Reuters that every single one of approximately 18,000 remaining CIA records in the collection would ultimately be released, with just 1 percent of the material left redacted.

CIA Director Mike Pompeo was a lead advocate in arguing to the White House for keeping some materials secret, one senior administration official said.

While Kennedy was killed over half a century ago, the document file included material from investigations during the 1970s through the 1990s. Intelligence and law enforcement officials argued their release could thus put at risk some more recent “law enforcement equities” and other materials that still have relevance, the official said.

Trump was resistant but “acceded to it with deep insistence that this stuff is going to be reviewed and released in the next six months,” the official added.

QUELLING CONSPIRACY THEORIES?

Academics who have studied Kennedy’s slaying on Nov. 22, 1963, said they expected nothing in the final batch of files would alter the official conclusion of investigators that Lee Harvey Oswald was the lone assassin who fired on the president’s open limousine that day in Dallas from an upper window of the Texas Book Depository building overlooking the motorcade route.

They likewise anticipated that the latest releases would do little to quell long-held conspiracy theories that the 46-year-old Democratic president’s killing was organized by the Mafia, by Cuba, or a cabal of rogue agents.

Of the roughly 5 million pages of JFK assassination-related records held by the National Archives, 88 percent have been available to the public without restriction since the late 1990s, and 11 percent more have been released with sensitive portions redacted. Only about 1 percent have remain withheld in full, according to the National Archives.

Thousands of books, articles, TV shows and films have explored the idea that Kennedy’s assassination was the result of an elaborate conspiracy. None have produced conclusive proof that Oswald, who was fatally shot by a nightclub owner two days after killing Kennedy, worked with anyone else, although they retain a powerful cultural currency.

“My students are really skeptical that Oswald was the lone assassin,” said Patrick Maney, a professor of history at Boston College. “It’s hard to get our minds around this, that someone like a loner, a loser, could on his own have murdered Kennedy and changed the course of world history. But that’s where the evidence is.”

Kennedy’s assassination was the first in a string of politically motivated killings, including those of his brother Robert F. Kennedy and civil rights leader Martin Luther King Jr., that stunned the United States during the turbulent 1960s. He remains one of the most admired U.S. presidents.

(Additional reporting by Mark Hosenball in Washington and Scott Malone in Boston; Editing by Peter Cooney and Michael Perry)

Exclusive: U.S. widens surveillance to include ‘homegrown violent extremists’ – documents

Exclusive: U.S. widens surveillance to include 'homegrown violent extremists' - documents

By Dustin Volz

WASHINGTON (Reuters) – The U.S. government has broadened an interpretation of which citizens can be subject to physical or digital surveillance to include “homegrown violent extremists,” according to official documents seen by Reuters.

The change last year to a Department of Defense manual on procedures governing its intelligence activities was made possible by a decades-old presidential executive order, bypassing congressional and court review.

The new manual, released in August 2016, now permits the collection of information about Americans for counterintelligence purposes “when no specific connection to foreign terrorist(s) has been established,” according to training slides created last year by the Air Force Office of Special Investigations (AFOSI).

The slides were obtained by Human Rights Watch through a Freedom of Information Act request about the use of federal surveillance laws for counter-drug or immigration purposes and shared exclusively with Reuters.

The Air Force and the Department of Defense told Reuters that the documents are authentic.

The slides list the shooting attacks in San Bernardino, California, in December 2015 and Orlando, Florida, in June 2016 as examples that would fall under the “homegrown violent extremist” category. The shooters had declared fealty to Islamic State shortly before or during the attacks, but investigators found no actual links to the organization that has carried out shootings and bombings of civilians worldwide.

Michael Mahar, the Department of Defense’s senior intelligence oversight official, said in an interview that AFOSI and other military counterintelligence agencies are allowed to investigate both active duty and U.S. civilian personnel as long as there is a potential case connected to the military. Investigations of civilians are carried out cooperatively with the Federal Bureau of Investigation, Mahar said.

Executive order 12333, signed by former President Ronald Reagan in 1981 and later modified by former President George W. Bush, establishes how U.S. intelligence agencies such as the CIA are allowed to pursue foreign intelligence investigations. The order also allows surveillance of U.S. citizens in certain cases, including for activities defined as counterintelligence.

Under the previous Defense Department manual’s definition of counterintelligence activity, which was published in 1982, the U.S. government was required to demonstrate a target was working on behalf of the goals of a foreign power or terrorist group.

It was not clear what practical effect the expanded definition might have on how the U.S. government gathers intelligence. One of the Air Force slides described the updated interpretation as among several “key changes.”

‘CLOAK OF DARKNESS’

However, some former U.S. national security officials, who generally support giving agents more counterterrorism tools but declined to be quoted, said the change appeared to be a minor adjustment that was unlikely to significantly impact intelligence gathering.

Some privacy and civil liberties advocates who have seen the training slides disagreed, saying they were alarmed by the change because it could increase the number of U.S. citizens who can be monitored under an executive order that lacks sufficient oversight.

“What happens under 12333 takes place under a cloak of darkness,” said Sarah St. Vincent, a surveillance researcher with Human Rights Watch who first obtained the documents. “We have enormous programs potentially affecting people in the United States and abroad, and we would never know about these changes” without the documents, she said.

The National Security Act, a federal law adopted 70 years ago, states that Congress must be kept informed about significant intelligence activities. But the law leaves the interpretation of that to the executive branch.

The updated interpretation was motivated by recognition that some people who may pose a security threat do not have specific ties to a group such as Islamic State or Boko Haram, Mahar at the Defense Department said.

“The internet and social media has made it easier for terrorist groups to radicalize followers without establishing direct contact,” Mahar said.

“We felt that we needed the flexibility to target those individuals,” he said.

In August 2016, during the final months of former President Barack Obama’s administration, a Pentagon press release announced that the department had updated its intelligence collecting procedures but it made no specific reference to “homegrown violent extremists.”

The revision was signed off by the Department of Justice’s senior leadership, including the attorney general, and reviewed by the Privacy and Civil Liberties Oversight Board, a government privacy watchdog.

Mahar said that “homegrown violent extremist,” while listed in the Air Force training slide, is not an official phrase used by the Defense Department. It does not have a specific list of traits or behaviors that would qualify someone for monitoring under the new definition, Mahar said.

Hunches or intuition are not enough to trigger intelligence gathering, Mahar said, adding that a “reasonable belief” that a target may be advancing the goals of an international terrorist group to harm the United States is required.

The updated Defense Department manual refers to any target “reasonably believed to be acting for, or in furtherance of, the goals or objectives of an international terrorist or international terrorist organization, for purposes harmful to the national security of the United States.”

Mahar said that in counterterrorism investigations, federal surveillance laws, including the Foreign Intelligence Surveillance Act, continue to govern electronic surveillance in addition to the limitations detailed in his department’s manual.

(Reporting by Dustin Volz; editing by Grant McCool)

Trump ends CIA arms support for anti-Assad Syria rebels: U.S. officials

A Free Syrian Army fighter carries weapons as he walks past damaged buildings in a rebel-held part of the southern city of Deraa, Syria July 9, 2017. REUTERS/Alaa Al-Faqir

By John Walcott

WASHINGTON (Reuters) – The Trump administration has decided to halt the CIA’s covert program to equip and train certain rebel groups fighting the government of Syrian President Bashar al-Assad, two U.S. officials said, a move sought by Assad ally Russia.

The U.S. decision, said one of the officials, is part of an effort by the administration to improve relations with Russia, which along with Iranian-supported groups has largely succeeded in preserving Assad’s government in the six-year-civil war.

The CIA program began in 2013 as part of efforts by the administration of then-President Barack Obama to overthrow Assad, but produced little success, said the officials, both of whom are familiar with the program and spoke on the condition of anonymity.

The Washington Post was first to report the program’s suspension on Wednesday. White House spokeswoman Sarah Sanders declined to comment on the topic at the White House briefing.

The CIA also declined to comment.

The decision was made with National Security Adviser H.R. McMaster and CIA Director Mike Pompeo after they consulted with lower ranking officials and before Trump’s July 7 meeting with Russian President Vladimir Putin at the G-20 summit in Germany. It was not part of U.S.-Russian negotiations on a ceasefire in southwestern Syria, the two officials said.

One of the officials said the United States was not making a major concession, given Assad’s grip on power, although not on all of Syria, “but it’s a signal to Putin that the administration wants to improve ties to Russia.”

Trump is under intense scrutiny by Congress and a special counsel investigating Russian interference in the 2016 presidential election and whether Trump’s campaign had ties to the activity. Russia has denied U.S. intelligence agencies’ allegations of Moscow meddling, and Trump has denied collusion between his campaign and Russians.

A downside of the CIA program, one of the officials said, is that some armed and trained rebels defected to Islamic State and other radical groups, and some members of the previous administration favored abandoning the program.

Before assuming office in January, Trump suggested he could end support for Free Syrian Army groups and give priority to the fight against Islamic State.

A separate effort by the U.S. military effort to train, arm and support other Syrian rebel groups with air strikes and other actions will continue, the officials said.

However, aside from air strikes after the Syrian military launched a chemical weapons attack, the Trump administration has not increased military support from the limits set by the Obama administration.

(Reporting by John Walcott; additional reporting by Ayesha Rascoe; Editing by Yara Bayoumy and Grant McCool)