Ex-U.S. marine held in Russia for spying was misled, says lawyer

Former U.S. marine Paul Whelan, who was detained by Russia's FSB security service on suspicion of spying, looks out of a defendants' cage before a court hearing in Moscow, Russia January 22, 2019. REUTERS/Maxim Shemetov

By Andrew Osborn and Tom Balmforth

MOSCOW (Reuters) – The lawyer for a former U.S. Marine accused of spying by Russia said on Tuesday that his client had been misled before his arrest and believed that a thumb drive handed to him in a hotel room had contained holiday snaps rather than secret information.

Russia’s Federal Security Service detained Paul Whelan, who holds U.S., British, Canadian and Irish passports, in a Moscow hotel room on Dec. 28.

Whelan appeared in a Moscow court on Tuesday, where a judge rejected a release on bail. If found guilty of espionage, he could be jailed for up to 20 years.

Whelan, who denies the charges, was detained after receiving a thumb drive containing a list of all the employees of a secret Russian state agency, the Russian online news portal Rosbalt.ru reported this month.

Rosbalt cited an unnamed Russian intelligence source as saying that Whelan had been spying for 10 years, using the internet to identify targets from whom he could obtain information and that the list he was caught with had long been of interest to U.S. spies.

Russian Foreign Minister Sergei Lavrov appeared to support that version of events, later telling reporters Whelan had been “caught red-handed” carrying out “specific illegal actions” in his hotel room.

But Vladimir Zherebenkov, Whelan’s lawyer, said on Tuesday that his client had accepted the information unknowingly.

“Paul was actually meant to receive information from an individual that was not classified,” Zherebenkov told reporters.

“These were cultural things, a trip to a cathedral, Paul’s holiday … photographs. But as it turned out, it (the thumb drive) contained classified information.”

The lawyer said Whelan had not been able to see what was on the thumb drive because he had been detained before he had a chance to do so.

Wearing a blue shirt and dark trousers, he looked calm but somber as he stood inside a glass cage in the courtroom.

The hearing was closed to reporters, but his lawyer said afterward that Whelan had made a 15-minute speech rejecting the allegations against him in detail.

The lawyer declined to clarify if Whelan had known the individual who handed him the information.

He said Whelan had been experiencing some minor health problems in custody and was receiving treatment.

Whelan’s family have said he is innocent and was in Moscow to attend a wedding.

(Additional reporting by Katya Golubkova; Writing by Andrew Osborn; Editing by Christian Lowe and Kevin Liffey)

Retired U.S. Marine held in Russia for spying is innocent: family

Paul Whelan, a U.S. citizen detained in Russia for suspected spying, appears in a photo provided by the Whelan family on January 1, 2019. Courtesy Whelan Family/Handout via REUTERS

By Gabrielle T’trault-Farber and Barbara Goldberg

MOSCOW/NEW YORK (Reuters) – A retired U.S. Marine who has been detained by Russia for alleged spying was visiting Moscow for the wedding of a former fellow marine and is innocent of the espionage charges against him, his family said.

Paul Whelan had been staying with the wedding party at Moscow’s Metropol hotel when he went missing, his brother, David, said.

“His innocence is undoubted and we trust that his rights will be respected,” Whelan’s family said in a statement released on Twitter on Tuesday.

Russia’s FSB state security service said Whelan had been detained on Friday, but it gave no details of his alleged espionage activities. Espionage can carry a prison sentence of between 10 and 20 years under Russian law.

A U.S. State Department representative said Russia had notified it that a U.S. citizen had been detained and it expected Moscow to allow consular access to him.

“Russia’s obligations under the Vienna Convention require them to provide consular access. We have requested this access and expect Russian authorities to provide it,” the representative said, without providing details of the American’s identity or the reasons behind his detention.

David Whelan told CNN that his brother, who had served in Iraq, has been to Russia many times in the past for both work and personal trips, and had been serving as a tour guide for some of the wedding guests. He apparently disappeared on Friday and his friends filed a missing persons report in Moscow, his brother said.

David Whelan told the news channel that the family was relieved at first when they heard he was in custody.

“It’s knowing that he’s not dead, it weirdly really helps,” he said.

He declined to comment on his brother’s work status at the time of his arrest and whether his brother lived in Novi, Michigan, as address records indicate.

BorgWarner, a Michigan-based automotive parts supplier, said Whelan is the “company’s director, global security. He is responsible for overseeing security at our facilities in Auburn Hills, Michigan and at other company locations around the world.”

BUTINA CASE

Daniel Hoffman, a former CIA Moscow station chief, said it was “possible, even likely” that Russian President Vladimir Putin had ordered Whelan’s arrest to set up an exchange for Maria Butina, a Russian citizen who pleaded guilty on Dec. 13 to acting as an agent tasked with influencing U.S. conservative groups.

Russia says Butina was forced to make a false confession about being a Russian agent.

Putin’s aim was “to make us feel some pain and his family to feel some pain. That’s their (Moscow’s) pressure point,” Hoffman told Reuters.

“Putin knows there will be a lot of public square pressure to get this guy out,” he said.

Putin told U.S. President Donald Trump in a letter on Sunday that Moscow was ready for dialogue on a “wide-ranging agenda,” the Kremlin said following a series of failed attempts to hold a new summit.

At the end of November, Trump abruptly canceled a planned meeting with Putin on the sidelines of a G20 summit in Argentina, citing tensions about Russian forces opening fire on Ukrainian navy boats and then seizing them.

Trump’s relations with Putin have been under a microscope as a result of U.S. Special Counsel Robert Mueller’s investigation into alleged Russian meddling in the 2016 U.S. election and possible collusion with the Trump campaign.

Moscow has denied intervening in the election and Trump has branded Mueller’s probe as a witch hunt.

Russia’s relations with the United States plummeted when Moscow annexed the Crimean peninsula from Ukraine in 2014, and Washington and Western allies have imposed a broad range of sanctions on Russian officials, companies and banks.

(Reporting by Barbara Goldberg in New YorkAdditional reporting by Jonathan Landay in Washington and Rich McKay in Atlanta, Editing by Bill Tarrant, Paul Simao, Richard Balmforth)

U.S., allies to condemn China for economic espionage, charge hackers: source

FILE PHOTO: U.S. President Donald Trump takes part in a welcoming ceremony with China's President Xi Jinping at the Great Hall of the People in Beijing, China, November 9, 2017. REUTERS/Damir Sagolj/File Photo

WASHINGTON (Reuters) – The United States and about a dozen allies are expected on Thursday to condemn China for efforts to steal other countries’ trade secrets and technologies and to compromise government computers, according to a person familiar with the matter.

Australia, Britain, Canada, Japan, the Netherlands, New Zealand and Sweden are expected to be involved in the U.S. effort, according to the source, who spoke on condition of anonymity.

The U.S. Justice Department also is expected later on Thursday to unveil criminal charges against hackers affiliated with China’s main intelligence service for an alleged cyber-spying campaign targeting U.S. and other countries’ networks, according to the source.

The Washington Post first reported the coming action on Thursday.

The suspected hackers are expected to be charged with spying on some of the world’s largest companies by hacking into technology firms to which they outsource email, storage and other computing tasks. The attacks began as early as 2017.

Cloudhopper is considered a major cyber threat by private-sector cybersecurity researchers and government investigators because of the scale of the intrusions.

Over the past several years, as companies around the globe have sought to cut down information technology spending, they have increasingly relied on outside contractors to store and transfer their data.

When a managed service provider is hacked, it can unintentionally provide attackers access to secondary victims who are customers of that company and have their computer systems connected to them, according to experts.

The timing of the action may further escalate tensions between Washington and Beijing after the arrest of Meng Wanzhou, the chief financial officer of Chinese telecommunications giant Huawei Technologies, in Canada at the request of the United States.

The action also comes just weeks after the United States and China agreed to talks aimed at resolving an ongoing trade dispute that threatens global economic growth.

(Reporting by Diane Bartz, Lisa Lambert and Susan Heavey; Editing by Will Dunham)

France accuses Russia of spying on military from space

French Defence minister Florence Parly and her Finnish counterpart Jussi Niinisto (not pictured) during a joint news conference in Helsinki, Finland, August 23, 2018. Lehtikuva/Vesa Moilanen/via REUTERS

TOULOUSE, France (Reuters) – Russia attempted to intercept transmissions from a Franco-Italian satellite used by both nations’ armies for secure communications, French Defence Minister Florence Parly said on Friday, describing the move as an “act of espionage”.

In a speech outlining France’s space policy for the coming years, Parly said the Russian satellite Louch-Olymp had approached the Athena-Fidus satellite in 2017.

Parly said it came so close “that anyone would have thought it was attempting to intercept our communications.” She added: “Attempting to listen to your neighbors is not only unfriendly, it’s an act of espionage.

The minister’s remarks come a week after President Emmanuel Macron urged the European Union to modernize its post-Cold War ties with Moscow despite tensions with the West, including over allegations of meddling in foreign elections.

Built by Thales Alenia Space, the satellite provides secure communications to the French and Italian armed forces and emergency services.

Parly described the Russian efforts as a “little Star Wars” and said measures were taken immediately to prevent sensitive communications being compromised. The Louch-Olymp had since targeted other satellites, she added.

“We are in danger. Our communications, our military exercises, our daily lives are in danger if we do not react,” Parly said, emphasizing that Paris would complete a strategic space defense plan by the end of the year.

U.S. President Donald Trump’s administration in August announced an ambitious plan to usher in a new “Space Force” as the sixth branch of the U.S. military by 2020.

It would be responsible for a range of space-based U.S. military capabilities, which include everything from satellites enabling the Global Positioning System (GPS) to sensors that help track missile launches.

“I have heard many people mock the announcement of the creation of an American Space Force. I am not one of them… all I see is an extremely powerful sign, a sign of future confrontations,” Parly said.

(Editing by Johanna Decorse; writing by John Irish; editing by Richard Lough)

Cyber firms, Ukraine warn of planned Russian attack

Power lines are seen near the Trypillian thermal power plant in Kiev region, Ukraine November 23, 2017. REUTERS/Valentyn Ogirenko

By Jim Finkle and Pavel Polityuk

TORONTO/KIEV (Reuters) – Cisco Systems Inc warned on Wednesday that hackers have infected at least 500,000 routers and storage devices in dozens of countries with sophisticated malicious software – activity Ukraine said was preparation for a future Russian cyber attack.

Cisco’s Talos cyber intelligence unit has high confidence that the Russian government is behind the campaign, according to Cisco researcher Craig Williams, because the hacking software shares code with malware used in previous cyber attacks that the U.S. government has attributed to Moscow.

Ukraine’s SBU state security service said the activity showed Russia was readying a large-scale cyber attack against Ukraine ahead of the Champions League soccer final, due to be held in Kiev on Saturday.

“Security Service experts believe the infection of hardware on the territory of Ukraine is preparation for another act of cyber-aggression by the Russian Federation aimed at destabilizing the situation during the Champions League final,” it said in a statement after Cisco’s findings were released.

Russia has previously denied assertions by Ukraine, the United States, other nations and Western cyber-security firms that it is behind a massive global hacking program, which has included attempts to harm Ukraine’s economy and interfering in the 2016 U.S. presidential election.

The Kremlin did not immediately respond to a request for comment submitted by Reuters on Wednesday.

Cisco said the new malware, dubbed VPNFilter, could be used for espionage, to interfere with internet communications or launch destructive attacks on Ukraine, which has previously blamed Russia for massive hacks that took out parts of its energy grid and shuttered factories.

“With a network like this you could do anything,” Williams told Reuters.

CONSTITUTION DAY ATTACK

The warning about the malware – which includes a module that targets industrial networks like ones that operate the electric grid – will be amplified by alerts from members of the Cyber Threat Alliance (CTA), a nonprofit group that promotes the fast exchange of data on new threats between rivals in the cyber security industry.

Members include Cisco, Check Point Software Technologies Ltd, Fortinet Inc, Palo Alto Networks Inc, Sophos Group Plc  and Symantec Corp.

“We should be taking this pretty seriously,” CTA Chief Executive Officer Michael Daniel said in an interview.

The devices infected with VPNFilter are scattered across at least 54 countries, but Cisco determined the hackers are targeting Ukraine following a surge in infections in that country on May 8, Williams told Reuters.

Researchers decided to go public with what they know about the campaign because they feared the surge in Ukraine, which has the largest number of infections, meant Moscow is poised to launch an attack there next month, possibly around the time the country celebrates Constitution Day on June 28, Williams said.

Some of the biggest cyber attacks on Ukraine have been launched on holidays or the days leading up to them.

They include the June 2017 “NotPetya” attack that disabled computer systems in Ukraine before spreading around the globe, as well as hacks on the nation’s power grid in 2015 and 2016 that hit shortly before Christmas.

VPNFilter gives hackers remote access to infected machines, which they can use for spying, launching attacks on other computers or downloading additional types of malware, Williams said.

The researchers discovered one malware module that targets industrial computers, such as ones used in electric grids, other infrastructure and in factories. It infects and monitors network traffic, looking for login credentials that a hacker can use to seize control of industrial processes, Williams said.

The malware also includes an auto-destruct feature that hackers can use to delete the malware and other software on infected devices, making them inoperable, he said.

(Writing by Jim Finkle and Jack Stubbs; Editing by Mark Heinrich)

Lesser-known North Korea cyber-spy group goes international: report

Binary code is seen on a screen against a North Korean flag in this illustration photo November 1, 2017. REUTERS/Thomas White/Illustration

By Eric Auchard

FRANKFURT (Reuters) – A North Korean cyber espionage group previously known only for targeting South Korea’s government and private sector deepened its sophistication and hit further afield including in Japan and the Middle East in 2017, security researchers said on Tuesday.

Cyber attacks linked by experts to North Korea have targeted aerospace, telecommunications and financial companies in recent years, disrupting networks and businesses around the world. North Korea rejects accusations it has been involved in hacking.

U.S. cyber security firm FireEye said the state-connected Reaper hacking organization, which it dubbed APT37, had previously operated in the shadows of Lazarus Group, a better-known North Korean spying and cybercrime group widely blamed for the 2014 Sony Pictures and 2017 global WannaCry attacks.

APT37 had spied on South Korean targets since at least 2012 but has been observed to have expanded its scope and sophistication to hit targets in Japan, Vietnam and the Middle East only in the last year, FireEye said in a report.

The reappraisal came after researchers found that the spy group showed itself capable of rapidly exploiting multiple “zero-day” bugs – previously unknown software glitches that leave security firms no time to defend against attacks, John Hultquist, FireEye’s director of intelligence analysis said.

“Our concern is that their (international) brief may be expanding, along with their sophistication,” Hultquist said.

“We believe this is a big thing”.

APT37 has focused on covert intelligence gathering for North Korea, rather than destructive attacks or financial cyber crime, as Lazarus Group and other similar hacking groups have been shown to engage in order to raise funds for the regime, it said.

The group appears to be connected to attack groups previously described as ScarCruft by security researchers at Kaspersky and Group123 by Cisco’s Talos unit, FireEye said.

“We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artefacts and targeting that aligns with North Korean state interests,” the security report said.

From 2014 until 2017, APT37 concentrated mainly on South Korean government, military, defense industrial organizations and the media sector, as well as targeting North Korean defectors and human rights groups, the report said.

Since last year, its focus has expanded to include an organization in Japan associated with the United Nations missions on human rights and sanctions against the regime and the director of a Vietnamese trade and transport firm.

Its spy targets included a Middle Eastern financial company as well as an unnamed mobile network operator, which FireEye said had provided mobile phone service in North Korea until business dealings with the government fell apart.

FireEye declined to name the firm involved, but Egypt’s Orascom <OTMT.CA> provided 3G phone service in the country via a joint venture from 2002 to 2015, until the North Korean regime seized control of the venture, according to media reports.

Asked for comment, a spokeswoman for Orascom said she had no immediate knowledge of the matter and was looking into it.

(Reporting by Eric Auchard, and Nadine Awadalla in Cairo, Editing by William Maclean)

Germany tells Turkey not to spy on Turks living on its soil

Turkish voters living in Germany wait to cast their ballots on the constitutional referendum at the Turkish consulate in Berlin, Germany, March 27, 2017. REUTERS/Fabrizio Bensch

By Madeline Chambers

BERLIN (Reuters) – Germany will not tolerate foreign espionage on its territory, the interior minister said on Tuesday, in a robust response to media reports that Turkish secret services were spying on supporters of the Gulen movement in Germany.

Fethullah Gulen, a U.S-based Muslim cleric with a large following in Turkey, is accused by Ankara of orchestrating a failed military coup last July. Ankara has purged state institutions, schools and universities and the media of tens of thousands of suspected supporters of the cleric.

The media reports of Turkish espionage in Germany have deepened a rift between the NATO allies in the run-up to a referendum next month in Turkey that proposes to significantly expand the powers of President Tayyip Erdogan.

The Sueddeutsche Zeitung newspaper and two broadcasters reported that Turkey’s National Intelligence Agency had given Germany’s foreign intelligence service a list of names of hundreds of supposed Gulen supporters living in Germany.

Interior Minster Thomas de Maiziere, speaking in Passau in southern Germany, said he was not surprised by the report and added that the lists would be looked at individually.

“We have told Turkey several times that such (activity) is not acceptable,” he said. “Regardless of what you think of the Gulen movement, German law applies here and citizens who live here won’t be spied on by foreign states,” he said.

The reports said the list included the names of more than 300 people and more than 200 associations, schools and other institutions and a German investigation indicated some of the photos may have been taken secretly.

WARNING

The northern state of Lower Saxony even said it was warning suspected Gulen movement supporters about possible reprisals if they traveled to their homeland.

“I think that is a justified and necessary measure to be able to warn people,” said state interior minister Boris Pistorius. “The intensity and ruthlessness being (used) on people living on foreign soil is remarkable.”

Concerns about Turkish spying are not confined to Germany.

Swedish public service radio broadcaster SR reported that Turkey’s ruling AK Party was putting pressure, via the Union of European Turkish Democrats, on Swedish Gulen supporters to supply information about fellow Gulen supporters in the country.

Germany is already investigating possible spying by Turkish imams in Germany.. A spokesman for the chief federal prosecutor’s office said that probe continued.

German politicians, including Chancellor Angela Merkel, are angry about Erdogan’s repeated comparisons of their country to Nazi Germany in response to cancellations of planned campaign events targeting the Turkish diaspora in Germany. Germany says the cancellations were prompted by security concerns.

The speaker of the Bundestag lower house of parliament said in a speech late on Monday that Turkey was turning into an authoritarian system and that its president was effectively staging a coup against his own country.

Norbert Lammert, a member of Merkel’s conservatives, said the referendum was about “transforming an undoubtedly fragile but democratic system into an authoritarian system – and this second coup attempt may well be successful”.

(Reporting by Madeline Chambers, Reuters TV, Andrea Shalal, Hans-Edzard Busemann and Daniel Dixon in Stockholm; Writing by Madeline Chambers; Editing by Gareth Jones)

Fed records show dozens of cybersecurity breaches

The Federal Reserve building in Washington

By Jason Lange and Dustin Volz

WASHINGTON (Reuters) – The U.S. Federal Reserve detected more than 50 cyber breaches between 2011 and 2015, with several incidents described internally as “espionage,” according to Fed records.

The central bank’s staff suspected hackers or spies in many of the incidents, the records show. The Fed’s computer systems play a critical role in global banking and hold confidential information on discussions about monetary policy that drives financial markets.

The cybersecurity reports, obtained by Reuters through a Freedom of Information Act request, were heavily redacted by Fed officials to keep secret the central bank’s security procedures.

The Fed declined to comment, and the redacted records do not say who hacked the bank’s systems or whether they accessed sensitive information or stole money.

“Hacking is a major threat to the stability of the financial system. This data shows why,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, a Washington think tank. Lewis reviewed the files at the request of Reuters.

For a graphic on the Fed security breaches, see: http://tmsnrt.rs/1TxSu8R

The records represent only a slice of all cyber attacks on the Fed because they include only cases involving the Washington-based Board of Governors, a federal agency that is subject to public records laws. Reuters did not have access to reports by local cybersecurity teams at the central bank’s 12 privately owned regional branches.

The disclosure of breaches at the Fed comes at a time when cybersecurity at central banks worldwide is under scrutiny after hackers stole $81 million from a Bank Bangladesh account at the New York Fed.

Cyber thieves have targeted large financial institutions around the world, including America’s largest bank JPMorgan, as well as smaller players like Ecuador’s Banco del Austro and Vietnam’s Tien Phong Bank.

Hacking attempts were cited in 140 of the 310 reports provided by the Fed’s board. In some reports, the incidents were not classified in any way.

In eight information breaches between 2011 and 2013 – a time when the Fed’s trading desk was buying massive amounts of bonds – Fed staff wrote that the cases involved “malicious code,” referring to software used by hackers.

Four hacking incidents in 2012 were considered acts of “espionage,” according to the records. Information was disclosed in at least two of those incidents, according to the records. In the other two incidents, the records did not indicate whether there was a breach.

In all, the Fed’s national team of cybersecurity experts, which operates mostly out of New Jersey, identified 51 cases of “information disclosure” involving the Fed’s board. Separate reports showed a local team at the board registered four such incidents.

The cases of information disclosure can refer to a range of ways unauthorized people see Fed information, from hacking attacks to Fed emails sent to the wrong recipients, according to two former Fed cybersecurity staffers who spoke on condition of anonymity.

The former employees said that cyber attacks on the Fed are about as common as at other large financial institutions.

It was unclear if the espionage incidents involved foreign governments, as has been suspected in some hacks of federal agencies. Beginning in 2014, for instance, hackers stole more than 21 million background check records from the federal Office of Personnel Management, and U.S. officials attributed the breach to the Chinese government, an accusation denied by Beijing.

TARGET FOR SPYING

Security analysts said foreign governments could stand to gain from inside Fed information. China and Russia, for instance, are major players in the $13.8 trillion federal debt market where Fed policy plays a big role in setting interest rates.

“Obviously that makes it a very clear (hacking) target for other nation states,” said Ari Schwartz, a former top cybersecurity adviser at the White House who is now with the law firm Venable.

U.S. prosecutors in March accused hackers associated with Iran’s government of attacking dozens of U.S. banks.

In the records obtained by Reuters, espionage might also refer to spying by private companies, or even individuals such British activist Lauri Love, who is accused of infiltrating a server at a regional Fed branch in October 2012. Love stole names, e-mail addresses, and phone numbers of Fed computer system users, according to a federal indictment.

The redacted reports obtained by Reuters do not mention Love or any other hacker by name.

The records point to breaches during a sensitive period for the Fed, which was ramping up aid for the struggling U.S. economy by buying massive quantities of U.S. government debt and mortgage-backed securities.

In 2010 and 2011, the Fed went on a $600 billion bond-buying spree that lowered interest rates and made bonds more expensive. It restarted purchases in September 2012 and expanded them up in December of that year.

The Fed cybersecurity records did not indicate whether hackers accessed sensitive information on the timing or amounts of bond purchases or used it for financial gain.

UP ALL NIGHT

The Fed’s national cybersecurity team – the National Incident Response Team, or NIRT – created 263 of the incident reports obtained by Reuters.

NIRT operates in a fortress-like building in East Rutherford, New Jersey that also processes millions of dollars in cash everyday as part of the central bank’s duty to keep the financial system running, according to the New York Fed’s website. The unit provides support to the local cybersecurity teams at the Fed’s Board and regional banks, which process more than $3 trillion in payments every day.

The NIRT handles “higher impact” cases, according to a 2013 report by the Board of Governor’s Office of Inspector General.

One of the two former NIRT employees interviewed by Reuters described being on a team that once worked around the clock for five-straight days to patch software hackers had used to gain access to Fed systems in an attempt to obtain passwords. The former employee worked through several of those nights, taking naps at a desk in the office.

In that case, Fed security staff found no signs that sensitive information had been disclosed, the former employee said. Information about future interest rate policy discussions is isolated from other Fed networks and is more difficult for hackers to access, the former NIRT worker said.

But the Fed was under constant assault, much like any large company, the former employee said, and was “compromised frequently.”

An internal watchdog has criticized the central bank for cybersecurity shortcomings. A 2015 audit by the Fed board’s Office of Inspector General found the board was not adequately scanning databases for vulnerabilities or putting enough restrictions on system access.

“There is heightened risk of unauthorized disclosure and inappropriate use of sensitive board information,” according to the audit released in November.

(Reporting by Jason Lange and Dustin Volz; Editing by David Chance and Brian Thevenot)

U.S. Navy Officer faces espionage charges

HONOLULU (Dec. 3, 2008) Lt. Edward Lin, native to Taiwan, shares his personal stories about his journey to American citizenship to a group of 80 newly nationalized citizens

WASHINGTON (Reuters) – A U.S. Navy officer with access to sensitive U.S. intelligence faces espionage charges over accusations he passed state secrets, possibly to China and Taiwan, a U.S. official told Reuters on Sunday.

The official, speaking on condition of anonymity, identified the suspect as Lieutenant Commander Edward Lin, who was born in Taiwan and later became a naturalized U.S. citizen, according a Navy profile article written about him in 2008.

A redacted Navy charge sheet said the suspect was assigned to the headquarters for the Navy’s Patrol and Reconnaissance Group, which oversees intelligence collection activities.

The charge sheet redacted out the name of the suspect and the Navy declined to provide details on his identity.

It accused him twice of communicating secret information and three times of attempting to do so to a representative of a foreign government “with intent or reason to believe it would be used to the advantage of a foreign nation.”

The document did not identify what foreign country or countries were involved.

The U.S. official said both China and Taiwan were possible but stressed the investigation was still going on.

The suspect was also accused of engaging in prostitution and adultery. He has been held in pre-trial confinement for the past eight months or so, the official added.

USNI News, which first reported Lin’s identity, said he spoke fluent Mandarin and managed the collection of electronic signals from the EP3-E Aries II signals intelligence aircraft.

The U.S. Navy profiled Lin in a 2008 article that focused on his naturalization to the United States, saying his family left Taiwan when he was 14 and stayed in different countries before coming to America.

“I always dreamt about coming to America, the ‘promised land’,” he said. “I grew up believing that all the roads in America lead to Disneyland.”

The Navy’s article can be seen here: http://1.usa.gov/1SIEJDe

Chinese Foreign Ministry spokesman Lu Kang said he was not aware of the details of the case. He did not elaborate. China’s Defence Ministry did not immediately respond to a request for comment.

Taiwan’s Defense Ministry said it had no information on the case. Taiwan’s Foreign Ministry declined to comment.

(Reporting by Phil Stewart, additional reporting by Ben Blanchard in Beijing and J.R. Wu in Taipei; Editing by Michael Perry)