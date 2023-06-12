Comment on this story Comment Gift Article Share

Last month's AI-generated Pentagon explosion hoax spread from pro-Russian accounts, and North Korea's shadow workforce of cryptocurrency thieves netted $3 billion since 2017.

There’s a Chinese spying facility in Cuba after all, according to the White House

It looks like the mystery is solved. After some back and forth about whether China agreed to build a new spy station in Cuba, the White House said this weekend that one had been there since at least 2019, when it apparently underwent upgrades.

“It’s not a new, more aggressive action” by the Chinese, a Biden official, speaking on the condition of anonymity to discuss a sensitive matter, said in a story by our colleague Ellen Nakashima. “It’s certainly a troubling and concerning pattern of behavior. We have a problem with it and are working to counter it.”

The revelation follows a report in the Wall Street Journal (echoed elsewhere) about China and Cuba reaching a “secret agreement” to host a new station in a bid to reap electronic communications in the southern United States. According to the Wall Street Journal, China agreed to give Cuba billions of dollars. National Security Council spokesman John Kirby had called the inaccurate without elaborating. But on Saturday, citing newly declassified information, the administration official said the deal was not new and that the spy facility was in fact “well-documented in the intelligence record.”

The story adds a chapter to the long history of adversarial developments between China and the United States in and around cyberspace, as electronic communications include things like email and text messages. It comes as Secretary of State Antony Blinken preps for a visit to Beijing this week.

The details

The Cuba spy station is part of a global intelligence-gathering strategy by China. After President Biden came into office, the U.S. intelligence community briefed him on China’s basing and intelligence-gathering program. “They were considering a number of sites spanning the Atlantic Ocean, Latin America, the Middle East, Central Asia, Africa, and the Indo-Pacific,” the White House statement said.

“There are a series of places the Chinese seek to put listening posts for advanced espionage,” the senior official said. “They seek places for ground based assistance to support space operations. They seek ‘steaming ports,’ which are places they can come in and refuel. Then they also look for more established traditional military basing rights.”

Beijing is “trying to do” what it’s doing in Cuba in dozens of other places worldwide, the official said.

Given the time frame outlined by the official for the spy station — 2019 — it looked as though the Biden administration was pinning blame on its predecessors in the Trump administration.

“This is an issue that this administration inherited,” the White House said in an emailed statement. “It was our assessment that, despite awareness of the basing efforts and some attempts to address this challenge in the past administration, we were not making enough progress and needed a more direct approach.”

The statement also suggested that Biden administration diplomacy efforts had slowed down Chinese ambitions in the region. The Trump administration rolled back much of the Obama administration’s rapprochement with Cuba. But that policy remains largely in place despite President Biden’s campaign promises to reestablish positive relations with Cuba.

Cuban officials have denied that a military pact with China exists. They cite a 2014 agreement that called Latin America and the Caribbean a “zone of peace.”

And Chinese Foreign Ministry spokesman Wang Wenbin said on Friday that he was unaware of any Chinese spy station in Cuba, while pointing to alleged U.S. overstepping.

“It is well known that the U.S. is an expert on chasing shadows and meddling in other countries’ internal affairs,” Wang said. “The U.S. is the global champion of hacking and superpower of surveillance.”

About that.

The United States is arguably the top power in cyberspace. U.S. officials have repeatedly called out China over hacking U.S. targets, too.

“The United States maintains an extensive system of eavesdropping facilities hosted by partners around the world, including stations in South Korea, Japan, Taiwan and Australia,” Ellen wrote. “These sites, dating back to the Cold War, are aimed at collecting, in particular, electronic communications from China and North Korea.”

The reports come after a Chinese spy balloon flying over the United States triggered a kerfuffle in February. The U.S. military eventually shot down the balloon. U.S. intelligence agencies were aware of several other Chinese spy balloons, The Post reported in April, citing top-secret intelligence documents.

What everyone’s saying

After the Wall Street Journal released its report on the Cuba-China agreement, the leaders of the Senate Intelligence Committee issued a bipartisan statement that they were “deeply disturbed” about the idea of China and Cuba working together.

“We must be clear that it would be unacceptable for China to establish an intelligence facility within 100 miles of Florida and the United States, in an area also populated with key military installations and extensive maritime traffic,” said Chairman Mark R. Warner (D-Va.) and Vice Chairman Marco Rubio (R-Fla.).

Many congressional Republicans were critical of the Biden administration over the reported spy station.

Here’s Rep. Carlos A. Gimenez (R-Fla.), who was born in Cuba:

And here’s Sen. Charles E. Grassley (R-Iowa):

The reviews weren’t uniformly negative toward the Biden administration, however.

Former representative Will Hurd (R-Tex.), who specialized in cybersecurity and national security issues during his time in Congress, directed his ire toward former president Donald Trump:

Here’s Paul Triolo, senior vice president for China and technology policy lead at the Albright Stonebridge Group strategy firm:

But the story does potentially point to a larger trend of an emboldened Beijing.

“The symbolism is much bigger,” Michael Mazarr, an international security specialist at the Rand Corporation, said in a story by the Wall Street Journal’s Charles Hutzler and Kejal Vyas. “The days of the United States thinking of the China challenge as one limited to the Indo-Pacific, with the U.S. being the one to encroach on the other’s region in security terms, those days are over.”

Said Marc Polymeropoulos, a former CIA officer:

The keys

Justice Department charges two Russians with laundering stolen cryptocurrency from infamous Mt. Gox crypto hack

The Justice Department on Friday unsealed charges against two Russian nationals for laundering about 647,000 stolen bitcoin from now-defunct cryptocurrency exchange Mt. Gox, Tonya Riley reports for CyberScoop.

“Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, allegedly gained unauthorized access in 2011 to a server holding wallets belonging to the exchange and continued to launder funds through 2017. At the time, Mt. Gox was the largest cryptocurrency exchange in existence, handling a majority of bitcoin transactions globally,” Riley writes.

The theft, equal to about $450 million at the time, led to Mt. Gox’s eventual demise in 2014.

Prosecutors allege the two Russians entered into a fraudulent contract to liquidate some $6.6 million from overseas bank accounts, according to the report.

Bilyuchenko is also accused of using Mt. Gox proceeds to run another fraudulent crypto operation called BTC-e with Russian national Alexander Vinnik.

Wall Street Journal reporter Vinnik was arrested in Greece in 2017 and charged with running the operation that allegedly financed Russian criminal activities. He is now advocating for release through a prisoner swap that could free detainedreporter Evan Gershkovich , who is awaiting trial on espionage charges that he and the Wall Street Journal strongly deny.

Viral AI-generated Pentagon explosion hoax spread from pro-Russian accounts

An AI-generated image of an explosion at the Pentagon last month originated from pro-Russian accounts on Twitter that spread conspiracy theories, our colleague Joseph Menn reports.

Joseph writes: “Research by The Washington Post, misinformation tracking firm Alethea and others found that the earliest confirmed Twitter posting of the image came from an account called @CBKNEWS121.”

“In its less than two years on Twitter, CBK has posted a grab-bag of references to QAnon and other baseless conspiracy theories, current events, and memes and statements praising former president Donald Trump and Russian President Vladimir Putin . On May 3, it tweeted ‘I stand with Putin,’ followed by a heart emoji,” the report adds.

Elon Musk overhauled the platform’s standards. The CBK account is among many that have leveraged Twitter’s new blue-check subscription feature, which allows content posted by ‘verified’ accounts to spread more easily after owner

The image fueled accounts that thrive off viral misinformation campaigns. The CBK account, in particular, is likely linked to a Los Angeles-based photo retoucher that used a now suspended Twitter account to spread “content about conspiracy subject JFK Jr., along with QAnon imagery and slogans,” the report says.

When the image spread, the Dow Jones Industrial Average fell 85 points before recovering. The stock market’s response to the fake image is likely not a one-time occurrence, misinformation experts told Joseph.

“It’s turning into a much more monetizable endeavor,” said Kyle Walter of U.K.-based disinformation analysis company Logically. “I would be shocked if we don’t see more of it.”

North Korea’s shadow workforce of cryptocurrency thieves netted $3 billion since 2017

North Korea’s global shadow workforce of thieves that position themselves into IT jobs and pilfer money for the regime’s goals has netted over $3 billion since 2017, Robert McMillan and Dustin Volz report for the Wall Street Journal, citing research from blockchain firm Chainalysis.

The money is being used to fund around half percent of North Korea’s ballistic missile program, officials say. “Defense accounts for an enormous portion of North Korea’s overall spending,” McMillan and Volz write, adding: “The State Department estimated in 2019 Pyongyang spent about $4 billion on defense, accounting for 26 percent of its overall economy.”

The United States and South Korea last month announced sanctions against “illicit” North Korean IT workers operating out of China and Russia for allegedly funding weapons and mass destruction and missile programs.

The increase in North Korean missile tests is also trending with an increased rate of regime-linked crypto thefts, the report notes. Data shows that the amount of money pilfered by the workers skyrocketed from $430 million in 2021 to $1.65 billion in 2022.

“Most nation-state cyber programs are focused on espionage or attack capabilities for traditional geopolitical purposes,” National Security Council cyber official Anne Neuberger said. “The North Koreans are focused on theft, on hard currency to get around the rigor of international sanctions.”

At times, North Korean hackers have used innovative techniques to launder cryptocurrency.

North Korea-linked hackers earlier this year also pulled off an interconnected supply chain attack through voice over IP software 3CX.

North Korean hackers’ practice of stealing cryptocurrency for its regime and missile program was explored by your Cybersecurity 202 host in March.

Daybook

Paul Abbatte , NSA’s George Barnes , CIA’s David Cohen and other officials testify about Section 702 of FISA at a The FBI’s, NSA’s, CIA’sand other officials testify about Section 702 of FISA at a Senate Judiciary Committee hearing tomorrow at 10 a.m.

The Senate Judiciary Committee convenes a hearing on AI and human rights tomorrow at 2:30 p.m.

The House Armed Services cyber and information technologies subcommittee convenes a meeting to consider the fiscal 2024 defense authorization bill tomorrow at 11 a.m.

The R Street Institute holds a discussion on the private sector’s role in cybersecurity and intelligence tomorrow at 12 p.m.

