Experts: China has hacked most of Washington
by Craig Timberg and Ellen Nakashima
Start asking security experts which powerful Washington institutions have been penetrated by Chinese cyberspies, and this is the usual answer: almost all of them.
The list of those hacked in recent years includes law firms, think tanks, news organizations, human rights groups, contractors, congressional offices, embassies and federal agencies.
The information compromised by such intrusions, security experts say, would be enough to map how power is exercised in Washington to a remarkably nuanced degree. The only question, they say, is whether the Chinese have the analytical resources to sort through the massive troves of data they steal every day.
"The dark secret is there is no such thing as a secure unclassified network," said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, which has been hacked in the past. "Law firms, think tanks, newspapers -- if there's something of interest, you should assume you've been penetrated."
The rising wave of cyber-espionage has produced diplomatic backlash and talk of action against the Chinese, who have steadfastly denied involvement in hacking campaigns. A strategy paper released by the Obama administration Wednesday calls for possible trade sanctions. Cyberspying on what could be called the "information industry" differs from hacks against traditional economic targets, such as Lockheed Martin, Coca-Cola and Apple, whose computer systems contain valuable intellectual property that could assist Chinese industrial or military capabilities.
Instead, journalists, lawyers and human rights workers often have access to political actors whose communications could offer insight to Chinese intelligence services eager to understand how Washington works. Hackers often are searching for the unseen forces that might explain how the administration approaches an issue, experts say, with many Chinese officials presuming that reports by think tanks or news organizations are secretly the work of government officials -- much as they would be in Beijing.
"They're trying to make connections between prominent people who work at think tanks, prominent donors that they've heard of and how the government makes decisions," said Dan Blumenthal, director of Asian studies for the American Enterprise Institute, which also has been hacked. "It's a sophisticated intelligence-gathering effort at trying to make human network linkages of people in power, whether they be in Congress or the executive branch." Russia and some other nations also are said to engage in cyber-espionage against private companies and institutions, but security experts and U.S. officials say China's effort is the most aggressive and comprehensive. The information technology staffs of private groups have scrambled to neutralize the intrusions, often hiring outside specialists to expel hackers and installing monitoring systems to keep them out.
Yet such efforts do not always succeed, security experts say, as hackers often build secret "back door" access to computer systems or redouble their efforts to penetrate again once they've been purged.
Not long after The Wall Street Journal reported last month that its systems had been infiltrated, the chief executive of its parent company, Rupert Murdoch, tweeted, "Chinese still hacking us, or were over the weekend." The New York Times and The Washington Post have also reported being victims of cyber-intrusions apparently conducted by the Chinese.
The former head of cybersecurity investigations for the FBI, Shawn Henry, said his agents used to alert dozens of companies and private institutions about breaches every week, with Chinese hackers the most common suspects.
"I've yet to come across a network that hasn't been breached," said Henry, now president of CrowdStrike Services, a security company. "It's like having an invisible man in your room, going through your filing cabinets."
The rise of pervasive cyber-espionage has followed broader technological shifts: More and more information is gathered and conveyed online. Rising computing power, meanwhile, has made more of it vulnerable to hackers almost anywhere in the world. This has dramatically lowered the cost of spying -- traditionally a labor-intensive pursuit that carries the risk of arrest or worse -- and made more institutions viable targets.
The Chinese government has consistently denied having the kind of aggressive cyber-espionage campaign often described by Western officials and security experts, calling such allegations irresponsible and unsupported by evidence.
This week, Chinese officials disputed a report by Mandiant, an Alexandria-based security company, detailing the Chinese military unit allegedly responsible for stealing hundreds of terabytes of data from 141 organizations in 20 industries.
But official Washington expresses little doubt about the source of the problem. "The Chinese government's direct role in cybertheft is rampant, and the problems have grown exponentially," said Rep Mike Rogers, R-Mich., chairman of the House Intelligence Committee. "It is crucial that the administration begin bilateral discussions to ensure that Beijing understands that there are consequences for state-sponsored economic espionage."
The reported hack into The Post's computer systems happened in a typical way: An employee fell for what experts call a "spearphishing" scam, hitting a bogus link that downloaded a malicious program and infected the company's information technology server, said people familiar with the incident, who spoke on the condition of anonymity to discuss details not released publicly by the company. (Post Co. officials have confirmed the hack only in general terms.)
That initial intrusion, which happened in 2008 or 2009, allowed the hackers to gain access to The Post's directory of user names, passwords and computers that use Windows-based operating systems. People with knowledge of the infiltration said the company learned of it when Mandiant sent a letter in 2011 reporting that it had detected a Post computer communicating with a computer on the system of one of Mandiant's clients.
The Post later hired Mandiant to expel the hackers and installed advanced monitoring systems to prevent a recurrence. Experts say it's difficult for any company to know definitively what information hackers steal while they have access to computer systems -- especially if the theft happened months or years before it was discovered.
News of The Post's infiltration, first revealed this month, alarmed Texas-based religious rights activist Bob Fu. As recently as December, he had obtained a sensitive Chinese document and passed it along by e-mail to a Post correspondent in Beijing. The resulting story named Fu but not the document's original source within China, who Fu said could have been arrested if discovered.
An associate working for China Aid was briefly detained after the story appeared and was questioned about the document. It's not clear if any information was gleaned from Fu's e-mail exchange with the Post correspondent, which took place after the company's computer system was secured.
"Oh my goodness, that makes me a little sweaty," Fu said, recalling the incident. "The consequences could be so unbearable."
Dissidents have long engaged in cat-and-mouse games with Chinese authorities, accepting that many of their phone calls and e-mails are monitored while still attempting to protect their most sensitive communications from interception.
Canadian researchers in 2009 uncovered a vast global cyber-espionage network controlled largely by servers in China. The military and political targets whose networks were monitored -- including the Tibetan government in exile and the office of the Dalai Lama -- strongly suggested a Chinese role in the operation. Among the 1,295 computers infected in 103 countries were several belonging to the Associated Press bureau in London, according to the researchers, who were with the SecDev Group and the Munk Centre for International Studies at the University of Toronto.
Such infiltrations have unnerved the Chinese dissident community, where accusations of spying are common, said Andrew Nathan, a Columbia University professor active in several human rights groups that do work related to China. "There's a paranoia that sets in," he said. "That may be one of the functions of this surveillance."
Security experts say that, while defenses are becoming more sophisticated against cyber-espionage, hackers continue to improve their skills as well. But if foreign agents manage to gain access to mounting piles of data, they face a problem familiar to intelligence agencies everywhere: what to do with it?
"Most of us aren't very interesting most of the time," said Thomas Fingar, a China expert and former chairman of the National Intelligence Council. "You can waste an enormous amount of time and effort puzzling over something that is totally meaningless."
Drew Peterson Shouts, 'I Did Not Kill Kathleen!' - Then Gets 38-Year Sentence
by MATTHEW JAFFE
CHICAGO -- Former Illinois cop Drew Peterson
yelled, "I did not kill Kathleen!" during the sentencing phase of his trial today -- and then a judge sentenced him to 38 years in jail for killing her.
The sentence came after Will County Judge Edward Burmila denied Peterson a re-trial in the killing of his third wife, Kathleen Savio, in 2004.
Peterson had faced as many as 60 years in prison.
At his sentencing, after Peterson shouted that he did not kill his wife, someone in the courtroom yelled in reply, "Yes you did!" according to ABC News Chicago station WLS. Burmila then ordered that person to leave the courtroom.
Peterson went on to claim that police "altered evidence" in his case and "intimidated witnesses and scared my children."
"I love Kathy," he said. "She was a good mom. ... She didn't deserve to die."
He added that he was planning to get a tattoo on his back that would say, "No good deed goes unpunished."
Peterson's defense team had requested a re-trial after he was found guilty in September of killing Savio and making it look like an accident.
The re-trial, Peterson's attorneys claimed, was warranted because his former lead trial counsel, Joel Brodsky, had "single-handedly" lost the trial last fall, according to attorney Steve Greenberg. Greenberg is a former colleague of Brodsky's, but the two have recently been embroiled in a bitter public feud.
Burmila today rejected all of the motions for a new trial and, as he said he would do, moved on to sentencing immediately.
It is the latest development in the bizarre story of Peterson, a former suburban Chicago police officer. In 2004, Peterson's third wife, Savio, was found dead in her bathtub, a death that was initially ruled an accident. But when his fourth wife, Stacy Peterson, disappeared in 2007, Savio's body was exhumed and her death ruled a homicide.
Drew Peterson has never been charged in connection with Stacy Peterson's case.
Drew Peterson's murder trial last fall was marred by legal battles between his attorneys and prosecutors over what evidence was allowed in court. On three separate occasions, Peterson's defense team asked for a mistrial, but it was rebuffed every time by Burmila.
A large part of the testimony in that trial was hearsay, based on comments that Savio and Stacy Peterson made to friends that portrayed Peterson as a violent and threatening husband.
Peterson said at his sentencing today that hearsay was "a scary thing" because people are not accountable for the truth, according to WLS. An emotional Peterson, his voice shaking at times, blamed the media for portraying him as a monster.
In September, a jury convicted Peterson, noting that it had reached a decision it believed was "just."
Savio's nephew Michael Lisak said afterwards that his aunt "can finally rest in peace."
"Today is a day for battered women, not just Kathleen Savio," Lisak said. "Your voice will be heard. My aunt's voice was heard through the grave. She would not stop. They will listen to you now."
Peterson's sister Cassandra Cales had a blunt message for the newly convicted murderer.
"Game over, Drew," she said. "He can wipe the smirk off his face. It's time to pay."
Policing plan rolled out
Mayor unveils strategies to fight crime
by Andrew Staub
Wilmington Mayor Dennis P. Williams released his long-awaited public safety plan Thursday, using 13 pages to outline a philosophy that calls for improving community relationships and addressing the violent crime that has deteriorated the quality of life in the city and stymied economic growth.
Many details of the strategy had trickled out since Williams took office last month.
That included police Chief Christine Dunning's plan to divert officers from specialized units to the patrol division. Other key points, such as implementing a street crime unit to address in-progress felonies, enhancing a gun unit and creating community policing specialists, appeared last year in Williams' campaign material.
“This new public safety plan will work,” Dunning said, taking the lead in presenting the strategy. “However, like any plan, we need the community's support.”
Police will tailor their approach to different neighborhoods, according to the plan. Instead of focusing on one method, Williams' strategy combines a neighborhood component with a pledge to go after violent offenders, said Rich Iardella, a former city police officer brought on as a public safety liaison.
Williams pointed to a recent drug raid as evidence of community relationships and aggressive policing working hand-in-hand.
“You're going to see more and more and more of that,” he said.
City residents met the plan with optimism. That included Beverly Bell, who lives in the troubled East Side.
Bell has noticed simple changes already, like officers waving to people in her neighborhood. Having community specialists who can collaborate with other city departments to solve nuisances, and seeing officers, will improve relationships, she said.
“People will feel more comfortable talking to police officers about what they know,” Bell said. “I think it would take away some of that stigma of a ‘no snitch' kind of law.”
Williams also has made it an objective to be visible. He's traveled to crime hot spots with his security detail but hinted he carries a gun, too.
“Did John Wayne carry one in the cowboy movie?” the former police officer said when asked if he still carries a weapon.
Improved relationships with the community could be key for police, who have struggled to make arrests in shootings because of a “no-snitch” culture. A court system that allows repeat offenders to return to the streets has added another layer of frustration.
Dunning asked for increased bail amounts and reduced plea deals for gun offenses. Later, Delaware Attorney General Beau Biden said he would try again to push an amendment to the state Constitution that would let judges hold violent offenders without bail in more than just capital murder cases.
“The revolving door of offenders quickly offending and returning back to the streets has to end,” Dunning said.
Timothy Reis, a resident of the Highlands neighborhood, commended Dunning's request. He already has penned an email to the Delaware Sentencing Accountability Commission to inquire whether it's been “soft” on criminals, he said.
“The police officers are doing everything that they can,” Reis said.
Other aspects of the plan include augmenting an existing gun unit started with support from the Bureau of Alcohol, Tobacco, Firearms and Explosives. Police officers also will receive new equipment to monitor calls for service in their vehicles.
The plan echoed focuses of the past administration, including targeting violent offenders and building relationships with other law enforcement agencies. Though it wasn't mentioned in the plan, Williams has suggesting implementing jump-out squads, a tactic former Mayor James M. Baker used to crack down on drug corners.
The similarities led City Council President Theo Gregory to release a statement saying he was “encouraged and perplexed” after reading the plan.
“I am perplexed because much of what was announced today appears, on the surface, to be a continuation of the policing approach that we have followed in the city for many years with the exception that the term ‘community policing' is used minimally in the plan,” Gregory said.
Councilman Michael A. Brown Sr., chairman of the Public Safety Committee, said “only time will tell” if the strategy will make an impact as quickly as Williams has predicted.