Operation Cupcake

Too funny, the British go about fighting terrorism with attempted humor.

MI6 attacks al-Qaeda in ‘Operation Cupcake’

The cyber-warfare operation was launched by MI6 and GCHQ in an attempt to disrupt efforts by al-Qaeda in the Arabian Peninsular to recruit “lone-wolf” terrorists with a new English-language magazine, the Daily Telegraph understands.

When followers tried to download the 67-page colour magazine, instead of instructions about how to “Make a bomb in the Kitchen of your Mom” by “The AQ Chef” they were greeted with garbled computer code.

The code, which had been inserted into the original magazine by the British intelligence hackers, was actually a web page of recipes for “The Best Cupcakes in America” published by the Ellen DeGeneres chat show.

See also:
British intelligence used cupcake recipes to ruin al-Qaida websiteMI6 hacks Qaida site, swaps bomb info with cake recipes
MI6 swapped pipe-bomb guide for cupcake recipes
MI6 scores al Qaeda hit, with cupcakes
British MI6 replace bomb website with cupcake recipe
MI6 hacks al-Qaeda website, leaves garbled recipe for cupcakes
UK spies cooked up problem for al Qaeda: media
Cupcake shop enlisted in war on terror?
MI6 Hackers Replaced Bombs with Cakes
Make Pastries, Not Bombs
SIS (MI6)
Secret Intelligence Service
GCHQ – Government Communications Headquarters
Government Communications Headquarters

Of course, it would have been better if the cupcake recipes hadn’t been garbled but, nonetheless, well played!

/and hey, as long as MI6 has rooted themselves this deep into al Qaeda servers, why not a massive Hello Kitty campaign?

Advertisements

Hitting Us Where It Really Hurts

Whether or not “outside forces” were a factor in our 2008 economic meltdown, in the age of cyber warfare, the possibility of such an attack on the U.S. financial infrastructure is a scenario worth paying extremely close attention to. It’s a huge target, it’s far from invulnerable, and the potential for crippling economic damage and chaos cuts to the core of our very way of life.

Financial terrorism suspected in 2008 economic crash

Evidence outlined in a Pentagon contractor report suggests that financial subversion carried out by unknown parties, such as terrorists or hostile nations, contributed to the 2008 economic crash by covertly using vulnerabilities in the U.S. financial system.

The unclassified 2009 report “Economic Warfare: Risks and Responses” by financial analyst Kevin D. Freeman, a copy of which was obtained by The Washington Times, states that “a three-phased attack was planned and is in the process against the United States economy.”

While economic analysts and a final report from the federal government’s Financial Crisis Inquiry Commission blame the crash on such economic factors as high-risk mortgage lending practices and poor federal regulation and supervision, the Pentagon contractor adds a new element: “outside forces,” a factor the commission did not examine.

“There is sufficient justification to question whether outside forces triggered, capitalized upon or magnified the economic difficulties of 2008,” the report says, explaining that those domestic economic factors would have caused a “normal downturn” but not the “near collapse” of the global economic system that took place.

Suspects include financial enemies in Middle Eastern states, Islamic terrorists, hostile members of the Chinese military, or government and organized crime groups in Russia, Venezuela or Iran. Chinese military officials publicly have suggested using economic warfare against the U.S.

Read the report:

Economic Warfare: Risks and Responses

See also:
Financial Terrorism Suspected in 2008 Economic Crash
Did ‘financial terrorism’ cause the economic crash?
Did China or Jihadists try to bankrupt America? Pentagon report reveals financial terrorists may have triggered economic crash
Report: Economic 9/11 May Have Taken Place
Financial terrorism suspected in 2008 economic crash
Was the U.S. a victim of an economic 9/11 in 2008?
Blame Terrorists, Not Wall Street, for the Recession?

If you think about it, there’s very little that could be called a paper trail regarding today’s financial records and transactions world wide, it’s all manipulated and stored electronically at a speed and complexity that defies human oversight.

/definitely a fertile battlespace for a sophisticated enemy looking to bring the United States down on her knees in financial pain

What The Hell Happened?

It’s been over 24 hours now and still no one has any idea as to what caused Thursday’s bogus market plunge. Needless to say, that’s not good.

Yesterday’s market swerve: fat fingers, glitch, or cyber-warfare?

Theories about yesterday’s stock market swoon, where within a matter of 20 minutes, the stock market plunged by 1,000 points and then nearly completely recovered, are abounding. Fortune asked Rishi Narang, founder of the hedge fund Telesis Capital and author of Inside the Black Box, to share the theories he’s heard and handicap them in terms of likelihood and plausibility.

Narang, who uses high-frequency trading techniques, explains why high-frequency traders got out of the market during the dive, and why the catalyst for the drop is far more important to understand than the drop itself:

What happened yesterday?

There are two points to understand. First, what catalyzed the activity? What was the reason for the market wanting to fall? It might be that the catalyst was of such size that it overwhelmed all other factors. There are three plausible theories:

1) The fat finger. Plausible, but unlikely. Typing in billions with a “b” versus millions with an “m” seems impossible. Trading systems don’t work that way. More likely, the trading system accepts the sell/buy amount in thousands. Some trader in the heat of the moment forgets it’s in thousands, types in an order for 16,000,000 instead of 16,000. That kind of thing seems far more plausible.

But even then: why on Earth would the trading entry system not have a sanity check? For almost no one in the world is a $16 billion sell order okay to send out as soon as it’s entered. The trader should be fired, along with everyone in the IT department. If this happened, most likely, it was something along those lines. If it wasn’t all one order, maybe it was meant to sell just $1 billion shares but was sent 3 or 5 times instead of once.

2) Software error. Plausible, likely, but doesn’t fit the facts. Here, the trading software is in a recursive loop, pounding out sell orders due to a bug somewhere in the software. In a sense, this is more plausible, more likely, but doesn’t seem to fit the facts well enough.

The speed of the decline in the market just doesn’t seem to fit — should be a series of small orders, not a series of large orders. In 7 minutes we saw a 580-point drop. That doesn’t look like a recursive loop. But there is a lot of software, and somewhere a bug is bound to exist. You can easily imagine a software glitch happening. Things go buggy. Like the Toyota [accelerator] problem, at heart a software problem. Technology is a two-edged sword, and this is the other edge of the sword. We rely on software, but it’s not always written well enough.

3) Computer hacking. Implausible without proof, but possible. This is the most interesting theory because we know terrorists are interested in cyberterrorism. We know they would target the financial markets. We know a great day to launch an attack would be one with a mild bit of panic [due to the Greek crisis and sovereign debt downgrades].

Some other really crazy things happened with stocks, like Accenture and Exelon. [Both stocks traded for one cent for short periods of time.] Two parties really transacted on these trades [at one cent], even though they were later busted and cancelled. If it was just high-frequency traders bailing out, why wouldn’t [that drop] happen on every stock? It just doesn’t add up. Things are too idiosyncratic and that feels uncomfortable. This also happened in the options markets, but again, only on a handful of options.

And the second point to understand?

That’s the question of the enabler. What, if anything perpetuated the selloff? And did so in seconds? There’s a lot of speculation about high-frequency traders vanishing from the marketplace.

The consensus is that high-frequency guys didn’t provide the liquidity and that’s what allowed for prices like one penny on Accenture. I do know for sure that high-frequency traders backed off, but old school market makers would’ve done the same thing, in a little bit different way. They just would’ve created super-wide market spreads. Same thing.

We shouldn’t be so sanguine about taxes and impediments to high-frequency trading if we are upset when high-frequency traders leave the market. Those are incompatible ideas.

As a side point: traders have stop loss levels; one big move triggers other moves. There are systematic, discretionary, and plain-old panic trades.

But for all of those styles and programs, once they see the stock market fall 6%, a liquidation effect takes hold. That’s just a function of people. Someone screams fire, and if enough people start running, everyone will. Those are the dynamics of computer software, people, animals, fires, whatever. It’s how we work. That kind of stampeding effect could easily be part of the response.

But the speed of the market falling down, going back up, and partway back down again? If this was really a stampede, why not repeat the 1987 crash [which kept going]? Nothing ‘stopped’ this crash except that the catalyst seemed to have ended.

If it was an error or a software bug, it stopped. If it was a hack, the hackers left. In other words, the enabling side of this drop is totally irrelevant [to the catalyst]. The only interesting thing here is the catalyst. If this was a gas pedal that was stuck, it would’ve looked differently, kept going.

Whether this was intentional or unintentional, it happened all at once. If it was an intentional [attack], then the question is, was it a demonstration, a test, or the attack itself? Whatever it was, we didn’t stop it. It stopped itself.

See also:
Regulators Are Stumped by Drop
NYSE, Nasdaq bicker over stock-market drop
Plunge highlights fragmented markets, fast traders
Stock Market Crash? Or Trading Error?
Theories abound about how the 1,000 point Dow drop occurred
UPDATE: Everyone Seeks Answers Behind Stock Market’s Rout
Programs, NYSE Circuit Breakers Contribute To Market Plunge
Nasdaq cancels the trade of 296 stocks after Thursday’s Wall Street stock market crash
SEC reviewing Thursday’s sudden stock market drop
SEC Said to Outline Possible Causes of Market Plunge (Update1)
House panel to hold stock market inquiry

All I can say is that the investigators at the SEC had better get off their asses, take a break from their prodigious porn surfing, and get to the bottom of what exactly caused Thursday’s bogus market plunge. And they had better come up with a definitive answer quickly.

/the ongoing inability of exchange operators and regulators to pinpoint the problem is beginning to shake market confidence even more than the bogus plunge itself

Cyberwar Fail

Okay, so it was pretend, could have been more realistic, and adding the natural disasters was a bit much, but today’s Cyber ShockWave proved a point, the United States is not ready to defend herself against an organized, large scale cyber-attack. The Chinese, Russians, and a myriad of other state and criminal entities probe our cyber-defenses 24 hours a day, seven days a week, looking for weaknesses. If one or more of these actors decided to launch a coordinated, sustained cyber-assault, we could be brought down to our economic knees in a crippling world of infrastructure cyberhurt.

Report: The Cyber ShockWave and its aftermath

When it comes to the protection of the nation’s infrastructure, the government is lacking in several areas. While they have the ability to act offensively, if they know who the enemy is, the trick is to collect enough information and retaliate without violating domestic and foreign policy and law. The Tech Herald was in Washington D.C. on Tuesday to witness Cyber ShockWave. Here’s what we walked away with.

What happened?

Cyber ShockWave started with a vulnerability in the operating systems used by various Smartphones. Thanks to a malicious application, celebrating the NCAA’s March Madness, Spyware was loaded onto Smartphones that included a keylogger and data intercept component. The application was then used to funnel millions of dollars to banks overseas. From there, the data and money snatching application morphs, and the malicious application turns the infected devices into bots and adds them to a telecommunications botnet.

The bots start to download videos showing The Red Army. The downloads and resulting spread of the video result flood the data networks of the major carriers, and slow them to a crawl before crippling them altogether. After that, the Malware on the Smartphones starts to replicate, thanks to sync programs linking information from the phone to a computer. Now that the computers are infected, the ISPs face the same issue the telecoms faced. In the end, both communications systems are crippled.

If this wasn’t enough, weather patterns resulting in a heat wave and hurricanes stress the electrical system. This is where things go south, on a major scale. A hurricane wrecks the petroleum refining and natural gas processing centers, and a stressed electrical grid is hurt more by Improvised Explosive Devices (IEDs) and what is assumed to be a Malware attack on the Secure Trade power trading platform.

Both incidents are deemed critical, and the former top US officials debated how to respond for most of the event. The problem is that by the end of the debates, during both sessions, there were no real answers.

Behold the confusion that is Cyber ShockWave

Can we nationalize the U.S. power system? Should the National Guard be called out? The FBI reports that they have traced the services used in the March Madness application to Russia, is retaliation called for? Two IEDs were detonated in two different power facilities, is it terrorism? According to a GNN (the news source for media information during the event), there was a cyber component to the electrical outage, later assumed to be related to patches on the Secure Trade software. Was this the work of an insider? These were the topics of note, and the confusion only led to more questions and few answers.

The downside to the ShockWave, as it were, is that there were just too many levels of attack at the same time. The Cyber ShockWave exercise was to create a possible attack scenario, but not one that is total chaos. However, by adding the botnet side to the telecom attack, adding in natural disasters as well as potential terrorism on and offline, they added too much to the “Perfect Storm” that they kept referring to it as.

The malicious application causing harm to telecom and ISP networks is one scenario that is highly likely, as more and more applications make it to market and more and more people switch to Smartphones. The odds of this happening at the same time that the power grid is attacked, and a hurricane kills off oil and gas production, is simply too high to compute.

The point of it all

The main point to take away from Cyber ShockWave, at least how we see it, is that there needs to be a solid level of cooperation inside the government first, and then after that, between the government and private sector. There is no “I” in team, and when it comes to protecting the assets within the backbone of the Internet, both private and government entities have a lot to look after.

One interesting point came up when debating the Russian server, the one the FBI said was linked to the telecom attacks. Why doesn’t the government simply shut it down? The reason is that doing so could be considered an act of war. No one knows, because there is no policy or precedence of such an action.

The mirror side to this would be the question, what if the Russian server was a jumping point to a server in the U.S.? If so, can we shut it down then? What would be the reasoning? While killing a server in a foreign country could be perceived as an act of aggression, doing so on our own soil could be a violation of various laws, unless a state of emergency is ordered. Once that happens, according to the panel, the President has a good deal of leeway.

There are few limits to what the government can do in response to a threat to national security. What limits that exist are those enforced by policy and U.S. law. What this means is that while there were several ideas passed around, many of them are without precedence, so they couldn’t be acted on.

For example there was a patch for the Smartphones, one that would fix the Malware issue. Yet, only 50-percent of consumers applied it. To prevent further attacks to the telecommunications system, you can ask the people to stop using phones, or simply force them to stop using them by turning them off. If the issue was forced, and the government did something to turn the phones off, then there would be serious consequences to deal with later.

In the end, the Bipartisan Policy Center, who put Cyber ShockWave together, had hoped that the gaps existing within the law and government policy related to cybercrime and cyberattacks would be exposed. The got their wish, as gaps in both areas were exposed. But when it comes to balance between the private and government sectors and security, it takes more than policy to make it work.

It would have added a ton of weight to the exercise if there was some sort of consultation with energy companies or telecom representatives. They were absent during the mock attacks, and their absence was felt when you consider that by the time the President was “briefed”, there was no solid plan of action as to how to deal with and recover from the incidents.

There were some smart and skilled people on the panel. Yet, the scripting made the panel come off as clueless when it came to the reach, intelligence, and overall skill of foreign attackers. The current cyber capacities of the various international terrorist groups were left completely off the table.

Overall, the Cyber ShockWave was more media hype than actual intelligence and insight. We had hoped to see some of the political heavyweights on the panel act with their full capacity and experience, but they either couldn’t or opted not to. If anything, the federal employees who attended learned that managing IT in the public world, and dealing with threats there, is nothing like attempting the same feat within the federal government.

See also:
U.S. Isn’t Prepared for Massive Cyber Attack, Ex-Officials Say
War game reveals U.S. lacks cyber-crisis skills
In a doomsday cyber attack scenario, answers are unsettling
Washington Group Tests Security in ‘Cyber ShockWave’
US networks and power grid under (mock) cyber-attack
Cyberattack simulation highlights vulnerabilities
Former officials war-game cyberattack
Former Government Officials Gather to Rehearse Cyberwar
Former top U.S. officials hold cyberattack exercise
Cyber ShockWave cripples computers nationwide (sorta)
Cyber Shockwave : Cyber-Attack to Test Government Response
Is The U.S. Ready For A Cyberwar?
25 ways to better secure software from cyber attacks
It’s Your Cyberspace Too, So Take Care Of It
Bipartisan Policy Center

/remember, this was only a test, had this been an actual emergency we would have been seriously [expletive deleted]

The Cyberwar Rages 24/7

Corporations’ cyber security under widespread attack, survey finds

Around the world, corporations’ computer networks and control systems are under “repeated cyberattack, often from high-level adversaries like foreign nation-states,” according to a new global survey of information technology executives.

The attacks include run-of-the-mill viruses and other “malware” that routinely strike corporate defenses, but also actions by “high-level” adversaries such as “organized crime, terrorists, or nation states,” a first-time global survey by the Center for Strategic and International Studies (CSIS) in Washington has found. More than half of the 600 IT managers surveyed, who operate critical infrastructure in 14 countries, reported that their systems have been hit by such “high-level” attacks, the survey concludes.

A large majority, 59 percent, said they believed that foreign governments or their affiliates had already been involved in such attacks or in efforts to infiltrate important infrastructure – such as refineries, electric utilities, and banks – in their countries.

Such attacks, the survey said, include sophisticated denial-of-service attacks, in which an attacker tries to so overwhelm a corporate network with requests that the network grinds to a halt.

But they also include efforts to infiltrate a company. Fifty-four percent of the IT executives said their companies’ networks had been targets of stealth attacks in which infiltration was the intent. In two-thirds of those cases, the IT managers surveyed said company operations had been harmed.

The IT managers also believed that these “stealthy” attacks were conducted by “nation states” targeting their proprietary data, says the survey’s main author, CSIS fellow Stewart Baker, in a phone interview. Mr. Baker is a cybersecurity expert formerly with the Department of Homeland Security and National Security Agency.

“It’s all the same kind of stuff – spear-phishing, malware, taking over the network and downloading-whatever-you-want kind of attack,” he says. “Over half of these executives believe they’ve been attacked with the kind of sophistication you’d expect from a nation state.”

The CSIS report describes such attacks as “stealthy infiltration” of a company’s networks by “a high-level adversary” akin to a “GhostNet,” or large spy ring featuring “individualized malware attacks that enabled hackers to infiltrate, control and download large amounts of data from computer networks.” The GhostNet attacks, which Canadian researchers attributed to Chinese state-run agencies, bear similarities to recent attacks on Google and other high-tech companies, Baker says. Google attributed attacks on it to entities in China.

Read the report:
In the Crossfire: Critical Infrastructure in the Age of Cyber War

See also:
In the Crossfire: Critical Infrastructure in the Age of Cyber War
Report: Critical Infrastructures Under Constant Cyberattack Globally
Utilities, Refineries and Banks Are Victims of Cyber Attacks, Report Says
Critical Infrastructure under Siege from Cyber Attacks
Critical Infrastructure Vulnerable To Attack
Critical Infrastructure Security a Mixed Bag, Report Finds
Report shows cyberattacks rampant; execs concerned
Key infrastructure often cyberattack target: survey
Critical infrastructure execs fear China
SCADA system, critical infrastructure security lacking, survey finds

Ironically, the more dependent we become on interconnected network technology, the more vulnerable we become too.

/so keep your fingers crossed and your computers patched against hacking and intrusion, at least you can do your part to avoid being part of the problem

Microsoft Cleans Up After Chinese Hack Of Google, Obama Turns The Other Cheek

Microsoft to release patch for IE hole on Thursday

Microsoft said on Wednesday that it will release on Thursday a patch to fix the latest hole in Internet Explorer that was used in the China-based attack on Google and for which an exploit has been released on the Internet since last week.

The company plans to release the patch as close to 10 a.m. PST on Thursday as possible and host a public Webcast at 1 p.m. PST, according to the security advisory.

Microsoft continues to see limited attacks and has only seen evidence of successful attacks against Internet Explorer 6, according to Jerry Bryant, senior security program manager at Microsoft.

“This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical,” he said in a statement.

“It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized,” Bryant said. “We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released.”

Vulnerable software is IE 6 on Microsoft Windows 2000 and IE 6, 7, and 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, Microsoft said.

So, while China continues its relentless, covert cyberwar against U.S. and other Western commercial, government, and military targets, stealing information and secrets and causing economic and national security damage to our computer networks, guess what the Obama administration has decided to do, against the advice of U.S. intelligence officials and experts?

China removed as top priority for spies

The White House National Security Council recently directed U.S. spy agencies to lower the priority placed on intelligence collection for China, amid opposition to the policy change from senior intelligence leaders who feared it would hamper efforts to obtain secrets about Beijing’s military and its cyber-attacks.

The downgrading of intelligence gathering on China was challenged by Director of National Intelligence Dennis C. Blair and CIA Director Leon E. Panetta after it was first proposed in interagency memorandums in October, current and former intelligence officials said.

The decision downgrades China from “Priority 1” status, alongside Iran and North Korea, to “Priority 2,” which covers specific events such as the humanitarian crisis after the Haitian earthquake or tensions between India and Pakistan.

The National Security Council staff, in response, pressed ahead with the change and sought to assure Mr. Blair and other intelligence chiefs that the change would not affect the allocation of resources for spying on China or the urgency of focusing on Chinese spying targets, the officials told The Washington Times.

White House National Security Council officials declined to comment on the intelligence issue. Mike Birmingham, a spokesman for Mr. Blair, declined to comment. A CIA spokesman also declined to comment.

But administration officials, speaking on the condition of anonymity, said the new policy is part of the Obama administration’s larger effort to develop a more cooperative relationship with Beijing.

See also:
Microsoft Security Bulletin Advance Notification for January 2010
New IE hole exploited in attacks on U.S. firms
Microsoft Scrambles to Patch Browser
Microsoft patching “Google hack” flaw in IE tomorrow
Microsoft Security Bulletin MS10-002 Coming Thursday for IE Zero-Day
Microsoft to issue “Google attack” browser patch
Microsoft to issue emergency IE patch Thursday
Microsoft will issue emergency IE patch on Thursday
China removed as top priority for spies
China no longer top priority for intelligence gathering: White House
‘China no longer top priority for intelligence gathering’
China: Still an Intelligence Priority

Relax, don’t worry, the country is in the very best of hands.

/Obama’s NSC, more than a dozen morons stuffed in a four passenger clown car

Peek A Boo, China Is Waging Undeclared War On You

Is your computer acting squirrelly, your internet connection spotty? It might not be Microsoft after all, it could be Chinese military sponsored hackers.

Congressional commission focuses on China’s cyberwar capability

In war and possibly in peace, China will wage cyberwar to control the information flow and dominate the battle space, according to a new report compiled for a congressional commission.

Chinese military strategists see information dominance as the key to overall success in future conflicts and will continue to expand the country’s computer network exploitation capabilities, according to the report, titled “Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation.” The report was prepared for the U.S.-China Economic and Security Review Commission under contract by Northrop Grumman’s Information Systems Sector.

In a conflict, China will likely target the U.S. government and private industry with long-term, sophisticated computer network exploitation and intelligence collection campaigns, the report concludes. U.S. security agencies can expect to face disciplined, standardized operations; sophisticated techniques; high-end software; and a deep knowledge of the U.S. networks, according to the report (PDF).

The strategy employed by the People’s Liberation Army–China’s military organization–is to consolidate computer network attacks with electronic warfare and kinetic strikes, creating “blind spots” in enemy systems to be exploited later as the tactical situation warrants, according to the report. The strategy, which has been adopted by the world’s other technologically inclined armies, is referred to by the PLA as “Integrated Network Electronic Warfare,” the report stated.

The emphasis on information warfare has forced the PLA to recruit from a wide swath of the civilian sector, according to the report. As is the case with the U.S. military and its new Cyber Command, the PLA looks to commercial industry and academia for people possessing the requisite specialized skills and pasty pallor to man the keyboards. And although it hints broadly at it, the report offers no evidence of ties between the PLA and China’s hacker community.

The U.S.-China Economic and Security Review Commission reports and provides recommendations to Congress on the national security implications of the bilateral trade and economic relationship between the United States and the People’s Republic of China.

China Expands Cyberspying in U.S., Report Says

The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S. company that appears to have been sponsored by Beijing.

The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report to be released Thursday. Chinese espionage operations are “straining the U.S. capacity to respond,” the report concludes.

See also:
Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation
Evidence Points To China In Cyber Attacks
Report: China building cyberwarfare capabilities
Security report finds Chinese cyberspying threat growing
U.S. report says China engages in cyber warfare
China fingered in cyberattack on mystery high tech co.
‘Huawei continues to receive preferential funding from China’s army’, says US Commission
United States-China Economic and Security Review Commission

/I sure hope Obama and company are putting at least as much time and energy into fighting this undeclared cyberwar with China as they are prosecuting their childish, whiny, crybaby media war against Fox News