China’s intelligence and security services play a pivotal role in shaping how China’s leadership views the outside world – but we in that outside world don’t know much about how they provide guidance and direction to diplomats and security officials, or how they help form government policy.

When news breaks of the latest Chinese cyberhack or other espionage activities, analysts mostly focus on each incident as either a singular counterintelligence issue, or a reflection of current U.S.-China relations. This misses the point that each of these acts are part of a much larger and little understood strategy carried out by the Chinese Intelligence Services (CIS).

This gap in our knowledge of CIS activities may have mattered relatively little during China’s inward-looking years. But today, CIS leaders are significant players on the world stage, and understanding how and what they learn about the world, and how they formulate their policy choices, is more important than ever.

Much about CIS remains opaque. We know too little about how the intelligence services digest and assess the multi-terabytes of data they collect electronically, both domestically and from overseas. Nor do we know how that intelligence is provided to decision-makers, and how well the various agencies, both civilian and military, coordinate and cooperate.

We do know that both internal and external security and intelligence services have received significant enhancements in resources over the past 10 to 15 years. Publically available figures indicate that expenditure on internal security systems have even outpaced China’s dramatic military modernization.

A decade or so ago, China’s security state appeared to be eroding as modern communications technology swept across the country. Today, however, domestic intelligence agencies have adapted to the internet, social media and mobile communications. They are capable of blocking unwanted messaging originating overseas and domestically, ensuring the Party’s message is delivered appropriately, and following electronic dust left behind as people move through China’s highly informationalized society.

Consequently, their ability to help shape the state’s message is stronger now than it has been in a generation. And Chinese President Xi Jinping’s determination to silence dissenting voices will ensure continued resources for internal services.


Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.

It's almost like something out of Star Trek. Imagine an alien who can see you, but whom you can't see — one who has violence on his/her/its mind. A punch coming from out of nowhere; a vase flung at your head with no one seemingly throwing it; a punch to the gut, then a karate chop to the neck, maybe a blast from an (also invisible) ray gun, and you're down for the count. How would you fight it? How could you fight it?

Those invisible aliens may not have landed on earth just yet, but invisible malware — called fileless malware or in-memory malware — is wreaking havoc and bringing intergalactic war-style destruction to IT systems the world over. Like an invisible alien, fileless malware can strike from multiple directions, without victims even being aware they were targeted, until it's too late. Fileless malware — in which hackers call malware routines remotely and load them into memory in order to compromise or steal data — is not new, but hackers increasingly have turned to that type of attack. According to McAfee, fileless threats with PowerShell malware grew by 119% in the third quarter of 2017 alone, and they have been such a rousing success that hackers plan to greatly expand their use this year, security experts are convinced.

But fileless malware is just one of numerous threats and attacks that are now in vogue; 2018 could see more and more challenging cyberattacks, experts believe. With cryptocurrencies so popular now, hackers have begun using botnets to create the computing power needed to mine coins. AI has helped hackers develop more effective social engineering messages, "weaponizing" big data and AI to convince hapless victims to open spear-phishing messages more frequently by matching the message with the personality of the recipient. And botnets that control infected devices, commanding them to infect even more devices — a "swarm effect" — will allow hackers to grow their networks of compromised devices and systems exponentially.


ATM “jackpotting” — a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand — has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United States.

To carry out a jackpotting attack, thieves first must gain physical access to the cash machine. From there they can use malware or specialized electronics — often a combination of both — to control the operations of the ATM.

On Jan. 21, 2018, KrebsOnSecurity began hearing rumblings about jackpotting attacks, also known as “logical attacks,” hitting U.S. ATM operators. I quickly reached out to ATM giant NCR Corp. to see if they’d heard anything. NCR said at the time it had received unconfirmed reports, but nothing solid yet.

On Jan. 26, NCR sent an advisory to its customers saying it had received reports from the Secret Service and other sources about jackpotting attacks against ATMs in the United States.

“While at present these appear focused on non-NCR ATMs, logical attacks are an industry-wide issue,” the NCR alert reads. “This represents the first confirmed cases of losses due to logical attacks in the US. This should be treated as a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.”

The NCR memo does not mention the type of jackpotting malware used against U.S. ATMs. But a source close to the matter said the Secret Service is warning that organized criminal gangs have been attacking stand-alone ATMs in the United States using “Ploutus.D,” an advanced strain of jackpotting malware first spotted in 2013.


As the founder of Microsoft, Bill Gates is certainly no stranger to technological advancement. In a recent interview with Axios, however, the businessman and philanthropist voiced his concerns over the potential negative impact such advances could have — issues that he’ll delve more deeply into with the release of the annual letter from the Bill and Melinda Gates Foundation later today.

“There’s always the question how much technology is empowering a small group of people to cause damage,” Gates said, his words primarily directed at the large technology companies currently dominating the market, such as Apple.

Gates continued, pointing out that such monopolies aren’t just about computers and smartphones.  “A small group can have an impact — in the case of nuclear [weapons], on millions; and in the case of bio[terror], on billions. That is scary to me.”


The warning was directed at those in Silicon Valley, as Gates worries the companies’ activities could hinder the ability of the government to do its job ( that is, “under appropriate review,” he was careful to note). Gates specifically honed in on the issue of information access, alluding to tech giants like Facebook, Google, and Apple, who may have an “enthusiasm about making financial transactions anonymous and invisible, and their view that even a clear mass-murdering criminal’s communication should never be available to the government.”

Gates suggests the companies self-evaluate to see if the issues they’re facing could be solved by utilizing government oversight — and he’s not offering advice with a lack of experience to back it up. Gates told Axios that if these companies heed his warning, they might avoid what Gates described as the “nightmarish government intervention” he contended with for Microsoft.

Whatever a company’s goals, values, and ideals may be, they are not above or aside the law. “The tech companies have to be … careful that they’re not trying to think their view is more important than the government’s view,” Gates said. “Or than the government being able to function in some key areas.”