Part One: Spy Games and False Flags

The United States published a media advisory on May 24, 2023, claiming that China had endorsed the hacking by an organization which they labeled “Volt Typhoon” to launch espionage activities against U.S. critical infrastructures.

A year after, Christopher Asher Wray’s opening statement to the US Senate appropriations subcommittee on commerce, justice, science, and related agencies last June 4, 2024 puts into proper perspective such recent American fake news.

The advisory, which was issued by cybersecurity authorities of the Five Eyes members – predominantly “white” countries the US, UK, Australia, Canada, and New Zealand – only referenced a Microsoft report released the same day.

But just a quick read back in to the US Senate hearings showed that Wray, who is the director of the Federal Bureau of Investigation, submitted a case build-up involving five scenarios why the United States is facing a new threat environment.

Two of those referred to China and cybersecurity.

Director Wray asserted that “We’re up to something like 2,000 active cases across all 56 of our field offices focused on the PRC’s (People’s Republic of China’s) efforts to try to steal our information and our technology.”

Because of this, he said, “We need funding to continue countering the threat posed by the PRC—a government sparing no expense in its quest to hack, lie, cheat, and steal its way to the top as a global superpower, and to undermine our democracy and our economic success.”

Proceeding to his next perceived threat, the FBI director said ““We’re investigating more than 100 different ransomware variants—each impacting scores of victims—and that’s just ransomware.”

Summing up, Wray added “We need funding to continue disrupting all kinds of cyber threats—certainly those from China, but also from a crowded field of sophisticated criminals and other hostile nation-states like Russia, Iran, and North Korea.”

What a mouthful!

Debunked by China

This year, on April 15 and July 8, the National Computer Virus Emergency Response Center (NCVERC) and 360 Digital Security Group released reports exposing the Volt Typhoon operation as yet another farcical narrative by the US government.

Putting it bluntly, Volt Typhoon is in fact a fabrication by the United States, another hype to cast reputational cost against China.

Lin Jian, spokesperson of China’s Ministry of Foreign Affairs, that according to the report, “Volt Typhoon is actually a ransomware cybercriminal group who calls itself the ‘Dark Power’ and is not sponsored by any state or region.

This is done to enable related interest groups to gain greater political and economic benefits by fabricating nonexistent Chinese cyberattack threats. The nature of the event resembles a conspiratorial swindling campaign scheme targeting the US Congress and taxpayers.

The reports confirmed that multiple cybersecurity authorities in the US have been pushing the false narrative to secure more funding, while companies like Microsoft seek larger contracts from these agencies, according to the investigation.

“After the two reports were released, a NCVERC research fellow said “more than 50 cyber security experts from US, Europe, Asia and other countries and regions have contacted us through various ways. They believed that the US government and Microsoft have attributed Volt Typhoon to Chinese government without any concrete evidence.”

US evidence altered

Following the release of the initial investigation report on “Volt Typhoon,” the Chinese joint investigation team continued to conduct verification analysis based on the indicators of compromise (IoCs) of the so-called ‘Volt Typhoon’ organization in the US, and found that this organization is closely related to a ransomware criminal group called Dark Power disclosed by ThreatMon, a US cybersecurity vendor.

The report directly quoted the content of the ThreatMon report and disclosed the associated IP addresses hidden behind the back cover image. But after the release of the report, the US side instructed ThreatMon to change the content of the report, expanding from 17 pages to 20 pages, but the crucial evidence of the associated IP addresses, which was originally located behind the back cover image, was now nowhere to be found.

An anonymous whistleblower inside ThreatMon revealed that the company has modified its report under pressure from relevant US government agencies. “It can be inferred that American cybersecurity companies are being manipulated by US intelligence agencies, while ThreatMon’s technical staff have used a more subtle form, concealing the list of IP addresses,” said the researcher.

An advisory from the “Five Eyes” alliance countries claimed that the “Volt Typhoon” organization had infiltrated network devices produced by suppliers such as Netgear and used them as a springboard for further attacks.

However, reviewing the ensuing Netgear security bulletin on the attacks by the ‘Volt Typhoon’ organization, it publicly stated that it has not found any vulnerability attacks targeting its products.

For some reason, Netgear missed out on the preemptive notification coming from the US government, subsequently it could not embargo the truth.

Strike Three

A third report, entitled Volt Typhoon III: A Cyber Espionage and Disinformation Campaign conducted by US Government Agencies was jointly published on October 14, 2024 by the National Computer Virus Emergency Response Center and the National Engineering Laboratory for Computer Virus Prevention Technology.

According to the report, evidence has confirmed that “Volt Typhoon”, which US politicians, intelligence communities and companies claimed to be a China-sponsored hacking organization, had launched a series of operations targeting networks across critical US infrastructure sectors, as just one of many operations initiated by US intelligence actors.

The wider investigation showed that hackers from United States cyber forces and intelligence agencies pose like “chameleons” in the information highway by disguising as other countries to conduct global cyberattacks and espionage operations, while also pouring dirty water on non-US allies like China.

Earlier, China’s NCVERC has also publicly disclosed multiple types of cyber weapons which were developed by the National Security Agency (NSA) and Central Intelligence Agency (CIA).

The Volt Typhoon III report unveiled a customized stealth “toolkit” codenamed “Marble” that the US agencies have developed to cover up their Computer Network Exploitation (CNE) operations, misled attribution analysis and shifted the blame on other countries. 

It said the toolkit is a framework that can be integrated with other cyber weapon development projects, assisting developers to obfuscate various identifiable strings in program code, effectively “erasing” the “fingerprints” of cyber weapon developers.

For a long time, the US has overtly pushed a “Defend Forward” strategy in cyberspace, and implemented the “Hunt Forward” operations, which means to deploy cyber-war forces in the surrounding areas of adversary countries to conduct close-in reconnaissance and network penetration.

An anonymous researcher working for the national center said that in order to satisfy those tactical needs, the toolkit “Marble” was developed with framework having a “dirty” feature, the ability to insert strings in other languages at will, such as Chinese, Russian, Korean, Persian, and Arabic. He added that this has been intended to mislead investigators and defame China, Russia, North Korea, Iran, and Arab countries.

By tracing and analyzing the source code and comments of “Marble” framework, researchers also found that it has been identified as a secret weapon development program, which was not allowed to be shared with any foreign country, starting no later than 2015.

This secret weapon was tailored by US intelligence agencies for themselves, and was even kept a secret from the so-called ally countries.

Some companies, such as Microsoft and CrowdStrike, have also been influenced by the desire to appeal to US politicians, government agencies and intelligence agencies, as well as to enhance commercial interests.

They kept using a variety of names with geo-political features to describe the hacking groups in the absence of sufficient evidence and rigorous technical analyses, such as “Typhoon,” “Panda” and “Dragon.”

US silence deafening

In the face of these three reports, the US side has kept mum. To this day, the US Embassy in China and Microsoft have not responded to the series of exposé, while analysts have already agreed that whether it is past global cyber espionage or disinformation campaigns against China, the facts are clear, and faced with irrefutable evidence, the US has been left with no choice but to remain silent.

All that came from the Microsoft Network is this Tagtik clip, headlined “China prepares its “army” for war against the United States” quoting an information relay from American media Telecrunch, claiming Chinese hackers were able to break into important infrastructures of the country, including energy and transport suppliers, and that According to American intelligence, the “threat is historic”.

Tagtik, a UK digital press agency based in Belgium.

It has only forwarded this feed from the French magazine Korii quoting journalist and translator Manon Pierre – that intelligence experts believe that the primary objective of this new army of hackers is to lay the foundations for potentially destructive cyberattacks, which could prove very useful in the event of a conflict between the United States and China like an invasion on Taiwan.

Like a contrived script the British agency has also echoed FBI Director Wray’s lobby, “Chinese hackers are positioning themselves on American infrastructure with a view to wreaking havoc and causing real harm to American citizens and communities, if or when China decides that the time is right to strike.” 

Wray continues on with his talking points, “In response, the American government, along with its allies, has issued several public warnings regarding the danger posed by computer intrusions and taken essential measures to combat these hacker groups”.

Global spy network

At the end, the FBI director said “Volt Typhoon, a collective of hackers belonging to the Chinese government, has just been identified. Its mission is to set up destructive cyberattacks and, at the same time, to disrupt the mobilization capacity of the American army.”

But according to the Volt Typhoon III report which has become more credible, it is the US intelligence agencies that have established a global internet surveillance network, generating a large amount of high-value intelligence. Such programs require a substantial annual budget, and with the explosive growth of internet data, the demand for US funding is rising geometrically.

This is because over the years, the U.S. government has kept politicizing cyberattack attribution in a way that serves its own interests. In contrast, China has consistently opposed the political interference in technical investigations into cybersecurity incidents.

The report called on cybersecurity firms and research institutes to focus on advancing threat prevention technologies and delivering higher-quality products and services, which will then keep the internet developing in a healthy way along with the progress of human society.

But consistent with the fact that the it is the world’s largest arms dealer and its cyber weapon arsenal is not only humungous in scale, but also sophisticated in function, the United States has embarked on “false flag” operations as part of its foreign policy.

A “false flag” is a deceptive act or operation carried out to make it appear as if it was being conducted by another party, so as to frame up “adversary countries.”

Secret documents from the US and Five Eyes Alliance manifested that “false flag” operations are actually an important component of the US intelligence agency’s “EFFECTS Operation,” known as the “Online Covert Action” in the UK that must adhere to four main principles, which are “Deny,” “Disrupt,” “Degrade,” “Deceive.” And these four main principles precisely coincide with all the core elements of Volt Typhoon.

According the top secret files of the National Security Agency, the US has also been controlling by intercepting and indiscriminately inspecting the world’s most important internet “choke points,” such as the Atlantic and Pacific subsea cables, constructing at least seven full-traffic tapping sites operated by NSA, FBI and NCSC from UK, according to the report.

Top secret documents from the NSA show that the Office of Tailored Access Operation (TAO) of NSA has launched massive CNE operations around the world and implanted more than 50,000 spyware implants.

Victims are mainly concentrated in Asia, Eastern Europe, Africa, the Middle East and South America. The internal documents of the NSA showed that almost all major cities in China are within the scope of NSA’s operations, a large number of entities and their network assets have been compromised, said the report.

The Volt Typhoon III report also cited that the US has been spying on its allies like France, Germany, and Japan. For instance, from 2004 to 2012, the US monitoring the movements of the French government on policy, diplomacy, finance, international exchanges, infrastructure construction, business and trade.

The report said that the US stealing user data from the global internet in real time enables an eavesdropping capability that has become an indispensable foundation of the US efforts to build the “Empire of Hacking” and the “Empire of Surveillance.”

PH application

In the Philippines we have to be sensitive about this, as our Armed Forces Chief Staff Romeo Brawner has announced that a new AFP Intelligence Command (AIC) was activated on August 21 “to enhance the nation’s intelligence capabilities in response to evolving security challenges.”

He said this highlights the critical need for strategic communications and information operations in modern defense operations. As the nature of warfare evolves, Brawner stressed the importance of equipping the military not only with the physical readiness but also with robust capabilities in the digital and informational domains.

But Brawner’s tongue slipped when he clarified, “We need to provide correct information to the public amid the proliferation of fake news. Sometimes, fake news could turn the tide of the war. Just look at what’s happening in the South China Sea and West Philippine Sea.”

Brawner has just documented that the American narrative of “poking the dragon” for false flags in the South China Seas, has been beaten to a pulp by the mosquito press of blogs of ordinary citizens with beer budgets, when competing with millions of dollars poured in by the US Global Agency for Media Affairs, the National Endowment for Democracy, the Omidyar Network, the Center for Strategic and International Studies and various other American and European foundations into the mainstream media, academic institutions, lobby groups and think tanks, social media influencers, and select agents into the Philippine government including Congress.

It seems that the Philippine military will benefit from intelligence funds being raised by FBI Director Wray and appropriations from the America Competes Act legislation, primarily to peddle to the Filipino people the United States war doctrines against China, foremost of which is the Agile Combat Employment of the US Air Force which is what the nine American bases in the Philippines under the Enhanced Defense Cooperation Agreement, is all about.

In short, it’s all about money changing hands. To maintain such a huge overt intelligence program, the annual funding budget would be quite huge, and with the explosive growth of the internet, the demand for funding is bound to balloon.

This is how Christopher Wray, a registered Republican whom President Donald Trump nominated as director of the FBI but who has been more in dalliance with Joe Biden policies, play a major role in fattening the spy budget. As of this writing however, the end of Wray’s term might be coming to a close with the reelection of Trump, who has promised to stay away from wars as the 47^th US president. #

   

Email: contact@asiancenturyph.com

Facebook: https://www.facebook.com/asiancenturyph/

Twitter: https://twitter.com/AsianCenturyPH

Substack:

Also read: