Return to

Nov. 30, 2017
Notes from the Pentagon

Search is on for North Korean missile debris
U.S. and Japanese warships sailed to the waters near northwestern Japan this week to support American intelligence agencies in a search for the debris of North Korea’s latest long-range missile test.

The searchers hope to find clues to the makeup of the Hwasong-15 intercontinental-range missile launched Wednesday that is believed to be a variant of the Hwasong-14 fired off in two flights in July.

The missile was fired around 3 a.m. Wednesday local time and flew 50 minutes and with an estimated range farther than all previous missile tests. It flew some 2,500 miles into space but only a distance of just over 600 miles from the launch site on the Korean Peninsula.

The two ICBM tests in July flew in similar lofted trajectories, but their flight times were 39 minutes and 45 minutes, respectively.

A Pentagon official said Navy and Japanese warships that were in the Sea of Japan at the time of the test steamed to the impact area, located about 155 miles west of Aomori prefecture, the northernmost part of Japan’s main island of Honshu. The search is expected to be difficult since intelligence reports indicated that the missile appeared to break up before landing.

Previous launches have provided a wealth of intelligence on the foreign components found in North Korean test missiles.

For example, debris recovered from a Feb. 7, 2016, rocket launch revealed several foreign-sourced commercial components. They included ball bearings with Cyrillic characters indicating Russian-origin components. Also, a Chinese infrared camera was recovered and traced by a U.N. panel of experts to the Beijing East Machinery High-Tech Technology Co. Ltd. Pressure transmitters manufactured in Britain also were found and traced backed to transshipments from Taiwan to North Korea.

The components were recovered from the debris of an Unha-3 space launcher that is based on North Korea’s older Taepodong-2 ICBM.

The Hwasong-15 launch was the first since North Korea fired an intermediate-range missile on Sept. 15 that flew over Japan’s northern Hokkaido island.

Pentagon spokesman Col. Robert Manning said initial assessments indicate the missile was an ICBM launched from Sain Ni, North Korea, that traveled 620 miles before landing.

“We are working with our interagency partners on a more detailed assessment of the launch,” Col. Manning said in a statement, adding that the North American Aerospace Defense Command assessed that the launch did not pose a threat to North America, U.S. territories or allies.

At a White House meeting with President Trump, Defense Secretary Jim Mattis said the missile “went higher, frankly, than any previous shot they’ve taken.”

“It’s a research-and-development effort on their part to continue building ballistic missiles that could threaten everywhere in the world, basically,” Mr. Mattis said. “The bottom line is it’s a continued effort to build a threat — a ballistic missile threat that endangers world peace, regional peace and, certainly, the United States.”

North Korea’s state-run KCNA news agency said the missile can carry a “superlarge heavy warhead which is capable of striking the whole mainland of the U.S.”

U.S. intelligence agencies are voicing security concerns over China’s continued efforts to electronically infiltrate American military systems.

Defense officials said there are worries about the recent announced sale of Canada’s satellite communications firm Norsat to China’s Hytera Communications Corp. Ltd.

After the deal to buy the Vancouver-based satellite company was announced last summer, the Pentagon said it is reviewing whether it will continue contracts with Norsat.

Norsat produces high-technology communications gear including satellite terminals, microwave components, antennas, radio frequency (RF) conditioning products, maritime-based satellite terminals and remote-network connectivity products.

The company in the past has provided the U.S. military with the Defense Video and Imagery Distribution System, a mobile satellite system known as DVIDS Direct, which is used by public affairs units to transmit video and photos.

Hytera is a Shenzhen, China-based mobile radio communications company that works closely with China’s police and security services. Those connections are the ones raising fears of electronic infiltration.

Another Chinese company, optical network component producer O-Net Technologies Group, recently purchased the Montreal-based ITF Technologies. That deal, too, has raised security concerns because O-Net is partly owned by a Hong Kong company that is a subsidiary of China Electronics Corp. Holdings Ltd., a Chinese state-owned electronics information company.

The purchases are part of what a congressional commission says is Beijing’s targeting of U.S. and foreign firms for gaining access to high technology.

“China is increasing its investments in the United States, particularly in sectors deemed strategic by the Chinese Communist Party,” states the annual report of the U.S.-China Economic and Security Review Commission made public this month. “These investments support the global competitiveness of Chinese firms by allowing them to access capital and technologies not available in their home market.”

In 2016, China invested $7.54 billion in U.S. electronics, information and communications technology. The commission said the Chinese government “maintains significant influence” over all investment decisions.

The Treasury Department-led Committee on Foreign Investment reviews Chinese purchases in the United States, but the report said the committee lacks the resources to conduct needed national security assessments.

China in particular seeks to circumvent CFIUS reviews and in one case succeeded in buying an American firm that provided Beijing with access to personal information on intelligence personnel.

In November 2015, the Chinese investment firm Fosun International purchased Wright USA, a liability insurance provider to senior CIA officials and FBI, without notifying the committee.

“It was not until a month after the acquisition was complete that CFIUS expressed concern about the purchase and began reviewing the deal to determine whether it had granted Chinese agencies access to the personal information of tens of thousands of U.S. intelligence and counterterrorism officials,” the report said.

Fosun Chairman Guo Guangchang is a representative in the Chinese People’s Political Consultative Conference with ties to the ruling Communist Party, connections that were kept secret from U.S. officials that reviewed the deal. Fosun pulled out of the deal to buy Wright in September 2016, likely as a result of the CFIUS review.

Rep. Robert Pittenger, North Carolina Republican, has co-sponsored legislation that would upgrade the CFIUS review process.

“China is weaponizing its investment in the U.S. to exploit national security vulnerabilities, including the backdoor transfer of dual-use U.S. technology and related know-how, aiding China’s military modernization and weakening the U.S. defense industrial base,” Mr. Pittenger said in introducing the bill this month.

Cybersecurity expert Brian Krebs reported this week that a shadowy cyberattack organization called The Equation Group may be a part of a secret National Security Agency hacking group.

The Equation Group seems to be the origin for a set of intelligence tools that were made public by a mysterious group called the Shadow Brokers in August 2016.

Mr. Krebs, writing in his online blog, said the Equation Group appears to be “a highly advanced threat actor that is suspected of having ties to the U.S. National Security Agency.”

The basis for the assessment is that some of the documents made public were stolen from an unidentified software developer and NSA contractor who was arrested in 2015 after taking the hacking tools to his home.

The Equation Group was first disclosed by researchers at the Russian security firm Kaspersky Lab, a company whose software products were recently banned by the U.S. government over concerns about electronic trap doors used by Russian intelligence.

Mr. Krebs notes that Kaspersky has been linked to the compromise of The Equation Group after Russian hackers stole the group’s hacking tools, tools that were identified in files after the contractor used Kaspersky Antivirus software on his personal computers.

PowerPoint slides made public from the stolen hacking tools revealed one secret operation called “Jeepflea Market” that siphoned off confidential financial data from EastNets, a Middle Eastern counterpart to the global banking transfer system known as SWIFT — Society for Worldwide Interbank Financial Telecommunication.

Mr. Krebs was able to identify three people from the leaked documents who may be part of NSA, including one person with a Russian background. Experts he talked to concluded that The Equation Group is in reality NSA’s Tailored Access Operations unit, a unit that was disclosed by renegade NSA contractor Edward Snowden several years ago.

  • Contact Bill Gertz on Twitter via @BillGertz.

  • Return to