By Leo TimmEpoch Times Staff

In his recently published com-mentary arti-cle, Yu Keping,

a member of a think tank that served former Chinese leader Hu Jintao, has challenged long-stand-ing official narratives by casting a positive light on the Russian tran-sition to democracy.

Yu’s article, titled “Important Gleanings From Russia’s Dem-ocratic Reformation,” was pub-lished online by Caixin, a lead-ing Chinese financial news media

group based in Beijing.With its take on the democratic

reforms started by Soviet leader Mikhail Gorbachev, which ulti-mately led to the end of com-munism in Eastern Europe, the piece flies in the face of what Chi-na’s state-approved pundits and top officials have been saying for years: that introducing political freedom was a disastrous betrayal of international socialism.

“Following the disintegra-tion of the Soviet Union, Russia embarked on political reforma-tion in a democratically oriented direction,” Yu writes.

See Reforms on A7

We inform. We inspire. INSIDE

Amid Economic and Political Crisis, Rio Olympics Run 51 Percent Over Budget

A resident of Baku in the southern Soviet republic

of Azerbaijan on Sept. 21, 1991, hacks apart a

portrait of Russian revolutionary

leader Vladimir Lenin.

By Steven KlettEpoch Times Staff

While an investigation into Hillary Clinton’s use of a private email

server has been closed by the Justice Department, the politi-cal fallout from the investigation is likely to continue to follow her.

FBI Director James Comey said in a press briefing on July 5 that he thought no criminal charges should be filed against Clinton, but did describe the handling of emails by her and her staff as “extremely careless.” He also contradicted Clinton on key claims she made about the use of her private email server.

Testifying before the House Oversight and Government Reform Committee, Comey said that Clinton had made statements about her emails that “were not true.”

“For a candidate who already had significant issues with vot-ers on honesty and trust, her problems just got a lot worse,” said Neil Newhouse, Mitt Rom-ney’s campaign pollster in 2012, about the results of the FBI investigation.

“It may have effectively ended her legal problems, but it put her political problems front and center,” he said.

It is unclear, however, how much the outcome of the inves-tigation will impact the outcome of this year’s presidential race.

See Campaign on A3

Despite Email Probe Fallout, Clinton Could Remain Unhurt in Polls

2016 OLYMPICS

CHINA

ANATOLY SAPRONENKOV/AFP/GETTY IMAGES

By Emel AkanEpoch Times Staff

With the opening cer-emony less than a month away, Bra-

zil’s Olympic Games have a cost overrun of $1.6 billion, according to a new study. The preliminary cost, whichis run-ning51 percent over budget, is still modest compared to previousgames,but comes ata-timewhenBrazilis facingan eco-nomic and political crisis.

See Costs on A6

Work continues at the beach volleyball arena on Copacabana Beach in preparation for the Olympic Games in Rio de Janeiro on July 4.

MAT

THEW

STO

CKM

AN

/GET

TY IM

AG

ES

JULY 8–14, 2016NEW YORK EDITION

THEEPOCHTIMES.COM

VOLUME 25ISSUE 2$2.00

feedback feedback@epochtimes.comadvertising advertisenow@epochtimes.comphone 212-239-2808Find more information on A3

CONTACT US

CONTENTSA2 ...........................New YorkA3 ..................................Nation A6 ....................................WorldA9 ..............................BusinessA11 ............................OpinionA12 .................................Sports

W ............Epoch WeekendB ............................... Epoch FitC ......... Epoch Arts & StyleD ........................Epoch Taste

CLINTON EMAILS

Once Off Limits, Chinese Scholar Talks of Russia’s Reformer—Gorbachev

The hackers have a level of access to the system that allows them to read, write, and execute files on the system.

A divided House committee questions FBI director over investigation

Is Confidence Coming Back to the Oil Industry?We need investment to avoid a supply gap in the long run.

A9...BUSINESS

COURTESY OF CHEVRON

Turning a Camera Into a Billion Dollar BusinessShutterstock CEO Jon Oringer on his beginnings.

A10...BUSINESS

COURTESY OF SHUTTERSTOCK

Corruption Seemed to Contribute to Damage of Floods in Central ChinaHeavy rains caused flooding in two dozen provinces, leaving 186 dead.

A7...WORLD

STR/AFP/GETTY IMAGES

Kindergartens in the Forest Sync Children With NatureSome schools and teachers are bucking the trend, unplugging from technology and staying close to nature.

A2...NEW YORK

AP PHOTO/MATT DUNHAM

EPOCH WEEKEND

ISIS LOSING GROUND— BUT WHAT HAPPENS NOW?After losing Iraq’s Fallujah, ISIS is looking beyond its ‘caliphate,’ putting neighboring countries at risk

E-HEISTCYBERCRIMINALS

INFILTRATE FINANCIAL NETWORK,

PUTTING US BANKS AT RISK

EVERETT COLLEC

TION

(BAN

K BUILD

ING

); VECTO

RKAT (LABEL); PA

ULRO

MM

ER/SHU

TTERSTOC

K (BORD

ER); EPOC

H TIM

ES (PHO

TO ILLU

STRATION

)

By Joshua PhilippEpoch Times Staff

UniTeller is a financial ser-vices company that spe-cializes in making inter-national money transfers,

servicing a network of some 87 banks and 32,000 payment locations worldwide. According to an expert in cybersecurity, those banks have potentially been compromised by hackers who have breached UniTel-ler’s network.

Edward Alexander is a cybersecu-

rity expert who tracks and sometimes prevents digital crime. He has a team of more than 200 digital investiga-tors working specifically on the cases related to the UniTeller breach. Their beat is the darknet, a large segment of the internet only accessible with special software and often used by criminal groups to conspire and sell illicit goods and services.

In 2015, Alexander’s team learned that hackers employed by the Chi-nese regime had begun penetrating the world’s financial systems as early as 2006.

Also in 2015, after having gained

high-level access they used to map and mirror the world’s financial sys-tem for their official employers, these hackers sought to monetize the infor-mation they had gained through pri-vate transactions.

They sold information on UniTel-ler’s system, and on Banorte, Mexi-co’s third-largest bank and owner of UniTeller, to a group of international cybercriminals. The world learned of this when the central bank of Bang-ladesh revealed hackers had stolen $81 million from it.

See Global Heist on A4

The study also criticizes host governments and the IOC for not being transparent about the true cost and cost overrun of the games.

News Analysis

NATIONwww.TheEpochTimes.com

A4 July 8–14, 2016|

Global Heist continued from A1

Now, according to Alexander, this same group is changing its tactics while looking to enlarge its operations.

Alexander knows what the criminal group is doing, because

his operatives befriended some of its members and gained their trust to such a degree that they chatted about and

shared proof of their crimes. This is what Alexander calls “offensive counter-intelligence.”

His people learn how to pen-etrate criminal networks and bring back intelligence that can be used to stop those networks. Banks and other institutions often pay well for such infor-mation.

Included in the evidence Alex-ander obtained is a series of screenshots that show the hack-ers stealing money by way of the UniTeller system.

Prolonged Bank RobberyAmong the screenshots are some showing the cybercrimi-nals changing the daily spend-ing limits on credit cards, and accessing transactions of pre-paid uLink MasterCards issued for UniTeller customers through Fifth Third Bank in Cincinnati.

“In theory, rather than make

it look like a large $81 million heist, it could be that they can try to nickel and dime the accounts using smaller amounts,” said Alexander.

Stolen credit cards and debit cards are commonly sold in bulk on darknet cybercrime markets in what people call “dumps” or “dumpz.” Criminals who pur-chase them will often use their information to make fake cards, which they then use to make purchases.

He noted the cybercriminals may also be testing the networks before launching a larger attack. While the criminal group has the tools it needs to access Uni-Teller’s system, they need time, Alexander said, to learn how to exploit the breach.

Alexander said the hackers have “traversed into the net-works” of banks connected to UniTeller, and have begun launching additional attacks to gain deeper access to the con-nected banks.

AlertsWhen Alexander saw the attacks begin, he alerted U.S. federal law enforcement and made numer-ous attempts to alert the finan-cial institutions the hackers had breached.

On May 27, Alexander alerted

UniTeller and four days later sent a follow-up message on LinkedIn to UniTeller CEO Alberto Guerra. In response, Alexan-der said, Guerra blocked Alex-ander from sending him addi-tional messages on LinkedIn.

“We have attempted to con-tact the victim banks to offer our support and intelligence. However, the response received from Fifth Third, UniTeller, and Banorte seems to be the stand-ard response worldwide—denial and hope the alert is not valid,” he said.

The head of a leading cyberse-curity intelligence firm had also contacted some of the financial institutions and warned of the breach. The firm received the same responses. The individual requested to remain anonymous due to his company’s ongoing investigation into the attacks.

UniTeller did not respond to two emails from Epoch Times to confirm; and Banorte did not respond to two emails, a phone call, and a voice message.

Alexander attempted to alert Fifth Third Bank of the attacks, only to receive an email stating

the bank had not been breached and declined his help.

Larry Magnesen, spokesper-son for Fifth Third Bank, told Epoch Times, “Our team has, with due diligence, evaluated the claim, and there is no reason to be concerned here with respect to Fifth Third Bank.”

Alexander notes that Fifth Third Bank’s system has likely

not been directly hacked, but has been compromised due to its connection to the UniTeller network.

A Quiet ResponseWhile UniTeller did not respond to Alexander and made no public announcement of the breach, it appears that it did take the warn-ings seriously.

Around June 1, UniTeller’s online services for customers to log in to their accounts and create new accounts were taken offline. As of July 7, the login page was still offline.

According to James Scott, sen-ior fellow at the Institute for Crit-ical Infrastructure Technology (ICIT), the three business days UniTeller had between the initial alert from Alexander on May 27 (since it was given ahead of the Memorial Day weekend) would have likely been “enough time to freeze ongoing transactions and prepare the system for ‘offline maintenance.’”

Scott said in an email that if UniTeller was breached, its sys-tem administrators “may have had mirrors of backups of the

QUOTABLE

QUOTABLE

ACROSS THE NATION

I’m ready to pass the baton.

No charges are appropriate in this case.

The number of traffic crash deaths per 100,000 people in the United States in 2013, the highest rate of nearly 20 affluent countries studied and almost double the rate of the next country on the list, Belgium

10

OLIVIER D

OU

LIERY - POO

L/GETTY IM

AG

ESA

LEX WO

NG

/GETTY IM

AG

ES

President Barack Obama as he joined Hillary Clinton on the campaign trail at a rally in North Carolina on July 5

FBI Director James Comey announcing his conclusion that there was no evidence that showed intentional mishandling of classified information in Clinton’s email practices, despite saying that Clinton and her aides were “extremely careless” in handling sensitive information

QUANTIFY

The Fifth Third Bank building in Cincinnati in this file photo.

AP PHOTO/AL BEHRMAN

Screenshot E: A screenshot of a cyberattack shows files the hackers have access to.

COURTESY OF EDWARD ALEXANDER

Cybercriminals Infiltrate Financial Network, Putting US Banks at Risk

In theory, rather than make it look like a large $81 million heist, it could be that they can try to nickel and dime the accounts using smaller amounts.Edward Alexander, cybersecurity expert

AMID ZIKA FEARS, BUG REPELLENT SUPPLIER NAMED FOR RIO GAMES

Consumer products maker SC Johnson says its OFF! brand has been named the official insect repellent supplier for next month’s Olympic Games, to be held in Rio de Janeiro amid ongoing fears about the mosquito-borne Zika virus. The Racine, Wisconsin-based company says the repellant will be provided to athletes, volunteers, staff, and media.

FLORIDA MAY SPEND MILLIONS BATTLING STINKY ALGAE BLOOMS

Florida Gov. Rick Scott says he’ll push state legislators to spend millions to battle the massive algae bloom fouling some of the state’s southern rivers and beaches with a cen-tral sewer system. Part of the blame for the bloom has been placed on discharges from Lake Okeechobee, but Scott says septic tank runoff also contributes to the problem.

PFIZER AGREES TO NOTE ADDICTION RISKS IN OPIOID MARKETING

The city of Chicago and Pfizer announced an agree-ment July 7 committing the drugmaker to disclosing the serious risks of addiction in its marketing of prescription opioid painkillers. Chicago is suing five pharmaceutical companies, alleging they have misrepresented the ben-efits of opioids while conceal-ing serious health risks asso-ciated with the drugs.

7VIDEO SHOWS GRUESOME AFTERMATH OF MINNESOTA POLICE SHOOTING

A woman who watched as a police officer fatally shot her boyfriend during a traffic stop streamed the gruesome aftermath of the slaying live on Facebook, telling a world-wide audience that her com-panion had been shot “for no apparent reason” while reach-ing for his wallet. It was the second fatal police shooting in as many days. A black 37-year-old man was killed Tuesday by officers in Baton Rouge, Lou-isiana. Alton Sterling’s death was caught on video.

1

3 4 TINY SOUTH CAROLINA TOWN BANS SAGGING PANTS, THREATENS FINES

Wearing saggy pants could get expensive in tiny Tim-monsville, South Caro-lina. A new town ordinance outlaws wearing sagging pants, trousers or shorts that intentionally display a person’s underwear. After initial warnings, third and subsequent offenses carry a fine ranging from $100 to $600.

5TEEN LOSES PART OF LEG WHEN 180 SPARKLERS EXPLODE

A Texas teenager who lit 180 sparklers that were taped together needed to have part of his leg amputated and suf-fered burns after the spar-klers exploded. The family of 15-year-old Rowdy Radford said he also may lose his vision due to the accident. Matagorda County sheriff’s Sgt. James Orr said July 5 the teen was at a home in the Gulf Coast com-munity of Sargent when he wrapped the sparklers together.

2 BOSTON CABBIE TURNS IN $187,000 LEFT BEHIND IN TAXI

A man who left about $187,000 cash in a Boston taxi has been reunited with his money thanks to an honest cabbie, police said July 5. Raymond “Buzzy” MacCausland, a driver for the Independent Taxi Oper-ators Association, picked up a fare with a cast on one leg on July 2. “He told me he was homeless and had been living in a shelter for six months,” MacCausland said.

6

8 GEORGIA PRISONS LOCKED DOWN AFTER DEATH, BRAWL

Eight Georgia prisons are on lockdown after a bloody June that included the killing of an inmate in one prison that prompted murder charges against a guard and three gang members, and a brawl at another facility that sent 16 inmates to hospitals, author-ities said July 7. The lock-downs are a response to ris-ing tensions between prison gangs following the vio-lence, the Georgia Depart-ment of Corrections said in a statement.

8

From Epoch Times and The Associated Press

NATION IN BRIEF

4

2

1

73

6

8 5

NATIONwww.TheEpochTimes.com

A5 July 8–14, 2016 |

system, that were updated hourly or daily.” He added that most financial institutions keep back-ups for “redundancy,” for “per-sistent up time during mainte-nance,” and in different locations “in case of natural disasters.”

“However, if the vulnerability lies within the system itself,” he said, “then the mirrors or back-ups will exhibit the same vulner-ability because they are essen-tially clones of the system.”

After freezing or halting transactions, as in the case of UniTeller taking its login sys-tems offline, Scott said incident responders “could disconnect the system from the internet to block inbound connections and make a live copy of the system to conduct forensics on.”

He noted that “proper incident responders never operate on the system itself,” and always use a mirror or live copy; and noted that taking a network offline for a month in the case of an attack “does not seem that unreasona-ble if the vulnerability lies in the system itself, or if the incident response team could not ascer-tain what was wrong. Figure, the IRS GetTranscript tool was offline around a year.”

After the UniTeller service had been down for 19 days, on June 20, Alexander called Uni-Teller’s toll-free customer ser-vice number to ask why the ser-vice was offline. He was told in the recorded call that “the site is undergoing maintenance.”

Meanwhile, Alexander’s dark-net investigations showed that while UniTeller was likely try-ing to fix the breach, the hack-ers were still very much active.

Inside the AttacksThe gang member befriended by Alexander’s operatives pro-vided many screenshots show-ing names of individuals, names of banks, and money transfers. Alexander said the screenshots show the criminals in the pro-cess of launching their attacks against UniTeller.

Scott took time to corrob-orate the claims, and said the content of the screenshots align with Alexander’s analy-sis of their contents. He noted that while it would be possible to spoof images such as these, it wouldn’t be something an indi-vidual could do on short notice. The images also demonstrate an accurate picture of databases that a financial institution would likely have.

Screenshot A shows transac-tions remitted from a senders’ third-party bank connected to UniTeller’s network, then cred-ited to a uLink MasterCard account at Fifth Third Bank, and then finally converted to the uLink cardholders’ native currency, according to Alexan-der. The screenshot also identi-fies the names of account holders and the amount of money being transferred.

Alexander said the money is being sent through the UniTel-

ler network to Fifth Third Bank to transfer funds to the loada-ble uLink MasterCard. He said the number sets in the center-left column appear to be money being sent in foreign currency from the United States, to the uLink cardholders in their respective country.

“These can very well be multi-ple transactions that are occur-ring,” he said, noting the mem-ber of the gang who took the screenshot did not specify on this particular screenshot.

He pointed out the word “remittance” at the top of the center-right column, and noted “When you see the word ‘remit-tance’ that is a money transfer.”

Scott said that while it’s diffi-cult to make a definite conclu-sion of what the image shows, without having a full picture of the system, “the basic state-ments are correct, at least,” and said that the image showing mul-tiple transactions “is definitely correct” and that remittance transfers are also taking place.

In Screenshot B, Alexander pointed out the “May 25” date without a year, and noted that the system won’t give the year if

it’s the current year, and so this gives a timestamp on the file.

He pointed out the third line down “FifthThird-UTLR,” which refers to Fifth Third Bank and UniTeller. On the fourth line down, the “From53rd” in “TEST-ACKFileFrom53rd” suggests it was a transmission from Fifth Third Bank to UniTeller, which further suggests the hackers have access between UniTeller’s compromised network and Fifth Third Bank. Finally, he pointed to the name “uLink” in the lower-right corner, and noted it refers to the uLink prepaid Mas-terCard.

“That is showing there is clearly admin access to where those files are,” he said, adding that it’s possible the files contain wire transfer credentials but the gang member did not specify.

Scott said at the very least, the image shows the hackers have a

level of access to the system that allows them to read, write, and execute files on the system.

Screenshot C shows ACH pay-ments being done on a breached bank network. An ACH is an automatic clearinghouse. An example would be if you had a bank account set to automati-cally pay a cellphone bill.

“Each one of those are pay-ment transactions, when you see the ACH in there,” Alexan-der said, noting the screenshot shows payments being made at set times.

“That shows they have access to transactions,” he said. “Those were all ACH text files. They could easily open any of those files to see the types of transac-tions and leverage that type of information.”

He pointed out the center-left column, which states “swad-min staff,” and noted it shows the gang member with adminis-trator-level access to the system.

Scott said the image shows the hackers have the ability to read files shown on the page, but wouldn’t be able to alter the files. He noted, “if they’re try-ing to steal files, that’s all they actually need.” He also pointed out that the word “staff” next to “swadmin” shows the system is recognizing the account as legit-imate.

Screenshot D shows login cre-dentials to UniTeller networks, and Alexander pointed out the mention of “api” in the screen-shot.

An API, or “application pro-gram interface,” allows applica-tions to communicate with each other. They could, for example, allow a computer to access a database or respond to calls from another system.

“It’s another vector, and the fact that it’s there, we know Uni-Teller is compromised and Uni-Teller’s API sends and receives calls from others that are con-nected to it,” Alexander said.

“How all these banks connect to UniTeller is through the API,” he said, noting this could be how hackers are gaining access to bank systems connected to UniTeller.

Scott noted that the page shows website links to IDolo-gy’s IDCenter, which is a login portal for companies, and that the hackers may have been run-ning attacks to gain a set of user credentials for the portal.

Screenshot E, Alexander said, “We’re seeing root access the sec-ond line down, but what’s really interesting is the names of the files.”

He pointed out the bottom name, which states “Internet User,” and noted it’s a “user cre-dentials excel sheet” which could give the hackers a list of user cre-dentials.

He also noted the line near the center, which states “CC_DC_Limits_mobetize.sql,” and said it ties to the gang member’s claims that the cybercriminals were able to change daily spend-

ing limits on credit cards, and access payments for uLink pre-paid MasterCard. He noted that “CC” stands for “credit card” and “DC” stands for “debit card.”

Alexander pointed out other files listed in the screenshot, which suggest the gang member had also gained access to trans-actions, storage, the encryptions utility, and the FTP file root.

Scott noted the image shows the hackers have the ability to read, write, and execute files on the FTP system, which would allow them to transfer informa-tion to and from the system. He said using the FTP “is a common way to exfiltrate data”—to down-load data from the system.

Alexander took a step back to reflect on the implications of the UniTeller breach. “This is impacting everybody that has to do with banking, and that’s pretty much everybody.”

Screenshot A: A screenshot of a cyberattack shows transactions being made.

COURTESY OF EDWARD ALEXANDER; THIS IMAGE HAS BEEN EDITED BY EPOCH TIMES TO HIDE SENSITIVE INFORMATION

Screenshot B: A screenshot from a cyberattack shows files relating to UniTeller, Fifth Third Bank, and uLink cards.

COURTESY OF EDWARD ALEXANDER

Screenshot C: A screenshot from a cyberattack shows payments being made.

COURTESY OF EDWARD ALEXANDER

Screenshot D: A screenshot from a cyberattack shows login credentials.

COURTESY OF EDWARD ALEXANDER; THIS IMAGE HAS BEEN EDITED TO HIDE SENSITIVE INFORMATION

If the vulnerability lies within the system itself, then the mirrors or backups will exhibit the same vulnerability because they are essentially clones of the system.James Scott, senior fellow, Institute for Critical Infrastructure Technology