China, Russia, Iran, and North Korea Intelligence Sharing

Former CISA Director Jen Easterly writes about a new international intelligence sharing co-op:

Historically, China, Russia, Iran & North Korea have cooperated to some extent on military and intelligence matters, but differences in language, culture, politics & technological sophistication have hindered deeper collaboration, including in cyber. Shifting geopolitical dynamics, however, could drive these states toward a more formalized intell-sharing partnership. Such a “Four Eyes” alliance would be motivated by common adversaries and strategic interests, including an enhanced capacity to resist economic sanctions and support proxy conflicts.

Tags: , , , , ,

Posted on March 12, 2025 at 7:09 AM19 Comments

Comments

Clive Robinson March 12, 2025 10:51 AM

@ Bruce, ALL,

There is the old observation about “an enemies, enemy” in effect becoming a “bird of a feather” all be it “one of convenience”.

So nothing unexpected in reality, in fact kind of stating the obvious.

But two things to remember about allies of convenience,

1, They are based on momentary advantage / profit.
2, They are also a way to play a hidden hand / agenda.

So like “thieves and honour” there is the question of “allies and trust”.

On which the old advise is,

“Only barely trust those you can betray more fully”.

But there is also another side to it. Think of it in terms of “Traffic Analysis” rather than “Cryptanalysis”.

What you can rapidly observe whilst not being actual “data”, it is both “meta-data” and “meta-meta-data”.

Something that can over a period of time be worth way more than just “data”.

Clive Robinson March 12, 2025 11:12 AM

@ Bruce, ALL,

I know your interest is on the AI side of this.

But have you considered the timing?

It’s not exactly a secret that the UK-US “Special Relationship” has been hit quite hard by the current political leadership on both sides.

Then there is the “extended Five Eyes” that includes those nations that surround primarily China and Russia.

It’s fairly clear that “US Promises” now “mean nothing” to the executive, so the question arises as to if other nations want the US playing in their sand pit…

The problem with,

“Reap what you sow”

Is if you don’t sow you don’t reap, and thus you don’t eat. So the only way to survive is,

1, Eat your seed till it’s gone.
2, Steal seed from your neighbours.

The result ends up the same…

Traditionally this has been what drove Russia across Europe for thousands of years, with their “Thieving Empire”.

The question some are now asking,

“Is this what the US has become?”

And I’ll refer those who’ve not thought about it to the behaviours of the current executive toward many other nations.

So the article could be a semi-subtle “call to arms” that things have to go back the way they were…

Bauke Jan Douma March 12, 2025 11:42 AM

The article is behind a paywall. But one wonders why the author is omitting the fact that it is actually “Nine Eyes” — not “Five Eyes”.

ResearcherZero March 13, 2025 2:40 AM

The author is referring to the Five Eyes relationship, which is much more established and cooperates more deeply with improved access over Nine Eyes or the Fourteen Eyes alliances.

The Nine Eyes additionally includes Denmark, France, Netherlands and Norway.

Fourteen Eyes adds Belgium, Germany, Italy, Spain and Sweden to the mix and also includes other partners or affiliates such as Israel, Japan, South Korea, Singapore and British Overseas territories. These additional countries do not have the same level of access and may also be subjected to monitoring themselves.

The Four Eyes nations have recently expanded their spyware, surveillance and espionage.

Russia and China backdoor their intelligence collection product and regularly spy on each other. Many of the partnering countries which purchase surveillance product from these two countries, to monitor their own citizens, are not even aware of the extensive malign influence operations and strategic corruption practiced by Russia and China to target regional intelligence, law enforcement, governance and population within the client states.

The Moscow office of an IT contractor named Atos Russia, licensed to allow the FSB access to it’s systems, even helped build the EU’s new electronic border system. The license basically gives the FSB a backdoor into it’s systems. The FSB have even joked about it’s many partners (which include CIS countries and Latin America) that, “We can use SORM to take stuff off their servers behind their backs.”

Given the situation in the United States currently, these “Four Eyes” nations could not imagine a better opportunity – at an extremely crucial time – to penetrate the US. After the mass expulsion of foreign operatives in recent years, there would be a large push underway to reestablish undeclared agents and deeply penetrate US networks and agencies.

Given the mass firings from US government departments, the environment for foreign interference and clandestine operations is incredibly rich due to the huge hit to national security, departmental function and public safety. Targeting US employees and their families would be far easier in such conditions, with reduced chance of detection and much lower chance of any penalty arising for activities such as coercion or repression. Police departments are terrified of foreign operatives and avoid most involvement with it.

Much of important collection happens by HUMINT – but electronic collection is also vital.
Of course they are not just targeting the US – increased activity is happening everywhere.

SORM3

‘https://go.recordedfuture.com/hubfs/reports/ta-ru-2025-0107.pdf

6 backdoors for Juniper routers deployed for Chinese espionage.
https://www.csoonline.com/article/3844122/chinese-cyberespionage-group-deploys-custom-backdoors-on-juniper-routers.html

ResearcherZero March 13, 2025 3:02 AM

@Clive Robinson

Things aren’t going back the way they were. The current lot only understands arms for waving in the air, fist pumps and for flailing about aimlessly while ‘dancing’.

Access to imports boosts purchasing power of American households by about $18,000 annually. International trade contributes more than $2 trillion in additional GDP to the United sates each year. Due to the effects of Brexit, the average Briton was nearly £2,000 worse off in 2023, while the average Londoner was nearly £3,400 worse off last year.

The terms of trade governing the WTO were ultimately determined by the United States and the United Kingdom. The following cartoon aptly describes the looming situation. 😐 🤣

https://www.theguardian.com/commentisfree/picture/2025/jan/31/martin-rowson-fifth-anniversary-brexit-cartoon-eu#img-1

Paul Rain March 13, 2025 6:38 AM

Um. So this is just this dumb bitch, whose job as part of the 5E was SPYING ON THE ACTUAL CITIZENS OF PEOPLE IN FIVE EYES COUNTRIES, speculating that actual free countries might make an alliance to defend themselves? With no actual evidence? How surprising

Daniel Popescu March 13, 2025 8:00 AM

What Clive and Zero said. I concur.

Scary times we chose (or not) to live in: even scarier if one’s neurons are a bit livelier than the grand average :).

Clive Robinson March 13, 2025 9:59 AM

@ Daniel Popescu,

Your thought of,

“even scarier if one’s neurons are a bit livelier than the grand average”

Is a result of a heightened “Fight or Flight” mechanism. In effect your senses become not just more attuned to what goes on around you but your ability to recognise patterns becomes enhanced (of course there is a downside to this in terms of stress/fatigue and unfortunately self poisoning via stress hormones).

As I’ve mentioned before my father gave me advice that if followed takes out the need for “fight or flight” but does not stop the stress/fatigue…

His point of view was,

“The way to avoid trouble, is to be somewhere else when it happens.”

That is practice good OpSec and,

“When things feel “hinky, get the heck out of Dodge.”

In order to practice good OpSec you have to learn a few basics not just about other people, but yourself, and where you stand or sit etc.

Having your back to a wall and sight lines to all entrances and exits, and having planned fast routes out of an area “as a norm” can be hard to do initially. But like learning to drive with a little time and practice it becomes subconscious.

In fact you can find yourself just responding automatically and only realising afterwards.

This happened to me a little while back, I was out socialising when my gut started giving my brain messages it was time to go. So I made my excuses and left. The following day one of the people I’d been with told me that I had missed all the fun… Apparently a fairly serious fight broke out and ambulances and police vans took away the protagonists…

Somehow I’d picked up on ques and “done the sensible thing” and not for the first time… However I don’t always get sufficient ques or not enough time to act on them or I’ve been in effect “trapped in place” by crowds etc.

These days I try to lead as quite a life as possible as stress will kill you as surely as poison if you let it. But… the quickest cure for fight or flight hormone stress is to “burn them out” that is by significant exercise… But as you get older going for a run etc is not going to happen, so meditation and gentle stretching exercise is about the best you can do 🙁

ResearcherZero March 13, 2025 9:56 PM

@Paul Rain

No. Jen Easterly worked at CISA. CISA does not engage in surveillance. It is a defensive organization that publishes security recommendations and details of intrusions into US networks. Much of the information is passed on to CISA by the FBI, NSA and other agencies, departments and from the public and private sector. CISA also assists local, state governments, critical infrastructure (water, electricity, telcos etc.) and businesses secure their networks, along with publishing information to help identify and prevent vulnerabilities. CISA also helps secure elections and the voter rolls in each state.

CISA is not part of the Five Eyes. You are thinking of the NSA, a completely different agency which part of NSA mandate includes collection of intelligence, but also identifying and investigating intrusions into networks. Probably a good idea to read what the NSA does. Cyber Command does the offensive operations …and there is the CIA.

The FBI is the agency which investigates criminal activities within the United States. The other agencies like the NSA and the CIA investigate external actors outside the United States. The FBI can investigate outside actors engaging in or planning criminal and terrorist activities within the United States.

Of course you could get rid of these organizations …. but the electricity supply may cease to function. The water supply and sewerage may stop. Banking could also go down. hospitals and likely the telecommunications sector would also suffer widespread impacts. ATMs would not work – along with any electronic payment systems at retail stores and supermarkets. Any of your online details (including the contents of your bank account) might disappear and end up in a completely different country – in someone else’s hands.

The NSA also collects information vital to the DoD – so surprise attacks from foreign powers and terrorist groups would also be on the cards and very difficult to prevent.

ResearcherZero March 13, 2025 10:21 PM

If anyone is still confused, they should also read what lawful intercept is and which law enforcement bodies can gain access to information to investigate an alleged crime.

Remember – a great deal of your communications, SMS, phone calls and email are unencrypted.
That is to say, transmitted in the clear or plain text, along with about 20% of internet traffic and a great deal of all the meta-data which is also not anonymized.

All electronic communications can be de-anonymized and despite the little padlock in the address bar of your web browser – there is still a large amount of identifying information transmitted. Images, videos and group chats are also very rarely encrypted by platforms, despite the advertising from services like WhastApp, Telegram and other products.

DNS, IP address, user name, email address, MAID, MAC, SSID, IMEI, IMSI and many other identifiers exist.

‘https://commsbrief.com/difference-between-imei-imsi-iccid-and-msisdn-numbers/

https://privacyinternational.org/explainer/4506/how-police-can-access-your-phones-unique-identifiers-protest

Paul Sagi March 14, 2025 1:08 AM

AI will make language differences between the countries a trivial matter, translations will be trivial.
AI will also be used to leverage the capabilities of the countries.
The result will be rapid escalation of the cyberwarfare and lowering the bar to entry into the game, from nation-state to the average malicious hacker and even to script kiddies.

ResearcherZero March 14, 2025 2:57 AM

@Daniel Popescu, Clive Robinson

Speaking of which I have some new fishing gear I should rig up and there are some little know spots I have not visited in a long time, which just happen to be great locations to fish. 😉

Clive Robinson March 14, 2025 3:10 AM

@ ResearcherZero, Bruce, ALL,

UK Political Incumbrants use AI to invent statistics.

The piece appears in Foregin Policy,

https://foreignpolicy.com/2025/03/10/ai-uk-starmer-opportunities-plan/

And in the authors own words on his blog,

“The nice thing about this piece is getting to loudly point out in the serious press that the Tony Blair Institute just committed straight-up data fraud and got ChatGPT to make up the numbers in its reports on why the Labour government should take up AI. These completely fake numbers are the entire justification for the current UK AI push, which is absolutely set to be a ridiculous disaster.”

https://pivot-to-ai.com/2025/03/10/foreign-policy-the-u-k-pivot-to-ai-is-doomed-from-the-start/

As far as I’m aware most people in the UK vote because they hope the majority will select rational actor politicians, to have a “steady hand on the tiller of State”.

They did not vote to have “hallucinating ChatBots” producing monumental amounts of “soft bullshit” based on deliberately biased “loony two-tunes” falsified data to fraudulently push nut-bar ideas as “policy”.

The sad fact is the more research that is being done, the higher the percentage of “hallucinations” are found.

Some research on the use of ChatBots to search on “current affairs” puts the “soft bullshit” as up in the 60% and above range…

“Overall, the chatbots often failed to retrieve the correct articles. Collectively, they provided incorrect answers to more than 60 percent of queries.”

https://www.cjr.org/tow_center/we-compared-eight-ai-search-engines-theyre-all-bad-at-citing-news.php

So “ill informed” as far as data sources might be the politest way to put it.

And as far as I’m aware not a desirable characteristic in anything/one other than a “useful idiot” or “puppet leader”.

With even NIST saying that current AI LLM and ML systems have significant and impossible to prevent prompt/bias issues…

A Chatbot “political leader” or “civil service administrator” just becomes an “arms length method” for people to enact sound bite / dog whistle mantra with a new version of “the computer told me to” excuse.

That has given us the likes of “RoboDebt” and much worse.

But anyone looking dispassionately at the current behaviour of UK and US political leadership can see what this means only with supposed AI systems it will be worse a lot worse and way more insidious.

Put another way,

“Do you want Sam Altman / Elon Musk and the investors of trillions in OpenAI having more influence on the running of your nation state than all current lobbyists put together without any hope of stopping them?”

Yup you want an example of “Existential threat” by AI and that has to be on or near the top of the credible list.

ResearcherZero March 14, 2025 3:25 AM

@Clive

After 30 years of warnings from experts, intelligence, defence and others – and sitting on their laurels ignoring all the warning signs – they don’t know what else to do.

It looks like they now also have quite a lot to do. Me – I’m going fishin’ 🙂

Death knell for the ‘rules based order’.

‘https://www.nytimes.com/2025/03/08/world/europe/trump-putin-russia-europe.html

End of WTO.
https://www.telegraph.co.uk/business/2018/03/03/trump-has-just-sounded-death-knell-rules-based-system-trade/

Greatest loss of life since World Wars
https://www.foxnews.com/politics/russia-casualties-ukraine-war

Rick March 15, 2025 1:24 AM

@ResearcherZero

Jen Easterly used to work at the NSA prior to CISA, albeit on the defensive side.

Your explanation of what different intelligence agencies are tasked to do come off as pedantic and somewhat insulting when posted here of all places, when discussion of agencies routinely collecting data well beyond their remit are relatively commonplace. It is doubly so unhelpful given it’s unknown how well those agencies will be able to keep sticking to their conceptions of the law given leadership that has routinely displayed a cavalier disdain for the law.

ResearcherZero March 15, 2025 10:16 PM

@Rick

I think labeling China, Russia, Iran & North Korea as “free countries” insults the meaning of the word free. 80 percent of the world’s population do not live in free countries. They have few of the privileges we have. Less than 7% live in a “full democracy”.

Some of the people who come here don’t really bother to read the articles or understand the detail of what they are attempting to articulate. If they are worried about surveillance they should probably read a little about PRISM and the various programs. How they work, how they target, the FISA court and both the dangers of backdoors and hostile foreign actors.

There is plenty of healthy concern about surveillance, lawful intercept, overreach and backdoors inserted into systems to gain access (or undermining of encryption and security).

There is also a lot of conspiracy theory related paranoia and uniformed speculation. Most of the people that fall into the overly paranoid category are going to be dealing with the local fuzz. They are the goons that will come round and subject them to physical violence, seize and dump their phone and take good advantage of common ignorance of the law.

The same politicians that will argue they are standing up against government surveillance and then belt out a series of conspiracy theories – are often the same people that abuse power. Given that government oversight is being removed the problem will get worse.

There are also foreign intelligence getting around too. They are a degree more violent. It is not just something that happens in Europe, but the average person probably won’t notice.
Sometimes they get a job in the your police force, but again most people will not be aware.

Foreign governments also hack the network surveillance infrastructure of other states. That is probably another reason why people should try and understand the danger of backdoors.

The FSB malware was running in government systems for years before it was detected and took around 20 years before the FBI was able to eventually dismantle the malware network.

The FSB’s Center 16 group Turla silently exploited Pakistani surveillance infrastructure.

‘https://blog.lumen.com/snowblind-the-invisible-hand-of-secret-blizzard/

Andrzej Dereszowski Turla Development & Operations (probably the best Turla presentation)
https://www.youtube.com/watch?v=oRK6kgRf5TA&t=216

The user mode backdoor installed and maintained stealth without elevated privileges.
https://www.securityweek.com/newly-discovered-turla-malware-targets-linux-systems/

Turla targeted government entities and intelligence agencies, as well as embassies, military groups, research and education organizations and pharmaceuticals in 45 countries.
https://arstechnica.com/information-technology/2014/08/espionage-programs-linked-to-spying-on-former-soviet-targets/

Snake aka Uroburos – presentation by Andrzej DERESZOWSKI (contains technical details)

‘https://www.first.org/resources/papers/tbilisi2014/turla-operations_and_development.pdf

ResearcherZero March 15, 2025 10:39 PM

There do not seem to be too many people clambering to get into China, Russia, Iran, and North Korea or any of the other countries that migrants and refugees are fleeing from.

Rather many seem to be fleeing towards the West…

‘https://nypost.com/2023/02/03/russian-and-chinese-migrants-showing-up-at-us-mexico-border/

Timur Praliev was captured after wading across the Rio Grande into Texas from Mexico.
https://www.the-sun.com/news/13266888/wagner-group-timur-praliev-arrested-us-border-russia/

ResearcherZero March 16, 2025 4:09 AM

Google, Microsoft, Amazon you may have heard of these companies? The companies which provide unmatched intelligence into the traffic moving over their networks.

‘https://www.forbes.com/councils/forbesbusinessdevelopmentcouncil/2025/03/03/private-intelligence-firms-what-you-need-to-know-going-in/

The nearly 80 percent of private-sector contracting work for US intelligence agencies.
https://www.thenation.com/article/archive/five-corporations-now-dominate-our-privatized-intelligence-industry/

data is not intelligence
https://www.csis.org/analysis/collection-edge-harnessing-emerging-technologies-intelligence-collection

The quantum computer threat to classified data.

‘https://www.mitre.org/sites/default/files/2025-01/PR-24-3812-Quantum-Computing-Quantifying-Current-State-Assess-Cybersecurity-Threats.pdf

The Quantum Panopticon: A Theory of Surveillance for the Quantum Era

‘https://link.springer.com/article/10.1007/s11023-025-09723-2

The dangers of encryption-breaking quantum computers.
https://www.justsecurity.org/108168/quantum-age/

ResearcherZero March 24, 2025 4:54 AM

“If there is a ceasefire, this part of the war will only intensify.”

‘https://www.newyorker.com/magazine/2025/03/03/the-adventures-of-a-ukrainian-intelligence-officer

Russian operations targeting dissidents, journalists and whistleblowers.
https://www.theguardian.com/world/2025/mar/08/revealed-second-kremlin-spy-ring-targeting-russian-dissidents-discovered-in-uk

Surveillance equipment, fake IDs, phone tracking and jamming equipment.
https://www.telegraph.co.uk/news/2025/01/09/russian-spy-ring-great-yarmouth-lair-kremlin/

102 Russian espionage networks identified in Ukraine in 3 just years.
https://global.espreso.tv/over-100-russian-espionage-networks-identified-in-ukraine-in-3-years-some-of-which-planned-to-kill-zelenskyy-budanov-and-malyuk

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.