Tuesday, February 25, 2014
Chinese Currency Manipulation -Again
When the Chinese told the Obama Administration they didn't want him to receive the Dalai Lama, somebody in the White House must have known what would happen as a result. They have experience with the Chinese, when they don't get their way. They dropped the value of their currency by .5%, at a time when we are still trying to get them to raise it, and the world's currency markets seem to think they should. Maybe we are forgetting this isn't new. The Chinese use their ownership of our debt for leverage and influence. Although this President has made a lot of mistakes along the way, this probably isn't one them. The Chinese did everything they could to undermine and cut off the Dalai Lama. Not much of it worked. Amazon books:
Saturday, February 22, 2014
Syrian Army Attack on Forbes
Andy Greenberg wrote an interesting article from the standpoint of a reporter who is hacked by a foreign government. It is entertaining and non-technical enough for a person who knows next to nothing about computer security.
There is nothing new about the hack, but I'm wondering why we still haven't found a way to reduce the effectiveness of spear phishing. It certainly has been going on long enough. But, if you read both Greenberg's article and the links to the other article about it, you see how ineffective the security staff of Forbes was in preventing, or mitigating the attack. At least partly, that was due to the attack being on Vice Media first. Forbes users were then sent the attack message and "logged into" their Vice Media account to see the article referenced. Forbes has the same problem that everyone else has with interconnected sites, some of which are secure, and some not. [the original link to this article is now broken, so it might be a good idea to stay away from it ]
http://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/
Let's give credit to Forbes for their openness about this subject. Most agencies and businesses say little and hope the audiences they serve are forgetful. Did you forget the Chinese hacked the New York Times?
The Syrians are obviously getting help in putting together this kind of attack, and since their Russian friends are so good at it, it would be a wonder if they weren't behind it. If you ever want to wonder how these politically motivated groups operate, read about these types of attacks and put together what they are looking for - sources of stories that are inside their countries, where they can get at them and destroy them. They are using the Chinese approach to controlling the press-- not just their press, but ours. Amazon books:
There is nothing new about the hack, but I'm wondering why we still haven't found a way to reduce the effectiveness of spear phishing. It certainly has been going on long enough. But, if you read both Greenberg's article and the links to the other article about it, you see how ineffective the security staff of Forbes was in preventing, or mitigating the attack. At least partly, that was due to the attack being on Vice Media first. Forbes users were then sent the attack message and "logged into" their Vice Media account to see the article referenced. Forbes has the same problem that everyone else has with interconnected sites, some of which are secure, and some not. [the original link to this article is now broken, so it might be a good idea to stay away from it ]
http://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/
Let's give credit to Forbes for their openness about this subject. Most agencies and businesses say little and hope the audiences they serve are forgetful. Did you forget the Chinese hacked the New York Times?
The Syrians are obviously getting help in putting together this kind of attack, and since their Russian friends are so good at it, it would be a wonder if they weren't behind it. If you ever want to wonder how these politically motivated groups operate, read about these types of attacks and put together what they are looking for - sources of stories that are inside their countries, where they can get at them and destroy them. They are using the Chinese approach to controlling the press-- not just their press, but ours. Amazon books:
Friday, February 21, 2014
Glenn Greenwald and Snowden
For those who haven't seen it, Geoff Dyer had a good interview with Glenn Greenwald, the infamous Guardian reporter who hooked up with Edward Snowden to publish his documents. See http://www.ft.com/intl/cms/s/2/221d11c4-93db-11e3-a0e1-00144feab7de.html#axzz2tyOZHTiM
Dyer says Greenwald is "perhaps the most famous journalist of his generation...." which oversells the product somewhat, but an interesting person, none the less. Dyer calls the article, "I am not looking to be liked" which captures the essence of the Greenwald. He reminds me of another left-wing lawyer with a series of missions from God, only the era was the 1960's and not today.
Greenwald's next adventure is sure to be more interesting than having one source provide documents that can be leaked to the public at large, in the name of journalism. He is going to have several, linked to other reporters and journalists, all doing essentially the same thing. The article is surely worth reading, if for no other reason than a model for how to get classified information into the press and avoid the legal complications of getting arrested for doing it. Amazon books:
Dyer says Greenwald is "perhaps the most famous journalist of his generation...." which oversells the product somewhat, but an interesting person, none the less. Dyer calls the article, "I am not looking to be liked" which captures the essence of the Greenwald. He reminds me of another left-wing lawyer with a series of missions from God, only the era was the 1960's and not today.
Greenwald's next adventure is sure to be more interesting than having one source provide documents that can be leaked to the public at large, in the name of journalism. He is going to have several, linked to other reporters and journalists, all doing essentially the same thing. The article is surely worth reading, if for no other reason than a model for how to get classified information into the press and avoid the legal complications of getting arrested for doing it. Amazon books:
Thursday, February 20, 2014
Who is Hacking Republican Candidates?
We have had a second case of a leading Republican candidate having a problem with disclosure of e-mail. The first was Governor Chris Christie, and the second was today's story on Scott Walker. http://www.politico.com/story/2014/02/emails-released-in-probe-of-scott-walker-aide-103666.html
If you include the placement of a covert camera during a campaign speech in the last election, it starts to look like someone does not want a Republican in the White House, and they are willing to do whatever it takes to prevent it. Each case, looks and sounds like just good investigative journalism, but that would be too much of a coincidence unless the journalist was reading other people's mail. It reminded me of something a friend of mine asked when confronting his girlfriend over a picture she posted on Facebook. "Who took the picture?"
In these two cases, "Who got the idea that there was e-mail worth looking at?" Both of these cases smack of spying, and not the journalistic kind. Somebody is helping the Democrats look in the right places. Once the elements of a potential crime are noted, the Dems can subpoena additional records, as they did in New Jersey. No court, yet, has asked where the original e-mail came from that lead to the request for more. If a criminal act caused the request to be made in the first place, I wonder how a judge could allow the request. It has to appear to not come from a source that would put that into question.
In NJ, the claim is that it came from an attorney who worked for one of the people on Governor Christi'es staff after he was accused of wrong-doing. In the second case, a former employee who was convicted of using her government office for campaigning, something all government employees should be more aware of. In her appeal, the new e-mails arose out of a case that was over a year old. The e-mails still look new to the casual observer and a court will make broad sweeps for internal e-mail that has very little to do with the specifics of the case. They shouldn't, but they do. Whether either of these Governor/Candidates did anything wrong is of no consequence. Whoever is doing this is not trying to say they did. They are just throwing things up on the wall to see what sticks.
This is a pretty clever way of getting internal e-mails that the Chinese use in patent suits. They can bring a patent suit for almost anything, then fish around in the pile of discovery and see what falls out. I'm sure the Chinese are not the only smart people in the world, but they are famous for using our legal system against us. We need to start looking for whoever is doing this and find out who is paying them, or benefiting from their actions. I doubt that the Republican National Committee will turn out to be behind it, but we should try to find out.
I'm looking into the interesting cases of Sarah Palin's email disclosures by Mother Jones, the same people who brought you the insider view of candidate Romney telling how he felt about some of the voters, and Virginia's ex-Governor Robert F. McDonnell, who was investigated after Virginia indicted a chef friend of Bill (Clinton) and Stephen Speilberg. I'm wondering if the "evidence" that came from that case was developed into the McDonnell indictment. Somebody has a real interest in these candidates and ways to get discovery of their internal e-mails. I wonder how many Members of Congress could benefit from the same type of look that is given by lawyers defending their clients from accusations of wrong-doing. Amazon books:
If you include the placement of a covert camera during a campaign speech in the last election, it starts to look like someone does not want a Republican in the White House, and they are willing to do whatever it takes to prevent it. Each case, looks and sounds like just good investigative journalism, but that would be too much of a coincidence unless the journalist was reading other people's mail. It reminded me of something a friend of mine asked when confronting his girlfriend over a picture she posted on Facebook. "Who took the picture?"
In these two cases, "Who got the idea that there was e-mail worth looking at?" Both of these cases smack of spying, and not the journalistic kind. Somebody is helping the Democrats look in the right places. Once the elements of a potential crime are noted, the Dems can subpoena additional records, as they did in New Jersey. No court, yet, has asked where the original e-mail came from that lead to the request for more. If a criminal act caused the request to be made in the first place, I wonder how a judge could allow the request. It has to appear to not come from a source that would put that into question.
In NJ, the claim is that it came from an attorney who worked for one of the people on Governor Christi'es staff after he was accused of wrong-doing. In the second case, a former employee who was convicted of using her government office for campaigning, something all government employees should be more aware of. In her appeal, the new e-mails arose out of a case that was over a year old. The e-mails still look new to the casual observer and a court will make broad sweeps for internal e-mail that has very little to do with the specifics of the case. They shouldn't, but they do. Whether either of these Governor/Candidates did anything wrong is of no consequence. Whoever is doing this is not trying to say they did. They are just throwing things up on the wall to see what sticks.
This is a pretty clever way of getting internal e-mails that the Chinese use in patent suits. They can bring a patent suit for almost anything, then fish around in the pile of discovery and see what falls out. I'm sure the Chinese are not the only smart people in the world, but they are famous for using our legal system against us. We need to start looking for whoever is doing this and find out who is paying them, or benefiting from their actions. I doubt that the Republican National Committee will turn out to be behind it, but we should try to find out.
I'm looking into the interesting cases of Sarah Palin's email disclosures by Mother Jones, the same people who brought you the insider view of candidate Romney telling how he felt about some of the voters, and Virginia's ex-Governor Robert F. McDonnell, who was investigated after Virginia indicted a chef friend of Bill (Clinton) and Stephen Speilberg. I'm wondering if the "evidence" that came from that case was developed into the McDonnell indictment. Somebody has a real interest in these candidates and ways to get discovery of their internal e-mails. I wonder how many Members of Congress could benefit from the same type of look that is given by lawyers defending their clients from accusations of wrong-doing. Amazon books:
Wednesday, February 12, 2014
Snowden's Legacy: Failed Policies
Yesterday, James Clapper, the Director of National Intelligence, publicly said he still didn't have the necessary technology to stop the kind of incident Snowden represents. It was an interesting statement to make.
We forget that Snowden is not the first spy to steal classified information from our government. It is most commonly a person with access, a security clearance, and not enough security to stop him (it is almost always a man, ladies). Security of computer systems went up and down for years when we had a long list of these folks stealing stuff from the most secure locations the government had. All of them had clearances and all had access to computer systems, getting things they were allowed to have. That is not the same thing as "authorized to have". The computer systems they were on didn't stop them from having access, and didn't find out what they were doing while they were doing it.
Our government has a had a resurgence of "auditing" interest, with the mistaken belief that more auditing produces better chances of catching some of these fellows who are stealing from us. There is no evidence to suggest any such logic applies in these cases. We have been auditing since the early 60's when someone figured out that computers were not places everyone should be allowed to go. Hackers used to be able to roam around in a system and nobody really cared. They weren't hurting anything and didn't take things. That started changing in the 70's. In the 80's there were some pretty good security changes that allowed monitoring of multiple systems from the same automated systems. A business could baseline their "normal" operations and detect deviations from that norm. It took work to baseline, and it took more work to sort through the false positives that were generated by the systems. We can do it better now, but the real question has not changed very much. Are we monitoring the right things when we do look at what people are doing?
Snowden, Ames, Hanssen and a few others that never made the public eye, are all cases of the same type. After each one, we said we had to do better. One of biggest obstacles is the willingness of the Feds to spend the money that it takes to do the job. They have to study it; they have to refine it; they have to implement unpopular policies and clamp down on the networks. Until they demonstrate that they can catch a thief, there will continue to be more.
It speaks to the credibility of the computer security polices of the people involved. We used to have good policy, adequately enforced, monitored, and controlled. Now we have laundry-list policies fostered and disseminated by NIST, which has never, ever know how to secure systems like the ones that have been exploited. These kinds of controls are the absence of policy, and amount to saying, "do what you can." A staffer I worked with for number of years, said NIST was given the policy responsibility because "they knew NIST wouldn't do anything" and the Agencies could do what they wanted. Be careful what you wish for. The damage of having no policies, far outweigh the benefits. Amazon books:
We forget that Snowden is not the first spy to steal classified information from our government. It is most commonly a person with access, a security clearance, and not enough security to stop him (it is almost always a man, ladies). Security of computer systems went up and down for years when we had a long list of these folks stealing stuff from the most secure locations the government had. All of them had clearances and all had access to computer systems, getting things they were allowed to have. That is not the same thing as "authorized to have". The computer systems they were on didn't stop them from having access, and didn't find out what they were doing while they were doing it.
Our government has a had a resurgence of "auditing" interest, with the mistaken belief that more auditing produces better chances of catching some of these fellows who are stealing from us. There is no evidence to suggest any such logic applies in these cases. We have been auditing since the early 60's when someone figured out that computers were not places everyone should be allowed to go. Hackers used to be able to roam around in a system and nobody really cared. They weren't hurting anything and didn't take things. That started changing in the 70's. In the 80's there were some pretty good security changes that allowed monitoring of multiple systems from the same automated systems. A business could baseline their "normal" operations and detect deviations from that norm. It took work to baseline, and it took more work to sort through the false positives that were generated by the systems. We can do it better now, but the real question has not changed very much. Are we monitoring the right things when we do look at what people are doing?
Snowden, Ames, Hanssen and a few others that never made the public eye, are all cases of the same type. After each one, we said we had to do better. One of biggest obstacles is the willingness of the Feds to spend the money that it takes to do the job. They have to study it; they have to refine it; they have to implement unpopular policies and clamp down on the networks. Until they demonstrate that they can catch a thief, there will continue to be more.
It speaks to the credibility of the computer security polices of the people involved. We used to have good policy, adequately enforced, monitored, and controlled. Now we have laundry-list policies fostered and disseminated by NIST, which has never, ever know how to secure systems like the ones that have been exploited. These kinds of controls are the absence of policy, and amount to saying, "do what you can." A staffer I worked with for number of years, said NIST was given the policy responsibility because "they knew NIST wouldn't do anything" and the Agencies could do what they wanted. Be careful what you wish for. The damage of having no policies, far outweigh the benefits. Amazon books:
Saturday, February 8, 2014
Snowden, Kim and James Rosen
Stephen Kim is going to jail for 13 months for disclosing a Top Secret document to James Rosen, who then made public the substance of the classified piece of literature on North Korea. Kim's lawyer says he got prosecuted because he was a small fish who had no contacts, or power. Preposterous. He got prosecuted because he gave a TS document to somebody without a security clearance, and perhaps 13 months is not much of a sentence for doing such a thing. But, he also got prosecuted because he can't claim to be journalist. He is a State Department contractor, who admits to one count, while a DoD contractor, Edward Snowden, admits to nothing. Snowden wants to be a hero for what he did.
Both Snowden and Kim have something in common; they gave documents to reporters to publish. What do the reporters get in the way of jail time for publishing documents they know will do harm to the United States? What do the newspapers get for publishing what these people give them? Circulation.
The Guardian has even admitted it will continue to publish whatever Snowden gives them, because they wouldn't want the circulation increases to stop. Besides, they say, they have a God-given right to publish something that "causes grave damage to the U.S. if disclosed to an unauthorized person." By definition, that is what Top Secret means. Fox and the Guardian both need to think about that a little. If this stuff is really not classified, they have a good argument that it should be given to every terrorist in the world. Nobody could claim any advantage from it.
Where is our Congress, when we need some new laws? Yes, it is a hard issue to tackle. Yes, it is going to make some liberals cry. Yes, it will be a long time in coming about. We still have the Stuxnet worm disclosure, several from our White House, and a hundred more I can name, that were not prosecuted. We need some new laws that will prevent the press from publishing things we can be sure will cause grave damage to the United States. All done, by the way, in the name of a free press. I wonder if that is what being free really means. See Acting Free on my website, or Amazon books:
Both Snowden and Kim have something in common; they gave documents to reporters to publish. What do the reporters get in the way of jail time for publishing documents they know will do harm to the United States? What do the newspapers get for publishing what these people give them? Circulation.
The Guardian has even admitted it will continue to publish whatever Snowden gives them, because they wouldn't want the circulation increases to stop. Besides, they say, they have a God-given right to publish something that "causes grave damage to the U.S. if disclosed to an unauthorized person." By definition, that is what Top Secret means. Fox and the Guardian both need to think about that a little. If this stuff is really not classified, they have a good argument that it should be given to every terrorist in the world. Nobody could claim any advantage from it.
Where is our Congress, when we need some new laws? Yes, it is a hard issue to tackle. Yes, it is going to make some liberals cry. Yes, it will be a long time in coming about. We still have the Stuxnet worm disclosure, several from our White House, and a hundred more I can name, that were not prosecuted. We need some new laws that will prevent the press from publishing things we can be sure will cause grave damage to the United States. All done, by the way, in the name of a free press. I wonder if that is what being free really means. See Acting Free on my website, or Amazon books:
Friday, February 7, 2014
Snowden, Nuland, and Spying
For many of you, the story of Victoria Nuland's outburst, and sudden publication smacks of "everybody does it", with the meaning that the Russians spy too, but I think we are missing something here.
Let's ask this question: Is the interception of a phone call really spying?
First of all, let's make some assumptions, number one being that this phone call was not encrypted. Why a high-ranking diplomat in the EU, should not be encrypting her phone calls should not escape anyone. Why Angela Merkel should be using a phone that wasn't encrypted is beyond comprehension. Heads of State who don't use the security God gave them, are idiots.
I can sit at home and listen to mobile phone calls made by people on normal cell phones. It is illegal, but I could do it, and there is probably nobody who will ever find out I'm doing it. I'm not hacking into messages, or publishing stories about the content of any of those conversations. I leave that to the press.
Second, is it really spying if the source is doing this kind of thing in public? Either one of the women, and lots of other diplomats, have over the years, thought they knew more than the security teams that watch over them. We can all remember the Moscow Embassy fiasco. That was real spying. The Russians crammed that embassy with listening devices, because they could. We made it easy for them to do. Our illustrious Ambassador thought the Russians would never take advantage of our good will.
Is it really spying, if the other country acts as if it is OK? This is the point of the whole thing. Snowden, and apparently his helpers in Russia, took advantage of several flaws in our security system. More recently, they intercepted text messages where the people sending them should have been a lot smarter about how they handled their communications. So, do we get up on high horses and start pretending we are above all of this and the Russians are taking advantage of our openness? That is idiocy. They are taking advantage of ours.
Spys have a lot of better things to do than collect a lot of junk that is easy to get. The lazy ones will suck up this kind of thing and pretend they are doing real spying, but all they are doing is taking advantage of others who are not very adept at protecting their secrets. Anyone who thinks this is deft work on the part of the Russians, better think again. Oh, they are doing some pretty good things, I'm sure. They have always been capable, but so are a lot of other countries who are taking advantage.http://www.amazon.com/Keeping-Secrets-Military-Business-Threaten/dp/1484131487/ref=sr_1_3?s=books&ie=UTF8&qid=1397574616&sr=1-3&keywords=dennis+f.+poindexter Keeping Secrets
Let's ask this question: Is the interception of a phone call really spying?
First of all, let's make some assumptions, number one being that this phone call was not encrypted. Why a high-ranking diplomat in the EU, should not be encrypting her phone calls should not escape anyone. Why Angela Merkel should be using a phone that wasn't encrypted is beyond comprehension. Heads of State who don't use the security God gave them, are idiots.
I can sit at home and listen to mobile phone calls made by people on normal cell phones. It is illegal, but I could do it, and there is probably nobody who will ever find out I'm doing it. I'm not hacking into messages, or publishing stories about the content of any of those conversations. I leave that to the press.
Second, is it really spying if the source is doing this kind of thing in public? Either one of the women, and lots of other diplomats, have over the years, thought they knew more than the security teams that watch over them. We can all remember the Moscow Embassy fiasco. That was real spying. The Russians crammed that embassy with listening devices, because they could. We made it easy for them to do. Our illustrious Ambassador thought the Russians would never take advantage of our good will.
Is it really spying, if the other country acts as if it is OK? This is the point of the whole thing. Snowden, and apparently his helpers in Russia, took advantage of several flaws in our security system. More recently, they intercepted text messages where the people sending them should have been a lot smarter about how they handled their communications. So, do we get up on high horses and start pretending we are above all of this and the Russians are taking advantage of our openness? That is idiocy. They are taking advantage of ours.
Spys have a lot of better things to do than collect a lot of junk that is easy to get. The lazy ones will suck up this kind of thing and pretend they are doing real spying, but all they are doing is taking advantage of others who are not very adept at protecting their secrets. Anyone who thinks this is deft work on the part of the Russians, better think again. Oh, they are doing some pretty good things, I'm sure. They have always been capable, but so are a lot of other countries who are taking advantage.http://www.amazon.com/Keeping-Secrets-Military-Business-Threaten/dp/1484131487/ref=sr_1_3?s=books&ie=UTF8&qid=1397574616&sr=1-3&keywords=dennis+f.+poindexter Keeping Secrets
Subscribe to:
Posts (Atom)