There is an interesting tale of the difference between people who view the Internet as a good thing and ones who think of it as an opportunity for repression. Today's Wall Street Journal has an open letter from Marlam Memarsadeghi and Akbar Atri to Mark Zuckerberg about Iran's use of the Internet. [Facebook, Please Don't Let the Mullahs Troll Us, 25 November]
They say the run a Persian-language Facebook page for Tavaana, a "civil-society empowerment initiative" giving voice to people and educating on social action and human rights violations. These are both tough subjects to address in any repressive regime, and they probably can understand if the government doesn't welcome it. Iran has been on top of its game in this area for some time, as has China, Russia, Syria, and several others. Because we favor an open Internet, we occasionally think the rest of the world does too.
These two are telling Facebook that their own policies are being abused by their government. It isn't hard to do. They claim "trolls" have called some of the pages they post morally objectionable. This is not the first time for Facebook, since the Russians and Chinese do the same thing Iran is accused of here.
This is an area of Information War that we ignore. The Russians have ask both Facebook and Twitter to close accounts of "subversives", and they get to say who that might be. How subversive they are is always a matter of opinion, but this is not world opinion we are talking about here. If Iranian people write in to Facebook and say that picture of the Amistad slave rebellion I posted is objectionable in their country, Facebook or Twitter has to think about it. If they make the wrong decision, they might have to worry about becoming "subversive" themselves. They won't be operating if they do.
They might do well to see how the Chinese get around an army of censors, from people monitoring the national press to local party officials who look for things more innocuous. They have an elaborate system of codes and taking advantage of a complex language. Yes, it can be dangerous, but Mark Zuckerberg is not going to be able to do much to help them in a country where opening the wrong kind of website can land a person in jail.
Not every country sees the Internet as a good thing, and it is dangerous for us to see them as wanting to be good neighbors on the electronic highways. These are the same guys who ran denial of service attacks against some of our biggest banks. We have to teach their citizens to survive in a hostile environment that we take for granted.
Tuesday, November 25, 2014
Monday, November 24, 2014
Cyber Security Bets Land on Blue
In writing a piece on Einstein 3, I ran across an interesting article about increases in the Cyber Security budget for Federal programs. [See Richard Walker, in Informationweek at:
http://www.informationweek.com/government/cybersecurity/budget-bill-boosts-cybersecurity-spending/d/d-id/1113494]
These phases in government spending, are a typical reaction to government agencies getting hacked on such a regular basis, but their spending profiles are often similar to Einstein 3.
The bill was used to expand Homeland Security's Cyber Security budget by giving $15 million in new funds to Senator Landrieu (D-La) for expansion of the Cyber Innovation Program. She is the Chair of the Senate Homeland Security Appropriations Committee, at least for a little while longer. [see the press release at http://www.landrieu.senate.gov/?p=press_release&id=4510 ]
The Cyber Innovations Center was said by the Senator's office to provide 800 jobs in I-20 Tech Corridor in Bossier City. Homeland gave the Center $2.5 million in 2012 and $5 million in 2013 so they could raise awareness of existing threats and educate a new generation of cyber security professionals. Seemingly, it is important that Louisiana have its own. In May 2014, the Senator and Jeh Johnson, who runs Homeland, where Einstein 3 resides, went to Louisiana to visit CenturyLink, one of the three ISPs on Einstein 3.
It may have been a coincidence that she was going with this largess at a time when she was running for a tight Senate campaign that was not going well. Whether it is legitimate funding of an important program is worth looking into. The Russians and Chinese are beating our systems every day and these kinds of expenditures do not help save us from them. At least we know where the support for the money for Einstein 3 came from.
http://www.informationweek.com/government/cybersecurity/budget-bill-boosts-cybersecurity-spending/d/d-id/1113494]
These phases in government spending, are a typical reaction to government agencies getting hacked on such a regular basis, but their spending profiles are often similar to Einstein 3.
The bill was used to expand Homeland Security's Cyber Security budget by giving $15 million in new funds to Senator Landrieu (D-La) for expansion of the Cyber Innovation Program. She is the Chair of the Senate Homeland Security Appropriations Committee, at least for a little while longer. [see the press release at http://www.landrieu.senate.gov/?p=press_release&id=4510 ]
The Cyber Innovations Center was said by the Senator's office to provide 800 jobs in I-20 Tech Corridor in Bossier City. Homeland gave the Center $2.5 million in 2012 and $5 million in 2013 so they could raise awareness of existing threats and educate a new generation of cyber security professionals. Seemingly, it is important that Louisiana have its own. In May 2014, the Senator and Jeh Johnson, who runs Homeland, where Einstein 3 resides, went to Louisiana to visit CenturyLink, one of the three ISPs on Einstein 3.
It may have been a coincidence that she was going with this largess at a time when she was running for a tight Senate campaign that was not going well. Whether it is legitimate funding of an important program is worth looking into. The Russians and Chinese are beating our systems every day and these kinds of expenditures do not help save us from them. At least we know where the support for the money for Einstein 3 came from.
Thursday, November 20, 2014
DHS Leads with Chin on Einstein 3
In Today's Politico, David Perera reports a delay in the implementation of Einstein 3. [http://www.politico.com/story/2014/11/federal-cybersecurity-plan-stalls-113044.html] which has had more delays than any computer security project in recent years. Putting DHS in charge of anything computer related is always an interesting experience, but their inability to get capability from money is probably the most telling.
If you ever wanted to know what Einstein 3 was, you need only look at the publically posted Privacy Impact Statement at [http://www.dhs.gov/sites/default/files/publications/privacy/PIAs/PIA%20NPPD%20E3A%2020130419%20FINAL%20signed.pdf]
Why they thought it necessary to publish this much about the program is beyond understanding, especially when it says the impact to privacy by this deep-packet inspection program, is wavering on the non-existent. This totally bogus argument is beyond any rational understanding of what deep-packet inspection means, or how it is used.
The delay in implementation is caused by an interesting two-year reluctance on the part of AT&T to buy into using the system on their networks. Century Link and Verizon have both agreed to do it.
AT&T has used the old standby of liability to describe their foot dragging. This same argument was used to kill the last bill to allow information sharing between commercial companies, only in this circumstance, they could have a better case. What ISP wants to use a system that was developed by a number of different government contractors, and automatically responds and mitigates intrusions? There are far too many variables in this kind of thing to do that in networks as big as the ones at the Federal level. Maybe AT&T is right, but if so, they should bow out and not participate. Maybe that $3 Billion was too much for them to ignore.
I remember the start of this Einstein program back in the 2007 time-frame. A 7-year implementation of anything in IT is doomed. The technology is outdated by the time it is deployed. Why DHS was content to "negotiate" with AT&T for 2 years is beyond understanding. Why they spend 7 years upgrading is also.
GAO needs to get in there an find out what is going on, as they did in 2010 when they said " Agencies that participated in Einstein 1 improved identification of incidents and mitigation of attacks, but DHS will continue to be challenged in understanding whether the initiative is meeting all of its objectives because it lacks performance measures that address how agencies respond to alerts." Doesn't sound like much has changed. Where that $3 Billion is going is a mystery worth looking into.
If you ever wanted to know what Einstein 3 was, you need only look at the publically posted Privacy Impact Statement at [http://www.dhs.gov/sites/default/files/publications/privacy/PIAs/PIA%20NPPD%20E3A%2020130419%20FINAL%20signed.pdf]
Why they thought it necessary to publish this much about the program is beyond understanding, especially when it says the impact to privacy by this deep-packet inspection program, is wavering on the non-existent. This totally bogus argument is beyond any rational understanding of what deep-packet inspection means, or how it is used.
The delay in implementation is caused by an interesting two-year reluctance on the part of AT&T to buy into using the system on their networks. Century Link and Verizon have both agreed to do it.
AT&T has used the old standby of liability to describe their foot dragging. This same argument was used to kill the last bill to allow information sharing between commercial companies, only in this circumstance, they could have a better case. What ISP wants to use a system that was developed by a number of different government contractors, and automatically responds and mitigates intrusions? There are far too many variables in this kind of thing to do that in networks as big as the ones at the Federal level. Maybe AT&T is right, but if so, they should bow out and not participate. Maybe that $3 Billion was too much for them to ignore.
I remember the start of this Einstein program back in the 2007 time-frame. A 7-year implementation of anything in IT is doomed. The technology is outdated by the time it is deployed. Why DHS was content to "negotiate" with AT&T for 2 years is beyond understanding. Why they spend 7 years upgrading is also.
GAO needs to get in there an find out what is going on, as they did in 2010 when they said " Agencies that participated in Einstein 1 improved identification of incidents and mitigation of attacks, but DHS will continue to be challenged in understanding whether the initiative is meeting all of its objectives because it lacks performance measures that address how agencies respond to alerts." Doesn't sound like much has changed. Where that $3 Billion is going is a mystery worth looking into.
Tuesday, November 18, 2014
Poland Expels Another Russian Spy Handler
Patryk Wasilewski, in today's Wall Street Journal, outlines another tale of "diplomats" being kicked out of a country for aiding and abetting spying. Yesterday, it was the Germans and today we have a new account in Poland. This time, the cause and effect was the arrest of a Polish "defense ministry official and a civilian detained for spying for Russian military intelligence". You can bet there will be more. Russia seems to have brought this on themselves by continuing to put more troops and support into the Ukraine.
We have to know that this spying has been going on for a lot of years, but Europe has been taking care of those cases without making a fuss. The Germans were quietly removing them, as were others, so it looked like spying was down. Once this starts, it will catch on. It is always better to keep these kinds of things quiet, but once they start becoming public, they take on a life of their own. At least in the Cold War we knew who our enemies were.
We have to know that this spying has been going on for a lot of years, but Europe has been taking care of those cases without making a fuss. The Germans were quietly removing them, as were others, so it looked like spying was down. Once this starts, it will catch on. It is always better to keep these kinds of things quiet, but once they start becoming public, they take on a life of their own. At least in the Cold War we knew who our enemies were.
Monday, November 17, 2014
Russians & Germans Bounce Diplomats
Anton Troianovski, writing for the Wall Street Journal on the 15th, indicated the tit-for-tat exchanges of expulsions of diplomats has returned to the new Cold War. Similar to what Canada did in April, Germany has been quietly expelling suspected spies, rather than announcing them publicly. He also mentions that Merkel and Putin had a 3-hour meeting during the G-20 conference last week, though many have indicated Putin was meeting with quite a few leaders, then found little sympathy or support and went home early.
It is not hard to remember this kind of thing happening, but along with it, Putin doubled down on increasing his presence on radars in Europe and the U.S. The Washington Post said his bombers penetrated coastal defenses 16 times in 10 days. His diplomatic style is the opposite of Obama's. He wants to be in your face, which is harder for guy 5'7". He has to adapt.
What we have been linking to these kind of events is the increase in hacking attributed to Russia, with both commercial and government targets The White House and State Department have finally discovered hacking at their door, though it has been around for a long time, 25 years at least. The difference is they are no longer "Eastern European" hackers; now they are Russians. The icing up of relations will likely expose a lot more the Russians have been up to. They have been doing it all along, but the press and the White House have finally decided to say who it really is. I'm wondering why they waited so long.
It is not hard to remember this kind of thing happening, but along with it, Putin doubled down on increasing his presence on radars in Europe and the U.S. The Washington Post said his bombers penetrated coastal defenses 16 times in 10 days. His diplomatic style is the opposite of Obama's. He wants to be in your face, which is harder for guy 5'7". He has to adapt.
What we have been linking to these kind of events is the increase in hacking attributed to Russia, with both commercial and government targets The White House and State Department have finally discovered hacking at their door, though it has been around for a long time, 25 years at least. The difference is they are no longer "Eastern European" hackers; now they are Russians. The icing up of relations will likely expose a lot more the Russians have been up to. They have been doing it all along, but the press and the White House have finally decided to say who it really is. I'm wondering why they waited so long.
Friday, November 14, 2014
Strange Case of Polygraph.com
Department of Justice
Office of Public Affairs
FOR IMMEDIATE RELEASE
Friday, November 14, 2014
Owner of 'Polygraph.com' Indicted for Allegedly Training Customers to Lie During Federally Administered Polygraph Examinations
A former Oklahoma City law enforcement officer and owner of “Polygraph.com” has been indicted on obstruction of justice and mail fraud charges for allegedly training customers to lie and conceal crimes during polygraph examinations.
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, Acting Assistant Commissioner Mark Morgan of U.S. Customs and Border Protection’s Office of Internal Affairs and Special Agent in Charge James E. Finch of the FBI’s Oklahoma City Field Office made the announcement.
Douglas Williams, 69, of Norman, Oklahoma, was charged in a five-count indictment in the Western District of Oklahoma with mail fraud and obstruction. According to allegations in the indictment, Williams, the owner and operator of “Polygraph.com,” marketed his training services to people appearing for polygraph examinations before federal law enforcement agencies, federal intelligence agencies, and state and local law enforcement agencies, as well as people required to take polygraph examinations under the terms of their parole or probation.
The indictment further alleges that Williams trained an individual posing as a federal law enforcement officer to lie and conceal involvement in criminal activity from an internal agency investigation. Williams is also alleged to have trained a second individual posing as an applicant seeking federal employment to lie and conceal crimes in a pre-employment polygraph examination. Williams, who was paid for both training sessions, is alleged to have instructed the individuals to deny having received his polygraph training.
The charges contained in an indictment are merely accusations, and a defendant is presumed innocent unless and until proven guilty.
The investigation is being investigated by U.S. Custom and Border Protection’s Office of Internal Affairs and the FBI’s Oklahoma City Field Office. The case is being prosecuted by Trial Attorneys Mark Angehr and Brian K. Kidd of the Criminal Division’s Public Integrity Section.
Russians Back in Ukraine
We have to wonder how a country like Russia can insist they have no troops in the Ukraine. Maybe there are just a lot of trained ex-Russian troops in the Ukraine who learned how to drive tanks, rocket launchers and motorized SA-11s. Maybe they don't count the ones they say are soldiers who are "on leave" from the regular Army, and love spending their spare moments in Ukraine's battles along their western border. These are the kind of fellows every country wants in its army.
Some of these troops are covert special forces, who also don't count. We have to think about this before criticising them, since the world seems to accept the idea that denial of such people is OK. Every country will accept the denial until someone proves otherwise. There was that one case of a Russian soldier who got caught with six different IDs, one from the Special Forces of Russia, but we discount that one as someone who went on leave and forgot to leave his ID cards at home, where they belong. There was the case of an idiot taking selfies with his unit while they wandered across the border from Russia to Ukraine and back. There is a nice series of this rag-tag group if you look on Google Images. We have to say the Russian forces are not the brightest bulbs on the planet, but their skill is pulling the trigger at the right time. Putin seems to have picked the right times for them, and let them go on vacation when those were right.
The problem with the Russians, aside from their lack of subtlety, is their seeming inability to understand that some people who read their stories of how their soldiers came to be in the Ukraine, find them incredible. That doesn't seem to matter to them, which is odd. They insult the intelligence of every literate person on the planet.
Thursday, November 13, 2014
A Press Conference for China
We got to see the difference between a country that controls the press and one that doesn't in the closing ceremonies of President Obama's trip to China. The New York Times, most impacted by the event, has two stories today on it. The first, Fruitful Visit by Obama Ends with a Lecture from Xi and the second, In the Words of Xi Jinping: Unraveling an Ancient Saying
Neither of these stories is really about a press conference, as much as the Chinese limiting access to their country to reporters who ask questions the government doesn't like. The Ancient Saying is different in our culture than in China. In the West the idea of "belling a cat" would be for a mouse to try to put a bell on a cat as a warning that it was approaching. It means something is nearly impossible. Unlike the Aesop version, the Chinese use it to mean the person who creates a problem should resolve it. The person who puts a bell on the tiger's neck should be the one to remove it.
Xi was saying the New York Times created the problem of not getting visas because they would not follow Chinese rules about how the press behaves. It is a kind of "when in Rome" saying that means submit questions in advance and you will get a scripted response. He answered a question posed that way, and read his response. Obama didn't.
It seems like there are really multiple issues here, none of which have anything to do with climate control, the reason for the press conference to being with. The first is practical, the second emotional.
The New York Times should think a little bit before it speaks through one of its reporters to a head of State. They only had one question to ask, and the one they asked was about their own passport restrictions and whether or not the U.S. interfered in Hong Kong. There were a total of 3 questions asked, and none were answered. If you are going to try to make a point about freedom of the press, this probably wasn't the best place or time. The U.S. involvement or non-involvement in Hong Kong doesn't have anything to do with the first question and is typical of the press in the U.S. "You get one question" has no meaning to them, and it should. Common sense says this is not a good place to embarrass a national leader, but they got two for one on this one. Neither leader looked prepared for the question or the response. Xi took his translation microphone out of his ear and asked for a question from the Chinese press. Nobody wins here and he didn't look good. Obama didn't either.
I would be one of the first to say the Chinese control their press to the point of repression. It is certainly different. They believe that the government has a right to decide what the people should know and control information accordingly. They control what the press says about events, and carry that further on occasion. In Singapore, they told the Rolling Stones not to sing Honky Tonk Woman. I like that song, but if the Rolling Stones are going to sing in that country, they won't do it. This is kind of like Pussy Riot singing about Putin in Russia. It will not go well.
This kind of foreign policy, if that is what it was, will not be well received in China. It is like Michelle Obama going over there and telling then how wonderful the Internet is for everyone. They don't see it that way, and control their Internet like their press. To them, information is important and controlling it is essential to the behavior of their people. There will never be another press conference with the U.S. where reporters get to offer up questions. Thank you New York Times.
You can guess they won't be getting any any visas after this, but that wasn't why they were there to begin with. What was that press conference about?
Neither of these stories is really about a press conference, as much as the Chinese limiting access to their country to reporters who ask questions the government doesn't like. The Ancient Saying is different in our culture than in China. In the West the idea of "belling a cat" would be for a mouse to try to put a bell on a cat as a warning that it was approaching. It means something is nearly impossible. Unlike the Aesop version, the Chinese use it to mean the person who creates a problem should resolve it. The person who puts a bell on the tiger's neck should be the one to remove it.
Xi was saying the New York Times created the problem of not getting visas because they would not follow Chinese rules about how the press behaves. It is a kind of "when in Rome" saying that means submit questions in advance and you will get a scripted response. He answered a question posed that way, and read his response. Obama didn't.
It seems like there are really multiple issues here, none of which have anything to do with climate control, the reason for the press conference to being with. The first is practical, the second emotional.
The New York Times should think a little bit before it speaks through one of its reporters to a head of State. They only had one question to ask, and the one they asked was about their own passport restrictions and whether or not the U.S. interfered in Hong Kong. There were a total of 3 questions asked, and none were answered. If you are going to try to make a point about freedom of the press, this probably wasn't the best place or time. The U.S. involvement or non-involvement in Hong Kong doesn't have anything to do with the first question and is typical of the press in the U.S. "You get one question" has no meaning to them, and it should. Common sense says this is not a good place to embarrass a national leader, but they got two for one on this one. Neither leader looked prepared for the question or the response. Xi took his translation microphone out of his ear and asked for a question from the Chinese press. Nobody wins here and he didn't look good. Obama didn't either.
I would be one of the first to say the Chinese control their press to the point of repression. It is certainly different. They believe that the government has a right to decide what the people should know and control information accordingly. They control what the press says about events, and carry that further on occasion. In Singapore, they told the Rolling Stones not to sing Honky Tonk Woman. I like that song, but if the Rolling Stones are going to sing in that country, they won't do it. This is kind of like Pussy Riot singing about Putin in Russia. It will not go well.
This kind of foreign policy, if that is what it was, will not be well received in China. It is like Michelle Obama going over there and telling then how wonderful the Internet is for everyone. They don't see it that way, and control their Internet like their press. To them, information is important and controlling it is essential to the behavior of their people. There will never be another press conference with the U.S. where reporters get to offer up questions. Thank you New York Times.
You can guess they won't be getting any any visas after this, but that wasn't why they were there to begin with. What was that press conference about?
Monday, November 10, 2014
Navy Seals Keeping Secrets
Matt Bissonnette was on 60 Minutes last week; the story of Robert O'neill is in Time this week [http://time.com/3574990/navy-seals-rober-oneill-osama-bin-laden/]; and, of course, we have the movie. [See Judicial Watch Website at http://www.judicialwatch.org/press-room/press-releases/13421/
for the movie making story]
These are all about killing Osama Bin Laden. To me, the issue isn't about who killed him, but more about why they are talking about what happened, or how details of what happened managed to find their way into the press. There are many parts to this story.
Matt Bissonnette has been getting most of the press on this because he published a book - without getting public release permission. After going through this process myself last week, it is a good time to remind everyone with an SCI clearance that the government has a job and that is to review books before they are published to make sure they don't have classified material in them. They aren't reviewing it for policy unless you still work for the government, and they are pretty liberal on what they approve (if you consider that almost anything written down has been classified by somebody, in some context). Most of them show sense in what they don't approve.
This isn't as easy as it sounds, and mine took from August 26 to November 04 to get done. When you consider it is 100,000 words, that probably isn't too bad. They redacted a few things but really not anything big. Bissonnette says his lawyers said he didn't have to and he is suing those guys for that advice, but anyone who ever had a security briefing is pretty clear on what was said about the subject.
Still, a boatload of people talk to the press, write all kinds of things, and never submit any of it for public release. University professors are my favorite targets here. Bissonnette tried to say that all kinds of Generals and Secretaries of Defense wrote books and he should be able to do the same. They got public release for theirs and they have the footnotes to prove it.
Seal Teams and other special operations folks should not be talking to the press about their missions. Each time they do (like the one when they talked to the makers of a video game about some operational capabilities and got disciplined for it) little things leak out. Those little things allow an adversary to pick up techniques to make sure they won't be doing that again. This seems to be just as easy for the White House to do as it was for the operational folks who briefed the makers of Zero Dark Thirty, one of my all-time favorite films. We can bet nobody had to clear that film for public release. It was a great movie, but it is, as the White House would say, a movie and not an account of what actually happened.
What I don't like was DoD trying to make a deal with Bissonnette's lawyers and then having the Justice Department prosecute him anyway. Either way, the guy gets no money from his book. For pure discouragement of people publishing books without going through public release, the DoD deal would have been equally effective. Justice should have stayed out of it, but that is not their style. Now he can sue the legal offices for their advice, and get his money anyway. Maybe that is why they call it the Justice Department.
for the movie making story]
These are all about killing Osama Bin Laden. To me, the issue isn't about who killed him, but more about why they are talking about what happened, or how details of what happened managed to find their way into the press. There are many parts to this story.
Matt Bissonnette has been getting most of the press on this because he published a book - without getting public release permission. After going through this process myself last week, it is a good time to remind everyone with an SCI clearance that the government has a job and that is to review books before they are published to make sure they don't have classified material in them. They aren't reviewing it for policy unless you still work for the government, and they are pretty liberal on what they approve (if you consider that almost anything written down has been classified by somebody, in some context). Most of them show sense in what they don't approve.
This isn't as easy as it sounds, and mine took from August 26 to November 04 to get done. When you consider it is 100,000 words, that probably isn't too bad. They redacted a few things but really not anything big. Bissonnette says his lawyers said he didn't have to and he is suing those guys for that advice, but anyone who ever had a security briefing is pretty clear on what was said about the subject.
Still, a boatload of people talk to the press, write all kinds of things, and never submit any of it for public release. University professors are my favorite targets here. Bissonnette tried to say that all kinds of Generals and Secretaries of Defense wrote books and he should be able to do the same. They got public release for theirs and they have the footnotes to prove it.
Seal Teams and other special operations folks should not be talking to the press about their missions. Each time they do (like the one when they talked to the makers of a video game about some operational capabilities and got disciplined for it) little things leak out. Those little things allow an adversary to pick up techniques to make sure they won't be doing that again. This seems to be just as easy for the White House to do as it was for the operational folks who briefed the makers of Zero Dark Thirty, one of my all-time favorite films. We can bet nobody had to clear that film for public release. It was a great movie, but it is, as the White House would say, a movie and not an account of what actually happened.
What I don't like was DoD trying to make a deal with Bissonnette's lawyers and then having the Justice Department prosecute him anyway. Either way, the guy gets no money from his book. For pure discouragement of people publishing books without going through public release, the DoD deal would have been equally effective. Justice should have stayed out of it, but that is not their style. Now he can sue the legal offices for their advice, and get his money anyway. Maybe that is why they call it the Justice Department.
Subscribe to:
Posts (Atom)