Anonymous and North Korea

Hactivist attacks on North Korea have followed the announcement that they were behind the attacks on Sony.  There are two articles I want to mention as representing the view that these attacks are not very successful, and may prove to be dangerous.  I think both of them might be premature thinking. 

The first is Ian Bremmer’s article for Reuters called When hackers bully a bully:  Anonymous vs Kim Jong-un.  His premise in this article can be summed up in this statement –“Anonymous knows how to hack, but it has no insight into how North Korea might respond to a cyber-invasion – and likely won’t be the target if North Korea decides it must retaliate. Western powers aren’t exactly anxious to defend cyber-anarchism or to pay the price for its excesses.” 

The second article is by Max Fisher in the Washington Post, Hacker Group Anonymous is no Match for North Korea.  Fisher says the attacks on North Korea have been largely ineffectual and some claims of their success exaggerated.

It takes time to sort these things out and both of these authors should look at what happened when Anonymous and Telecomix started hacking Syria after it cut off Internet connectivity for its people in 2013. 

Anonymous launched what it called Operation Syria in which they stole records from the Syrian Railways, the Parliament, the Patent Office, and Syrian TV and published these stolen items for anyone to read.  They tinkered with the websites of Syria’s embassies in a few countries.  Other groups joined them, collecting and releasing more.  Perhaps the most interesting thing was a set of records on how the Syrian government was monitoring its own citizens. Telecomix, another of the Internet activist groups, released records of a monitoring tool called Bluecoat, software made in the U.S.A.  The software allowed the Assad government to monitor how and where its own citizens were using the Internet.  It took months for that whole story to emerge and the implications to peek out. 

Anonymous is not one thing, nor are they the only activists who hack.  Governments generally do not like this kind of activity and discourage it because of what Bremmer says are the unintended consequences of hacking a government, especially a whacko one like North Korea.  North Korea and China, through one of its senior military officials, are the only two countries to threaten us with nuclear attack, which is not very credible.  It is easier to believe they might take action over a movie.  Governments want to take time to get the attribution right, and get the response right.  Governments are looking at deterrence and how we might prevent such things from happening again.  Activists do something right away,  even it is doesn’t work out very well.

Our government threatens to do something, eventually.  They use the Chinese strategy of war to strike at a time and place of their own choosing when they have an advantage.  The response doesn’t have to be quick and waiting for it creates its own kind of reward for the attacker.    Since we don’t have a really good deterrence for these kinds of events, we will have to wait and see which approach works best in the long run. 

Alternative Sony Hack Theories

There are too many experts on who did the Sony Hack, and I wouldn't give too much credibility to any of them over the combined resources of the U.S. Intelligence Community.  

Politico carried a story yesterday [Tal Kopan, FBI Briefed on Alternate Sony Hack Theory] that said one such group of experts had briefed the FBI on an alternate theory that the attack was done by disgruntled ex-employees of Sony.  The CEO told Politico that his company "didn't see" the data points that led to the conclusion that the hack was done by North Korea and, if there were some, they should "be shared with the community" to help draw accurate conclusions.  That isn't going to happen, and he knows it.  But, attribution is a big business, and accurate attribution can be a bigger one.  

The business model of some security companies depends on accurate assessments of who does what in the hacker world.  Is it a company hacking a company, a government hacking a company, or a hacktivist group hacking one or the other?  Can we prove that we know who did it?  Can we write a report that will show who did it and have that report hold up on peer reviews?  

The profitability of such an approach has been demonstrated over and over.  The small security business correctly identifies an attack, shows who did it, and after a suitable time, sells itself to the highest bidder.  It profits from its expertise in accurate attribution.   Big companies like BAE, Symantec, HP, and McAfee, and IBM do the same thing to prove they have the capabilities that others want in a security vendor.  They sell services by accurately doing what companies cannot do for themselves, without spending a lot of money.  But, can they do it more accurately than the combined resources of the Federal government, especially the Intelligence Community?  I don't think so.  

This is about the distinction between the kinds of attribution that goes on every day in counter terrorism operations, and the kind that goes into a hacking incident.  Can we say that the Taliban blew up that bridge or was it a stray bomb from an airstrike?  Did ISIS kill those people or did someone seeking family revenge?  There are physical things to look at, like holes in the ground and bodies, but they don't really say who did the deed, just what happened to the innocent victims.  There are intelligence reports that give indications that this or that group was preparing to do something, or that a person known to be a terrorist was in the area when the bombing took place.  There are spies that tell our government what they see.  Other governments tell us things that their spies see.  Analysts pour over thousands of reports to get a picture of what is going on.  They have to account for dis-information given out by people trying to hide who they are or what was done.  When they make an assessment of who is responsible, they are not following bread crumbs;  they are collecting evidence, deciding on the credibility of that evidence, and drawing conclusions.  

What the briefers to the FBI are looking at in Sony's hack is just a small part of the information available to an Intelligence service anywhere in the world.  They may share this information with other governments, maybe even with Sony, but they aren't going to say much about what they did or didn't do.  How they knew what they know is not something they share with the public.  Too many people say, "I want proof that it was North Korea" .  What they are really saying is they don't trust the conclusions of the Federal government, the President, his National Security staff, and the Intelligence Community that supports them.  The President doesn't go on TV and name names very often, and he certainly doesn't do it on a whim.  We might want to give some weight to the White House conclusions since they were based on a good deal more than a code analysis and IP map.     

Cyber-vandalism by North Korea

In a CNN interview aired yesterday, President Obama called what North Korea did to Sony Cybervandalism.  This is an odd and inaccurate term akin to somebody spraypainting a school wall or defacing a website, just for the hell of it.  The President is gettting bad advice from someone on this, maybe China who loves to pat North Korea on the head and say, "bad boy" and look the other way.  At the same time, they provide most of the fuel and food that the country needs to continue on this course of pushing the limits of war.  There is no doubt about why China allows North Korea to do these kinds of things.  They get to observe how the rest of world reacts to things they might want to do in the future, but they claim to be uninvolved in the activities - "It wasn't me", they would say.  Then, they watch and wait for us to do something.  

The President says what happened to Sony was not an act of war.  When someone asked Leon Panetta if we were at war with China, he said, "I guess it depends on your definition of war."  Here,we definitely need a new definition, because the one the President is using is dated.  The North Koreans have decided to attempt to influence a U.S. business (a U.S. subsidiary of a Japanese company) to give up distributing and showing a movie they say offends their government.  They call making the movie and attempting to show it, an act of war.  Somebody is not using the same definition.  Had The Interview been an attempt to actually influence some zealot to assassinate the leader of North Korea, it would have been an act of war, but this movie is far from that kind of effort.  It's a comedy, a concept some world leaders don't understand.  

When another country attempts to disrupt a business venture for the sole reason they don't like the content, we have the situation George Clooney alluded to when he said the studios were scared and backed down because of it.  The North Koreans did what they intended to do and that was a state-sponsored attack on a U.S. business, with the intent of disrupting their business operations and intimidating them into adopting a new course.  That is an act of war, whether this Administration understands it that way or not.  I thought China's disruption of the New York Times over a series of articles on the wealth of China's leadership was an act of war too.  They were trying to get a U.S. newspaper to stop publishing articles that China did not want to see in print.  They broke into computers in the U.S. and used information they collected there to go after the sources of the Times articles, and they have done the same thing to other businesses too.  Tell me the North Koreans are not following their handler's lead.  

We can't accept the definition of cyber vandalism.  This is much more serious and widespread than this administration wants to admit, though since they are so ill prepared to make a response, they need to delay until they can think of something.  This kind of characterization gives them some, and hands the North Koreans a clear victory.  Most of us will have forgotten about it by the time the Administration gets around to doing something.  

Naming North Korea Doesn't Help Sony

Attribution, identifying who is responsible for a cyber event, is always more complicated than fixing the methods hackers used in getting in.  So, when two of the best reporters in cyber, David Sanger and Niccole Perlroth, said in yesterday's New York Times "U. S. Said to Find North Korea Behind Cyberattack on Sony", they were already saying more than the White House about who was behind the threats and attacks against Sony.  Our government said North Korea was ''centrally involved" in the hacking.  We have to think about that for a minute, since this sets a new standard for wishy-washy statements related to attribution of a state government in Cyberwar.  They aren't saying North Korea actually did the attacks, made any of the threats, or published any information about Sony's internal matters.  But, they were involved.  

In Sanger and Perlroth's analysis, they describe the White House debate on what to do about this kind of event.  You can blame the country directly and say there was evidence they hired someone to do it, or they actually did it themselves using government resources.  Japan was concerned that its negotiations with North Korea would be upset by us naming names.  If you do that, you might have to say a little about how you know that to  be true and that is often very close to giving up sources and methods of the Intelligence Community.  Nobody wants to do that either.  

Bernadette Meehan, spokesperson for the National Security Council, says the U.S. government is "considering a range of options in weighing a potential response" which is nearly always true of almost anything happening anywhere in a world.  It should have been something they had been thinking about  after North Korea did millions of dollars in damage to South Koreas banks in a long, destructive targeted attack.  Like the Sony attack, those against South Korea wiped the hard disks of the computers they went after.  This is a "no joke" kind of thing that doesn't just drop a few thousand e-mails on the Internet.  It does real damage, and drops the e-mails to do more.  

What the NSC is trying to get around is the nasty business of deterrence.  North Korea has threatened to put a nuclear weapon on a missile and fire it our way.  We had trouble believing they could or would do that, so deterrence is not that important.  Cyber is harder because they did that attack and we know they can do it again.  We have to do something to discourage them.  

Sony is a U.S. business, though its parent is in Japan.  The U.S. government did next to nothing to help businesses who were routinely hacked by China and Russia, as a part of national efforts to steal from us,  so we can't expect to see much in the way of help going to Sony.  We have no strategy for deterrence in Cyberwar. 

China has used North Korea as a stalking horse on all kinds of provocations to other governments.  They tolerate the kind of behavior because it allows them to see how the world will react without getting their own hands dirty.  China can stop North Korea from doing anything like this again, if they want to continue to eat and stay warm in the winter.  They are going to wait and see what we do first.  The first thing they are looking for is how much we know about who did what over there, because the Chinese were involved, even if not "centrally involved".  The second thing is to see how we respond to this kind of event so they can strenghen their counter moves.  North Korea has gone over the edge on this one and China is waiting to see if it went too far.  It doesn't look good for us if there is nothing we can do about it.  

Hey, North Korea, All this over a movie?

Now they are making threats by linking events that might occur in theaters with those of 9/11.  First they hacked Sony and spread enough e-mails around to prove they had some insider stuff.  Then, they threatened to send out more by Christmas, the release date of The Interview.  Apparently that wasn't enough.

Attribution is always a problem with events like this, but name a country in the world that is whacko enough to hire hackers to disrupt a studio's operations over the making of a fictional movie.  We can narrow it down further by looking at the subject of the movie, an absurd plot to use an interview as a way of getting at the leader of North Korea and killing him.  Let's see, how many countries might be interested either in doing some damage or hiring someone to do it for them?

North Korea has portrayed itself as a country willing to use nuclear weapons to meet it foreign policy goals, so we are convinced that they are radical enough to do more than most other parts of the civilized world, but now they are proving they can be even crazier than that.  They want to make war on a movie making studio.  Nobody could fault them if it was one of their studios, but it isn't.  Last year, they attacked businesses in South Korea and did hundreds of millions in damage to some of their IT systems.  That wasn't funny and didn't seem very neighborly.  Now, they want to manage events in other countries, using their own criteria for what is acceptable behavior, and proving beyond a shadow of a doubt that is one of the most unstable regimes anywhere in the world.  They aren't the only ones doing it, but so far, they have set a new standard for in-your-face use of information war.

They want to make Sony, and every other institution they can't control, think twice before doing anything like this again.  Nobody knows if Sony will take any action against them, like hiring their own hackers.  Nobody knows what governments are contemplating.  So far, only Anonymous has ever done much of anything to governments that try to make the people bow to this kind of intimidation.  Where are you now, Anonymous?  Somebody put the A on the searchlight and light up the sky.

Russian Sanctions Ratchet Up Pressure

Russia raised its bank benchmark interest rate to 17% yesterday, amid claims that sanctions and lower cost of oil forced the change.  That is the rate used to calculate all other interest rates.  We have to wonder what the Russians are paying for a home or car loan these days.  

Before sanctions even started, Russian press reports were saying they would not have any effect on the Russian economy.  Putin and some of his buddies were laughing about having sanctions placed on them for the incursions into Ukraine.  They have probably thought about that more since then.  They may not have modified their behavior, but they have to think about whether Ukraine is really worth what they are paying for it.  Putin's popularity is still high, but we shall see how long that lasts with those who need loans to prop up a business, buy a home or get a new car.  Sticker shock will take on a whole new meaning when currency conversions raise the price of the car, and loans take a bigger bite than last year.  

I was never a big fan of sanctions, especially long-term ones that take months or years to take effect.  We see how well they have stopped the Iranians from working on a bomb, and Russia is still in Ukraine and adding to their control of the eastern part of the country.  We seem to forget that most countries with sanctions are not democracies.  

They don't rely on opinion polls to govern, and they don't much care that sanctions hurt the middle class more than the rich who run the country.   Criticizing the government for raising interest rates can bring consequences to the news agency or blogger that does it.  Putin is going to run out of options, before he faces any kind of new revolution.  He will double down in Ukraine and do what he did in Crimea - take it with overwhelming force.  The Russians seem to love him for it.  

Money Laundering by Cybercriminals at Liberty

When we think of a criminal enterprise, we usually don't think of it being a bank, though there have been a few, but Liberty Reserve was not an ordinary bank, even in past terms.  Several of its members have pleaded guilty to operating as described in the seizure documents filed by the United States District Court, Southern District of New York, as "the on-line service preferred by cybercriminals around the world for distributing, storing, and laundering the proceeds of their criminal activity..."  Those under indictment are complete with mobster-sounding aliases, and they knew how to operate a global enterprise.  Accounts were seized in Costa Rica, where the operation was based, Cyprus, Russia, Hong Kong, China, Morocco, Spain, Latvia, and Australia.  It operated through shell companies in these countries and, when orginally indicted, told they Costa Rican government that the company was sold, but continued to operate through the shells.   It didn't take long to see through that.

The U.S. government also seized five domain names, including LibertyReserve.com, and enjoined Amazon Web Services, Inc from providing services to Liberty Reserve.  Seizing those operations would provide a lot of information about the customers using Liberty Reserve to launder money.  It may not be on the scale of Silk Road for shere numbers, but it should still make for a lot of leads to Federal agents who are pursuing various aspects of this company.  

January 30 update:  The Justice Department today released the conviction data of the former IT supervisor at the bank.  

Maxim Chukharev, 28, of San José, Costa Rica, pleaded guilty in September 2014 before U.S. District Judge Denise L. Cote, who also imposed today’s sentence.

"According to allegations contained in the indictment and statements made in related court proceedings, Chukharev was an associate of Liberty Reserve founder Arthur Budovsky and served as Liberty Reserve’s information technology manager in Costa Rica.  In that role, Chukharev was principally responsible, along with co-defendant Mark Marmilev, formerly Liberty Reserve’s chief technology officer, for maintaining Liberty Reserve’s technological infrastructure. "  So, the IT department of the bank goes down with the management of the institution.  

  

Senate Intelligence Committee CIA Report

The Senate Intelligence Commnittee report on the CIA was a travesty, says Rich Lowry in yesterday's Politico.  While I tend to agree with him, for the reasons he outlines, it wasn't the low point in Diane Fienstein's blatent attempts to politicize national security and justify the publication.  There are parallels between the Rolling Stone article on the University of Virginia rape and this report, only the Senate had years to write their report and Rolling Stone didn't.  Neither one of them interviewed the people who mattered most to establishing their case.  They had their minds made up and made the story fit the scenario they wanted people to believe.  Truth was subjective.  This is the way of most information wars.

Fienstein, who I have respected for many years as a fair-handed supporter of the Intelligence Community, had to have pressure from the White House to let this report loose while she was still Chairman of the Committee, knowing full well in a couple of weeks, it would never see the light of day.  For all the right reasons, it would have been kept in the dark where it belonged.  

However, Feinstein went even further than just publishing the report, into uncharted territory.  She Tweeted out comments about John Brennan's speech, as he made his reponses to questions from the press.  She contradicted his positions and disagreed with his characterizations, as he made them.  This is unprofessional for a person in that position.  There is a certain decorum on the Hill that goes with being in a powerful positions with responsibility for difficult decisions and policy positions that affect real lives of people.  Most Staff members know enough to keep their opinions to themselves once the public has the issue.  She, seemingly, couldn't wait to make her points.  I say uncharted territory, because in my time on the Hill, I never heard of such a direct public challange to an Administration official, made by a person in her position - and never in real time.  If a staffer had done that, he would be looking for a job the next day.  They usually are more polished.  She lost a lot of respect and damaged the position she holds.  

In one day, reputations can change.  Diane Feinstein lost part of hers, and John Brennan regained part of his, doing a superior job of defending the actions of his employees.  Part of what both did can be viewed not by the substance of what was said, but by the way they conducted themselves in doing it.  

Patience and Respect

Many of us wonder why the Chinese have allowed a very public demonstration in Hong Kong to go on for 2 months without clearing out the whole bunch of people there and arresting most of them.  They are just now starting to clear them out and it seems to be going smoothly.

To get some perspective, we might want to do as Time.com did recently and go back to Tiananmen Square.  At the Time article points out what we remember most about it was one man standing in front of a tank and living to tell the story.  see [http://time.com/2822290/tiananmen-square-massacre-anniversary].  The Chinese are usually patient in international relations and less so inside their own country, but the image of that man standing in front of a tank was powerful enough to make a repeat of it less likely.  We all knew one person can make a difference, but rarely is it so dramatic and so quick.  There is something about unarmed people facing down a military vehicle that arouses notice.  The Ukrainians in Kiev were a similar example, though they used Molotov cocktails to brighten up their cause.  

So, in looking at our own demonstrations of late, we can see the difference between those who have had experience with long-term public disruptions and those who haven't.  Ferguson brought in heavy weapons and vehicles to make a show a force, then fired off enough tear gas to clean up a small city.  I have been the innocent victim of tear gas on the campus of the University of Wisconsin when a brilliant patrolman rolled one down the steps of the building I was in, and it came to rest in the only exit on that side.  We were angry people who could not escape.  

New York had hundreds of police following along with much less trouble than one might expect from the crowd size.  We did see a window broken, but not much else.  New Yorkers are better behaved than the people of Ferguson.  The police gave them space and followed then along fairly close, but not close enough to be threatening.  They were professional and patient.  The demonstrators made their points without hurting the people around them.  It takes respect on both sides to make that happen.  I always wondered why that tank driver stopped.  It had to be respect for a man who would stand alone against something so big.  He might have moved if the tank had gone forward but we will never know.  What we do know is that one person can change the way even the harshest of governments respond.  The people of Ferguson missed a good chance to do something good for their respective causes and they will be forgotten for it.  

Thousands of people were killed at Tiananmen Square in the same kind of incident.   Before we lose our perspective, we should remember that respect for each other will go a long way toward living togehter in tight spaces.  Respect and patience.