We have today the interesting story of FIFA leaders being indicted by the U.S. Justice Department for (again) taking bribes that influenced their selection of sites for the World Cup. [See among many, Paul Sonne, Vladimir Putin Says U.S. Is Overstepping With FIFA Probe, The Wall Street Journal, 29 May 2015. ] What makes this story more interesting than some of the others that focus on the football aspect, "corruption of the game", this one focuses on one of the beneficiaries, Russia, and its defense of the poor FIFA President, Seth Blatter. He hasn't been accused of doing anything, but is up for reelection this next week.
The Russian President blames the U.S. for everything so this is no different, saying they have no right to prosecute people who aren't U.S. citizens and committed no crimes in the U.S. This is also a favorite tactic of Columbian and Mexican drug cartel leaders, who forget that their transactions go through U.S. banks. On occasion, bribes do too.
Then Putin added something odd. He said this was not much different than the treatment of Edward Snowden (deprived of a place to go by pressure from the U.S. on its allies who might take him in) and Julian Assange (persecuted for snitching on the U.S. Army). This is a bizarre comparison with bribery for locating a sporting event.
Then Sonnes' story went on to say this, "Russian Sports Minister Vitaly Mutko has defended the transparency of Russia’s bid. 'Russia is an open and democratic country,' Mr. Mutko told Russian journalists on Wednesday in Zurich, according to Russian state news agency TASS. 'Our bid campaign was conducted honestly. Russia isn’t involved in corruption, everything with us is honest. There are no problems.' " That little bit reminded me of something.
Before this case first opened, I recorded some concerns that Russia had hacked the bids for these kinds of events to get a leg up on the competition. The FBI said it was investigating allegations. At the time, I thought they might have done it here too, but nobody in Russia has been charged with anything - bribery or hacking - yet.
Friday, May 29, 2015
Saturday, May 23, 2015
Fraud and Incident Response
Years ago, I used to manage an intrusion detection program and saw how some government agencies treat intrusion attempts. The typical response to notificaiton that we had gotten an attack from someone's server was "Did they get anything?" The indicator was often that if they didn't, it wasn't anything to be worried about. Now we know that all of those attempts are followed by success because hackers learn from their experiences and get better. They may not have been trying to "get anything" that a single individual can relate to. Sometimes they were just mapping the networks and checking for vulnerabilities. They will be back later.
But this week I have seen a new variation of the same thing, only this time it is with healthcare information. I got a call from a guy who gave me his name and telephone number and wanted my enrollment information for a visit I had done to a local hospital. I told him I had given that information when I checked in and was not going to give it to him. He gave me the "transaction number" for my visit and said, "This is the visit number for that treatment and we need to verify the enrollment information. You can call this number to verify it." I went back to my bill which was already paid by this time and the number on it was nothing like the one he had given. The bill had already been paid. So, I called the fraud number at Blue Cross, but it turns out Blue Cross has had so many cases because of Anthem, they hired a company to help them. Their first question was "Did you tell him anything?"
I said no, and they said, "That's good."
Wouldn't you like to know the name and number he gave me? The same question for a question, "Did you give him anything?"
This circle was getting tighter but nobody was interested in what might be going on in the bigger scheme of things, only that I had not given him anything he might use. He already had my phone number and knew I had been to the hospital. So I asked, "Aren't you concerned that he got that information from somewhere inside your own organization?" Silence. "We don't have any evidence of that." I hung up and called Blue Cross directly and got the same reaction from them, though they did seem to be more interested in the broader application of what was only one person who didn't given any information to the person. They didn't ask for the phone number, name or the transaction number. They were also happy that I hadn't given him any information. They were willing to sign me up for credit monitoring for two years, free. That was nice. I'm sure some people must think that is worthwhile, but it didn't make me more comfortable about how these massive thefts are being attended to at our health providers. Somebody else must be looking into that.
Tuesday, May 19, 2015
Chinese Professors at U.S. Universities
We have the usual suspects again, this time stealing from a company in Colorado, Avago Technologies. However, this one is a little different. The two Chinese charged by the Justice Department show what is wrong with a system to allows the Chinese to come to the U.S. and work on sensitive technologies inside U.S. Universities, and then work for businesses who use that technology. How we can have a Chinese PhD working on technologies for DARPA is another question I would ask of the Industrial Security people in DSS. In my early days, I spent a lot of time finding out which Universities were hiring and using foreign nationals to work on sensitive contracts that did not allow foreign nationals to work on them. In the 1970s there were several people who should not have been, that were. That is an industrial security matter, both in how these are contracted and how the people selected to work on those contracts are vetted. They failed on both counts on this one. Here are the rest of the details from the Justice press release today:
According to the indictment, PRC nationals Wei Pang and Hao Zhang met at a U.S. university in Southern California during their doctoral studies in electrical engineering. While there, Pang and Zhang conducted research and development on thin-film bulk acoustic resonator (FBAR) technology under funding from U.S. Defense Advanced Research Projects Agency (DARPA). After earning their doctorate in approximately 2005, Pang accepted employment as an FBAR engineer with Avago Technologies (Avago) in Colorado and Zhang accepted employment as an FBAR engineer with Skyworks Solutions Inc. (Skyworks) in Massachusetts. The stolen trade secrets alleged in the indictment belong to Avago or Skyworks.
Avago is a designer, developer and global supplier of FBAR technology, which is a specific type of radio frequency (RF) filter. Throughout Zhang’s employment, Skyworks was also a designer and developer of FBAR technology. FBAR technology is primarily used in mobile devices like cellular telephones, tablets and GPS devices. FBAR technology filters incoming and outgoing wireless signals so that a user only receives and transmits the specific communications intended by the user. Apart from consumer applications, FBAR technology has numerous applications for a variety of military and defense communications technologies.
According to the indictment, in 2006 and 2007, Pang, Zhang and other co-conspirators prepared a business plan and began soliciting PRC universities and others, seeking opportunities to start manufacturing FBAR technology in China. Through efforts outlined in the superseding indictment, Pang, Zhang and others established relationships with officials from Tianjin University. Tianjin University is a leading PRC Ministry of Education University located in the PRC and one of the oldest universities in China.
As set forth in the indictment, in 2008, officials from Tianjin University flew to San Jose, California, to meet with Pang, Zhang and other co-conspirators. Shortly thereafter, Tianjin University agreed to support Pang, Zhang and others in establishing an FBAR fabrication facility in the PRC. Pang and Zhang continued to work for Avago and Skyworks in close coordination with Tianjin University. In mid-2009, both Pang and Zhang simultaneously resigned from the U.S. companies and accepted positions as full professors at Tianjin University. Tianjin University later formed a joint venture with Pang, Zhang and others under the company name ROFS Microsystem intending to mass produce FBARs.
The indictment alleges that Pang, Zhang and other co-conspirators stole recipes, source code, specifications, presentations, design layouts and other documents marked as confidential and proprietary from the victim companies and shared the information with one another and with individuals working for Tianjin University.
This is one our own government shouild be looking at. We train the Chinese, employ them, work with them so they can steal that technology and manufacture it in China. Our own policies need to be looked at again. We don't have industrial security anymore if we have this kind of thing going on.
Saturday, May 16, 2015
Intelligence Agencies have Government Emails
There is a telling article in Politico on government email: see Adam B. Lerner, Michael Morell: Foreign Governments have Hillary's Email, Politico, 16 May. The crux of this story is bigger than the title suggests, since the former CIA Deputy Director has said what we all know to be true, but could never say: Most good intelligence services already read the unclassified email of the government offices.
Years ago we had a debate in the Pentagon about whether or not we should contact email services out to AOL, then one of the largest email providers in the D.C. area. The whole purpose behind the government having private email service for its unclassified mail is the security of it can be maintained. It isn't mnore efficient. It certainly isn't cheaper. We always thought it was more secure, and maybe in those days it was. Not anymore.
I would have to ask why agencies are allowed to spend money on maintenance of unclassified email if they can't secure what they have. Why spend money and someone in a foreign intelligence service reads everything we write? We should just use Google or Amazon and forget about trying to maintain our fiction of having unclassified email run by the governmment agencies because it is more secure than it would be from a commercial service.
Thursday, May 14, 2015
ISIL's Image (from Stock)
In today's Politico, Michael Crowley and Hadas Gold [ Stop using ISIL footage, Obama administration asks networks ] relate how the White House has criticized the national media for running stories with old ISIL footage from the days when they openly gathered in streets and drove around in masses of pickup trucks, black flags flying. The White House has a point here, but went too far with it, suggesting the networks show air strikes or U.S. troops training Iraq's military.
Clearly, neither of these things have to do with what the stories about ISIS are trying to convey and would be equally misrepresented.
ISIS is not going to provide file footage for the press that shows a lone pickup running around in the dark with its lights off. This is something that has to be provided by the people on the ground who do not have sympathy with ISIS. There are plenty of journalists and government agencies operating in that part of the world, so if file footage is needed, there should be no shortage of people who can supply it. In this game of psychological warfare, we should have people recording events in ISIS-land that more accurately reflect what is really going on. Yes, there is a certain risk that goes with taking pictures of ISIS anytime, but there were people in the Ukraine taking photos of Russian troops, the downing of a civilian airliner, and the escape of a missile system seen in hasty retreat. We can have interviews with defectors from ISIS. We have to guess that not everyone who goes to fight comes back with the image ISIS wants to convey to the rest of the world. Get them on TV.
The war ISIS is fighting is not all the kinetic war of the past. It is Information War. Using old file footage is not just lazy journalism, it contributes to the ISIS ideal and perpetuates their glory days. The press should know better.
Clearly, neither of these things have to do with what the stories about ISIS are trying to convey and would be equally misrepresented.
ISIS is not going to provide file footage for the press that shows a lone pickup running around in the dark with its lights off. This is something that has to be provided by the people on the ground who do not have sympathy with ISIS. There are plenty of journalists and government agencies operating in that part of the world, so if file footage is needed, there should be no shortage of people who can supply it. In this game of psychological warfare, we should have people recording events in ISIS-land that more accurately reflect what is really going on. Yes, there is a certain risk that goes with taking pictures of ISIS anytime, but there were people in the Ukraine taking photos of Russian troops, the downing of a civilian airliner, and the escape of a missile system seen in hasty retreat. We can have interviews with defectors from ISIS. We have to guess that not everyone who goes to fight comes back with the image ISIS wants to convey to the rest of the world. Get them on TV.
The war ISIS is fighting is not all the kinetic war of the past. It is Information War. Using old file footage is not just lazy journalism, it contributes to the ISIS ideal and perpetuates their glory days. The press should know better.
Wednesday, May 13, 2015
Seymour Hersh and Special Ops
It is a long read, with many things that can't be known, printed as fact. It is Seymour Hersh's The Killing of Osama bin Laden, The London Review of Books, Vol. 37 No. 10 · 21 May 2015 http://www.lrb.co.uk/v37/n10/seymour-m-hersh/the-killing-of-osama-bin-laden
Hersh, a well-known reporter, caught an immediate flow of appearances from the White House denouncing his work as fiction. That is enough to make reading this story worth the time, because we all know that any time there is a big commotion like this, there has to be something about this article that hits home. Almost anyone else would have been ignored.
If true, the story will be a lasting legacy for the White House that will not be over after the President leaves office. The main points of his story are that Pakistan knew where bin Laden was and the Saudi's paid for his upkeep until his death. Pakistan cooperated and facilitated in his killing. Other details of the operation and body disposal are disputed in his writing.
As with most stories of Special Operations, there is no truth, except possibly the one the X-Files used to portray: The Truth is Out There. Truth is an invention of governments conveyed over mass media, rationalized, and made into movies. Stephen Speilberg said making movies was immortality. In their making, some truth is immortalized forever, but it may not be what we believe really happened. Hersh, as the London Review of Books says, is working on an alternative history of the events. Since Zero Dark Thirty is already made its run through theaters, most of the American audiences already know what happened. Don't try to confuse them with alternative histories.
In Special Operations the truth is always something called a cover story. A cover story has plausible deniability and presumes what really happens will never be discovered if the cover story is reapeated often enough. A cover story also assumes the deniability will protect the country from criticism of what they may have done, or how it was managed. The Russians have theirs in the Ukraine, but all countries use them for special things they do. Whatever cover story there was was undone by a White House that talks too much. There is a quote from Robert Gates in the London Review that is telling in that regard. Gates was there, and was in his last few months in the Administration. His truth is easier to believe and more credible, but it is still just one man's truth.
Only a few people know what really happened, and they don't always tell the truth about what that was. Somebody shot Osama bin Laden but nobody will ever know who actually did it, given multiple claims to the deed. Something happened to the body, and I doubt that anyone really cares except a few extreemists who believe in certain ways of burying the dead while they blow themselves up for eternal glory. Nobody misses the irony of that. In 25 years or so, the whole thing will be declassified, and the world will discover whose truth was the right one. Until then, the truth is out there. Dennis F. Poindexter books at Amazon
Tuesday, May 12, 2015
Benghazi's Real Meaning
This week in Politico, Michael Morell, former Deputy Director of the CIA, wrote a good piece on whatreally happened in "The Real Story of Benghazi" [http://www.politico.com/magazine/story/2015/05/the-real-benghazi-cia-insiders-account-117828_Page2.html#.VVHpy3D3arU] It is well worth reading, whether you believe we will ever know the truth of anything that happens in the Middle East.
Morell, who I never worked for and never met, had a reputation on the Hill and in the Intelligence Community as a straight shooter who said what needed to be said instead of what others wanted to hear. His characterization of the events is something worth reading because it shows what is happening in places where dictators have been replaced by "governments" which can't govern, and anarchy rules. Look across the countries of Africa and you will see quite a few of them.
He mentions an account of the three attacks that took place, each one more organized and heavily armed than the one that preceeded it. They were orchestrated by Al Qaeda but they were, as the evidence suggests, not prepared for as the 9/11 attacks were, but kind of thrown together, given the availability of American targets and the lack of government forces capable of deterring them. He says there are three questions that remain unanswered: [which Hillary Clinton should be hearing when she testifies]: Why were there so few security enhancements made to the State Department temporary facility in Benghazi and why were there so few security people guarding it? Why was he allowed to go to the facility on the anniversary of 9/11, and remain overnight? She might have a hard time using the "What does it matter now?" line she used when asked the same questions. These are good questions for a Presidential candidate, who might actually have to make similar decisions some day, on a much grander scale. Deflection will not be possible then. Dennis F. Poindexter books at Amazon
Friday, May 8, 2015
The Two-Sided War in Ukraine
There is a curious article by Adam Entous [Ukraine's U.S. Backers Use Cold-War Playbook] in today's Wall Street Journal. The article recounts the background to what was known as "Charlie Wilson's War" in Afghanistan. Wilson and some of his contemporaries noticed that the Reagan Administration had more rhetoric than punch in how it gave weapons to the Afghans to fight against the Russian invasion. Since they no longer teach this kind of thing in school, there are a good many people who only know it by the movie's portrayal of events.
What Entous points out is the similarities and differences in the way that war was funded and the way the current Administration is funding operations in the Ukraine, or not funding them as it turns out. Politicians seem to always be concerned, whether they do anything or not. We can't blame them for that; it is what we hire then to do. When I worked on the Hill, any issue was something to be concerned about, but that didn't translate into action because there are people on both sides of the issue. I wonder who is on the side of not doing anything to help the Ukranians who faced a load of Russians coming across the border with heavy weapons and beating up on Ukraine's Army. They even took Crimea and nobody in Europe or the U.S. even made a peep.
Some of the players who made Charlie Wilson's War are coming back to support a similar operation in Ukraine. In December, Ukrainian military members came to find out how they could get weapons. The meeting recounted by Entous was held in a public area in the Pentagon City Mall outside Starbucks, a perfect place for a military meeting not 400 yards from the Pentagon itself. They had to sign forms for weapons, which the President later authorized, but Congress has not funded. Then, when agreements actually came on what weapons were needed, especially the Javelin anti-tank missile, the President declined to authorize them. We seem to be two-faced about the Ukraine, and the only ones winning are the Russians.
Thursday, May 7, 2015
Russia Interferes with Lithuanian Power
In an article on the 5th, Elizabeth Braw of Radio Free Europe, [ Balts Say Russian Navy Bullying Undersea Cable Crews, 5 May ] says the Russians are trying to slow down a new 700 Megawatts power cable being put in between Lithuania and Sweden, and due to be completed in December. We are not used to undersea cables being used for much of anything other than TV and telephone circuits, but the Swedes have 14 of them and want to build more. This particular one will help Lithuania by reducing its dependence on Russia for half of its power. Braw's article says:
"In the most recent incident, a vessel from the Russian Navy's Baltic Fleet entered Lithuania's exclusive economic zone on April 30 and headed toward a NordBalt construction ship managed by the Swedish-Swiss engineering conglomerate ABB, according to the Lithuanian Foreign Ministry.
It even tried to chase the construction ship away.
'The ALCEDO vessel chartered by ABB was asked by the Russian Navy to leave its position in Lithuania's exclusive economic zone, where it had a legitimate right to be, according to international law,' Swedish Foreign Ministry spokesman Gabriel Wernstedt told RFE/RL."
Today's Wall Strreet Journal [Christina Zander, Power Cable Generates Tension in Baltics ] puts a little different spin on the same incident, citing others that have occured with the Russian Navy and Air Forces. Russian planes have turned off their transponders and gone close to commercial and government aircraft. That was the Cold War, in case anyone has forgotten. The Russians claimed the cable ship was "interfering with a Naval Exercise" which is about as weak as an excuse gets in diplomatic circles.
One good thing that comes from this kind of harrassment is the Estonia, Latvia, and Lithuania are increasing their militaries and NATO is having joint anti-submarine exercises in the region. After Crimea, the countries west of the Russian border know Putin is not kidding.
Subscribe to:
Posts (Atom)