The Director of National Intelligence had a good perspective on deterrence strategy when asked about it in testimony at the House of Representatives. He said, "It's policy." He was dead on. It's policy that he can't set, and the Intelligence Community must follow, from the White House and particularly the National Security Council. Legislators are finally bringing up the lack of deterrence, blaming the wrong people for it. The IC can't make policy in this area, and neither can agencies like Defense.
Cory Bennet, in yesterday's The Hill, summarized legislative frustration with the lack of policy
[ http://thehill.com/policy/cybersecurity/255290-frustrated-lawmakers-want-cyber-retaliation ] especially in light of an agreement with China to stop hacking each others intellectual property - something nobody believes will happen. Bennet quotes an exchange between John McCain and Deputy Secretary of Defense, Robert Work, as being testy on the point of policy. Work said Defense was working on a policy, but hadn't formalized it yet. McCain asked him about options and he started to say that was a policy area that hadn't been finished yet. Wrong answer. DoD certainly isn't responsible for developing a national policy, but they should at least have response options and contingencies as a part of what Cyber Command does. This is circular logic on all counts, to keep from blaming the people who actually should be making policy. In Work's shoes, any answer was the wrong answer, except the truth. There isn't any deterrent strategy, and it comes from the White House and NSC, not from the agencies that will implement it.
Wednesday, September 30, 2015
Monday, September 28, 2015
An Agreement With China on Cyber
So, we have no sanctions, but we have an agreement with China. The press reports all say this agreement says (read any of several like http://www.bbc.com/news/world-asia-china-34360934 ) we agree not to steal each others trade secrets and proprietary information. This is a fanciful agreement, since it isn't the U.S. stealing that kind of data. We are agreeing to not do something we aren't doing anyway. It is easy to agree to.
China, in spite of an abundance of evidence, says it does not steal from other countries and has laws to prevent such activity. Those laws are being followed, they say. So, they are agreeing to not do something they already say they do not do. That negotiation must have gone smoothly, given that both sides agreed to not do something they don't do anyway. Our legislators would do well to pass a law saying we will not steal information from another country or business entity, so we would be on equal footing.
The BBC article mentions something that not may others do. It says the agreement does not cover national security information, state secrets. So, we can continue to steal state secrets from each other and not violate the agreement. That would be things like the entire database of security clearances in OPM, and other PII in the Post Office, and IRS. It seems like an agreement in that area would be easy since neither side does that either. The Chinese have denied stealing any of this data, and we would deny that we steal any such things from China. We are all in agreement here.
I did say there would be an agreement. It is totally worthless, but we got one. We still have no deterrent capability to stop the Chinese from stealing from us, and this agreement, while it might be part of a state dinner conversation for 10 minutes, is only a reflection of the real problems between us. The Chinese are stealing us blind, plowing our own technology back into their industrial base, and competing with us everywhere on unequal footing. We can pretend like signing an agreement will help that, but we need a big stick instead..
China, in spite of an abundance of evidence, says it does not steal from other countries and has laws to prevent such activity. Those laws are being followed, they say. So, they are agreeing to not do something they already say they do not do. That negotiation must have gone smoothly, given that both sides agreed to not do something they don't do anyway. Our legislators would do well to pass a law saying we will not steal information from another country or business entity, so we would be on equal footing.
The BBC article mentions something that not may others do. It says the agreement does not cover national security information, state secrets. So, we can continue to steal state secrets from each other and not violate the agreement. That would be things like the entire database of security clearances in OPM, and other PII in the Post Office, and IRS. It seems like an agreement in that area would be easy since neither side does that either. The Chinese have denied stealing any of this data, and we would deny that we steal any such things from China. We are all in agreement here.
I did say there would be an agreement. It is totally worthless, but we got one. We still have no deterrent capability to stop the Chinese from stealing from us, and this agreement, while it might be part of a state dinner conversation for 10 minutes, is only a reflection of the real problems between us. The Chinese are stealing us blind, plowing our own technology back into their industrial base, and competing with us everywhere on unequal footing. We can pretend like signing an agreement will help that, but we need a big stick instead..
Friday, September 25, 2015
Chinese Attribution Gets Dangerous
Five years ago it was hard to get anyone to believe that the Chinese were collecting large quantities of data from businesses and government entities in the U.S. There wasn't much that attributed attacks and thefts of data to them. Now everyone seems to be in the game of attributing cyber events to people in China. Attribution has become more effective, but more dangerous. I was reminded of this when I read Josh Chin's article, Cyber Sleuths Track Hacker to China’s Military, in the Wall Street Journal (23 September 2015).
We now have a few companies actively tracking Chinese hackers back to China, in the case Chin discusses, to "People’s Liberation Army Unit 78020, a military intelligence arm based in China’s southwest, and a hacker collective known as Naikon that security researchers say has successfully penetrated key computer networks in countries competing with China for control over the South China Sea." This is certainly good for people like me who believed the Chinese were stealing us blind, while the Chinese denied it, and our government seldom mentioned China as the source of attacks. Now, we assume it is the Chinese even before the investigations are complete.
The reason this is dangerous is we have private companies running intelligence operations to collect information about one of our adversaries, and that includes the military. That is not really their business, and one they need to think about before doing it. Mandiant, part of FireEye, has had companies using data they have in their series of reports and duplicating their examination of hacking going on in Chinese military units. Mandiant gets confirmation and some additional information but not much else. Once these reports are published, we have proof of what the Chinese are doing, but we also have details that guarantees those places will not be doing business the same way they were before they were found out. One thing we can all agree on is the Chinese are not stupid. They read a lot and they adapt quickly.
Mandiant was the first but a number of others have followed. We now have at least five U.S. companies, and a few overseas that I know of, doing the same thing. These are not government sanctioned, controlled, or managed. The danger here is that the Chinese elements are run by the government. We cannot continue to trample each other trying to trace things to a network that is not under our control. In a way, Xi Jinping is having his wish come true - the U.S. has its private businesses tracing these attacks back into China at a time when Chinese businesses are doing the same thing. Neither of us has an interest in allowing state-owned businesses or private concerns romping around in the computer networks of other countries (not they are accused or admit to any such thing). Spying is a government's business, and getting too far away from government sponsorship is more than a little dangerous for all of us. We would not want businesses to cross that line.
It isn't always obvious, but hacker groups are not benign. Some of them are mixed up in politics, some in crime, and a few in government intelligence collection. Some will attack an attacker, and few will be destructive. We don't always know the motivation for a collection effort conducted from a Chinese network, though the Chinese certainly do. Without a little government oversight, these kinds of operations stand to interfere with on-going operations of several governments, not just our own. Maybe it is time to get these companies together to discuss what the ground rules should be for conducting inquiries on attribution. There may not be a need for laws, but there is certainly a need for understanding of the consequences if it isn't controlled.
We now have a few companies actively tracking Chinese hackers back to China, in the case Chin discusses, to "People’s Liberation Army Unit 78020, a military intelligence arm based in China’s southwest, and a hacker collective known as Naikon that security researchers say has successfully penetrated key computer networks in countries competing with China for control over the South China Sea." This is certainly good for people like me who believed the Chinese were stealing us blind, while the Chinese denied it, and our government seldom mentioned China as the source of attacks. Now, we assume it is the Chinese even before the investigations are complete.
The reason this is dangerous is we have private companies running intelligence operations to collect information about one of our adversaries, and that includes the military. That is not really their business, and one they need to think about before doing it. Mandiant, part of FireEye, has had companies using data they have in their series of reports and duplicating their examination of hacking going on in Chinese military units. Mandiant gets confirmation and some additional information but not much else. Once these reports are published, we have proof of what the Chinese are doing, but we also have details that guarantees those places will not be doing business the same way they were before they were found out. One thing we can all agree on is the Chinese are not stupid. They read a lot and they adapt quickly.
Mandiant was the first but a number of others have followed. We now have at least five U.S. companies, and a few overseas that I know of, doing the same thing. These are not government sanctioned, controlled, or managed. The danger here is that the Chinese elements are run by the government. We cannot continue to trample each other trying to trace things to a network that is not under our control. In a way, Xi Jinping is having his wish come true - the U.S. has its private businesses tracing these attacks back into China at a time when Chinese businesses are doing the same thing. Neither of us has an interest in allowing state-owned businesses or private concerns romping around in the computer networks of other countries (not they are accused or admit to any such thing). Spying is a government's business, and getting too far away from government sponsorship is more than a little dangerous for all of us. We would not want businesses to cross that line.
It isn't always obvious, but hacker groups are not benign. Some of them are mixed up in politics, some in crime, and a few in government intelligence collection. Some will attack an attacker, and few will be destructive. We don't always know the motivation for a collection effort conducted from a Chinese network, though the Chinese certainly do. Without a little government oversight, these kinds of operations stand to interfere with on-going operations of several governments, not just our own. Maybe it is time to get these companies together to discuss what the ground rules should be for conducting inquiries on attribution. There may not be a need for laws, but there is certainly a need for understanding of the consequences if it isn't controlled.
When a Judge makes law
We have to wonder what is going on when a judge can rule that the password of a company phone is personal information that does not have to be disclosed in a criminal investigation. What is also interesting, is that both defendants have now fled to China. This could be a good book plot, if you are into fiction. Apparently, this judge is.
The two defendants are former employees of Capital One Financial Corp, and the SEC accursed them of making stock trades based on things they saw in a database of consumer information. The SEC wanted to see what their smartphones showed about some of those transactions, but couldn't get the data without the passwords, a testament to the improvements in security on smartphones these days. It seems like the real issue here is When is a Corporate Phone a Personal Phone? The legal answer will be - never. But, at least for now, it will be when a password is put on it by the user. Ownership seems to have nothing to do with it, nor the fact that his phone was purchased by the company to do corporate business - kind of the opposite situation that Hillary Clinton established. She used a personal email system to avoid having her records kept by the State Department. That one will go on forever, or as long as there is a Clinton running for public office. This one won't get past an appeal.
As to these two running off to China, we have to think about that more. Since when did China start being a safe haven for people tryinig to avoid criminal prosecution? We don't have an extradition treaty with China, so we really can't get them back. So, while they enjoy themselves, doing whatever they are doing now, our legal system protects them here, and China's system protects them there. What a mess....
The two defendants are former employees of Capital One Financial Corp, and the SEC accursed them of making stock trades based on things they saw in a database of consumer information. The SEC wanted to see what their smartphones showed about some of those transactions, but couldn't get the data without the passwords, a testament to the improvements in security on smartphones these days. It seems like the real issue here is When is a Corporate Phone a Personal Phone? The legal answer will be - never. But, at least for now, it will be when a password is put on it by the user. Ownership seems to have nothing to do with it, nor the fact that his phone was purchased by the company to do corporate business - kind of the opposite situation that Hillary Clinton established. She used a personal email system to avoid having her records kept by the State Department. That one will go on forever, or as long as there is a Clinton running for public office. This one won't get past an appeal.
As to these two running off to China, we have to think about that more. Since when did China start being a safe haven for people tryinig to avoid criminal prosecution? We don't have an extradition treaty with China, so we really can't get them back. So, while they enjoy themselves, doing whatever they are doing now, our legal system protects them here, and China's system protects them there. What a mess....
Thursday, September 24, 2015
The Benefits of Stealing Designs
China's strike fighter the J-31, is a mirror of the J-35 made by Lockheed Martin. So, we have to wonder if they stole that design from Lockheed or the Air Force. It makes a difference to those defending their reputation, but from the standpoint of the loss of technology, it hardly matters. China was accused of stealing the designs in 2009, and unlike Lockheed, actually flew it two years later. China is a thief, but they are also good at using that stolen technology to get a product to market. They do it much better than we do.
Go to the article by Marcus Weisgerber at http://www.defenseone.com/threats/2015/09/more-questions-f-35-after-new-specs-chinas-copycat/121859/ and look at the picture of the plane. Most countries would at least change the design some so it doesn't look like the one they stole, but China doesn't even bother to do that. I heard of a case of a flawed software product stolen by Chinese vendors and they marketed it with the same flaws as the original. They could have fixed the problems and had a better product, but it slows down delivery. They have no pride. They are focused on the end product and getting it out ahead of their competition.
There are really two issues here. The first is the inability of our defense contractors and government to keep our secrets secret. The Boards of Directors aren't paying attention. That loss of investment, and lengthy delivery time, cost them profits, but gives them some leverage to ask for more money to make enhancements to compensate for the loss of technological advantage. We end up paying for their mistakes, multiple times.
The second is the loss of technological advantage that keeps our military small, but effective. Being small, without that technical advantage is a very dangerous proposition. The current administration has cut defense so much that we no longer have the numbers that are needed to fight wars created by the lack of foreign policy. Losing the technological advantage puts more pressure on that smaller force. If you are sitting in the West Wing of the White House, it isn't noticeable, but if you are intercepting a Chinese J-31 in your hot new J-35, you might.
Go to the article by Marcus Weisgerber at http://www.defenseone.com/threats/2015/09/more-questions-f-35-after-new-specs-chinas-copycat/121859/ and look at the picture of the plane. Most countries would at least change the design some so it doesn't look like the one they stole, but China doesn't even bother to do that. I heard of a case of a flawed software product stolen by Chinese vendors and they marketed it with the same flaws as the original. They could have fixed the problems and had a better product, but it slows down delivery. They have no pride. They are focused on the end product and getting it out ahead of their competition.
There are really two issues here. The first is the inability of our defense contractors and government to keep our secrets secret. The Boards of Directors aren't paying attention. That loss of investment, and lengthy delivery time, cost them profits, but gives them some leverage to ask for more money to make enhancements to compensate for the loss of technological advantage. We end up paying for their mistakes, multiple times.
The second is the loss of technological advantage that keeps our military small, but effective. Being small, without that technical advantage is a very dangerous proposition. The current administration has cut defense so much that we no longer have the numbers that are needed to fight wars created by the lack of foreign policy. Losing the technological advantage puts more pressure on that smaller force. If you are sitting in the West Wing of the White House, it isn't noticeable, but if you are intercepting a Chinese J-31 in your hot new J-35, you might.
Wednesday, September 23, 2015
Chinese Businesses Not Like US
I had a section on the differences between Chinese businesses and ours in my first book. Jamil Anderlini had an interesting article on this in the Financial Times over the weekend and confirmed a couple of things that I discussed. The first is that the Communist Party has a lot more power than business leaders, and the position in the Party will trump any position in the business structure. Anderlini points out that the Chinese have two mechanisms to keep the Party in control of state-owned businesses. The Party appoints all managers above a certain level [ he doesn't say what that level is, but it may vary on the size of the company ] and operates cells in all state-owned businesses that "function as a parallel power structure..." that controls the actions of the business. The head of the companies are often the leaders of that cell. Xi Jinping left no doubt he wants to strengthen that control and those appointments.
Second, China admits to having 150,000 state-owned enterprises with more than $16 trillion in assets. Aviation, Finance, and Petro-chemicals are dominated by state-owned industries, acting as monopolies.
We gloss over the differences too often. When our businesses do their work in China, they operate with several disadvantages because the Party has an interest in protecting its investments in State Owned Enterprises (SOE). They steal our technology and plow that back into other SOEs to make themselves successful. Picking winners and losers is a hard thing for a government to do. As the Chinese markets crashed, you can bet the SOEs got first dibs on the money that state put into reviving the economy. These businesses are too closely linked to the people who oversee them. We can't pretend they are like us. They aren't even close.
Second, China admits to having 150,000 state-owned enterprises with more than $16 trillion in assets. Aviation, Finance, and Petro-chemicals are dominated by state-owned industries, acting as monopolies.
We gloss over the differences too often. When our businesses do their work in China, they operate with several disadvantages because the Party has an interest in protecting its investments in State Owned Enterprises (SOE). They steal our technology and plow that back into other SOEs to make themselves successful. Picking winners and losers is a hard thing for a government to do. As the Chinese markets crashed, you can bet the SOEs got first dibs on the money that state put into reviving the economy. These businesses are too closely linked to the people who oversee them. We can't pretend they are like us. They aren't even close.
State Visits
It may not occur to most people, but whoever is scheduling state visits in our White House is inept. We have Xi Jinping sitting out in Seattle while almost any leader in this government is sitting on the White House lawn with the Pope. The Pope is great man, but the President, Vice President, and Secretary of State chose to see the Pope and be seen with him, rather than the leader of the second largest economy in the world. This is a little hard to understand, and more than a little disrespectful. One of them could have met with Xi yesterday and the other could have picked up the Pope at Andrews Air Force Base. They would both have been back in time to sit and listen to the Pope speak some other time in the next two days.
Wednesday, September 16, 2015
"Difficult Problem with China"
President Obama answered questions today at the Business Roundtable and he used a diplomatic term that means things are not going well on cyber discussions between the two countries. He said these issues were "difficult". He was very general in the discussion, mentioning that we had difficulty discouraging the Chinese from stealing intellectual property from the U.S. and deterring them from other similar activities. We all know that; the Chinese know that. The diplomatic meaning is almost always - don't hold your breath on anything coming out of this meeting, because we don't agree on how to get an agreement on behavior of one country to another in how they use the Internet. It is too hard to do right now.
I don't think he responded to the question being asked, which he is allowed to do since he has the stage. Some of his other answers seen to indicate he believes we can help the Chinese do a better job of being a good public citizen on the Internet. Since the Chinese have not changed very much in the past 500 years, the protocols of another, smaller country are not going to matter to them very much. We can't lecture them on how they should act. We can criticize them for not behaving like other countries, but lecturing a country with this much history is pointless. Persuading them that they need a more open Internet and internal communications flies in the face of their censorship and Internet controls. We can provide a better deterrence by helping the citizens of China to work around their own censorship and communicate with like minded people of the world.
I don't think he responded to the question being asked, which he is allowed to do since he has the stage. Some of his other answers seen to indicate he believes we can help the Chinese do a better job of being a good public citizen on the Internet. Since the Chinese have not changed very much in the past 500 years, the protocols of another, smaller country are not going to matter to them very much. We can't lecture them on how they should act. We can criticize them for not behaving like other countries, but lecturing a country with this much history is pointless. Persuading them that they need a more open Internet and internal communications flies in the face of their censorship and Internet controls. We can provide a better deterrence by helping the citizens of China to work around their own censorship and communicate with like minded people of the world.
Tuesday, September 15, 2015
North Korean Cyber Footnote
The House Permanent Select Committee on Intelligence had hearings on the 10th of September about cyber threats to the U.S. [see http://intelligence.house.gov/hearing/world-wide-cyber-threats] During the questions section, Admiral Rogers was responding to the issue of deterrence of North Korea from doing more attacks like Sony in the U.S. The DNI had replied that they knew of no other incidents since that time, but the Director of NSA added that he knew of nothing in the U.S., but that he had observed North Korea doing other things in countries other than the U.S. This was an open hearing and there were no follow-up questions or inquiries into what those other things and other countries might be. At the very least, it shows they are keeping an eye on North Korea and keeping track of what they are doing in cyber attacks.
Sunday, September 13, 2015
Kicking and Screaming to Dinner
The Financial Times has a good article about the kind of diplomacy the Chinese have when visiting.
[ Geoff Dyer and Richard Waters, High-tech diplomacy, 12 September 2015 ] The article is complete with a picture of Presidents Obama and Xi, where both look like they are giving religious blessings to the masses.
The companies invited to dinner with the leaders are bracketed between differences over "cyber crime, intellectual property rights, spying, market access, and governance of the internet" and they don't much like being caught in the middle. One described it as 'not far short of a summons' from the Chinese, yet they are not anxious to be a part of it. They don't like having China steal from them, but they are not fond of the sanctions which the Obama Administration has proposed and may start implementing before Xi touches down in the U.S. Businesses hate this kind of tension, especially global ones operating in both China and the U.S.
These are leaders who believe we can out-innovate China and continue to make money at the same time. They are willing to compromise with new regulations in China which make it impossible to keep secrets from the Chinese government, which then plows stolen technology back into competition for these same businesses. Tell me the logic of this.
Where are the shareholders of these companies - the IBMs, Microsofts, Apples and Ciscos of the world? Can they justify letting the Chinese have a long term technology pump sucking out the trade secrets and intellectual property of their companies for short term profits? Don't the shareholders see this as a losing proposition? We were able to beat the Russians at this Cold War game, but the Chinese are a lot different than the Russians were. When the Russian Party Chairman said the United States would sell him the rope he used to hang them, he was not far wrong. The Russians were just far from being adaptive at using the technology they stole. The Chinese are not.
[ Geoff Dyer and Richard Waters, High-tech diplomacy, 12 September 2015 ] The article is complete with a picture of Presidents Obama and Xi, where both look like they are giving religious blessings to the masses.
The companies invited to dinner with the leaders are bracketed between differences over "cyber crime, intellectual property rights, spying, market access, and governance of the internet" and they don't much like being caught in the middle. One described it as 'not far short of a summons' from the Chinese, yet they are not anxious to be a part of it. They don't like having China steal from them, but they are not fond of the sanctions which the Obama Administration has proposed and may start implementing before Xi touches down in the U.S. Businesses hate this kind of tension, especially global ones operating in both China and the U.S.
These are leaders who believe we can out-innovate China and continue to make money at the same time. They are willing to compromise with new regulations in China which make it impossible to keep secrets from the Chinese government, which then plows stolen technology back into competition for these same businesses. Tell me the logic of this.
Where are the shareholders of these companies - the IBMs, Microsofts, Apples and Ciscos of the world? Can they justify letting the Chinese have a long term technology pump sucking out the trade secrets and intellectual property of their companies for short term profits? Don't the shareholders see this as a losing proposition? We were able to beat the Russians at this Cold War game, but the Chinese are a lot different than the Russians were. When the Russian Party Chairman said the United States would sell him the rope he used to hang them, he was not far wrong. The Russians were just far from being adaptive at using the technology they stole. The Chinese are not.
What a Free Press Isn't
So, I'm reading an article in the China Digital Times, "Liberal Media Group Forced Onto "Correct Road", about news outlets in China being forced into printing stories about the progress being made in the Chinese ecomony, when I noticed a government agency called the Central Propaganda Department had issued instructions on the coming stories which their "free press" could write about successes in the economy - which, if you haven't heard, has tanked of late. Rather than allow the press to report about the real economy, the state has decided to brighten things up a little.
We should be grateful for a free press which we take for granted at times, and rightly criticize others. These Chinese try to control their press and we can be skeptical about their progress when reporting on it is a requirement.
The instructions were translated by the Times as follows:
We should be grateful for a free press which we take for granted at times, and rightly criticize others. These Chinese try to control their press and we can be skeptical about their progress when reporting on it is a requirement.
The instructions were translated by the Times as follows:
Office of the Xinhua News Agency Editor-in-Chief
Notice
To the departments of Domestic News (Central Government Procurement Center), International News, Domestic News for Overseas Service, Photography, Reference News, and Audio-Video; the CNC [China Xinhua News Network Corporation], Xinhua Online, the New Media Center; all media reporting platforms; and the Editorial Department:In keeping with the spirit of notifications from superior authorities and Agency leadership requirements, the focus for the month of September will be strengthening economic propaganda and guiding public opinion (the related notification is in the attachment that follows). This includes taking the next step in promoting the discourse on China’s bright economic future and the superiority of China’s system, as well as stabilizing expectations and inspiring confidence. We request that your departments take immediate action to plan related reporting; identify individuals to take responsibility; and confirm reporting topics, individuals responsible for those topics, and publication dates.Please plan related reporting. After the responsible parties within the relevant department have signed off on the plan, send it to the Creative Planning Center at the editor-in-chief’s office through 0A prior to 5 p.m. on September 9, and fax the leadership signature page to 63071200.The topic formatting should be as follows:
- Topic (Responsible Party: Department Name, Individual’s Name; Publication Date: Month, Day)
Contact: Wang Xiaoshun [Office:] 51366 [Cell:] 13661390548Office of the Editor-in-ChiefSeptember 7, 2015 [Chinese]
Saturday, September 12, 2015
NE Patriots Orchestra
A friend of mine lives in New England and follows all that passes for news up there, mostly the New England Patriots football team, sad though that might be. Two days ago they played on national television and we got to see their orchestra. This is not one of those college bands or pickup groups; these are real players in the world of music. I had never seen that at a football game before, so I asked her what it was about. Here is what she said: "Since they no longer have anything to do, they trained their lawyers to be musicians."
Friday, September 11, 2015
Iran's Cyber Attacks Less Agressive
Damian Paletta has an interesting piece in today's Wall Street Journal that has some quotes from the Hill testimony of Admiral Rogers on Iran's use of cyber to attack the U.S. He said the Iranians had done less hacking since negotiations had become more serious on the nuclear agreement. Surprise, surprise.
This is the sort of thing that falls in the category of a question: "Have you stopped beating your wife?" The wife will never forget the beatings, if they took place, and the stopping will not make her feel better about her husband. Having the Director of the National Security Agency say Iran is not doing as many attacks as it did, should not make us feel any better about Iran. We don't forget.
Many of you have not heard of Newscaster, an enterprising Iranian effort to collect intelligence. [ see ISSight Partners website at http://www.isightpartners.com/2014/05/newscaster-iranian-threat-inside-social-media/ ]
"iSIGHT Partners believes Iranian threat actors are using more than a dozen fake personas on social networking sites (Facebook, Twitter, LinkedIn, Google+, YouTube, Blogger) in a coordinated, long-term cyber espionage campaign. At least 2,000 people/targets are, or have been, caught in the snare and are connected to the false personas." The name comes from the use of a website with news stories stolen from legitimate sites and copied onto their own. Maybe they have stopped that one since the negotiations started. Maybe not.
The really big one, of course was an Iran denial-of-service attack on U.S. banks which went on for over five weeks and ended somewhere around the end of 2012. You can read about tbat one at http://www.wsj.com/articles/SB10000872396390444592704578063063201649282 and many other places. Iran was not happy about sanctions, now to be lifted, and so attacked our banks to make trouble. We are supposed to forget that happened and rejoice in the fact that they have stopped attacking banks.
I hear only politics in all of this. Some good may come of this deranged agreement to allow Iran to continue on its nuclear path, but it won't be the reason for them to stop attacking the U.S. whenever they have an excuse.
This is the sort of thing that falls in the category of a question: "Have you stopped beating your wife?" The wife will never forget the beatings, if they took place, and the stopping will not make her feel better about her husband. Having the Director of the National Security Agency say Iran is not doing as many attacks as it did, should not make us feel any better about Iran. We don't forget.
Many of you have not heard of Newscaster, an enterprising Iranian effort to collect intelligence. [ see ISSight Partners website at http://www.isightpartners.com/2014/05/newscaster-iranian-threat-inside-social-media/ ]
"iSIGHT Partners believes Iranian threat actors are using more than a dozen fake personas on social networking sites (Facebook, Twitter, LinkedIn, Google+, YouTube, Blogger) in a coordinated, long-term cyber espionage campaign. At least 2,000 people/targets are, or have been, caught in the snare and are connected to the false personas." The name comes from the use of a website with news stories stolen from legitimate sites and copied onto their own. Maybe they have stopped that one since the negotiations started. Maybe not.
The really big one, of course was an Iran denial-of-service attack on U.S. banks which went on for over five weeks and ended somewhere around the end of 2012. You can read about tbat one at http://www.wsj.com/articles/SB10000872396390444592704578063063201649282 and many other places. Iran was not happy about sanctions, now to be lifted, and so attacked our banks to make trouble. We are supposed to forget that happened and rejoice in the fact that they have stopped attacking banks.
I hear only politics in all of this. Some good may come of this deranged agreement to allow Iran to continue on its nuclear path, but it won't be the reason for them to stop attacking the U.S. whenever they have an excuse.
Thursday, September 10, 2015
Chinese Technical Espionage
So we have the curious case of Professor Rongxing Li, lately of Ohio State University and previously of Tongi University in Shanghai, who press reports say is being sought by the FBI. According to the Columbus Dispatch, 8 Sept 2015, Li resigned early last year and went back to China. The information on his 18-year tenure at Ohio State was removed from their website. The Dispatch article goes on to say, " Investigators determined that Li had numerous, ongoing connections with Tongji, including being listed as a professor and as the director of a center for spatial information. The investigators also found online evidence that he had collaborated with Chinese-government programs to develop advanced technologies, serving as chief scientist for one project.
On Feb. 15, 2014, Li notified Ohio State and NASA that he was withdrawing from the Mars 2020 project. He also told Ohio State that he was in China caring for his sick parents. A few days later, he emailed his resignation to the university. According to a search warrant, he said, 'With this email I resign from my position at the Ohio State University'.” The timing of his departure is interesting.
In May of this year, another professor, Hao Zhang, Tianjin University was arrested with six individuals charged with economic espionage and theft of trade secrets for their roles in a long-running effort to obtain U.S. trade secrets for the benefit of universities and companies controlled by the PRC government. In that case, the indicted individuals worked for a company in Silicon Valley and worked for the Chinese government company at the same time. They were transferring technology from the U.S. to China. Perhaps this will give Xi and Obama something else to talk about this month.
On Feb. 15, 2014, Li notified Ohio State and NASA that he was withdrawing from the Mars 2020 project. He also told Ohio State that he was in China caring for his sick parents. A few days later, he emailed his resignation to the university. According to a search warrant, he said, 'With this email I resign from my position at the Ohio State University'.” The timing of his departure is interesting.
In May of this year, another professor, Hao Zhang, Tianjin University was arrested with six individuals charged with economic espionage and theft of trade secrets for their roles in a long-running effort to obtain U.S. trade secrets for the benefit of universities and companies controlled by the PRC government. In that case, the indicted individuals worked for a company in Silicon Valley and worked for the Chinese government company at the same time. They were transferring technology from the U.S. to China. Perhaps this will give Xi and Obama something else to talk about this month.
Wednesday, September 9, 2015
Let's not Forget Sony
I happened to see the 60 Minutes story on Sony, rebroadcast from April, and noticed how far away it seemed to be. [http://www.cbsnews.com/news/north-korea-cyberattack-on-sony-60-minutes/] We need to be reminded that it was an Internet-eternity ago but not something we should forget. In the Information War, it marked a different kind of event, a destructive attack that resulted in the disclosure of internal information that embarrassed individuals. 60 Minutes did a good job of explaining, in very simple terms, what happened to allow Sony to be hit. Those techniques are being used every day and we are playing catch-up when we should be out front of this problem.
North Korea is a proxy for China in this attack, and it is a warning of things to come. The Chinese have used North Korea as a way to agitate us, then watch to see what we do about it. The North Korean leader says he is going to put up one of his Taepo Dong missiles and put a nuclear weapon on it. He says it will reach the United States, and he intends to see if he can do that. We didn't even flinch when he said it, because nobody believed he could do it. Sony was different.
This Sony was a U.S. subsidiary of the Japanese Sony, so they were attacking a U.S. business, using a destructive attack, and embarrassing its leaders. We don't want to miss the significance of that. Nothing the U.S. has done so far has been a deterrent to China using a proxy to stick a finger in our eye. China says, "It wasn't me. Those North Koreans are so hard to control." Not when you are the biggest supplier of food and energy [ http://www.cfr.org/china/china-north-korea-relationship/p11097 ] to this little country. You can bet the North Koreans don't have a big Internet presence that doesn't go though Chinese circuits to get anywhere. Who are they kidding?
When Xi and Obama sit down to discuss their future relations, one of the things they should be talking about is why we should believe that North Korea acts on its own when they do this kind of thing. We all know they don't, so stop pretending.
North Korea is a proxy for China in this attack, and it is a warning of things to come. The Chinese have used North Korea as a way to agitate us, then watch to see what we do about it. The North Korean leader says he is going to put up one of his Taepo Dong missiles and put a nuclear weapon on it. He says it will reach the United States, and he intends to see if he can do that. We didn't even flinch when he said it, because nobody believed he could do it. Sony was different.
This Sony was a U.S. subsidiary of the Japanese Sony, so they were attacking a U.S. business, using a destructive attack, and embarrassing its leaders. We don't want to miss the significance of that. Nothing the U.S. has done so far has been a deterrent to China using a proxy to stick a finger in our eye. China says, "It wasn't me. Those North Koreans are so hard to control." Not when you are the biggest supplier of food and energy [ http://www.cfr.org/china/china-north-korea-relationship/p11097 ] to this little country. You can bet the North Koreans don't have a big Internet presence that doesn't go though Chinese circuits to get anywhere. Who are they kidding?
When Xi and Obama sit down to discuss their future relations, one of the things they should be talking about is why we should believe that North Korea acts on its own when they do this kind of thing. We all know they don't, so stop pretending.
Tuesday, September 8, 2015
Warrants for Cloud Mail
We are about to find out if one of the most interesting cases to come along will allow Federal warrants to get email from a service in Ireland, operated by Microsoft. JOE PALAZZOLO, in today's Wall Street Journal, outlines the story, but there is a good deal more on the line than what is at issue in this one case.
More than Microsoft is involved and a cast of characters involved in the defense is staggering. Cisco, Verizon, Amazon, The U.S. Chamber of Commerce, and the Software Alliance all are helping to file briefs, and the reason for it is fairly obvious - they are operating clouds that store data outside the U.S. where they figure the Feds should not be able to collect data. The Justice Department thinks that controlling that data from the U.S. makes them subject to the court order, and is trying it out in a drug trafficking case.
The big deal here is whether cloud services can be served warrants on data not in the U.S. Whether control is more important in the warrant than national borders is part of that issue. Our data floats around all over the world and none of these companies tell us it is stored outside the U.S. It seems the same as telephone circuits outside the U.S. It doesn't stop warrants from being served or the data supplied and it relies on sharing many circuits all over the world. We aren't plucking the data from Ireland. We get it from the U.S. side of the conversation.
It seems these companies want to muddy the waters a little for their own self interests.
More than Microsoft is involved and a cast of characters involved in the defense is staggering. Cisco, Verizon, Amazon, The U.S. Chamber of Commerce, and the Software Alliance all are helping to file briefs, and the reason for it is fairly obvious - they are operating clouds that store data outside the U.S. where they figure the Feds should not be able to collect data. The Justice Department thinks that controlling that data from the U.S. makes them subject to the court order, and is trying it out in a drug trafficking case.
The big deal here is whether cloud services can be served warrants on data not in the U.S. Whether control is more important in the warrant than national borders is part of that issue. Our data floats around all over the world and none of these companies tell us it is stored outside the U.S. It seems the same as telephone circuits outside the U.S. It doesn't stop warrants from being served or the data supplied and it relies on sharing many circuits all over the world. We aren't plucking the data from Ireland. We get it from the U.S. side of the conversation.
It seems these companies want to muddy the waters a little for their own self interests.
Sanctions against China
A couple of weeks ago, I was interviewed by James Griffiths at the South China Morning Post and he asked what I thought the outcome of the meeting between Xi and Obama would be. Given the statement by the White House that they did not agree with what has been done by the Chinese in Cyberspace, I assumed there would be some kind of agreement between the two countries to give a pro forma stamp to “settle the disagreement”. Press outlets for the government very rarely mention a point of contention unless they know they can work out something that is agreeable to both parties, and can be announced in a way that favors both. That is politics, and generally no reflection of what countries really do to each other afterwards. The sentiment in this government seems to be that any agreement is better than none.
However, the discussion in the public press has not been about an agreement; it has been about sanctions. Sanctions talk is the perfect way to torpedo any chance of making any deal with the Chinese, just as the worthless indictment of Chinese military officers was a couple of years ago. That occurred right in the middle of discussions with our government on trade and other matters like the runway the Chinese were building on the Spratley Islands. Both countries have politicians and military leaders who don’t want to have any agreement, so do things to make getting one harder. Having the Chinese Navy running around up in Alaska this week, while the President is visiting there, is just one of those things. Piling on the Russians in the Arctic was just added drama.
We can argue that this doesn’t help us to a cyber agreement of any type, but it is more than just cyber in this case. Either Xi and his central government are creating a crisis by maneuvering the economy and military around right before the meeting, or the Chinese have elements in their own country creating trouble without that central direction. Neither of those would be good, but it is not hard to guess which one is driving events.
Neither leader can have it both ways. They can’t say they want to have better relations and act as though they don’t. They can smile and shake hands, passing off agreements as “good for international relations” while doing everything they can to make sure these agreements are never implemented. Somewhere, there must be good reasons for not having better relations between the two, and those are playing out right before the meeting.
In the case of China, it is because they know they have the upper hand. They can poke at us though the controlled economy and military maneuvers, then smile like we will always be friends. The U.S. has to appear “strong” by bringing on sanctions, when they are not exactly a good fit in this kind of situation. Neither side wants any kind of agreement, which is not a good sign. China seems to think it can win in a fight, and especially in cyber, I’m not so sure they wouldn’t be right. I don’t like the way this is going.
Wednesday, September 2, 2015
Hezbollah Tapping Mobile Phones
A curious note in a charge document issued by Kuwait against 26 members of a terror cell with links to Iran, indicated they were spying for Iran, including tapping phones in Kuwait. As I noted in The New Cyberwar, the Chechens monitored cell phones, the Internet and television of the Russians, just like a government would do. Iran has been helping with the migration of that technology into some of the other groups it supports, like in this example, Hezbollah.
Tuesday, September 1, 2015
Blame the Reporting
We have had more than a few cases of blaming the reporters this week, in Egypt, Turkey, Russia and China. These countries want their own view of the world to appear in media and any unapproved views will be dealt with severely. Sometimes I wonder what our newspapers would look like if we adopted a government perspective on suppression of the "facts" unless the government has sanctioned them. The one I would use as a perfect example is the case of Wang Xiaolu, a reporter for an influential financial reporting pub called Caijing. Wang has confessed to a crime on national television that he had published an article that was said to cause "great negative impact on the market". This story by James Areddy [China Announces Legal Actions Over Market 'Violations', The Wall Street Journal, 1 Sept 2015 ] . See also,https://www.blogger.com/blogger.g?blogID=9033304048882784982#editor/target=post;postID=2185291346291452286;onPublishedMenu=allposts;onClosedMenu=allposts;postNum=23;src=postname By such a standard, some really good reporters would go to jail in this country, publishing things that cause a negative impact on the market. We would have a stream of TV journalists going along with them. The national news broadcasts would take on a different perspective, not wanting to cover both sides of a story [if they still do try to do that] only the government-approved side.
Nothing would be said about Hillary Clinton's emails. These involve state secrets and upset many Democrats who run the Office of the President. Nothing could be said about what the Fed is going to do this month about raising interest rates. Every time the Fed has a meeting, the market jumps one way or another, and this is bad for stability. Nothing can be said about opposition candidates for an election to be held a year from this November, because these promote too much "speculation". We have decided to ban any discussion of any other party except the one in power. This creates harmony in the political process. We have banned discussions of illegal immigration since that is a crime and law enforcement will take care of crimes. There is not much crime here, so no point in manufacturing an issue where one does not exist. We banned stories on the terrorist attacks in Thailand that reference the religious nature of citizens who went there. We ban discussions of Uighurs in Thailand, except as they might relate to their terrorist actions against tourists.
This is all about harmony, and it is defined according to the country writing the rules. While I might disagree with the ACLU on most things, we can agree that censorship like this is not a good thing, though I might pay to see the restrictions on reporting on political candidates until we are closer to the election - say actually in 2016.
Nothing would be said about Hillary Clinton's emails. These involve state secrets and upset many Democrats who run the Office of the President. Nothing could be said about what the Fed is going to do this month about raising interest rates. Every time the Fed has a meeting, the market jumps one way or another, and this is bad for stability. Nothing can be said about opposition candidates for an election to be held a year from this November, because these promote too much "speculation". We have decided to ban any discussion of any other party except the one in power. This creates harmony in the political process. We have banned discussions of illegal immigration since that is a crime and law enforcement will take care of crimes. There is not much crime here, so no point in manufacturing an issue where one does not exist. We banned stories on the terrorist attacks in Thailand that reference the religious nature of citizens who went there. We ban discussions of Uighurs in Thailand, except as they might relate to their terrorist actions against tourists.
This is all about harmony, and it is defined according to the country writing the rules. While I might disagree with the ACLU on most things, we can agree that censorship like this is not a good thing, though I might pay to see the restrictions on reporting on political candidates until we are closer to the election - say actually in 2016.
Subscribe to:
Posts (Atom)