The arrest in China of Chang Xiaobing will hardly raise a ripple in the U.S. but it is something we should be paying attention to. The story is in every major financial newspaper because China reported it, given the publicly traded company's investment value. [see http://www.wsj.com/articles/china-telecom-head-detained-by-countrys-antigraft-regulator-1451218892 as an example ] A similar event in the U.S. would be like having the Chairman of the Board of AT&T arrested for public corruption. It would not be something we would miss.
There are two things about this particular arrest. First, unless you were sleeping for the past couple of years, it was hard to miss the number of arrests of public officials in China, most of them associated with the military. Very few of these are what we would call "criminal behavior", but the Chinese have no problem with labeling anything the Party is unhappy about as criminal. Xiaobing must have crossed swords with the wrong people along the way, and they would have to be way up there in the hierarchy of the Party. The three telecoms in China are managed by a special committee run by President Xi Jinping. He controls them very tightly and has quite a bit to say about how they are managed and controlled. He relies on the telecoms to enforce the new counter terror regulations which included both monitoring and "cooperating with investigations", a new term that means give up your encryption and give us back doors when we need one. These are not good for relations with foreign companies that must cooperate with these onerous rules.
Second, Xiaobing was the head of a state-sponsored enterprise, a business with quasi-independence but where the rules and policies of the company are set by the government. The government regulates it and manages it, something that doesn't work out very well anywhere. This is where the arrest of the Chairman of AT&T would be different. He runs a business responsive to the shareholders and the board, not the Democratic Party.
If nothing else, none of the telecoms are going to push back on the policies China has instituted. They make not like the affect it has on their customer relations, but they will be smiling and moving along.
Monday, December 28, 2015
Chinese Pass Backwards Towards Goal
The Chinese legislature, to nobody's great surprise, has passed the most unbelievable counter-terrorism law in recent memory. ABC News, in an AP story yesterday, [http://abcnews.go.com/International/wireStory/chinas-legislature-oks-controversial-anti-terrorism-law-35961983 ] says "They say it is troublesome that telecommunications companies and Internet service providers are required to share encryption keys and back-door access with the police and state security agents seeking to prevent terrorist activities or investigating terror acts." This essentially means no security from the Chinese Central Government and the Communist Party, a strategy that every corporate boardroom will be looking at, if it hasn't already. Nearly everybody has some business with China, and secrets they would like to keep that way. This legislation makes sure there will be none.
But, I feel so much better after reading this article which quotes the government spokesman, ""Relevant regulations in the anti-terrorism law will not affect the normal business operation of companies, and we do not use the law to set up 'back doors' to violate the intellectual property rights of companies," said Li Shouwei of the National People's Congress Standing Committee's legislative affairs commission.
But, I feel so much better after reading this article which quotes the government spokesman, ""Relevant regulations in the anti-terrorism law will not affect the normal business operation of companies, and we do not use the law to set up 'back doors' to violate the intellectual property rights of companies," said Li Shouwei of the National People's Congress Standing Committee's legislative affairs commission.
"The law will not damage people's freedom of speech or religion," Li said."
Today's Wall Street Journal has a similar article, but notes the language of the original draft was watered down, now "technical interfaces and technical support" for "terrorists and criminal" cases. That could prove difficult, since the Chinese have a way of making criminals out of people who were doing business in a way that puts their businesses at a disadvantage. All the assurances in the world are not going to help that situation..
Businesses that operate in China should be paying attention. There is no way to protect business information with this kind of attention being made to the internal IT of a company. If the Chinese government didn't use that information for its own benefit, it wouldn't be such a big deal, but they do. They can make all the right assurances, but they remind me of the assurances they made a few years ago that nobody in China was hacking businesses in the U.S.
Today's Wall Street Journal has a similar article, but notes the language of the original draft was watered down, now "technical interfaces and technical support" for "terrorists and criminal" cases. That could prove difficult, since the Chinese have a way of making criminals out of people who were doing business in a way that puts their businesses at a disadvantage. All the assurances in the world are not going to help that situation..
Businesses that operate in China should be paying attention. There is no way to protect business information with this kind of attention being made to the internal IT of a company. If the Chinese government didn't use that information for its own benefit, it wouldn't be such a big deal, but they do. They can make all the right assurances, but they remind me of the assurances they made a few years ago that nobody in China was hacking businesses in the U.S.
Wednesday, December 23, 2015
Maintenance Sanctions
The term the White House used to describe a continuing round of sanctions against Russia's Friends of Putin (FoP) is something new the realm of sanction making- "maintenance sanctions". It sounds like an apology for doing what Europe has already done, and what we have every justification in doing. The term used is just odd. It sounds like a State Department term, born out of political correctness, and not one that came from Treasury where the enforcement comes.
The sanctions are centered on three people, Gennady Timchenko and Boris and Arkady Rotenberg, who are supposed to be facilitating the moves to allow Russia to avoid the affects of sanctions. Give credit where credit is due; they have been doing a good job of it.
Timchenko was an FoP long before Russia invaded Crimea, belonging to the same judo club, playing hockey together, and establishing political ties in St Petersburg before Putin moved up the chain. Good business people do these kinds of things all the time, and that is how they get rich, which he did. The Wall Street Journal [ http://www.wsj.com/articles/u-s-money-laundering-probe-touches-putins-inner-circle-1415234261 ] reported his connection to a money laundering operation using transfers of oil from one country to another. Forbes puts his worth at around $13Billion so he probably is not traveling much where these sanctions would matter.
The Rotenbergs were also Judo club members and Putin sparing partners in St Petersburg, and also got into oil and gas. The both seemed to benefit less than Timchenko, but more than the average Russian on the street. [ http://www.forbes.com/profile/arkady-rotenberg/ ].
So, we cooperated with Russia on Syria, and they bombed allies of the coalition. We make sanctions on them, but add that they are just "maintenance" on the existing set. Even Europe is doing better. In the meantime, we do next to nothing to help the Ukraine where the real fighting is taking place. Maybe we should remember the reason for those sanctions was Russia's capture of Crimea, 10,425 square miles of land, south of the region where the fighting is taking place. This is about the same size as Massachusetts. When the Syrian shiny news object came along, most of the Washington crowd forgot about Crimea. That is why they do maintenance now.
The sanctions are centered on three people, Gennady Timchenko and Boris and Arkady Rotenberg, who are supposed to be facilitating the moves to allow Russia to avoid the affects of sanctions. Give credit where credit is due; they have been doing a good job of it.
Timchenko was an FoP long before Russia invaded Crimea, belonging to the same judo club, playing hockey together, and establishing political ties in St Petersburg before Putin moved up the chain. Good business people do these kinds of things all the time, and that is how they get rich, which he did. The Wall Street Journal [ http://www.wsj.com/articles/u-s-money-laundering-probe-touches-putins-inner-circle-1415234261 ] reported his connection to a money laundering operation using transfers of oil from one country to another. Forbes puts his worth at around $13Billion so he probably is not traveling much where these sanctions would matter.
The Rotenbergs were also Judo club members and Putin sparing partners in St Petersburg, and also got into oil and gas. The both seemed to benefit less than Timchenko, but more than the average Russian on the street. [ http://www.forbes.com/profile/arkady-rotenberg/ ].
So, we cooperated with Russia on Syria, and they bombed allies of the coalition. We make sanctions on them, but add that they are just "maintenance" on the existing set. Even Europe is doing better. In the meantime, we do next to nothing to help the Ukraine where the real fighting is taking place. Maybe we should remember the reason for those sanctions was Russia's capture of Crimea, 10,425 square miles of land, south of the region where the fighting is taking place. This is about the same size as Massachusetts. When the Syrian shiny news object came along, most of the Washington crowd forgot about Crimea. That is why they do maintenance now.
Tuesday, December 22, 2015
Criminal Behavior, Chinese Style
Businesses, at least for the last few years, have to worry about types of information they collect later being called state secrets. The Chinese do that after the fact, so it is good to be psychic. Now we have the added incentive to be both psychic and quiet about it - Pu Zhiqiang - a lawyer, and one of China's best known rights activists. This kind of legal work is not very well received in China, where crimes are more or less defined "as needed". He was charged with a crime that is difficult to recognize as criminal behavior, "inciting ethnic hatred" and "picking quarrels". He was in custody for 18 months before this sentence, a three-year suspended sentence with conditions of behavior, was announced. His real crime was posting seven messages on the Chinese equivalent of Twitter, criticizing China's ethic policies and blaming specific government officials for their incompetence.
This lowly crime is certainly worth punishment, usually carried out by the social media equivalent of a jury, not by the State Criminal Court system. The Chinese seem bent on criminalizing behavior they can't control and the two examples are far from extensive research on the subject. It is a corrupt system where incompetence is rewarded by political support for attacks against anyone who points out how stupid you are in the way you go about your business.
This lowly crime is certainly worth punishment, usually carried out by the social media equivalent of a jury, not by the State Criminal Court system. The Chinese seem bent on criminalizing behavior they can't control and the two examples are far from extensive research on the subject. It is a corrupt system where incompetence is rewarded by political support for attacks against anyone who points out how stupid you are in the way you go about your business.
The Kurds Can't Win Alone
During the early days of the current Iraq administration, the Kurds were not getting the money they were promised, were cut out of oil revenue sharing that they were supposed to get, and still fought without supplies that were routed through the central government and never seemed to get to where they were needed. The United States was partially responsible for that mess, though it didn't seem to have much influence over the guys in Baghdad.
That problem has not gone away, as a story in the Wall Street Journal reminds us [ Stingy Baghdad Harms the ISIS Fight, 20 December ]. The story says " Through no fault of its own, the Kurdish Regional Government (KRG) is unable to pay the salaries of its employees, including the famed Peshmerga fighting force." You would think that an army of fighters who have done pretty well against ISIS, the same enemy of the central government has, could put aside their differences long enough to fight them together, but that doesn't seem to have happened. More important, the Allied forces in Iraq haven't done a lot to get this show on the road by funding the Kurds directly, if necessary. The Iraq government seems to have adopted the view, held by Iran, that the Kurds are dangerous and should not be encouraged. That might be, as Pew Research points out, that only about 2% of them are Shia Muslims like our Iranian buddies.
I'm not sure we fought the Iraq war to make a religious statement to the world about the benefits of one Muslim group or another. Iraq seems to be making that distinction, not the people supporting this government. It follows Iran. We seem to have spent billions of dollars establishing a group of leaders who are not very good allies. This is what passes for democracy in the Middle East.
The Kurds cannot fight without resources. Turkey is in a quandary over this because trying to keep tabs on the various groups of Kurds, some fighting Turkey and some not, has not proven to be easy. Iran is not happy with the Kurds being strong in an area they are weak in and they certainly don't trust any of the Sunnis. When governments make decisions more on religious grounds than common sense, we get a tangled mess that benefits nobody. No wonder we have such a difficult time getting rid of these terrorists who live there..
That problem has not gone away, as a story in the Wall Street Journal reminds us [ Stingy Baghdad Harms the ISIS Fight, 20 December ]. The story says " Through no fault of its own, the Kurdish Regional Government (KRG) is unable to pay the salaries of its employees, including the famed Peshmerga fighting force." You would think that an army of fighters who have done pretty well against ISIS, the same enemy of the central government has, could put aside their differences long enough to fight them together, but that doesn't seem to have happened. More important, the Allied forces in Iraq haven't done a lot to get this show on the road by funding the Kurds directly, if necessary. The Iraq government seems to have adopted the view, held by Iran, that the Kurds are dangerous and should not be encouraged. That might be, as Pew Research points out, that only about 2% of them are Shia Muslims like our Iranian buddies.
I'm not sure we fought the Iraq war to make a religious statement to the world about the benefits of one Muslim group or another. Iraq seems to be making that distinction, not the people supporting this government. It follows Iran. We seem to have spent billions of dollars establishing a group of leaders who are not very good allies. This is what passes for democracy in the Middle East.
The Kurds cannot fight without resources. Turkey is in a quandary over this because trying to keep tabs on the various groups of Kurds, some fighting Turkey and some not, has not proven to be easy. Iran is not happy with the Kurds being strong in an area they are weak in and they certainly don't trust any of the Sunnis. When governments make decisions more on religious grounds than common sense, we get a tangled mess that benefits nobody. No wonder we have such a difficult time getting rid of these terrorists who live there..
As it Turns Out, No Donald
ISIS is not going to be showing videos of Donald Trump anytime soon. The idea that they care about the internal politics of the U.S. Is mostly fantasy invented by people who want to believe that everyone cares about our politics. Most of the people it is trying to reach probably don't know who he is and could care less if he runs or doesn't. If an errant bomb falls on a family in Syria, an ISIS propagandist will be there to make sure the blood of that child is clearly on camera. The Taliban did it almost every day with bombs falling on "wedding parties" and family gatherings, where everyone present was carrying an AK-47. It is, after all, a dangerous country and even a bride has to be protected.
This illusion is part of the psychological warfare that every country uses and groups like ISIS and the Taliban have picked up from them. They say, in a way, that these people are trying to live peaceful lives and some foreign power comes along and bombs them. Nothing could be further from the truth. The Taliban, Hizbollah, and ISIS have used the local populations of villages as hostages with the clear intent of making them targets. They won't let the hostages run, and the live among them as protection from the bombs. Israel has videos of Palastinians gathering on the rooftops of buildings so they wouldn't be bombed. These are people who intentionally used the only weapon they had to stop them. Those bombs are the great equalizer, something the Taliban and ISIS can't match. Groups who protest the air and drone strikes try to come off as a ground swell of popular uprising against foreigners who bomb them, when the signs they carry are clearly not made in the back room of some mud house where the video is shot.
If any of you actually believe ISIS cares one bit about who we elect as President, then look around at what they send out on social media. It isn't pretty stuff made in Hollywood. It isn't even that "slick" of a production. It is largely crude, barbaric rambling of psychotic killers. The few that aren't - real exceptions - are justification for killing others who don't believe the same way they do. Muslims are finding out that a good number of them are included.
Monday, December 21, 2015
China Tells U.S. To Give
The Chinese are usually subtle about making a point, but Bloomberg has an article today that describes a less than subtle approach to U.S. Objections to their spread of territory. [ See, David Tweed, China Tells U.S. To Stop Flexing Military Muscle in Asia, 21 December 2015 ] Wang Yi, China's Foreign Minister is lecturing the U.S. On how to behave in their foreign policy. Don't show off your military power; don't get to close to seas that China claims as its own; don't sell things to Taiwan. Objections noted.
So, the bottom line here is that China expects the United States to behave like they agree with China over their claim to the entire South China Sea, including those little islands where a B-52 wandered last week, and the big island of Taiwan. It doesn't occur to the Foreign Minister that the Chinese claim to an area 1000 miles from its shores doesn't carry much weight and should be ignored. When I wrote my first book five years ago, The Chinese Information War, they were already trying to in force claims that were not recognized by most of their neighbors in that region. They hadn't built up the Sprately Islands yet, but still told everyone they owned it. They haven't stopped claiming it; they haven't let up on the rhetoric; they haven't changed their approach to other countries that send ships and airplanes into the area, as a BBC crew did this year. They broadcast repeated warnings to anyone that gets close. They don't mind if others object to their view, but they will continue to claim the seas well beyond their territorial waters. They act surprised when anyone challenges their claims, usually by flying or floating through the area. They act like continuing to claim the area will eventually win out. They retaliate by sending ships into our territorial waters in Alaska. "There will be consequences" they say.
We really can't accept their claims, and the Chinese cannot enforce them. But the countries around the South China Sea are more affected than the U.S. These are ridiculous, unsupportable claims equivalent to Mexico laying claim to California territories they once owned. Countries other than just the U.S. Need to stand up to this kind of expansion. We should be sending hundreds of multinational planes and ships through that territory and universally ignoring their warnings. Let them figure out one day that the rest of the world doesn't follow China just because it says we should.
So, the bottom line here is that China expects the United States to behave like they agree with China over their claim to the entire South China Sea, including those little islands where a B-52 wandered last week, and the big island of Taiwan. It doesn't occur to the Foreign Minister that the Chinese claim to an area 1000 miles from its shores doesn't carry much weight and should be ignored. When I wrote my first book five years ago, The Chinese Information War, they were already trying to in force claims that were not recognized by most of their neighbors in that region. They hadn't built up the Sprately Islands yet, but still told everyone they owned it. They haven't stopped claiming it; they haven't let up on the rhetoric; they haven't changed their approach to other countries that send ships and airplanes into the area, as a BBC crew did this year. They broadcast repeated warnings to anyone that gets close. They don't mind if others object to their view, but they will continue to claim the seas well beyond their territorial waters. They act surprised when anyone challenges their claims, usually by flying or floating through the area. They act like continuing to claim the area will eventually win out. They retaliate by sending ships into our territorial waters in Alaska. "There will be consequences" they say.
We really can't accept their claims, and the Chinese cannot enforce them. But the countries around the South China Sea are more affected than the U.S. These are ridiculous, unsupportable claims equivalent to Mexico laying claim to California territories they once owned. Countries other than just the U.S. Need to stand up to this kind of expansion. We should be sending hundreds of multinational planes and ships through that territory and universally ignoring their warnings. Let them figure out one day that the rest of the world doesn't follow China just because it says we should.
Sunday, December 20, 2015
Russian Covert Forces in Syria
So, how do the Russians keep the number of troops down in Syria, covering their losses when an errant bomb falls on them? They use a couple of methods, outlined in my last book, The New Cyberwar, that are similar to those used in Ukraine to be able to deny (until very recently) that regular army troops were supporting the rebellion. For you Star Wars fans, they were not the good guys in this story.
The Russians first deny that any deaths have occurred. Mothers do not find out their sons have died; they just don't get any letters from them anymore. In some cases, they did allow closed ceremonies for covert forces and these were not covered in the press. Some people took videos and leaked one such story to the New York Times. In other cases, they pretend these people do not exist. They went over for "vacation" and decided to stay. One person, discovered by the Ukraine government, had six I'd cards in different names, one of them from Russian Special Forces. Not the brightest bulb on the planet to be carrying his special forces ID with him.
In a story last week in the Wall Street Journal [http://www.wsj.com/articles/up-to-nine-russian-contractors-die-in-syria-experts-say-1450467757 ] we find that nine contractors were killed when a mortar round fell on them. The story goes on to say, "The incident, experts say, shows how Russia has used contractors to perform quasi-military tasks, avoiding the political repercussions of deploying uniformed troops—and steering clear of the domestic concerns that come with the deaths of soldiers."
It is a sad commentary on a country that does not only not honor its dead, it denies them. Even the CIA puts stars on the wall at the Headquarters. They may not carry a name, but the dead are honored in way everyone understands.
The Russians first deny that any deaths have occurred. Mothers do not find out their sons have died; they just don't get any letters from them anymore. In some cases, they did allow closed ceremonies for covert forces and these were not covered in the press. Some people took videos and leaked one such story to the New York Times. In other cases, they pretend these people do not exist. They went over for "vacation" and decided to stay. One person, discovered by the Ukraine government, had six I'd cards in different names, one of them from Russian Special Forces. Not the brightest bulb on the planet to be carrying his special forces ID with him.
In a story last week in the Wall Street Journal [http://www.wsj.com/articles/up-to-nine-russian-contractors-die-in-syria-experts-say-1450467757 ] we find that nine contractors were killed when a mortar round fell on them. The story goes on to say, "The incident, experts say, shows how Russia has used contractors to perform quasi-military tasks, avoiding the political repercussions of deploying uniformed troops—and steering clear of the domestic concerns that come with the deaths of soldiers."
It is a sad commentary on a country that does not only not honor its dead, it denies them. Even the CIA puts stars on the wall at the Headquarters. They may not carry a name, but the dead are honored in way everyone understands.
Friday, December 18, 2015
OPM Apocalypse II
I have been reading the OPM Inspector General FISMA Report from November 2015, only one month ago. It almost seems like something written for the TV series The Twilight Zone, where reality never seemed to be quite what you expected or could imagine from past experience. OPM is a disaster waiting to happen - again - and nobody in the Federal government seems able to stop it or even slow down the train that led to the compromise of 24 million security clearance records.
OPM still has the same kinds of problems that allowed the Chinese to steal those records, but puts on a face that says they have corrected most of the things that allowed that to be done. So, do we believe what OPM's leadership says, or what the IG says? Had we listened to the the IG in 2012, 2013, or 2014 there is some chance that the theft of data might not have occurred. Can we do this again and still feel good about it? Obviously, OPM thinks it can.
There are some glaring deficiencies in OPM that make it a constant target, but ignoring them will not make them go away:
1. The IG says that 23 systems continue to operate without Authorization. What that really means is that OPM leadership does not want to take the risk of putting their name on anything that might come back to bite them. It reminds me of the IRS, when the CIO was briefed on the vulnerabilities of electronic filing - before it started - and he dropped the report on his desk and said, "I've heard of that. Give that to [one of his assistants] to read." The systems continue to operate without approval.
2. Remedial action is not being carried out where deficiencies have been noted. This is a trick many agencies use. They don't record the actions required to fix a problem so they can't be cited for not doing those things.
3. The systems still aren't being properly monitored for intrusions:
OPM does not have a mature continuous monitoring program, nor established a baseline that is needed to assess one.
The OCIO has implemented an agency-wide information system configuration management policy; however, configuration baselines have not been created for all operating platforms. Also, all operating platforms are not routinely scanned for compliance with configuration baselines.
We are unable to independently attest that OPM has a mature vulnerability scanning program. I kind of wonder about this since OPM IG has access to most of the people in the organization and we have to wonder why they can't find out if such a program exists...
Multi-factor authentication is not required to access OPM systems in accordance with OMB memorandum M-11-11.
OPM has established an Enterprise Network Security Operations Center that is responsible for incident detection and response.
OPM has not fully established a Risk Executive Function.
These are basic things that do not require a PhD to implement, nor a lot of time, yet from one year to the next OPM has the same identified set of problems. The only difference is they have had an identified hack since then. Any normal person would think that would cause an effort to try to correct some of the more egregious ones like not have 2-factor authentication or not doing security scanning. Perhaps the next thing that should be done is get the damned security records out of the hands of OPM and put them back in DoD where they came from.
OPM still has the same kinds of problems that allowed the Chinese to steal those records, but puts on a face that says they have corrected most of the things that allowed that to be done. So, do we believe what OPM's leadership says, or what the IG says? Had we listened to the the IG in 2012, 2013, or 2014 there is some chance that the theft of data might not have occurred. Can we do this again and still feel good about it? Obviously, OPM thinks it can.
There are some glaring deficiencies in OPM that make it a constant target, but ignoring them will not make them go away:
1. The IG says that 23 systems continue to operate without Authorization. What that really means is that OPM leadership does not want to take the risk of putting their name on anything that might come back to bite them. It reminds me of the IRS, when the CIO was briefed on the vulnerabilities of electronic filing - before it started - and he dropped the report on his desk and said, "I've heard of that. Give that to [one of his assistants] to read." The systems continue to operate without approval.
2. Remedial action is not being carried out where deficiencies have been noted. This is a trick many agencies use. They don't record the actions required to fix a problem so they can't be cited for not doing those things.
3. The systems still aren't being properly monitored for intrusions:
OPM does not have a mature continuous monitoring program, nor established a baseline that is needed to assess one.
The OCIO has implemented an agency-wide information system configuration management policy; however, configuration baselines have not been created for all operating platforms. Also, all operating platforms are not routinely scanned for compliance with configuration baselines.
We are unable to independently attest that OPM has a mature vulnerability scanning program. I kind of wonder about this since OPM IG has access to most of the people in the organization and we have to wonder why they can't find out if such a program exists...
Multi-factor authentication is not required to access OPM systems in accordance with OMB memorandum M-11-11.
OPM has established an Enterprise Network Security Operations Center that is responsible for incident detection and response.
OPM has not fully established a Risk Executive Function.
These are basic things that do not require a PhD to implement, nor a lot of time, yet from one year to the next OPM has the same identified set of problems. The only difference is they have had an identified hack since then. Any normal person would think that would cause an effort to try to correct some of the more egregious ones like not have 2-factor authentication or not doing security scanning. Perhaps the next thing that should be done is get the damned security records out of the hands of OPM and put them back in DoD where they came from.
Thursday, December 17, 2015
Using Personal Email for Government Business
Government people were using personal email for government business the day after email was invented. We have a former Secretary of State, running for President, who set up a server to do it from her basement, and a Secretary of Defense who did it for several months - as we found out yesterday. The difference between people who used to do it, and people who do it now, should be obvious to anyone. Hackers were not that prevalent in the early days of email. Today is different.
We are missing something from these high offices - security education. Our security folks are lazy and think sending around a note or an email will suffice to get the attention of an executive who gets 1000 of them a day. If that person finds the email, they have other priorities that keep them from reading it. These kinds of briefings have to be in person, and have to have a credible threat briefing that tells individuals why they shouldn't be using private emails, unless they want those emails to be read by many groups of foreign intelligence, hacker gangs, and kids in the neighborhood with nothing much else to do. We used to read that email and take it in for the leader to see. That was ethical hacking for a purpose. Nobody seems to do that anymore.
This is partly policy, since a few people in State knew what was going on but didn't notice that there was no policy prohibiting the use of personal email for government business. Why there has to be such a policy is a mystery, since presumably we are putting smart people in these positions and they should know better. However, for the sake of appearances, there should be a policy for those who think they can do anything if there is no prohibition against it. It is a flaw in our policy that allows that belief. We should not have to tell every person in a position of trust and leadership what they can and cannot do. As we know, they will do what they want, policy or no policy, so having one that is ignored is no better than not having one. It is just an excuse for being careless.
They are out of excuses for this kind of behavior. We should not accept any. Leaders, in the White House, at the Secretary levels of government, in the military, and all the other places who should no better, should not be allowed any excuses. No email for government business. We spend millions of dollars to make a system they can use to communicate with one another, but they use something else. If that something else is secure, stop spending the money on all those systems. Get contracts with Something Else and start using it. No excuses.
We are missing something from these high offices - security education. Our security folks are lazy and think sending around a note or an email will suffice to get the attention of an executive who gets 1000 of them a day. If that person finds the email, they have other priorities that keep them from reading it. These kinds of briefings have to be in person, and have to have a credible threat briefing that tells individuals why they shouldn't be using private emails, unless they want those emails to be read by many groups of foreign intelligence, hacker gangs, and kids in the neighborhood with nothing much else to do. We used to read that email and take it in for the leader to see. That was ethical hacking for a purpose. Nobody seems to do that anymore.
This is partly policy, since a few people in State knew what was going on but didn't notice that there was no policy prohibiting the use of personal email for government business. Why there has to be such a policy is a mystery, since presumably we are putting smart people in these positions and they should know better. However, for the sake of appearances, there should be a policy for those who think they can do anything if there is no prohibition against it. It is a flaw in our policy that allows that belief. We should not have to tell every person in a position of trust and leadership what they can and cannot do. As we know, they will do what they want, policy or no policy, so having one that is ignored is no better than not having one. It is just an excuse for being careless.
They are out of excuses for this kind of behavior. We should not accept any. Leaders, in the White House, at the Secretary levels of government, in the military, and all the other places who should no better, should not be allowed any excuses. No email for government business. We spend millions of dollars to make a system they can use to communicate with one another, but they use something else. If that something else is secure, stop spending the money on all those systems. Get contracts with Something Else and start using it. No excuses.
Wednesday, December 16, 2015
A Russian Jihadi
We have another case of a person cutting the throat of another human being and saying it is for a good cause. It is hard to understand how this kind of behavior is supposed to get a person into heaven, or why ISIS followers of Islam find it an attractive thing to do. This time, the spokesman is Russian and speaking to the many Russians living and working in that country, most of whom are Christians. [ http://www.wsj.com/articles/russia-grapples-with-its-own-jihadi-john-as-moscow-steps-up-role-in-syria-1450175412 ]
We can always tell who is hurting ISIS by the people it singles out for death. The Russians bombing campaign is having an effect, though it was not what they advertised it to be. They said they were going after ISIS, but they bombed people who were fighting against Assad, most having nothing to do with ISIS. It would seem that ISIS must be hurt by these air strikes or they wouldn't have reacted the way they did.
This guy is one of many killers trained by ISIS to slaughter helpless people in an up-close-and-personal kind of attack. You almost never see ISIS attack an armed individual, though they do show a video of blowing up a truck now and again, and there might be armed people in that truck - maybe not.
It is a curiosity that ISIS only shows the killing of unarmed people, bound and helpless. It is unlikely that this image is the one it wants to convey to the world, but it is the reason why thousands of people evacuate the territories that ISIS holds. Being neutral will not help you avoid being killed. Being innocent will not help you. No group, trying to be a country, has ever been successful with this kind of strategy applied to its population.
We can always tell who is hurting ISIS by the people it singles out for death. The Russians bombing campaign is having an effect, though it was not what they advertised it to be. They said they were going after ISIS, but they bombed people who were fighting against Assad, most having nothing to do with ISIS. It would seem that ISIS must be hurt by these air strikes or they wouldn't have reacted the way they did.
It is a curiosity that ISIS only shows the killing of unarmed people, bound and helpless. It is unlikely that this image is the one it wants to convey to the world, but it is the reason why thousands of people evacuate the territories that ISIS holds. Being neutral will not help you avoid being killed. Being innocent will not help you. No group, trying to be a country, has ever been successful with this kind of strategy applied to its population.
Russian Sanctions to Continue
There was a short reminder from Europe that people don't forget what the Russians did in Crimea or Ukraine. Laurence Norman, in short Wall Street Journal article, says Europe has decided to continue its sanctions against Russian banks, largely because they don't feel the Russians have done much to improve the situation. They still support their Russian speaking allies in the eastern part of Ukraine, and have not changed their stance on Crimea, holding onto it like it was part of Russia, and digging in for the long haul. It will be trouble for them for a long time.
The Russians always act like the next news story is not very far away. That shiny object will change the world's views of their actions and make the world public forget that anything ever happened. Russian news services rack up the stories, when it is in their interest, but stop them when necessary.
We need to be a little more like Europe and look at the long run of events. The Russians are not going to stop meddling in Ukraine's politics, feeding arms to the rebels, or throwing gasoline on any crisis they can manufacture there.
The Russians always act like the next news story is not very far away. That shiny object will change the world's views of their actions and make the world public forget that anything ever happened. Russian news services rack up the stories, when it is in their interest, but stop them when necessary.
We need to be a little more like Europe and look at the long run of events. The Russians are not going to stop meddling in Ukraine's politics, feeding arms to the rebels, or throwing gasoline on any crisis they can manufacture there.
Tuesday, December 15, 2015
China Builds Resentment in South China Sea
I guess I missed the 2014 riots in Vietnam that burned down over 100 Chinese manufacturing facilities, large and small. We have heard next to nothing about it since then, largely due to press controls by China. There was a short piece on the evacuation of 3000+ Chinese citizens from Vietnam in the latest U.S. China Economic and Security Review Commission annual report to Congress, and it kind of made me wonder why the Chinese would have to evacuate its citizens from a country that was supposed to be friends with China. This kind of thing happens all the time to the U.S. but not China.
A country doesn't evacuate it citizens unless there is a real risk something bad will happen to them. Reports in the Financial Times [http://www.ft.com/intl/cms/s/0/251f27a2-de4c-11e3-9640-00144feabdc0.html#axzz3uObULUwO ] and The Wall Street Journal [ http://www.wsj.com/articles/behind-vietnams-anti-china-riots-a-tinderbox-of-wider-grievances-1403058492 ] are pretty illuminating. Bad things might have happened, if the Vietnamese government hadn't stepped in. Three people were killed and a good many businesses burned down, not all of them from the mainland. Taiwan and China suffered equally, as did South Korea. However, we did not see a report of evacuation of their citizens. Once mobs gets started, they sometimes fail to see the differences between friends and enemies.
These events had economic roots, but not the kind one associates with manufacturing in foreign territories, where labor costs, working conditions, and competition from foreign immigrants is enough to get people excited. This was, at least on the surface, about something else - an oil platform the Chinese put in the South China Sea, where Vietnam laid claim to the waters it was floating on. We rarely have riots in the streets over something like that, and we can be pretty sure the Vietnamese rarely do either. They haven't stopped being one of the few remaining Communist Party led countries of the world. China is another. Oil separates politics pretty fast.
Sentiment must have run deeper than just an oil platform to have riots requiring the evacuation of citizens of China. Maybe some of them remember that the Chinese and Vietnamese fought a short war over boundary issues in the North, right after our withdrawal from there. They don't forget as quickly as we do. Maybe the cultures clashed a little bit more than they want to say. Maybe they really are upset that the Chinese would stake a claim to territories long considered to be owned by Vietnam. If so, there will be more to come. In a news special, the BBC sent a small private aircraft over one of the South China Sea islands where the Chinese had been doing a lot of construction. They were repeatedly warned about their penetration of Chinese airspace. The more frequent the warnings the more nervous the flight crew became. The same warnings were given over and over. The Chinese don't seem to care that other countries find their claims dubious and disturbing. It will come to a bad end one day, and the kinds of happenings that led up to the evacuation of their business leaders from Vietnam are just the beginning.
A country doesn't evacuate it citizens unless there is a real risk something bad will happen to them. Reports in the Financial Times [http://www.ft.com/intl/cms/s/0/251f27a2-de4c-11e3-9640-00144feabdc0.html#axzz3uObULUwO ] and The Wall Street Journal [ http://www.wsj.com/articles/behind-vietnams-anti-china-riots-a-tinderbox-of-wider-grievances-1403058492 ] are pretty illuminating. Bad things might have happened, if the Vietnamese government hadn't stepped in. Three people were killed and a good many businesses burned down, not all of them from the mainland. Taiwan and China suffered equally, as did South Korea. However, we did not see a report of evacuation of their citizens. Once mobs gets started, they sometimes fail to see the differences between friends and enemies.
These events had economic roots, but not the kind one associates with manufacturing in foreign territories, where labor costs, working conditions, and competition from foreign immigrants is enough to get people excited. This was, at least on the surface, about something else - an oil platform the Chinese put in the South China Sea, where Vietnam laid claim to the waters it was floating on. We rarely have riots in the streets over something like that, and we can be pretty sure the Vietnamese rarely do either. They haven't stopped being one of the few remaining Communist Party led countries of the world. China is another. Oil separates politics pretty fast.
Sentiment must have run deeper than just an oil platform to have riots requiring the evacuation of citizens of China. Maybe some of them remember that the Chinese and Vietnamese fought a short war over boundary issues in the North, right after our withdrawal from there. They don't forget as quickly as we do. Maybe the cultures clashed a little bit more than they want to say. Maybe they really are upset that the Chinese would stake a claim to territories long considered to be owned by Vietnam. If so, there will be more to come. In a news special, the BBC sent a small private aircraft over one of the South China Sea islands where the Chinese had been doing a lot of construction. They were repeatedly warned about their penetration of Chinese airspace. The more frequent the warnings the more nervous the flight crew became. The same warnings were given over and over. The Chinese don't seem to care that other countries find their claims dubious and disturbing. It will come to a bad end one day, and the kinds of happenings that led up to the evacuation of their business leaders from Vietnam are just the beginning.
Monday, December 14, 2015
Homeland Security Bomb
I had experience with Homeland Security over the years, and always thought they were the least efficient government agency in existence, but they have managed to strike bottom at the Government Oversight Committee hearings.
Government agencies know how to testify at hearings. Anyone who does it gets a briefing on how to behave and answer questions. The information witnesses prepare is carefully gone over and reviewed all the way up to the agency head. Nobody testifies on anything without the senior leadership of the agency knowing what is going to be said.
Jim Jordan, asking questions about the Visa Waiver Program: “Ms. Burriesci, I’ve asked you the number of Americans that have travelled to Syria — you don’t know; the number of Americans that may have travelled and returned — you don’t know; the number of Syrian refugees who have entered the country in the last year — you don’t know; the number of Visa Waiver Program overstays — you don’t know; the number of visa waiver overstays who may have been to Syria before they came here — you don’t know; and the number of American citizens on the no-fly list — and you don’t know.”
We worry about such things, of course, because we have weak border controls and we allow potential terrorists to enter, stay without being removed, go to sanctuary cities and avoid removal, without the slightest bit of oversight. This is what Congress is supposed to do - find out what policies are actually enabled, and make recommendations as to what to do about those that are not. In this case [https://oversight.house.gov/hearing/terrorism-and-the-visa-waiver-program/ ] instead of making everyone feel better about what the government is doing to protect them, we find that not much is being done, the witnesses were ill prepared to talk to major portions of the issues, and we could have any number of people who came on visas and never left. That made me very uncomfortable. Do I feel safer now? No. Do I think our government is on top of immigration and terror screening? No. Do I think Homeland is going to be improving this situation in the near future? Not likely.
Government agencies know how to testify at hearings. Anyone who does it gets a briefing on how to behave and answer questions. The information witnesses prepare is carefully gone over and reviewed all the way up to the agency head. Nobody testifies on anything without the senior leadership of the agency knowing what is going to be said.
Jim Jordan, asking questions about the Visa Waiver Program: “Ms. Burriesci, I’ve asked you the number of Americans that have travelled to Syria — you don’t know; the number of Americans that may have travelled and returned — you don’t know; the number of Syrian refugees who have entered the country in the last year — you don’t know; the number of Visa Waiver Program overstays — you don’t know; the number of visa waiver overstays who may have been to Syria before they came here — you don’t know; and the number of American citizens on the no-fly list — and you don’t know.”
We worry about such things, of course, because we have weak border controls and we allow potential terrorists to enter, stay without being removed, go to sanctuary cities and avoid removal, without the slightest bit of oversight. This is what Congress is supposed to do - find out what policies are actually enabled, and make recommendations as to what to do about those that are not. In this case [https://oversight.house.gov/hearing/terrorism-and-the-visa-waiver-program/ ] instead of making everyone feel better about what the government is doing to protect them, we find that not much is being done, the witnesses were ill prepared to talk to major portions of the issues, and we could have any number of people who came on visas and never left. That made me very uncomfortable. Do I feel safer now? No. Do I think our government is on top of immigration and terror screening? No. Do I think Homeland is going to be improving this situation in the near future? Not likely.
Friday, December 11, 2015
Anonymous Attacks Trump
Well, it wasn't much, but it was something. In today's The Hill, we find a denial of service attack directed at the Trump Towers website. Anonymous claims it was because Trump spoke out against Muslims. How this helps that situation is a mystery. Their work with exposing ISIS accounts, which will pick up again this weekend, is much more valuable in the scheme of things.
Anonymous is described as "an activist group" but The Hill, which is a better assessment than those claiming it is an anarchist group. Anonymous tries to do things that governments could not do, even though they would probably like to now and again.
Anonymous is described as "an activist group" but The Hill, which is a better assessment than those claiming it is an anarchist group. Anonymous tries to do things that governments could not do, even though they would probably like to now and again.
The Bell-Shaped Curve of Terror
Years ago, I met Dr. John Carroll, a Canadian author of the first book I ever read on computer security (1972). He mentioned something in another of his articles about the bell-shaped curve of people in computer crime. Out of every population, there are a certain proportion of people (about 5%) who will not follow rules, even if they know what they are required to do. A subset of those will become criminals. If you think about this as a principle of human nature, it can be applied to the population of terrorists. This kind of takes religion out of the equation.
In all the world, there are a small percentage of people who are pathological killers. It is a small subset of criminals. They will use a handy excuse to kill and savage people who are not strong enough to defend themselves. They rape, kill, demean, and dominate others - the enforcers of any kind of label we want to put on the dominating group. Gangs have them. Countries employ them. Religious groups use them. People who use them, can train them to be better at their job and give them justification to help them sleep at night.
Along the curve, there are people who tolerate this kind of behavior just to be comfortable where they are. To survive, they may have to. There are people who use this kind of person for their own benefit, but stay away from enforcement so they don't get their hands dirty; this includes a group of folks financing their operations. There are people who object to their behavior but can't do anything about what they are doing. There are people who actively fight them.
What we need to do is keep our perspective on who the enemy might be. It isn't all Russians, all Uighurs, all Muslims, or all of any population. We should develop support for those who want behave in a way that is consistent with our objectives. They don't have to fight our enemies, but we need to discourage those on the sidelines from supporting them. We have to encourage those who object to the behavior of our enemies, describe what is objectionable, and expose the logic. We have to help those who are actively fighting.
We seem to be treating our friends and enemies the same, when our enemies are a very small part of a large population of good guys. An equal effort to support our friends and isolate our enemies would seem to work better than what we are doing now.
In all the world, there are a small percentage of people who are pathological killers. It is a small subset of criminals. They will use a handy excuse to kill and savage people who are not strong enough to defend themselves. They rape, kill, demean, and dominate others - the enforcers of any kind of label we want to put on the dominating group. Gangs have them. Countries employ them. Religious groups use them. People who use them, can train them to be better at their job and give them justification to help them sleep at night.
Along the curve, there are people who tolerate this kind of behavior just to be comfortable where they are. To survive, they may have to. There are people who use this kind of person for their own benefit, but stay away from enforcement so they don't get their hands dirty; this includes a group of folks financing their operations. There are people who object to their behavior but can't do anything about what they are doing. There are people who actively fight them.
What we need to do is keep our perspective on who the enemy might be. It isn't all Russians, all Uighurs, all Muslims, or all of any population. We should develop support for those who want behave in a way that is consistent with our objectives. They don't have to fight our enemies, but we need to discourage those on the sidelines from supporting them. We have to encourage those who object to the behavior of our enemies, describe what is objectionable, and expose the logic. We have to help those who are actively fighting.
We seem to be treating our friends and enemies the same, when our enemies are a very small part of a large population of good guys. An equal effort to support our friends and isolate our enemies would seem to work better than what we are doing now.
Thursday, December 10, 2015
Crimea Goes Dark
A lot of bad things happen in the Ukraine, where the Russians and Ukrainians spar regularly, but two weeks ago Crimea was in the news for being without power. People unknown blew up the power tranmission lines heading from Ukraine into Crimea. Let's see, who might benefit from that? It is getting colder there now, and the repairs have only just begun. It isn't slow response that delays them, the Ukrainian Tartars were not allowing the repairs to be done. It isn't much, but there may be more to come.
The pictures we see from Crimea are children who look cold, and are definitely not in schools. The Russian news outlets are flooded with them. You can bet the big naval base at Sevastopol isn't without electricity. The Russians are fighting to maintain that base and access to the Black Sea, the same way they fight for Syrian bases in the Mediterranean. Putin is not giving up anything that helps him project his power into the oceans of the world.
There is a certain justice here. Ukraine has been through a lot with Russia over the past years, and had their energy supplies cut off three times, once in the middle of winter, because they politically didn't agree with Russia which supplied gas to them. Russia took Crimea without a fight, knowing that a good deal of its support came from the Ukraine. The Russians started working on power supplies and telecommunications infrastructure almost in the first week of occupation. That is not something done in a day. The Russians will be exposed to these kinds of annoyances for a long time. I doubt that they have seen the last of this kind of thing, but we have comfort in knowing that the fire the Russians started in Ukraine is not going out anytime soon.
The pictures we see from Crimea are children who look cold, and are definitely not in schools. The Russian news outlets are flooded with them. You can bet the big naval base at Sevastopol isn't without electricity. The Russians are fighting to maintain that base and access to the Black Sea, the same way they fight for Syrian bases in the Mediterranean. Putin is not giving up anything that helps him project his power into the oceans of the world.
There is a certain justice here. Ukraine has been through a lot with Russia over the past years, and had their energy supplies cut off three times, once in the middle of winter, because they politically didn't agree with Russia which supplied gas to them. Russia took Crimea without a fight, knowing that a good deal of its support came from the Ukraine. The Russians started working on power supplies and telecommunications infrastructure almost in the first week of occupation. That is not something done in a day. The Russians will be exposed to these kinds of annoyances for a long time. I doubt that they have seen the last of this kind of thing, but we have comfort in knowing that the fire the Russians started in Ukraine is not going out anytime soon.
Wednesday, December 9, 2015
The Language of ISIS
The indictment of an Akron Ohio man gives us some idea of the language ISIS uses to motivate its charges to kill: "O Brothers in America, know that the jihad against the crusaders is not limited to the lands of the Khilafah, it is a world-wide jihad and their war is not just a war against the Islamic State, it is a war against Islam…Know that it is wajib (translated to “necessary”) for you to kill these kuffar! and now we have made it easy for you by giving you addresses, all you need to do is take the final step, so what are you waiting for? Kill them in their own lands, behead them in their own homes, stab them to death as they walk their streets thinking that they are safe…”
It seems like this kind of language, extracted from Tumblr, is exactly what is wrong with social media. This is incitement to murder. It included addresses of military personnel. No social media outlet allows this kind of material to be posted on line, but our social media are having difficulties keeping up with changing accounts and the volume of material. Maybe they aren't trying hard enough.
We have technology companies who can allow millions of people to communicate in hundreds of different languages, in almost every country in the world, but they don't have search engines to help them find this kind of material inside their own networks. If they can't police their own content, they will eventually get help doing it. This is not a free speech issue, and it will haunt them until they do something about it.
It seems like this kind of language, extracted from Tumblr, is exactly what is wrong with social media. This is incitement to murder. It included addresses of military personnel. No social media outlet allows this kind of material to be posted on line, but our social media are having difficulties keeping up with changing accounts and the volume of material. Maybe they aren't trying hard enough.
We have technology companies who can allow millions of people to communicate in hundreds of different languages, in almost every country in the world, but they don't have search engines to help them find this kind of material inside their own networks. If they can't police their own content, they will eventually get help doing it. This is not a free speech issue, and it will haunt them until they do something about it.
Missiles and Nuclear Material in Iran
Jay Solomon has a couple of articles in the Wall Street Journal that show the quandary the U.S. is in with Iran. They tested medium range missiles with a range of 1200 miles (medium is a relative term in the Middle East where distances are short compared to ballistic missiles flying across an ocean) and the U.S. is trying to help them dispose of nuclear material they already have on hand by moving it over to Kazakhstan. We have to wonder what makes it safer there than in Iran, but that is another matter. This matter is one of trying to help a country comply with a nuclear agreement, when it clearly wants to develop a delivery mechanism that would make having a bomb more dangerous. [Iran, U.S. Seek Deal to Send Enriched Uranium to Kazakhstan (updated 8 Dec 2015) & Iran Test-fires Another Missile, U.S. Says (8 Dec 2015)]
The U.N. has not done much of anything about the missile testing which is a violation of resolutions on Iran, a good clue about how they might respond to violations of others. Fox News says this violates two United Nations Security Council resolutions and is an attempt to improve accuracy of the missiles.
With so many countries invested in a dubious agreement with Iran to delay the building of a bomb, it would be difficult to act against them without the approval of the Russians and Chinese. Good luck with that. Maybe the Russians could benefit from the knowledge that Moscow is almost in range of that newly tested missile.
The U.N. has not done much of anything about the missile testing which is a violation of resolutions on Iran, a good clue about how they might respond to violations of others. Fox News says this violates two United Nations Security Council resolutions and is an attempt to improve accuracy of the missiles.
With so many countries invested in a dubious agreement with Iran to delay the building of a bomb, it would be difficult to act against them without the approval of the Russians and Chinese. Good luck with that. Maybe the Russians could benefit from the knowledge that Moscow is almost in range of that newly tested missile.
Manufacturing Criminals
The Russians know how to hurt a guy. In today's Wall Street Journal is a small piece about the Russians bringing charges on Mikhail Khodorkovsky, once Russia's richest billionaire, driven out of the country by charges that kept him in jail for the middle part of his life. He decided to run against Vladimir Putin in an election and Putin is not one to tolerate that. The way out of any predicament is to make a criminal of your enemy.
In my last book, The New Cyberwar, I used the two cases of Ihor Kolomoyski and Ukrainian Interior Minister, Arsen Avakov who were charged in absentia, just as Khodorkovsky is now. These two are from Ukraine, and were criminalized on trumped-up charges, just as he has been. Avadov was charged with "the use of banned ways and methods of warfare", a term that comes from the International Committee of the Red Cross and treaties on the use of war materials that cause unnecessary suffering. The Russians made posters of these two, one showing Avadov as an evil cartoon character much like the two-faced character in Batman. Criminalizing them accomplishes a couple of things: first, a person will not be able to go back to Russia and his property can be confiscated; second, the Russians can issue a criminal warrant for his arrest and file it with Interpol. Anyone knowing such a thing had been done, would be careful to not travel to one of Russia's allies where extradition could take place. This limits travel and the ability to do business with almost any friends a person might have in Russia. Khodorkovsky, who lives in Switzerland now, probably could care less about that, but grudges go deep in Russia and don't go away when the problem leaves the country. He won't be allowed to completely forget. Some of Putin's enemies have not faired as well, so he may consider himself lucky.
Tuesday, December 8, 2015
Syrian Refugees
While the U.S. debates how many Syrian refugees it might take (and when), the numbers in Germany are staggering. The totals were posted in the Wall Street Journal today and they show almost 485,000 in 2015, but that isn't reflective of the whole. They also had 127,00 Afghans , 93,000 from Iraq, and some others from Kosovo. The population of Germany is 83,000,000 and they are putting over half a million people from some of the most war-torn parts of the world into their economy. So, I wonder what the people of the U.S. would say if the President decided to bring in half a million refugees?
Russians Bypassing Ukraine with Pipeline
Ukraine called for the EU to stop the underwater natural gas pipeline (Nord Stream II) from Russia to Germany [see map]. The Russians have long wanted to avoid transiting the Ukraine with their natural gas and have shut it off a few times to make life miserable for people living there. They did it once in January, just to make a point during a national election. If the Nord II pipeline continues, they will be in a position to cut off the Ukraine again and not affect their biggest clients in the European Union. That will not be good for Ukraine.
The problem is the EU gets the majority of its natural gas from Russia. We would think they would want to get other sources for it, to reduce the dependence on a country that has repeatedly used energy as a weapon of political persuasion. The Russians continue to pressure Ukraine with the debt for unpaid gas bills brought about when their hand-picked leader had to run away from a mess he created. The negotiated debt for natural gas was reduced by Russia just prior to his departure, but after he left, the debt rose dramatically when Gazprom, the Russian energy company, recalculated the amount of the debt. Only a fool would think the Russians won't manipulate the EU with pricing and availability. In some circles, this is called economic extortion. The Russians don't mind playing that game; they are just not very subtle about it.
The problem is the EU gets the majority of its natural gas from Russia. We would think they would want to get other sources for it, to reduce the dependence on a country that has repeatedly used energy as a weapon of political persuasion. The Russians continue to pressure Ukraine with the debt for unpaid gas bills brought about when their hand-picked leader had to run away from a mess he created. The negotiated debt for natural gas was reduced by Russia just prior to his departure, but after he left, the debt rose dramatically when Gazprom, the Russian energy company, recalculated the amount of the debt. Only a fool would think the Russians won't manipulate the EU with pricing and availability. In some circles, this is called economic extortion. The Russians don't mind playing that game; they are just not very subtle about it.
Sunday, December 6, 2015
Liberal ClapTrap
I got a kick out of Chris Christi's comment about the front page editorial by the New York Times. He called it Liberal Claptrap, which was probably not politically correct. What the Times said was out of touch with the average person and certainly not going to get them any points with people outside of New York City. I get a lot of my best stories from the Times and thought it was out of place for them to put this kind of call for gun control on the front page, when they already have an editorial page -- a good place for editorials.
The worst part of their comment was the failure to recognize that the folks who killed a few people in San Bernardino were terrorists. The had bombs made up in their garage and modified their guns to fire on automatic. They were Islamic Extremists, raised in places where that is fashionable. The Times does not seem to see that as any different than a nut case in Colorado who decides to kill people at Planned Parenthood. When I lived in Wyoming I thought everyone had guns, and this doesn't seem abnormal.
Terrorists get guns from a lot of places, but they seldom buy them in a local gun store where their names get recorded. They get guns into Israel, where almost everyone has a gun if they need one. They got them into Paris. In places where they can't get them, like China, they use knives and car bombs. The death toll from knife attacks can be pretty astounding. Terrorists find a way.
In Wyoming, my introduction to the culture came a week after I got there. I was on night patrol in Law Enforcement and we heard shots fired. I drove down to the scene and got there before the local police. There was a guy lying in the parking lot of 7-11 with multiple gun shots, obviously deceased. Nobody in the store was hurt, except the clerk who got pistol whipped. The guy who did that was lying outside. When the Sheriff came he asked what happened and the clerk said the guy beat him up and told the others in the store to get out. They went out and waited for him to come out. Five of them shot him. The Sheriff said, "He must have been from out of town." Denver, as it turned out.
For all of those who say the answer to guns is not more guns, take a look at where terrorists have the most difficult time. All of those places have guns, and the people there know what they are for.
The worst part of their comment was the failure to recognize that the folks who killed a few people in San Bernardino were terrorists. The had bombs made up in their garage and modified their guns to fire on automatic. They were Islamic Extremists, raised in places where that is fashionable. The Times does not seem to see that as any different than a nut case in Colorado who decides to kill people at Planned Parenthood. When I lived in Wyoming I thought everyone had guns, and this doesn't seem abnormal.
Terrorists get guns from a lot of places, but they seldom buy them in a local gun store where their names get recorded. They get guns into Israel, where almost everyone has a gun if they need one. They got them into Paris. In places where they can't get them, like China, they use knives and car bombs. The death toll from knife attacks can be pretty astounding. Terrorists find a way.
In Wyoming, my introduction to the culture came a week after I got there. I was on night patrol in Law Enforcement and we heard shots fired. I drove down to the scene and got there before the local police. There was a guy lying in the parking lot of 7-11 with multiple gun shots, obviously deceased. Nobody in the store was hurt, except the clerk who got pistol whipped. The guy who did that was lying outside. When the Sheriff came he asked what happened and the clerk said the guy beat him up and told the others in the store to get out. They went out and waited for him to come out. Five of them shot him. The Sheriff said, "He must have been from out of town." Denver, as it turned out.
For all of those who say the answer to guns is not more guns, take a look at where terrorists have the most difficult time. All of those places have guns, and the people there know what they are for.
Friday, December 4, 2015
ISIS Air Force
A friend of mine sent a link to a story about ISIS pilots training in a simulator [story ] I can't imagine ISIS trying to fly airplanes in an environment where there are so many coalition aircraft, radars and missiles. They would make great targets. Aside from that, the article says ISIS got this simulator from abroad, whatever that means. It is a reminder that for all the enemies of ISIS, they still have some really powerful friends who help fund and give them support. Now, who would benefit from a stronger bunch of radicals running loose in the world? We would think that no other country would do such a thing. It should remind of the thinking of our intelligence services just prior to 9/11. Why would they want to get pilot training, we were asking ourselves. Who could possibly benefit from that?
Thursday, December 3, 2015
OPM Hackers are The Usual Suspects
Ellen Nakashima had an interesting piece in the Washington Post yesterday[ https://www.washingtonpost.com/world/national-security/chinese-government-has-arrested-hackers-suspected-of-breaching-opm-database/2015/12/02/0295b918-990c-11e5-8917-653b65c809eb_story.html] about the "arrest" of the Chinese hackers who got the data at OPM. There is no information about the suspects, or whether they worked for the government. If ever a story showed the manipulation of our government by China, this one does.
The Post is a ready outlet for the views of the White House staff, and Ellen has good sources in the Washington cyber world. She usually turns out to be right about the events. I checked the China Daily to see if anything had come out in their press about the same subject, and found nothing mentioned since June. The June story was a denial that China had anything to do with this theft of 24 million records of security clearances.
The Post article points to sanctions as the main reason for the arrests. The Chairman's [Xi] visit to the U.S. was being accompanied by internal U.S. discussions of sanctions against companies that benefit from the theft of data that is plowed back into the Chinese economy. The Chinese knew (because they asked several of us) we were considering more harsh action than sanctions. I told them there would be an agreement on cyber because that was what the White House said, but we were considering more than sanctions. [see my 8/3/15 post on David Sanger's New York Times article that describes what was being considered] The story goes, China wanted to head those off by making an arrest of the usual suspects. Apparently, their actions worked, since we saw nothing of sanctions before or after the visit, and none of the more serious kinds of retaliation being discussed were ever carried out.
Can we be so easily influenced that we forget retaliation, forget sanctions, and turn the other cheek? Looks like it. Our political leadership understands one basic thing about human nature: we only pay attention until the next shiny news object comes along. The next time, we may be sorry we didn't make a more forceful statement this time.
The Post is a ready outlet for the views of the White House staff, and Ellen has good sources in the Washington cyber world. She usually turns out to be right about the events. I checked the China Daily to see if anything had come out in their press about the same subject, and found nothing mentioned since June. The June story was a denial that China had anything to do with this theft of 24 million records of security clearances.
The Post article points to sanctions as the main reason for the arrests. The Chairman's [Xi] visit to the U.S. was being accompanied by internal U.S. discussions of sanctions against companies that benefit from the theft of data that is plowed back into the Chinese economy. The Chinese knew (because they asked several of us) we were considering more harsh action than sanctions. I told them there would be an agreement on cyber because that was what the White House said, but we were considering more than sanctions. [see my 8/3/15 post on David Sanger's New York Times article that describes what was being considered] The story goes, China wanted to head those off by making an arrest of the usual suspects. Apparently, their actions worked, since we saw nothing of sanctions before or after the visit, and none of the more serious kinds of retaliation being discussed were ever carried out.
Can we be so easily influenced that we forget retaliation, forget sanctions, and turn the other cheek? Looks like it. Our political leadership understands one basic thing about human nature: we only pay attention until the next shiny news object comes along. The next time, we may be sorry we didn't make a more forceful statement this time.
Wednesday, December 2, 2015
Chinese Trade is Just Business
China runs a trade surplus with the U.S. that, in 2014, is a new record, $342.6 Billion. This is creeping up on the $585 Billion the U.S. spends on Defense every year. Most countries can't afford this kind of debt, and would attempt to cut back on the amount and type of trade to get a better balance. A long list of U.S. companies does business in China, manufacturing products there. [ http://www.jiesworld.com/international_corporations_in_china.htm ] and nobody is asking them to cut back on selling or manufacturing goods in China.
Most businesses see manufacturing in China as "just business", required to reduce the cost of production or get into the largest market in the world. An article in the China Daily [http://www.chinadaily.com.cn/business/2015-11/13/content_22446414.htm ] says that cost difference is down to 4% over the cost of manufacturing in the U.S., though it varies by type of product. Board rooms should take notice. If that market were open, instead of severely restricted by a centrally managed government, the numbers in trade on both sides of the equation might balance out a little better. Instead, it works against us.
GM is going to start selling Chinese cars in the U.S. This is after years of teaching the Chinese to make cars, and bantering with them over theft of designs. The Chinese aircraft manufacturing is getting its footing and beginning to turn out some aircraft that might actually make it in world markets. A report by the U.S.-China Economic and Security Review Commission shows how the industry used joint ventures to skirt technology transfers and steal trade secrets. There is almost no computer that does not have its parts or whole body made in China, accessories like hard drives and routers included. The Chinese control that market. Think about that as you read this text. It was created on a computer made in China, routed to you by equipment made in China, and stored on servers that will one day be Chinese. They control equipment used in the distribution of information.
We are passed the time when this kind of imbalance is "just business" and it is becoming a national security issue. The Chinese have too much leverage over our government. They own large chunks of our debt and they get what they want because of it. At the same time, they steal our technology as a part of a national strategy, plow our ideas back into their manufacturing capability, and increase our debt even more. At some point business leaders need to think of themselves as part of something bigger than the boundaries set by corporate structures. Like GM, they will one day see that manufacturing in China produces competition that is not part of fair trade.
Most businesses see manufacturing in China as "just business", required to reduce the cost of production or get into the largest market in the world. An article in the China Daily [http://www.chinadaily.com.cn/business/2015-11/13/content_22446414.htm ] says that cost difference is down to 4% over the cost of manufacturing in the U.S., though it varies by type of product. Board rooms should take notice. If that market were open, instead of severely restricted by a centrally managed government, the numbers in trade on both sides of the equation might balance out a little better. Instead, it works against us.
GM is going to start selling Chinese cars in the U.S. This is after years of teaching the Chinese to make cars, and bantering with them over theft of designs. The Chinese aircraft manufacturing is getting its footing and beginning to turn out some aircraft that might actually make it in world markets. A report by the U.S.-China Economic and Security Review Commission shows how the industry used joint ventures to skirt technology transfers and steal trade secrets. There is almost no computer that does not have its parts or whole body made in China, accessories like hard drives and routers included. The Chinese control that market. Think about that as you read this text. It was created on a computer made in China, routed to you by equipment made in China, and stored on servers that will one day be Chinese. They control equipment used in the distribution of information.
We are passed the time when this kind of imbalance is "just business" and it is becoming a national security issue. The Chinese have too much leverage over our government. They own large chunks of our debt and they get what they want because of it. At the same time, they steal our technology as a part of a national strategy, plow our ideas back into their manufacturing capability, and increase our debt even more. At some point business leaders need to think of themselves as part of something bigger than the boundaries set by corporate structures. Like GM, they will one day see that manufacturing in China produces competition that is not part of fair trade.
Tuesday, December 1, 2015
Did We See This Coming?
I'm usually not surprised by recommendations made by Congressional Committees since they are usually telegraphed long before they actually come out, but we occasionally get one that isn't. The U.S.-China Economic and Security Review Commission, in their annual report to Congress, made one that got my attention: [That] Congress assesses the coverage of U.S. law to determine whether U.S.-based companies that have been hacked should be allowed to engage in counterintrusions for the purpose of recovering, erasing, or altering stolen data in offending computer networks.
For some reason, I never heard this discussed by business interests or government. Hacking back has always been a troublesome area for industry. For one thing, it requires a good bit of technical expertise and a long-term investment in maintaining a capability that exceeds most business interests. Second, in the case of China, it requires hacking back against entities that are part of, or funded by, the central government. Companies that have business interests in China generally don't want to do that, though they are probably in a better position to do it than companies that don't. They have networks there already.
It seems to me there is a better way to make sure stolen data isn't used. Encrypted data is one way. The OPM database of security clearance data should have been encrypted, as should almost any trade secret data that is needed for a company to maintain a competitive advantage over its competitors. Most data management systems have some type of encryption available and it is not hard to use. I have heard IT shops argue that encryption is "too hard" but they haven't tried it.
Cliff Stoll, who years ago wrote the Cuckoo's Egg, suggested the addition of bogus records that if ever accessed, trigger a security alarm. We tried that in a couple of places and it turned up a couple of scavengers searching for things that were none of their business. One of them could prove it wasn't him, so we were sure that one was a hacker using his credentials. That is a good start.
There are other ways to achieve the objective without starting a hacker war with the Chinese, but I'm wondering where this idea came from.
For some reason, I never heard this discussed by business interests or government. Hacking back has always been a troublesome area for industry. For one thing, it requires a good bit of technical expertise and a long-term investment in maintaining a capability that exceeds most business interests. Second, in the case of China, it requires hacking back against entities that are part of, or funded by, the central government. Companies that have business interests in China generally don't want to do that, though they are probably in a better position to do it than companies that don't. They have networks there already.
It seems to me there is a better way to make sure stolen data isn't used. Encrypted data is one way. The OPM database of security clearance data should have been encrypted, as should almost any trade secret data that is needed for a company to maintain a competitive advantage over its competitors. Most data management systems have some type of encryption available and it is not hard to use. I have heard IT shops argue that encryption is "too hard" but they haven't tried it.
Cliff Stoll, who years ago wrote the Cuckoo's Egg, suggested the addition of bogus records that if ever accessed, trigger a security alarm. We tried that in a couple of places and it turned up a couple of scavengers searching for things that were none of their business. One of them could prove it wasn't him, so we were sure that one was a hacker using his credentials. That is a good start.
There are other ways to achieve the objective without starting a hacker war with the Chinese, but I'm wondering where this idea came from.
Monday, November 30, 2015
An Economic Crisis Handled
The new 2015 Report to Congress from the U.S. China Economic and Security Review Commission is out and it starts with some interesting analysis of how the Chinese dealt with a crisis in their 2015 economy. We deal with these kinds of things all the time and that is why the Fed plays an important role in managing the money supply across our country. China, for all its protestations to the contrary, is not like us.
The Commission report begins by outlining a simple truth: "...the Chinese government responded to the collapse with a heavy hand: ordering brokerages to buy shares, forbidding large shareholders from selling, sending police to root out 'malicious sellers, ordering state-owned companies and pension funds to invest in equities, and halting trading in many companies. The government also censored information, punished journalists for focusing on the bad news, and warned people about spreading 'rumors' about the stock market rout."
The next time someone says Chinese businesses are "just like us", remind them of the kinds of things the Chinese government does to its businesses to make sure things go the way they want. Many government officials wish we could do similar things, but we don't because we are not like them.
The Commission report begins by outlining a simple truth: "...the Chinese government responded to the collapse with a heavy hand: ordering brokerages to buy shares, forbidding large shareholders from selling, sending police to root out 'malicious sellers, ordering state-owned companies and pension funds to invest in equities, and halting trading in many companies. The government also censored information, punished journalists for focusing on the bad news, and warned people about spreading 'rumors' about the stock market rout."
The next time someone says Chinese businesses are "just like us", remind them of the kinds of things the Chinese government does to its businesses to make sure things go the way they want. Many government officials wish we could do similar things, but we don't because we are not like them.
How Little of Syria is Syria
Take a look at the map and see how little of Syria is actually in the government's hands. Aljazerra posted this map today and almost all of Syria looks like it is in someone else's' hands, and all of that is under Assad's control is in the western part of the country. The article is one of the first to blame the Russians for civilian casualities who are collateral damage in the fight against ISIS.
http://www.aljazeera.com/news/2015/11/20-killed-russian-air-strike-syrian-market-151129082103978.html
So, if you thought about why Russia has decided to help Assad stay in power, this would give us reason to see why it was so important. Syria is not in Assad's control and the situation was clearly getting worse. Territorially, Assad was not in power. More important, if you go directly west from Homs, you come to Tartus, where the Russians have their naval base. https://www.google.com/maps/place/Tartus+Port,+Tartus%E2%80%8E,+Syria/@34.9070499,35.9100339,15z/data=!4m2!3m1!1s0x15217c34ee5576c5:0x6c526abef67faf1c?hl=en-US
If they waited too much longer, their port would have been at risk of falling into the hands of somebody less favorable than Assad. Further north, the Russian airfields are at Latakia, also on the coast. According to the Moscow Times, the Russians are planning on building a larger air capability in Syria and unifying the forces there [http://www.themoscowtimes.com/business/article/russia-to-build-unified-military-base-in-syria-general-says/539407.html ] The Russians were certainly interested in maintaining those bases which are the only ones they have in the Middle East. What they are having to do to maintain them is put more boots on the ground and more planes in the air. They must need those places badly to risk that kind of exposure.
http://www.aljazeera.com/news/2015/11/20-killed-russian-air-strike-syrian-market-151129082103978.html
So, if you thought about why Russia has decided to help Assad stay in power, this would give us reason to see why it was so important. Syria is not in Assad's control and the situation was clearly getting worse. Territorially, Assad was not in power. More important, if you go directly west from Homs, you come to Tartus, where the Russians have their naval base. https://www.google.com/maps/place/Tartus+Port,+Tartus%E2%80%8E,+Syria/@34.9070499,35.9100339,15z/data=!4m2!3m1!1s0x15217c34ee5576c5:0x6c526abef67faf1c?hl=en-US
If they waited too much longer, their port would have been at risk of falling into the hands of somebody less favorable than Assad. Further north, the Russian airfields are at Latakia, also on the coast. According to the Moscow Times, the Russians are planning on building a larger air capability in Syria and unifying the forces there [http://www.themoscowtimes.com/business/article/russia-to-build-unified-military-base-in-syria-general-says/539407.html ] The Russians were certainly interested in maintaining those bases which are the only ones they have in the Middle East. What they are having to do to maintain them is put more boots on the ground and more planes in the air. They must need those places badly to risk that kind of exposure.
Sunday, November 29, 2015
Russian Military Hardware in Syria
The Russians have moved some IL-20 surveillance aircraft, Krasukha-4 jammers into Syria to complement the AN 400 anti-aircraft missiles. [see the articles by Elias Groll at http://foreignpolicy.com/2015/10/06/spy-planes-signal-jammers-and-putins-high-tech-war-in-syria/ and Sputnik's article at http://inserbia.info/today/2015/10/russian-electronic-warfare-systems-spotted-in-syria/ ]. If, as the Foreign Policy article says, using it to fight ISIS, it is a little overkill. ISIS has no Air Force.
Russia must have something else in mind, dragging this kind of hardware into a war zone where the enemy has tanks and truck-mounted artillary at the high end of their arsenal. The IL-20s could certainly listen to ISIS traffic and maybe even friendly troops of other nations in the area, but something like jammers and anti-aircraft systems are aimed at other flyers in the area. That would be an alliance of countries now bombing ISIS, and Turkey's F-16s that shot down a Russian fighter-bomber. Jammers and anti-aircraft missiles will make that kind of strike a little more interesting. For the Russians, these kinds of gadgets are big targets. The Turkmen already showed they can blow up a big target when they fired a missile at a Russian helicopter sitting on the ground. Jammers have to stop to set up their antenna. Let's see how long they last in that hostile environment.
Russia must have something else in mind, dragging this kind of hardware into a war zone where the enemy has tanks and truck-mounted artillary at the high end of their arsenal. The IL-20s could certainly listen to ISIS traffic and maybe even friendly troops of other nations in the area, but something like jammers and anti-aircraft systems are aimed at other flyers in the area. That would be an alliance of countries now bombing ISIS, and Turkey's F-16s that shot down a Russian fighter-bomber. Jammers and anti-aircraft missiles will make that kind of strike a little more interesting. For the Russians, these kinds of gadgets are big targets. The Turkmen already showed they can blow up a big target when they fired a missile at a Russian helicopter sitting on the ground. Jammers have to stop to set up their antenna. Let's see how long they last in that hostile environment.
Tuesday, November 24, 2015
Facts are not Required
Today's downing of a Russian SU-24 fighter shows the "facts" in any international incident are quickly established by both sides. The Russians say it was over Syrian airspace; the Turks say it was over Turkish airspace and was warned 10 times in 5 minutes. The Turks say it was shot down by a Turkish Air Force plane. Some news reports are saying it might have been a shoulder fired missile, or something bigger. BBC says last week the Turks warned the Russians to stop bombing the Turkmen in this part of Syria. Everyone agrees this is a serious international incident.
The location of the jet is not hard to determine. It is a question of fact. There are probably 10 radars around that place that caught the jet coming into the airspace. Lots of people know where it was and what it was bombing, because many governments are watching. If the jet was bombing someone, they all know where it was dropping the ordinance. The people on the ground where it was falling probably know who was bombing them. Somebody made a cellphone video of the whole thing, so that will have enough information to figure out where the plane was when it was hit.
When a country controls its press like Russia we expect to see a series of stories supporting the Russian view of these events. In the long run, the facts will be established the same way they always are, but the domestic audience in Russia will already believe whatever stories they manage to get out quickly. The facts will not influence them very much, because most of them will be papered over by an endless stream of their version of events. It goes to credibility.
We will know in a day or two which version of the event was the correct one. If the Turks are right, the Russians will continue to publish the same stories over and over in different forms, even though the rest of the world finds them incredible. That belief that the Russian press is incredible will not go away. If the Russians are right, they will have lots of help from the rest of the world's press to blast that message to anyone who can read. We are anxious to see what the truth turns out to be..
The location of the jet is not hard to determine. It is a question of fact. There are probably 10 radars around that place that caught the jet coming into the airspace. Lots of people know where it was and what it was bombing, because many governments are watching. If the jet was bombing someone, they all know where it was dropping the ordinance. The people on the ground where it was falling probably know who was bombing them. Somebody made a cellphone video of the whole thing, so that will have enough information to figure out where the plane was when it was hit.
When a country controls its press like Russia we expect to see a series of stories supporting the Russian view of these events. In the long run, the facts will be established the same way they always are, but the domestic audience in Russia will already believe whatever stories they manage to get out quickly. The facts will not influence them very much, because most of them will be papered over by an endless stream of their version of events. It goes to credibility.
We will know in a day or two which version of the event was the correct one. If the Turks are right, the Russians will continue to publish the same stories over and over in different forms, even though the rest of the world finds them incredible. That belief that the Russian press is incredible will not go away. If the Russians are right, they will have lots of help from the rest of the world's press to blast that message to anyone who can read. We are anxious to see what the truth turns out to be..
Sunday, November 22, 2015
China's Press & Terrorists
China has found itstelf in a peculiar position of having to convince the rest of the world that they have a problem with terrorists in their country. There is a certain justice to this.
China has rigidly controlled its press and only allowed it to comment using pre-scripted statements about terrorist attacks by Muslims in the Northwest of their country. Doing research on some of these events is difficult, especially if you don't do it right after the event. After that, the stories start disappearing. In Friday's Independent [http://www.independent.co.uk/news/world/asia/as-china-joins-the-anti-isis-brigade-must-we-keep-quiet-about-the-uighurs-a6742641.html ] there is good example, citing the killing of 28 terrorists by China's government.
You would think that the killing of 16 miners would attract some of the world's press. It was nearly the same number as were killed in Mali. Yet, we have nothing of this story on any of our news outlets - no videos, no interviews with grieving family members, no statements by government officials promising revenge or retaliation. Maybe killing the 28 was both, but we don't know.
"First and foremost, it hopes to get the West to shut up about the Uighurs. Today, state media reported the killing of 28 “terrorists”, allegedly members of a group that was said to have killed 16 people at a coalmine in Xinjiang, the huge, sparsely populated region in the far-west of China where the largely Muslim Uighurs, a 10 million-strong Turkic race, are concentrated. " The Uighurs have been killing people at regular intervals without using a lot of automatic weapons or explosives. They terrorize by using knives and meat cleavers, something ISIS has tried now and again. I had several of these stories in The Chinese Information War and they are gruesome tales that included killing children in cold blood in broad daylight in a public train station. Reports on that are few and far between.
So now, the Chinese want us to see that they have terrorists too. They live by the coverup and now find it difficult to uncover what they spent so much times and effort plowing under. If there is justice in the world, this is it.
China has rigidly controlled its press and only allowed it to comment using pre-scripted statements about terrorist attacks by Muslims in the Northwest of their country. Doing research on some of these events is difficult, especially if you don't do it right after the event. After that, the stories start disappearing. In Friday's Independent [http://www.independent.co.uk/news/world/asia/as-china-joins-the-anti-isis-brigade-must-we-keep-quiet-about-the-uighurs-a6742641.html ] there is good example, citing the killing of 28 terrorists by China's government.
You would think that the killing of 16 miners would attract some of the world's press. It was nearly the same number as were killed in Mali. Yet, we have nothing of this story on any of our news outlets - no videos, no interviews with grieving family members, no statements by government officials promising revenge or retaliation. Maybe killing the 28 was both, but we don't know.
"First and foremost, it hopes to get the West to shut up about the Uighurs. Today, state media reported the killing of 28 “terrorists”, allegedly members of a group that was said to have killed 16 people at a coalmine in Xinjiang, the huge, sparsely populated region in the far-west of China where the largely Muslim Uighurs, a 10 million-strong Turkic race, are concentrated. " The Uighurs have been killing people at regular intervals without using a lot of automatic weapons or explosives. They terrorize by using knives and meat cleavers, something ISIS has tried now and again. I had several of these stories in The Chinese Information War and they are gruesome tales that included killing children in cold blood in broad daylight in a public train station. Reports on that are few and far between.
So now, the Chinese want us to see that they have terrorists too. They live by the coverup and now find it difficult to uncover what they spent so much times and effort plowing under. If there is justice in the world, this is it.
Friday, November 20, 2015
Encryption Flip Side
The Intelligence services and law enforcement agencies of our country have a job to do and we can all understand why they need to be able to do it. But, from time to time, we might want to look at what that job is. Part of it is staying ahead of technology and coming up with ways to defeat whatever protections terrorists and spies can come up with.
For all of my government life, I heard the encryption argument from the people who want to be able to get into another person's mail or files and discover what they have been up to. They have good reasons for doing it, of course, like counter terrorism or undoing spies who are trying to do us harm. Most of the time, that argument was self-serving, even if it was made for the right reasons.
In 1991, Phil Zimmermann introduced an idea he called Pretty Good Privacy (PGP). He was investigated as a criminal for publishing the code in a book, and harassed for several years before the code was finally accepted. Anyone can have PGP now. What Zimmermann had to go through was the same type of thing our own technical industries are facing now with the discussion of making back doors to code to allow government access to the internal communications of anyone using their products. Apple, Google and the rest, built encryption in and they cannot get at the communications of users of products using that kind of protection. Even under a warrant, Apple and Google say they cannot get anything that is not encrypted and thus not very useful.
The natural reaction is to say "give us a back door". We promise we will protect it and make sure nobody can use it but us. We will only use it when it is required for some good purpose. That is the wrong approach to take. What Apple and Google did was the right thing. They are protecting our data from interception by anyone, good guy or bad, because so many bad guys were stealing almost everything they could get their hands on. It was about time they did something about it. We should be glad they did. The unintended consequence is that bad guys can use the same encryption to continue their work.
I don't like terrorists very much and would like to see them caught or killed. But, what the governments of the world should be focused on is finding the technology that allows them to keep up, not undoing the technology we have to protect our own information. That confusing bit of logic that allows them to make the argument that the industry should give them an easy way out is symptomatic of something else - laziness. Find a way, and do your job.
For all of my government life, I heard the encryption argument from the people who want to be able to get into another person's mail or files and discover what they have been up to. They have good reasons for doing it, of course, like counter terrorism or undoing spies who are trying to do us harm. Most of the time, that argument was self-serving, even if it was made for the right reasons.
In 1991, Phil Zimmermann introduced an idea he called Pretty Good Privacy (PGP). He was investigated as a criminal for publishing the code in a book, and harassed for several years before the code was finally accepted. Anyone can have PGP now. What Zimmermann had to go through was the same type of thing our own technical industries are facing now with the discussion of making back doors to code to allow government access to the internal communications of anyone using their products. Apple, Google and the rest, built encryption in and they cannot get at the communications of users of products using that kind of protection. Even under a warrant, Apple and Google say they cannot get anything that is not encrypted and thus not very useful.
The natural reaction is to say "give us a back door". We promise we will protect it and make sure nobody can use it but us. We will only use it when it is required for some good purpose. That is the wrong approach to take. What Apple and Google did was the right thing. They are protecting our data from interception by anyone, good guy or bad, because so many bad guys were stealing almost everything they could get their hands on. It was about time they did something about it. We should be glad they did. The unintended consequence is that bad guys can use the same encryption to continue their work.
I don't like terrorists very much and would like to see them caught or killed. But, what the governments of the world should be focused on is finding the technology that allows them to keep up, not undoing the technology we have to protect our own information. That confusing bit of logic that allows them to make the argument that the industry should give them an easy way out is symptomatic of something else - laziness. Find a way, and do your job.
Thursday, November 19, 2015
Anonymous After ISIS
For Anonymous it was not unusual. Thepress frequently refers to them as anarchists. A few news outlets [ e.g. http://www.independent.co.uk/life-style/gadgets-and-tech/news/paris-attacks-anonymous-operation-isis-activists-begin-leaking-details-of-suspected-extremist-a6737291.html] picked up the story of this unusual group of hackers as they tried to make information about ISIS Twitter accounts public. Anonymous went after Assad in Syria long before anyone seemed to take an interest in what he was doing to his own people.
When I worked for the government, it was generally not good to say anything favorable about Anonymous. They were, after all, hackers and hackers were bad. The real reason we didn't favor them was they weren't our hackers. They are hard to control and they sometimes get things wrong as they did in Ferguson. Stuff happens. We should forgive them for their sins and move on. At least they are trying to do something to respond to ISIS.
Twitter has been in the middle of this for a few years, as has Facebook. Various governments come to them and try to gets accounts closed because of "terrorist activity". In those circumstances, it is hard for the social media sites to say no. However, not everyone's terrorist is equal. In Russia those terrorists can be someone who disagrees with the government. In China they can be a religious group. There are quite a few ISIS friends in all parts of the Middle East, as we found when theTurks interrupted a moment of silence for the French dead with catcalls and whistles. Some of those folks are probably on Twitter too.
Disrupting ISIS recruiting is a good thing, but not something governments generally favor,, and Twitter would be hard-pressed to do. This is where Anonymous is at its best - doing things that governments don't favor but need to be done. Maybe they can start posting the names of holders of these accounts and the people they are communicating with. I'm sure we all would like to know if our neighbor is being recruited by ISIS. We can take them off our Friends list,, bump them out of the carpool, and call the FBI.
When I worked for the government, it was generally not good to say anything favorable about Anonymous. They were, after all, hackers and hackers were bad. The real reason we didn't favor them was they weren't our hackers. They are hard to control and they sometimes get things wrong as they did in Ferguson. Stuff happens. We should forgive them for their sins and move on. At least they are trying to do something to respond to ISIS.
Twitter has been in the middle of this for a few years, as has Facebook. Various governments come to them and try to gets accounts closed because of "terrorist activity". In those circumstances, it is hard for the social media sites to say no. However, not everyone's terrorist is equal. In Russia those terrorists can be someone who disagrees with the government. In China they can be a religious group. There are quite a few ISIS friends in all parts of the Middle East, as we found when theTurks interrupted a moment of silence for the French dead with catcalls and whistles. Some of those folks are probably on Twitter too.
Disrupting ISIS recruiting is a good thing, but not something governments generally favor,, and Twitter would be hard-pressed to do. This is where Anonymous is at its best - doing things that governments don't favor but need to be done. Maybe they can start posting the names of holders of these accounts and the people they are communicating with. I'm sure we all would like to know if our neighbor is being recruited by ISIS. We can take them off our Friends list,, bump them out of the carpool, and call the FBI.
Wednesday, November 18, 2015
Stupid is as Stupid does Again
The title is, of course, from Forrest Gump and summarizes a basic tenent of computer security. You cannot engineer out stupid. I don't know how many of you read the November FISMA report from OPM, but when I looked at it, I had to check the date. I thought it was the report from a couple of years before the Chinese took all of our security clearance records. Too bad it wasn't. Really? Two factor authentication is still not being used? Multiple systems still haven't been approved? They still haven't identified deficiencies and set dates for correcting all the problems. Maybe they are still too busy sending out those notices that your records have been stolen and offering some Credit monitoring, which is absolutely worthless. Then too, they know it is only a year until they are going to be gone, and someone new will be taking over. Maybe this kind of thing will escape the public notice until then. Give the security clearance data back to DoD and get these idiots out of the business.
These are a few of the other things that we tend to forget:
These are a few of the other things that we tend to forget:
-
In June 2015, the Office of Personnel Management reported that an
intrusion into its systems affected the personnel records of about 4.2
million current and former federal employees. The Director stated that
a separate but related incident involved the agency’s background
investigation systems and compromised background investigation
files for 21.5 million individuals.
-
In June 2015, the Commissioner of the Internal Revenue Service
testified that unauthorized third parties had gained access to taxpayer
information from its “Get Transcript” application. According to officials,
criminals used taxpayer-specific data acquired from non-department
sources to gain unauthorized access to information on approximately
100,000 tax accounts. This data included Social Security information,
dates of birth, and street addresses. In an August 2015 update, the
agency reported this number to be about 114,000 and that an
additional 220,000 accounts had been inappropriately accessed,
which brings the total to about 330,000 accounts.
-
In April 2015, the Department of Veterans Affairs’ Office of Inspector
General reported that two contractors had improperly accessed the
agency’s network from foreign countries using personally owned
equipment.5
-
In February 2015, the Director of National Intelligence stated that
unauthorized computer intrusions were detected in 2014 on the
networks of the Office of Personnel Management and two of its
contractors. The two contractors were involved in processing sensitive
PII related to national security clearances for federal employees.6
-
In September 2014, a cyber intrusion into the United States Postal
Service’s information systems may have compromised PII for more than 800,000 of its employees.
• In October 2013, a wide-scale cybersecurity breach involving a U.S. Food and Drug Administration system occurred that exposed the PII of 14,000 user accounts.8
We could say this was indicative of a poor management situation, but it is more than that. This stream of data thefts is just the current ones and clearly indicates we have no oversight of computer security in any of the Federal agencies.
The report goes on to document the basic things every computer security program should have, but cites them as identified deficiencies of our Federal agencies. Policy is not the issue here. We have federal CIOs and CISOs who clearly don't have the initiative to fix what has been identified as deficient conditions. They give excuses, lay blame on everyone else, and talk a good deal but never get the job done. Why do we pay people to do these jobs and then ignore them if they don't? This is our data these people are losing. Can't we find a way to get their attention. GAO's reporting is an insight into the borader problem of getting managers to follow even basic policies that require that data to be secured.
ISIS Money
I had a section in my last book about funding for terrorist groups, especially ISIS. There are a lot of myths about where that money comes from, including the best one about the bank in Mosul, where ISIS was said to abscond with several hundred million dollars, even though the Iraqis and the bank deny it today. Even selling oil, which this week got some attention when tankers and oil transport trucks were on the target list being bombed. A CNN report on this said $40 million a month went to ISIS from this kind of activity. But, we are avoiding the real question about ISIS to believe that it is self-sustaining.
A government that refuses to say "Islamic extremists" is odd to say the least. Few people understand this kind of ignorance, but this odd combination also keeps them from saying who is really funding ISIS. We should remember that Al Qaeda and Hezbollah are still on our list of terrorist organizations. ISIL is just current because of Paris, but the others have not gone away. They are not shy about who their targets will be. The Administration talks about oil, selling artifacts, and extortion to keep from talking about the politically sensitive question of how ISIS got going and how they perpetuate themselves in an environment where everyone says they hate them and bomb them regularly. They get money from other sources and the press should focus on those. Shutting them off is important to disbanding and destroying this "JV Team" of terrorists.
In 2015, the Congress put together a couple of studies on terrorism financing and I used the COMMITTEE ON FINANCIAL SERVICES U.S. HOUSE OF REPRESENTATIVES from testimony on 22 April. You can read the whole thing here http://financialservices.house.gov/uploadedfiles/114-15.pdf
Oil going to Turkey and Iran can be cut off, as we are seeing now. The question, of course, was why it took a mass execution in Paris to act on it when it has been known as a source of terrorist financing for years. But the real problem of terrorist financing is not just oil.
A government that refuses to say "Islamic extremists" is odd to say the least. Few people understand this kind of ignorance, but this odd combination also keeps them from saying who is really funding ISIS. We should remember that Al Qaeda and Hezbollah are still on our list of terrorist organizations. ISIL is just current because of Paris, but the others have not gone away. They are not shy about who their targets will be. The Administration talks about oil, selling artifacts, and extortion to keep from talking about the politically sensitive question of how ISIS got going and how they perpetuate themselves in an environment where everyone says they hate them and bomb them regularly. They get money from other sources and the press should focus on those. Shutting them off is important to disbanding and destroying this "JV Team" of terrorists.
In 2015, the Congress put together a couple of studies on terrorism financing and I used the COMMITTEE ON FINANCIAL SERVICES U.S. HOUSE OF REPRESENTATIVES from testimony on 22 April. You can read the whole thing here http://financialservices.house.gov/uploadedfiles/114-15.pdf
Oil going to Turkey and Iran can be cut off, as we are seeing now. The question, of course, was why it took a mass execution in Paris to act on it when it has been known as a source of terrorist financing for years. But the real problem of terrorist financing is not just oil.
"Mr. SCHANZER. Yes. I would agree with just about everything
that Juan has just stated, but I think I would note two things. One
thing that has not changed at all is the challenge of deep pocket
donors in the Gulf states. We knew that this was a problem in the
immediate aftermath of 9/11, and when you look at the statements
that have come out of the Treasury Department, we continue to see
challenges out of Saudi Arabia, Kuwait, Qatar, et cetera. This is an
issue that we have not fully tackled yet. There has been better co-operation in some cases, but in some cases we continue to see these
intransigent countries where they are not cracking down enough.
I am thinking of Qatar in particular. It is an incredibly problematic
jurisdiction." (page 15)
The Middle East is full of people who finance operations that will do harm to Western countries. We know they will do that because they make videos and publish articles saying so. Turkey and Iran buy oil from ISIL, proving only that oil makes strange bedfellows. The Turks facilitate the sale of antiquities from areas ISIL has seized. Guys trying to make a buck, no doubt. What ISIL did in Paris is remind the rest of the world that there are enemies worse than each other. The kind that looks you in the eye and lies about how much your friendship means to them.
The Middle East is full of people who finance operations that will do harm to Western countries. We know they will do that because they make videos and publish articles saying so. Turkey and Iran buy oil from ISIL, proving only that oil makes strange bedfellows. The Turks facilitate the sale of antiquities from areas ISIL has seized. Guys trying to make a buck, no doubt. What ISIL did in Paris is remind the rest of the world that there are enemies worse than each other. The kind that looks you in the eye and lies about how much your friendship means to them.
Wednesday, November 11, 2015
When Regulators Don't
We have had two cases this week that show clearly what regulators really do with their time.
The first is the fiasco of Russian athletes using enhancements to improve their performance. Several news outlets have said this was intentional, state sponsored, and the FSB participated. OF course there is already someone who is supposed to be looking into this kind of thing, and taking blood samples of athletes before and after they participate. The regulation of that kind of thing does not seem to have gone well, because nobody in that chain of people found anything worth bringing up.
The second is the purchase of airtime by companies tethered to China which then broadcast news using the Chinese version of stories. The FCC is supposed to looking at things like that, but didn't seem to notice [until a reporter pointed it out] that it was going on. The Russian news story was broken by journalists in Germany last summer.
Both of these stories illustrate why China and Russia want to control their press. These kinds of stories disrupt the harmony in the universe. The Russians say the versions of stories coming out are "confusing" and prove nothing. The Chinese say the same about the Reuters investigation that prompted FCC to finally open up a probe. This is bad for the world, causing people to have to worry about things that should not be of notice to a public at ease with their situation and happy with their government.
When you start looking into it, regulators seldom do. They publish reports, engage in a few of their responsibilities, and take home a paycheck that makes all of us feel cheated. Government regulators do a lousy job and still get paid for it. We saw the same with the VA giving bonuses to all those people who engaged in dubious behavior. Nobody is paying attention.
The first is the fiasco of Russian athletes using enhancements to improve their performance. Several news outlets have said this was intentional, state sponsored, and the FSB participated. OF course there is already someone who is supposed to be looking into this kind of thing, and taking blood samples of athletes before and after they participate. The regulation of that kind of thing does not seem to have gone well, because nobody in that chain of people found anything worth bringing up.
The second is the purchase of airtime by companies tethered to China which then broadcast news using the Chinese version of stories. The FCC is supposed to looking at things like that, but didn't seem to notice [until a reporter pointed it out] that it was going on. The Russian news story was broken by journalists in Germany last summer.
Both of these stories illustrate why China and Russia want to control their press. These kinds of stories disrupt the harmony in the universe. The Russians say the versions of stories coming out are "confusing" and prove nothing. The Chinese say the same about the Reuters investigation that prompted FCC to finally open up a probe. This is bad for the world, causing people to have to worry about things that should not be of notice to a public at ease with their situation and happy with their government.
When you start looking into it, regulators seldom do. They publish reports, engage in a few of their responsibilities, and take home a paycheck that makes all of us feel cheated. Government regulators do a lousy job and still get paid for it. We saw the same with the VA giving bonuses to all those people who engaged in dubious behavior. Nobody is paying attention.
ALIBABA'S COUNTERFEITS
We might be looking a little too close to Alibaba's counterfeits, and not looking at the broader issue of counterfeits being sold on the web. Kathy Chu [Alibaba Revamps Fake-Goods Procedures, The Wall Street Journal, 11 November 2015] shows how thin the changes are to the policies Alibaba has made: " Under the new rules, global brands that have been highly accurate in flagging fake goods on Alibaba’s Tmall and Taobao will have their complaints reviewed in one to three working days, compared with five to seven days previously. Brands that sign up for the program will also have a dedicated representative to deal with their complaints, according to the Chinese company. Alibaba hasn't disclosed how many brands have enrolled in its “good-faith takedown” program, which took effect April 1st." We probably should not expect more from the world's largest counterfeiters of goods. There is almost nothing the Chinese don't counterfeit, but Chu's example is insightful.
The Chinese also counterfeit their own goods, as illustrated by the example of counterfeit Huawai phones being sold on the Alibaba outlet. I have mentioned other stories before about China's ability and willingness to counterfeit anything. Chief among the reports was a 60 Minutes segment that outlined the counterfeiting of almost everything from wine to golf clubs. It is part of their culture to counterfeit. Copyright and trademark be damned. Of course, when they start counterfeiting airplane parts and airbags (both were done) we are inclined to be more concerned, but still not very engaged with China.
We don't do very much to discourage this kind of behavior. As I mentioned in a prior post, Amazon continues to see a class of goods called "generic". They don't want to know where they are manufactured and rely on a distributor to verify the authenticity. This behavior is not much different than Alibaba. Amazon does take these devices back if you don't approve of the, but avoiding them is a better plan
Counterfeit electronic devices are not good things to have in the U.S. infrastructure because goods in China are manufactured under different rules. We can end up with source code that has been tampered with by the Chinese government or surveillance equipment required in China but not anywhere else, being included in the manufacturing process. The thieves are blind to this kind of thing. We shouldn''t be.
The Chinese also counterfeit their own goods, as illustrated by the example of counterfeit Huawai phones being sold on the Alibaba outlet. I have mentioned other stories before about China's ability and willingness to counterfeit anything. Chief among the reports was a 60 Minutes segment that outlined the counterfeiting of almost everything from wine to golf clubs. It is part of their culture to counterfeit. Copyright and trademark be damned. Of course, when they start counterfeiting airplane parts and airbags (both were done) we are inclined to be more concerned, but still not very engaged with China.
We don't do very much to discourage this kind of behavior. As I mentioned in a prior post, Amazon continues to see a class of goods called "generic". They don't want to know where they are manufactured and rely on a distributor to verify the authenticity. This behavior is not much different than Alibaba. Amazon does take these devices back if you don't approve of the, but avoiding them is a better plan
Counterfeit electronic devices are not good things to have in the U.S. infrastructure because goods in China are manufactured under different rules. We can end up with source code that has been tampered with by the Chinese government or surveillance equipment required in China but not anywhere else, being included in the manufacturing process. The thieves are blind to this kind of thing. We shouldn''t be.
Tuesday, November 10, 2015
Footdragging on Cybersecurity
Both The Hill and Washington Times expressed similar views of the new Cybersecurity Information Sharing Act, without expressing them the same way. Andrea Castillo in the Times has the most interesting view on this, describing the CISA as something only a politician could love. [http://www.washingtontimes.com/news/2015/nov/9/andrea-castillo-cisa-a-cybersecurity-bill-only-a-p/ ] As a note: This website is almost impossible to read, being filled with ads and internal references, so email yourself the article before attempting to read it.
The real forces at work here are the IT Industry and Special Interest groups like some of us who would actually like to see government do something more aligned with security of computer systems. The IT Industry is on the other side of this, and for a good reason. If we actually can get something passed and people start reporting things they find when they are hacked, you can be sure they will find more zero day exploits that were designed in, fielded without proper testing, and ignored even after someone told those responsible that it needed to be fixed. The IT Industry thinks this can get them into trouble and has fought tooth and nail to water down any provisions of any bill that Congress tries to enact. They are deathly afraid that any bill to share information will result in work for their developers. They are right about that.
I don't necessarily believe that it is the Microsoft-Cisco cooperation in fighting this legislation means they are leading it. There are thousands of software developers, integrators, and cloud services who don't want to be seen as fighting something they know their customers would see as counter to what they are promising in the way of security. They are two-faced about it. They would like to see a couple of big companies represent them and stay out of the limelight. Actually, there isn't a whole lot of limelight on this anyway, since the legislation was around when I was on the President's Critical Infrastructure Protection Committee - that was 10 years ago. They have managed to slow-roll this and will continue to poke and prode their elected representatives to make this bill suit their own needs. The U.S. Chamber of Commerce was right out front the last time this issue came up, and we have yet to see much public comment by them this time around. They have gone underground with a lot of the others.
The real forces at work here are the IT Industry and Special Interest groups like some of us who would actually like to see government do something more aligned with security of computer systems. The IT Industry is on the other side of this, and for a good reason. If we actually can get something passed and people start reporting things they find when they are hacked, you can be sure they will find more zero day exploits that were designed in, fielded without proper testing, and ignored even after someone told those responsible that it needed to be fixed. The IT Industry thinks this can get them into trouble and has fought tooth and nail to water down any provisions of any bill that Congress tries to enact. They are deathly afraid that any bill to share information will result in work for their developers. They are right about that.
I don't necessarily believe that it is the Microsoft-Cisco cooperation in fighting this legislation means they are leading it. There are thousands of software developers, integrators, and cloud services who don't want to be seen as fighting something they know their customers would see as counter to what they are promising in the way of security. They are two-faced about it. They would like to see a couple of big companies represent them and stay out of the limelight. Actually, there isn't a whole lot of limelight on this anyway, since the legislation was around when I was on the President's Critical Infrastructure Protection Committee - that was 10 years ago. They have managed to slow-roll this and will continue to poke and prode their elected representatives to make this bill suit their own needs. The U.S. Chamber of Commerce was right out front the last time this issue came up, and we have yet to see much public comment by them this time around. They have gone underground with a lot of the others.
Russia's Cyberwar with Ukraine
In today's Wall Street Journal, Margaret Coker and Paul Sonne, [Ukraine, Cyberwar's Hottest Front] updates (in great detail) a story I told in The New Cyberwar, my latest book. This particular incident involved the hacking the Ukraine Central Election Commission, attempting to disrupt the establishment of an official tally for the final election results. They missed the point of the espionage software that was found in Ukraine's computers, and failed to mention that it was also found in Latvia, the next rung on Putin's ladder.
Espionage is the initial purpose. Collecting and analyzing information about what leaders think. There were only 38 occurences one popular method that was used, making it harder to detect and less strenuous to analyze. It targeted leaders in more than Ukraine. The Chinese and Russians listen more than they try to hack for the purpose of disruption.
They were on target with a discussion of the reliance on an old infrastructure that has a history of being pirated software that came from old Russian equipment managed by Russian companies. Unlike the Russians who went into Crimea, the government of Ukraine didn't replace its infrastructure with new equipment that it controlled. The Russians knew the importance of that because they were using the equipment for their own benefit.
Espionage is the initial purpose. Collecting and analyzing information about what leaders think. There were only 38 occurences one popular method that was used, making it harder to detect and less strenuous to analyze. It targeted leaders in more than Ukraine. The Chinese and Russians listen more than they try to hack for the purpose of disruption.
They were on target with a discussion of the reliance on an old infrastructure that has a history of being pirated software that came from old Russian equipment managed by Russian companies. Unlike the Russians who went into Crimea, the government of Ukraine didn't replace its infrastructure with new equipment that it controlled. The Russians knew the importance of that because they were using the equipment for their own benefit.
Monday, November 9, 2015
China Buys U.S. News Outlets
According to two sources of news last week, China purchased a U.S. company G&E Studio which, in turn, leased stations and airtime in Washington D.C.,Philadelphia, San Francisco and Boston. [ The Reuters Investigation, SPECIAL REPORT-Exposed: Beijing's covert global radio network is at http://www.reuters.com/investigates/special-report/china-radio/ and has much more detail ]Those are big markets where the news has a lot of competition, but these stations carried stories China wanted to slant their own way. Gordon Crowitz at the Wall Street Journal, wrote an opinion piece today about it [China's Soft Power Exposed]
Key to all of this, from my viewpoint, is the Chinese are not just willing to control their own press in their own country; they want to control ours too - and a few outside the U.S. The Reuters article includes this statement:
C&E Studio produces shows in Chinese and English and is one of 33 stations purchased covertly by
China Radio International. It coverage extends from the western suburbs of Washington to the Chinese embassy. That includes where I live.
Funny that Reuters had to tell the FCC that this was going on.
Key to all of this, from my viewpoint, is the Chinese are not just willing to control their own press in their own country; they want to control ours too - and a few outside the U.S. The Reuters article includes this statement:
Chinese President Xi Jinping, who has chafed at a world order he sees as dominated by the United States and its allies, is aware that China struggles to project its views in the international arena.
“We should increase China’s soft power, give a good Chinese narrative and better communicate China’s message to the world,” Xi said in a policy address in November last year, according to Xinhua.
C&E Studio produces shows in Chinese and English and is one of 33 stations purchased covertly by
China Radio International. It coverage extends from the western suburbs of Washington to the Chinese embassy. That includes where I live.
Funny that Reuters had to tell the FCC that this was going on.