A New York Times Cyber Wish

The New York Times has a wish on its front page today for some kind of retaliation for cyber attacks on the Democratic Party - with the dreamland hope that the Russians were actually trying to influence the United States national elections.  This is made more palatable by the hacking of the Democratic National Committee and the Hillary Clinton campaign.  Nobody cared when they hacked the Republicans, but the Times is declaring a national emergency for the attacks on Hillary, sufficient to justify the retaliatory strike of one government on another.  This is all well-written, front page hogwash.

First, the Democratic and Republican parties were hacked the first time Obama ran.  I wrote about the Chinese attacks in my first book, five years ago.  This is nothing new.  The political parties could have hired good security companies to keep people out of their networks, but chose instead to get some people they trusted to do the job, i.e somebody with political trustworthiness, not technical ability.  On that count, they get what they deserve.

On the second count, it is not just the Russians who are doing this hacking, but the Russians have been singled out.  I remind you that the Russians were accused of hacking the State Department, something that is still not over because State did not, and would not, correct what caused the hacking to begin with.  State has no secrets from the Russians.  Donald Trump may have known that when he asked the Russians to see if they could find the other 30,000 emails that Hillary Clinton destroyed.  They probably have them.  But so do the Chinese, maybe the Iranians, the French, and anybody with cyberspies of a decent caliber.  Given the kind of security the parties have, it is no wonder that half the world can hack them.

The Times has not wished for retaliation against the Chinese for all the hacking they have done, and they probably hacked the same politicos that the Russians are accused of.  It is only politics that causes them to have this deep national security concern now that the Democrats have been hacked.  For the lack of retaliation in the past, we have a weak foreign policy to blame.  The National Security Council and the Office of the President are not retaliating for anything for the same reason the Democrats are not calling for it themselves.  The data that has been stolen concerns many of those same people that have to make the decisions to strike back.  They know what will happen if they do.

Chinese Censorship at Facebook

I recommend anyone interested in Chinese censorship read Li Yuan's article in the Wall Street Journal toady.  [ http://www.wsj.com/articles/weibo-navigates-brave-new-world-1469639981 ].  This article shows the transformation of Wiebo from a Facebook look-a-like to an e-commerce site mostly because it could not sustain the central government's incessant clampdown on content - basically anything the criticized the government policies.  The examples in this article are worth reading because they show how censorship and control of the Internet play together against particular individuals, and how that drove Wiebo into another business line.

It is not something we want to see here in the US. But, Facebook got a little close to censorship when it "accidently" cut off the Democratic National Committee emails posted on Wikileaks.  It is no secret which candidate the Facebook empire supports, but that kind of support does not include censorship of its own making.

Smashing iPhones to Make a Point

It is a little hard for the average person to believe, but the Chinese have been retaliating against the US actions in the South China Sea by smashing iPhones in public places, and harassing the people at Kentucky Fried Chicken.  There has to be a really big divide between people who react like this and the rest of the world.

I did a kind of informal survey at the grocery store the other day and most people thought I was crazy when I asked them what kind of actions we should take towards Chinese businesses that would let them know how we feel about the Chinese government actions in the South China Sea.  I now know how Roger Moore feels when he asks some of the questions he asks during his making of documentaries.  The most frequent response was "What?"  Some then grabbed their children and pushed the cart away quickly.   I mostly attributed this to people being surprised by surveys in a public place where they were not used to being asked questions.  I may try it at a mall one day to verify that.

I can't imagine paying the equivalent of a months wages on a cell phone and then smashing it in a protest measure.  Apple might repair some of them if you have that extended warranty that covers all forms of damage, but the protest is hollow if the owner goes and gets a new one.  People who protest at Kentucy Fried Chicken can tell who the real protesters are by the ones who have iPhones and the ones who don't.

Chinese Wages and American Politics

We seem to have political structures around the world that are interested in wages.  Both U.S.political parties are talking about wage increases of some type, and the Democrats are suggesting $15 an hour.  There was an article on China's wage dilemma in today's  Wall Street Journal that said one of the big players in Chinese markets was debating whether to raise wages or keep them somewhat the same.  The Central Goverment was telling him to keep them stable.  He was paying his employees an average of $284 a month.  At $15 an hour, it would only take a US worker three days to make the monthly wage of a worker in China.

In case you were wondering where our trade deficit comes from, this is it.  US businesses would rather manufacture in China than pay the labor rates that are being proposed for the US.  Nobody can convince a rational person that higher wages will help anyone who won't be able to find a job as more of them move out of the US.  I should also mention that Chinese labor rates have gone up over the last few years, so their workers are better off than they were.  But, this article is inferring that China is trying to balance wage increases with market realities - in other words, keep them down without causing worker demonstrations of which there are more than a few.

Both these political systems are playing games with their populations by pretending that things will get better with new leadership.  Both the US and China are getting new leaders but nothing will change for them given the disparity between what these two countries pay for labor.  It is no consolation that Thailand and Vietnam have managed to stay as low, or lower, than China.  None of those tennis shoes will be made in the US.

This is a trade war fostered by our own business leaders.  They allow dependence upon China as a labor pool, even though they know that supporting China is dangerous in the long run.  They steal our technology, undermine our politicians, expand their military and lay claim to vast expanses of territory.  They don't even treat US businesses operating in China with respect.  How long can the Boards of these companies continue to allow profits to overcome the realities of doing business with China?

When in Doubt, Change the Code

When politicians are in doubt, they change the narative, often without changing anything else.  Such is the case of the new cyber initiative in the White House and Homeland Security, which is supposed to change the way groups respond to cyber threats.  They do this by assigning numbers from 0-5 characterizing the urgency of response.  Zero means there is an indistinguishable amount of damage that will be done.  Nobody reports something like that, so I wonder why anyone would bother making that categorization.

This idea is a joke that is not funny.  The audience looks nervously around like they may have missed something everyone else got, but there is no laughter in the room.  Only the comedians at Homeland Security get this joke and none of them are laughing either.  Of course, these are the same people who have changed the response levels to terrorism multiple times to reflect their new found wisdom about how we measure this kind of threat.  They have heard it before which takes some of the benefit out of hearing the joke said out loud.  The joke is that they actually believe this kind of change in policy does something to benefit our cyber responses.

DNC Warned about Hackers

I worked with political figures for quite some time and most of them don't think twice about security of their networks.  They hire people to do that.  According to several press sources today there were warnings to the DNC that hackers were after information like what they had on hand.  The DNC claims these were not very specific and did not raise any alarms there.  Let's think about that a little bit.

This is almost the same language used by the folks who kept our security clearance records at OPM.  They were hacked;  they knew they were hacked;  they couldn't see that any information had been taken.  Don't worry about it, they say.  The Chinese had been in their systems for 3 years by the time it was over and the damage is incalculable from the loss of that data.   This is almost the same language used at IRS when hackers got into their records twice in the same year.

How specific does the information have to be to get understanding that hackers are after your data?  There are some systems administrators and IT managers who want the type of attack being used and where the source of it is.  They will take steps to shut it down by blocking the IP addresses of any country that is necessary, and getting some internal security that will help reduce the damage of phishing attacks.  That does two things.  First, it tells your adversary that you know they are hacking you and how they are doing it.  That will cause them to change their attack vectors and work harder.  Second, it focuses on doing a few things well, when a good deal more is required.  It is laziness that causes them to ask for specific information about the attack, not curiosity or concern for the data.  It produces the whack-a-mole mentality of attack prevention, always running behind the attacker.

Arrogance is the enemy.  When professional work for a national organization with lots of politicos around, a person can easily get the idea that powerful people will cover for your mistakes.  What you should think about is covering for them by doing security the way it is supposed to be done.  OPM and IRS are just two of these cases where arrogance and "I know better than you" got the leadership into trouble.  The DNC will sort this out and somebody will take the fall for it, but the pain is going to be great before it blows over.  At the senior corporate levels and government leadership, ignorance is not the enemy, arrogance is.  Being at the top of the food chain makes those people targets, but they can get security professionals who can make their systems reasonably secure.  It is arrogance that allows them to turn things over to people who can't.

DNC Claims Russia in Email

We have the curiosity of a hacker being identified as an agent of the Russian government, releasing email to Wikileaks.  What is odd about this is the lack of any kind of evidence that the Russians were involved.  I know this is confusing to people who do not live in the United States, and probably murky even to those who do.  Is it really credible to blame the Russian government for this hack?  Can anyone say it was the Russian government and not some hacker-for-profit guy who was making money at this?  The short answer is "no" to both of those.  

As Donna Brazile, now the soon to be Chairman of the Democratic National Committee (DNC) pointed out this morning, there will be more of these to follow so the damage control will be extensive.  This whole thing is just starting.  There are already claims that part of the demonstrations at the Trump rallies were engineered by the DNC.  I thought the Russians were behind those, and was obviously wrong.  

The narrative out of the DNC is that Russia is favoring Trump, the Republican nominee, over Clinton.  Clinton, the Democrat, was favored by the DNC over her rival Bernie Sanders.  That was part of the whole mess that caused the resignation of the current DNC Chair because the Committees are not supposed to favor one candidate over another.  She denied doing that, but got caught by the stolen email.  

As I said, this is about narrative, not facts.  Nobody has attributed the hack of the DNC too anyone, but intelligence services are not easy to pin down.  All of them use proxies, so that even if we were to find out who gave the document stash to Wikileaks, it might be harder to figure out who was really behind it.  We used to say, "If you are really good, you won't get caught."  Intelligence services are really good and they don't tell anyone, even if they are caught.  So, we really cannot blame the Russian government until there is some attribution, probably behind closed doors.  That will take a month or two, so getting out a narrative right now is safe.   It took almost that long for Congress to hear that China took the database of OPM.

The DNC narrative is easier to believe if we say it was the Russian government with lots of resources behind it, rather than say a person who hacks for a living did it and the DNC had lousy security.  Donors don't like to hear the latter.  The narrative fits the concern about the privacy and security of donor lists and internal communications some of them have with the top levels of the Democratic Party.  It would be better for an intelligence service to have it than a hacker for profit.  The hacker would sell it to somebody who paid for it.  The intelligence service would keep quiet about having it, and they probably wouldn't give it to Wikileaks which would negate a number of reasons for stealing it to begin with.

There is money in hacking - as anyone who has ever seen the text messages of Hollywood stars can testify.    Stealing email is not new but it is getting easier to do, so more people do it.  It was behind the Sony hack which caused no end of problems for the studio and many other news people who used it for hacking voicemail.  The narrative that says this was a professional hack for profit fits better here than the one being touted by the DNC.

Did You Ever Read that EULA?

Microsoft has just released a new version of its EULA, which is easier to read and access on line.  You may not like what you are reading but the reading is so much easier.  There are little things in it like this:

"Warranties. MICROSOFT, AND OUR AFFILIATES, RESELLERS, DISTRIBUTORS, AND VENDORS, MAKE NO WARRANTIES, EXPRESS OR IMPLIED, GUARANTEES OR CONDITIONS WITH RESPECT TO YOUR USE OF THE SERVICES. YOU UNDERSTAND THAT USE OF THE SERVICES IS AT YOUR OWN RISK AND THAT WE PROVIDE THE SERVICES ON AN "AS IS" BASIS "WITH ALL FAULTS" AND "AS AVAILABLE." YOU BEAR THE ENTIRE RISK OF USING THE SERVICES. MICROSOFT DOESN'T GUARANTEE THE ACCURACY OR TIMELINESS OF INFORMATION AVAILABLE FROM THE SERVICES. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAW, WE EXCLUDE ANY IMPLIED WARRANTIES, INCLUDING FOR MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, AND NON-INFRINGEMENT."

It has always amazed me that vendors can get away with licensing a product and saying it will not be liable for merchantability of that product.  Our local enforcers stopped a couple of young girls from selling lemonade on the sidewalk because they were concerned that it might not be properly mixed or  the temperature maintained, but Microsoft can sell you something and deny that the product has to be useable for the purpose it was sold for.

And don't be concerned about your content.  Microsoft will not claim it [ that thought never entered my mind until I read that ] and will not be responsible for it:  

" Your Content. Many of our Services allow you to store or share Your Content or receive material from others. We don’t claim ownership of Your Content. Your Content remains Your Content and you are responsible for it.

• a. When you share Your Content with other people, you understand that they may be able to, on a worldwide basis, use, save, record, reproduce, transmit, display (and on HealthVault delete) Your Content without compensating you. If you do not want others to have that ability, do not use the Services to share Your Content. You represent and warrant that for the duration of these Terms, you have (and will have) all the rights necessary for Your Content that is uploaded, stored, or shared on or through the Services and that the collection, use, and retention of Your Content will not violate any law or rights of others. Microsoft cannot be held responsible for Your Content or the material others upload, store or share using the Services."  

And the extortion of the whole idea of this kind of licensing agreement is that if you don't like these conditions you should stop using their services and close your account.  

We need a new law in this area.  Software is a product and should be useful for the purpose it is sold.  There cannot be exceptions.   Second, if the product use damages your content, they should be responsible for it, not you.  Third, you should be able to opt out of these two areas and still use the product.  This is not something lawmakers should be allowed to continue.  Write to yours and tell them licensing needs to be changed.  

Russian Proxies

In the Cipher Brief today, Rob Dannenberg has a nice piece on Russia's use of proxy groups to further their political means and make attribution more difficult.   As he points out, Putin came from a KGB background and it doesn't seem to have worn off much since he took over the government.  He can't stop the kinds of behavior that he was engaging in when he was working his way up.  What makes you successful, will only take you so far.

China and Russia are variations on the same theme, only the Chinese have always been a little smoother than the Russians.  One scientist with a lot of secrets in his head told me that the Russians regularly offered him prostitutes, travel, and a general good time, followed by very clear threats if that didn't work.  The Chinese offered him praise, an interpreter who he always felt was close by not too close because of their understanding, and dinner out with other scientists when it felt right.  They were patient, coddled his graduate students and invited them to China.

Proxies are a variation on the cyber intelligence collection and harassment themes.  The government denies involvement and feigns surprise that any such thing could be blamed on them.  But the psychology of the two countries is still much the same as it was.  The Russian example is about knocking out the power grid in the Ukraine.  The Chinese steal the database of security clearances from the US government so it can be used for blackmail of government employees.  No subtlety from Russia.  A warning from China about how cyberwars will be conducted in the future.

Chinese Poke Philippines

In a story reminiscent of the "Ugly American", an old movie about American diplomacy, China is trying to control what is said by Philippines leaders about their victory in the dispute over territory in the South China Sea.  In an article today in The Wall Street Journal [http://www.wsj.com/articles/man-in-the-middle-rodrigo-duterte-gets-a-taste-of-china-1468909553] the story of the brazenness of Chinese diplomats is demonstrated in the attempts to have the new leader of the Philippines limit what he can and cannot say about his case.  

I have been saying for a number of years that China wants to control what it's people hear and see from the outside world, but they want to do it by limiting what others say about China.  This seems to know no bounds.  Both Rodrigo Duterte and his minister had met the same day with the Chinese ambassador.  Both got the same kind of help with deciding what to say and what not to say.  If any other country had done what the Chinese did they would be looking at accusations of intimidation and diplomatic malpractice.  What we lack in the world is a diplomatic corps willing to push back against this kind of outright bullying.

I heard the story of a Latin American diplomat who stuck a gun in the face of one of the ambassadors of another country to make a point about his past involvement in killing people who spoke out against the government.  It was a very undiplomatic but it did make his point clear and the other fellow carried a message back to his embassy that was probably memorable.  We can think of the Chinese as thugs, but they are more like Mafia enforcers who know very well what they are doing and how to make their points clearly.  The amazing thing is the tolerance for their behavior among the other diplomats of the world.

Russian Doping is Well Documented in Report

The Russians are in trouble because they have been doping athletes who participate in the Olympics.  What is behind the documentation of their actions is something called an Independent Person Report by Dr. Richard H. McLaren, appointed by the World Anti-Doping Agency (WADA).   McLaren's report is long, interesting, and worth reading if you want to know what is really being said about the Russian doping process for its Olympic athletes [ see https://wada-main-prod.s3.amazonaws.com/resources/files/20160718_ip_report_final3.pdf. The most damning statement is this:

"The Ministry of Sport directed, controlled, and oversaw the manipulation of athletes analytical results  or sample swapping, with the active participation and assistance of the FSB, CSP, and both Moscow and Soshi Laboratories. "

 The FSB involvement is the Russian Federal Security Service, where Valdimir Putin came from, and the CSP is the Center for Sports Preparation of National Teams of Russia.  It would be almost impossible for Putin not to know that this was going on, given the organization and number of people involved who were part of the government.

The state-controlled media makes it sound like Russia is being persecuted because it did so well in the Olympics.  It was almost funny, were it not so rediculous.   This effort was organized and well planned.  They got caught.  They deny anything happened and will try to say it was all a conspiracy by anti-Russian countries to discredit them.  This approach works most places in the world, but for some reason, not so well in the Olympics.  Maybe it is because Olympic athletes work so hard to get to that competition and every one of them has to make a supreme effort just to get out and practice every day.  They don't like cheaters taking medals.

Sentencing Cyber Crimes

The legal system does not know how to sentence cyber crimes, and it never has.  We can write all the sentencing guidelines we want, but it still comes down to a court applying normal rules of sentencing for certain types of crimes.  This is just one example taken from two recent cases that will illustrate the point.

Chris Correa was a baseball scout for the St Louis Cardinals.  He had come from the Houston Astros baseball club and, from my understanding, had passwords from the system that gave him access to the Astro's player databases.  Baseball being a statistics driven game, you can see the importance of that kind of data.  He was prosecuted for having unauthorized access to the Astro's system, though I would say that was not unauthorized access if he had it before and they failed to delete his accounts.  He was treated as if he were still an employee.  His lawyers may have overlooked that issue at trial, but maybe it never got that far.  He was sentenced to 46 months in prison.

The case of Su Bin, a Chinese National indicted for helping the PLA steal documents from defense contractors has finally been put to rest with a plea agreement that sends him to jail for 46 months.  Su was helping the PLA steal sensitive documents from Lockheed and Boeing on our most advanced aircraft.  He did this over a number of years and was helping translate some of the stuff into Chinese. He knew what he was doing.

Two crimes with the same sentence, but one is by a national of another country stealing secrets from our businesses, and the other is a baseball scout getting access to player data he probably had before.  Somehow, there does not seem to be justice in sentencing here.  This is something Congress and the Justice Department need to examine more closely.  Two disparate crimes, one with national security implications, and one with no implications what so ever, get the same sentence.  They are not equivalent.  They are not even the same crime, if you asked me.  On the other hand, how anyone can say Su Bin got a fair sentence for what he did, is beyond me.  He should have gotten life.  There is something wrong with the sentencing guidelines, which have been adjusted over and over in the 30 years these have been crimes.  Time for a new adjustment.

Dissident in China Not Healthy Profession

I read three stories about a Chinese dissident, Yu Jie, who has written 30 books about subjects that are sensitive in China and can lead to bad things happening to the author.  [ see http://www.nybooks.com/daily/2012/07/14/china-fault-lines-yu-jie-liu-xiaobo/ , http://www.ft.com/cms/s/0/13c6fcb2-7285-11e1-9be9-00144feab49a.html#axzz4ElTUCvFJ & http://www.wsj.com/articles/notable-quotable-chinese-christianity-1468797772 ]

His first indication of that came when publishers decided not to publish his books.  They are probably all on that list of banned books that were being sold by Hong Kong book distributors.  The Chinese arrested them too.  Yu Jie is a converted Christian in a land of atheists, who predicts by 2030 that there will be more Christians in China than in the US.  That would not be something the central government would want to hear, but his writings have had a lot more to say about things that far exceed that in sensitivity.

He has since moved to the US after writing about Wen Jiabao, a former Premier and some interesting people like Bo XiLai, who had the misfortune of being married to a murder who tried to cover up her crime.  What these two had in common were the similarities between the revival of some of Mao's more interesting social upheavals by Bo, and Wen's criticism of them.  They demonstrate one thing clearly - those who criticize in China had better be right.  Bo Xilai who was moving up fast in the political structure, is now no longer part of it.  Wen, who tried to peacefully stop the demonstrations at Tiananmen Square, still went on to be Premier.

These are the kind of topics that can get a writer in China in hot water.   Yu Jie was warned about publishing further books.  He took those warning seriously and left the country.  Before you think of him as a coward for leaving, remember he wrote 30 books and lived in China all that time.  He signed the Charter 08, a human rights declaration that was not received well in the central government.  He had to know that was not going to go over very well and would have consequences.  How a person can live and work in that environment for so many years is beyond me.  It takes bravery of a type that is hard to define.

When Evidence is Not Conclusive

The Russians know how to make news.  An article by Adrew Kramer in today's New York TImes [http://www.nytimes.com/2016/07/16/world/europe/malaysia-airlines-flight-17-russia.html?_r=0 describes a report by researchers at the Middlebury Institute for Interneational Studies which details how the Russians modified two photographs which are supposed to be Russian satellite images of the crash site of Malaysian Airlines flight 17 which was shot down in 2014.  The researchers ran these photos through software that allowed them to tell when a photo had been touched up.  Kramer provides examples in the article, but there is no doubt the photos were doctored to eliminate details that the Russians did not want anyone to see.   The researchers are working for someone who is trying to convince a European Union court that the Russians are trying to avoid liability for any actions that might have led to the downing of the airliner.

The problem with trying to make up a story is that so many people and physical evidence has to be modified to make a story fit together.  Touching up the pictures just makes them look guilty, but the truth was not very convenient for their purposes.  This is how Russia makes news.  Them facts do not matter as much as the story line the Kremlin wants to convey.  Just give us the facts and we can make the evidence fit that.

Microsoft Makes Apples out of Oranges

There is quite a bit of hoopla about the Microsoft Inc "win" in a case involving a U.S. Drug warrant issued for email kept on a server in Ireland.  The court ruled Microsoft did not have to to produce the data since it was not within the jurisdiction of the warrant.  The first ruling was in the Second Circuit Court in July 2016.  It said a warrant has limits and those limits do not go outside the United States and its territories, which was not news to anyone in law enforcement.
[ http://www.ca2.uscourts.gov/decisions/isysquery/79f10115-e24e-49b3-b72b-1df1e7e97911/4/doc/14-2985_complete_opn.pdf ].

However, Microsoft and it considerable number of allies in Silicon Valley went even further than the issue of warrants, as described by the Wall Street Journal today:

 "The case is part of a broader fight between Silicon Valley and Washington over how much authority the government has to force technology companies to help them gather data in investigations. The companies argued that revelations about U.S. spying with the help of telecom companies have heightened foreign sensitivities and placed U.S. firms at a competitive disadvantage abroad."  [ http://www.wsj.com/articles/microsoft-wins-appeals-ruling-on-data-searches-1468511551 ]

The collection of intelligence has nothing to do with law enforcement.  Microsoft et al have mixed the allegations of Edward Snowden into a matter that has nothing to do with the case at hand.  What they are really saying is they are not going to help the US government spy on anyone -  in the name of privacy.  This is a foot-in-the-door argument that will be cited to exclude the Intelligence Community, like Twitter did last year when it decided to stop selling data to the US IC.  These hypocrits have put a stake in the ground around a legal issue related to law enforcement when they really have a lofty position that puts them above the intelligence collection interests of their own government. It is a totally irrelevant argument because one has nothing to do with the other.  Intelligence Services do not get or need warrants.

What I don't like about this is the industry attitude that they don't have to cooperate if an intelligence service decides to collect data on their systems.  Vodaphone released a long list of countries and their rules on cooperating with Intellignece Services.  They were not being offered a choice in most countries.  Some wanted direct, unrestricted unencrypted access to anything that went into and out of their services.  Most wanted some access through portals controlled by the government.  All wanted some access.  China wasn't included in the Vodphone list,  but we already know what China wants, and so does Microsoft.  They want access to anything and everything and they want source code and encryption software that might keep them from getting it.  That is Microsoft's code and they are required to give it up.

This Holier Than Thou attitude is beyond business thinking almost everywhere I have been in US industry.  They are perfectly willing to cooperate with China, but they don't want to cooperate with their own government.  Their reasoning is that it might reduce their competitive position in the markets of the world.  Please....  Those other markets don't give a damn about our privacy in their countries.

Contractors Hack Put to Rest

The case of Su Bin, a Chinese National indicted for helping the PLA steal documents from defense contractors has finally been put to rest with a plea agreement that sends him to jail for 46 months.  With the parole and time-served provisions, he won't be there too long.

What he did was help individuals in the Chinese Army steal information from contractors - at least Boeing and Lockheed that were named in the LATimes report of his arrest.  These were documents related to the F-35, F-22 and C-17, some of our newer aircraft.  There is a lot to this story, but the aspect I was interested in was the availability of systems containing this kind of information from the Internet.  It was certainly sensitive and deserving of protection, yet Su was able to help the Chinese government get to those documents by using old access authorizations.  These are two defense contractors that contract with other companies to sell security services for protection of business secrets, yet they cannot protect their own.  How it is possible for flight data tests to be available from the Internet is a question we should ask of the Program Managers of these programs.  This is the kind of theft that the government needs to get some action on preventing.  The Chinese will take anything they can get their hands on so that part is not so surprising.  The fact they could is what is really amazing.

It reminds me of a counter-measures person from another country who told me a story about how the counter-measures business was so lucrative where he came from.  His government was always wary of US satellites getting data about what they were testing so they told the developers never to test in the open where they could be seen.  They did anyway.  He laughed when I asked him why.  It seems that both sides of the business tested where the other country could see what was going on.  Each side  knew what the other was working on and came up with new counter-measures for each new one that the other side developed.  It kept both of them in business.  Perhaps we have a valuable lesson in that conspiracy.

Obama Learns from Cyber Mistakes

There is an interesting piece in Federal Computer Week [https://fcw.com/articles/2016/07/11/obama-cyber-weakness.aspx?m=2] that purports to show how President Obama has learned about cyber security after the White House was hacked.  That does bring it home when somebody steals something that you are personally affected by.    He emphasized the importance of education, especially for people using handhelds like his Blackberry, and said everyone needs to pay more attention to the business of protecting their information systems.  Better late than never.

We might have thought that the President would have taken an interest in this subject after the Post Office and IRS got hacked more than once.  We might have thought it would be a little important after the State Department e-mail system was hacked by a foreign government (don't confuse this with Hillary Clinton's e-mail catastrophe which is not the same thing).  But, if nowhere else, we would have thought it would have been important after the loss of millions of security clearance records from the Office of Personnel Management.  The business leaders of Washington, politicians, and staffers all had clearance information that was lost.  That would seem to prompt an action to improve the state of cyber security in the government, but it took a hack of the White House to bring it home.  Then, he decides to address the issue while in Europe where it will get next to nothing in the way of press coverage and no interest at all in the Federal channels it was addressed to.  It is not what you say that counts, Mr. President, it is what you do - or in this case, don't do.  The Clinton e-mail fiasco was part of that learning experience.  Since he sent email to and from the systems, he knew she had an email address that wasn't official.  Hackers of the White House might know it too.

Yes, there are lessons to be learned here.  We just have to figure out what they really were.

United Nations Rules Against China's Claim to SCS

Most people have never heard of the United Nations (UN) Arbitral Tribunal.  It was set up to settle disputes that otherwise might lead to confrontation or fighting, especially maritime ones.  In 2013, after a 2012 dispute with Chinese vessels, the Philippines brought a case that concerned China's claims to the South China Sea.  China refused to participate and has ignored the basis of any claim against them.  They will undoubtedly continue that same course.  They ignore any idea that the claim they have to the South China Sea might be a matter of interpretation.  They believe they own the territory and have set out to make sure everyone else in the world acts as if it does.  This kind of action by China leaves the rest of the world's leaders wondering if they can follow any standards of behavior except the ones they believe in.

China acts as if it has already won this battle on its own terms and will not surrender now.  Building an island out of nothing does set an interesting precedent and on that count they have created a new entity that belongs to them.  That really was not the whole point of the Tribunal's case.  The part we are missing was the second finding, that the Exclusive Economic Zone (EEZ) of the Philippines was being interfered with by China.  China violated the Philippine's exclusive economic zone by interfering with fishing, petroleum exploration and constructing artificial islands.  China is really not going to like that part because it applies a lot of other places than just the Sprately Islands where the original claim came from.   Now, it won't be just the Philippines by themselves.  Viet Nam and a host of others can continue their pushback with the legal and moral high ground.

Why Does NATO have to Guess?

Several articles have come out this week about NATOs websites being interrupted while it gets together to talk about Russian aggression in the east.  Ones like http://www.wsj.com/articles/nato-linked-websites-go-down-cyberattack-suspected-1468001918  describe the wonder by NATO officials about whether or not a cyber attack has taken down those sites.  It says a lot about NATO that they have to speculate about whether they have been attacked.

This may be politics talking and not real Information Technology, because almost everywhere I ever worked, we would know if we were brought down by hackers and would not have to speculate very long about it.  Alarm bells would be going off on our systems and administrators would be looking at the traffic patterns to determine if we were suddenly overcome with a gigantic interest in NATO affairs, or a groups of hackers were running a DDOS attack from somewhere.  If the NATO administrators are so uninformed about their own systems, then there is something wrong with them.

Making News

Governments, especially those of dictatorships, are well known for making news - not showing up on the front pages of newspapers from around the world, but by manufacturing stories so incredible that even the readers of their publications find them difficult to believe.  Russia, China, Iran, Turkey, and a number of others control news and make it fit what they want the reader to believe, not what actually happened.

To that end, Karen Kawisha, in today's Wall Street Journal, reviews Arkady Ostrovsky's book, The Invention of Russia, a look inside the making of Russia's less-than-free press, famous for making up stories that fit the party line, without much interest in the truth, or describing events as they actually occurred.  Even readers of the Russian newspapers understand what these publications are for.  They are rarely news outlets;  they are propaganda machines.  Ostrovsky describes a completely manufactured story of a crucifixion in the Ukraine as one example.  When it comes to RT there are many more including the criminalization of the Ukrainian leadership with images distorting their looks so they appear as cartoon character villains, which I wrote about in my third book.  

This goes to the credibility of the source.  When a news outlet tells incredible stories, it loses an increment of believability from that time on.  It is not something we think about when we think of Western newspapers, but more and more our news outlets repeat things they know should be fact checked before they are published.  They are incredible, but published exactly as they are because the reporters are lazy.  They use the phrases "could not be reached for comment", or "did not reply to our inquiry" which was just made 10 minutes ago.  They use the excuse that they have deadlines to make so that confirmation, or the other side of the story, can wait.  We have armies of press secretaries and political hacks who make a living off of making stuff up, slanting stories to fit a public perception that they are want to enhance, or outright lying about events.  Their lies will not be discovered without missing a few deadlines, or postponing a story until the facts are known.  

At least with Russia and China we know the news is intentionally slanted, censored, and made to fit the mold created by the state.  We understand that dictators do that.  But, let's not pretend that is is only dictators who do.  The free press owes itself a little bit of soul searching about what it publishes in the name of truth.  We have news outlets that clearly favor one political candidate over another.  They call "experts" that clearly favor one over the other, and load them on a schedule that omits opposing views.  When CNN hired Cory Lawendowski, Donald Trump's ex campaign manager, it took heat from part of its audience that only wanted to see "fair and impartial" reporting from its commentators.  Really?  Who are we kidding?  Opposing sides are the only way to get the truth of anything.  

A Billion Dollars for Pics

I wonder who said it was important to spend over a billion dollars to send a spacecraft to take close-up pictures of Saturn?  NASA tries to imagine that this boondoggle was about the potential for life out there but it won't be life we can talk to, or do anything with.  It is more about preserving NASA and the Jet Propulsion Laboratory.  Nothing does better at keeping people together than tax payer money.

This Billion is like the money we spend to keep tanks, airplanes, helicopters and ships being built when nobody wants them anymore.  In order to keep the assembly lines open and the people working, Congress buys more of something we don't need or want.  We sent 5 probes to Saturn at various times and if there is life up there, they must be wondering where all the traffic is coming from.  Congress wants to send two more of them up there, spending 200+ million for the preliminary steps to plan it.  No wonder our deficit is so high.  Doesn't anyone on the Hill know how to say NO?

Foreign Money in US Politics

In a Reuters story two days ago, the name Bilal Shehu pops up in conjunction with a Justice Department plea agreement.  He pled guilty to supplying $80,000 from a foreign source to the Obama campaign of 2012.  Reuters attempts to link this to Albania this way:  "But the case came after a Republican congressman in 2013 called for investigations into the purchases by Shehu's family of two $40,000 tickets for a San Francisco fundraiser, one of which was used by now-Albanian Prime Minister Edi Rama.

At the October 2012 event, Rama, the Albanian Socialist Party leader, was photographed with Obama."  [http://www.reuters.com/article/us-usa-crime-election-idUSKCN0ZF2S6]. 

We have the same sort of sorid dealings here in Virginia with a Chinese national giving money to the governor and the Clinton Campaign.  Someone in that case made sure the donation was "legal" by making the Chinese national a resident alien.  How a person gets this status when he is a businessman from China, who served at the highest levels of government in China, is a mystery deserving of a criminal investigation.