Many news outlets carried the story yesterday about the bombing of the Chinese embassy in Kyrgystan. No Chinese were killed but the embassy was hit with a car bomb that blew out windows and injured three local embassy employees.
Geography is not my strong suit, so I looked this place up. When you see where it is, it might create an "Oh yeah" kind of moment. It is located in the northwest corner of China, sharing a large border with it. That part of China has not been a great place to live since the Uighurs, largely Muslim population decided to cause trouble for the resident Chinese. There have been all manners of incidents, including a particularly graphic stabbing of people at a train station.
This particular incident may indicate it is getting to be more difficult to do much terrorism in China. It might not have been the Uighurs in this case, but they are the likely suspects when there is an explosion anywhere that targets Chinese in that part of the world. I'm guessing it was and more will follow. Kidnappings, murders, and the like have caught on everywhere. Kidnapped oil company employees have already found the Chinese. Like other countries, China will find it difficult to control things outside their own borders.
Wednesday, August 31, 2016
New Problems for SWIFT and Banks
Swift probably wishes its problems would go away, but it doesn't look like that will be happening anytime soon. A Reuters exclusive story (http://www.reuters.com/article/us-cyber-heist-swift-idUSKCN11600C) today, indicates there have been other banks hacked since June by people using the same techniques used in Bangledesh. That is not good news because it shows that banks are not being responsive to new rules put in place to try to correct these problems.
The excuse was partially made that Swift does not have regulatory authority over banks, but that is really underestimating the authority they do have. Banks are insured and agree to follow Swift's policies as a condition (at least some policies by a body authorized to establish the intermediary banking systems). They also have influence with regulators whose policies they are also not following. Bangledesh was egregious if the reporting was accurate; nobody wants a repeat of that mess. Swift was not very swift in its response to that incident and will be trying not to make that mistake again. Regulators were also not very responsive. Banks cannot afford these kinds of losses, nor the attack on basic infrastructure of the financial system. This should have been a wake up call for any regulator or any government.
This reminds me of MasterCard and Visa. We see similar infrastructure attacks on these retail
Communities. This is not like stealing my credit card number from some retailer. This is like breaking into a card processing center and stealing all the cards processed there. Governments need to show more interest beyond establishing new regulations. That is the easy way out. There needs to be better transaction validation, better audits, and tighter business processes. All of these involve new technologies to support them.
Swift, and others like them, ar the basis of trust in the banking system. When that goes away, there will be big problems with international transactions. If the regulators can't be responsive, a black list of noncompliant financial institutions will not be far behind. I have seen insurers close banks for less than what was done in Bangledesh.
The excuse was partially made that Swift does not have regulatory authority over banks, but that is really underestimating the authority they do have. Banks are insured and agree to follow Swift's policies as a condition (at least some policies by a body authorized to establish the intermediary banking systems). They also have influence with regulators whose policies they are also not following. Bangledesh was egregious if the reporting was accurate; nobody wants a repeat of that mess. Swift was not very swift in its response to that incident and will be trying not to make that mistake again. Regulators were also not very responsive. Banks cannot afford these kinds of losses, nor the attack on basic infrastructure of the financial system. This should have been a wake up call for any regulator or any government.
This reminds me of MasterCard and Visa. We see similar infrastructure attacks on these retail
Communities. This is not like stealing my credit card number from some retailer. This is like breaking into a card processing center and stealing all the cards processed there. Governments need to show more interest beyond establishing new regulations. That is the easy way out. There needs to be better transaction validation, better audits, and tighter business processes. All of these involve new technologies to support them.
Swift, and others like them, ar the basis of trust in the banking system. When that goes away, there will be big problems with international transactions. If the regulators can't be responsive, a black list of noncompliant financial institutions will not be far behind. I have seen insurers close banks for less than what was done in Bangledesh.
Tuesday, August 30, 2016
Harry Reed Sheep Dipping
Harry Reed is sheep dipping when he says there is a relationship between the Trump Campaign and Russian hackers who seem to be going after Democrats favoring their candidate. The term has another meaning in the Intelligence Community, but that clearly does not apply here. The one that does is from persuasion and marketing - throwing out ideas in a stream, hoping some of them will stick with the intended audience. Truth does not enter into this. It is just offering semi-plausible explanations, hoping one of them will find favor with an audience. The Russians are famous for this kind of thing, doing it in the Ukraine when the rebels they were supporting shot down a commercial airliner with a missile system they got from the Russians.
The Russians surmised first that the Ukrainians shot down this airliner with fighters, mistaking it for Vladimir Putin's airplane which was passing that way at the moment. Then, they decided the Ukrainian ground forces shot it down by mistake. As incredible as it sounds now, these stories stuck with some of the people in the Ukraine. In the following months there were more theories about how the events happened and none of them indicated the Russians gave a complicated missile system to people who didn't have the capability to do target identification first.
Harry Reed offers this sheep dip as a way of explaining why the Democratic National Committee, Hillary Clinton's e-mail servers, and an assortment of things showing up on the Wikileaks servers were hacked because the Republican opposition must be aligned with them. This is the same person who started the story that Mitt Romney the previous Republican candidate paid no taxes. The truthfulness of that story was demonstrated often, but never to Reed's satisfaction. He still says it, knowing it is not true.
A few people will believe this kind of "truth" long enough to have the saying of it achieve it purpose. What should we say about politicians who do this sort of thing in an election cycle that says the majority of people here do not trust their political candidates? Vince Lombardy, one of the best American football coaches, used to say that Winning isn't Everything - It's the Only Thing. That applies very well in football, but national politics is not a game. We should expect that political candidates will play a version of truth that fits their side of a story, but not lie outright with the idea that nobody will find out until after the election is over. Where are all of those fact-checkers when you really need them?
The Russians surmised first that the Ukrainians shot down this airliner with fighters, mistaking it for Vladimir Putin's airplane which was passing that way at the moment. Then, they decided the Ukrainian ground forces shot it down by mistake. As incredible as it sounds now, these stories stuck with some of the people in the Ukraine. In the following months there were more theories about how the events happened and none of them indicated the Russians gave a complicated missile system to people who didn't have the capability to do target identification first.
Harry Reed offers this sheep dip as a way of explaining why the Democratic National Committee, Hillary Clinton's e-mail servers, and an assortment of things showing up on the Wikileaks servers were hacked because the Republican opposition must be aligned with them. This is the same person who started the story that Mitt Romney the previous Republican candidate paid no taxes. The truthfulness of that story was demonstrated often, but never to Reed's satisfaction. He still says it, knowing it is not true.
A few people will believe this kind of "truth" long enough to have the saying of it achieve it purpose. What should we say about politicians who do this sort of thing in an election cycle that says the majority of people here do not trust their political candidates? Vince Lombardy, one of the best American football coaches, used to say that Winning isn't Everything - It's the Only Thing. That applies very well in football, but national politics is not a game. We should expect that political candidates will play a version of truth that fits their side of a story, but not lie outright with the idea that nobody will find out until after the election is over. Where are all of those fact-checkers when you really need them?
Voting Machines
In my last book, The New Cyberwar, I outlined some of the things Russia did to undermine the Ukrainian national election. As Bruce Schneier wrote recently for the New York Times, our voting machines are not very secure in some places. We know that, and like many of the other cyber attacks on government, we pushed those thoughts aside. Correcting those problems costs money and time. Our national leadership in cyber is as bad as I have ever seen. It is unable to correct the security of government computer networks, and doesn't want to deal with security matters that take more than a day to fix. Executive Orders do not fill the holes.
Yes, the voting machines proved hard to hack in the Ukraine, but they did not go after those. They went after the points of data aggregation in Kiev. They were not trying to stop voting. They were trying to stop the voting results from being processed. At times like this, there is no panic among government officials who is want to keep down the discussion until after the election is over and they can move on. They may find it more difficult if the results are delayed for a few weeks and they have mud on their collective faces.
Yes, the voting machines proved hard to hack in the Ukraine, but they did not go after those. They went after the points of data aggregation in Kiev. They were not trying to stop voting. They were trying to stop the voting results from being processed. At times like this, there is no panic among government officials who is want to keep down the discussion until after the election is over and they can move on. They may find it more difficult if the results are delayed for a few weeks and they have mud on their collective faces.
Monday, August 29, 2016
China's New Aircraft Engine Business
Well, I hope all the aircraft engine makers from around the world who helped China develop its own aircraft industry, will be pleased to see that they now have competition from a new Chinese engine. China has many new industry firsts this year, and this new engine to be developed by Aero is only one. In a Wall Street Journal article today it was described this way, "Aero Engine Corp. of China, or AECC, as a “strategic move” that would accelerate the development of indigenously made jet engines and thereby boost national prestige and military power." (http://www.wsj.com/articles/china-establishes-new-state-owned-aircraft-engine-maker-1472397621)
The commercial businesses that help China develop the ability to build their own airplanes noticed how difficult it was to convert engineers who were used to building aircraft for the military to make commercial airplanes. None the less, they did make them and converted a good bit of that technology back into their old jobs making military planes. The same thing will now happen with engines. Businesses like GM who will start selling Chinese made cars in the U.S this year, will no doubt notice if these cars sell well enough to hurt their domestic sales. It may seem like a great idea to help the Chinese until you try to find a US computer, circuit board, memory, hard disk, router or cable. Once it starts, it is too late to think about it.
The commercial businesses that help China develop the ability to build their own airplanes noticed how difficult it was to convert engineers who were used to building aircraft for the military to make commercial airplanes. None the less, they did make them and converted a good bit of that technology back into their old jobs making military planes. The same thing will now happen with engines. Businesses like GM who will start selling Chinese made cars in the U.S this year, will no doubt notice if these cars sell well enough to hurt their domestic sales. It may seem like a great idea to help the Chinese until you try to find a US computer, circuit board, memory, hard disk, router or cable. Once it starts, it is too late to think about it.
Sunday, August 28, 2016
Russia and Turkey Agree
It appears that the one thing the Russians and Turkey agree on is that the Kurds cannot have any of the territory they took in Syria. First, the Russians bombed them, then Turkey used tanks. Whatever it was that Erdagon and Putin talked about last week, we can be sure that was one. We can imagine how Turkey's foray into Syria would have looked a few weeks ago. The U.S looks absolutely like a third world country in all of this, out maneuvered and out played on the battlefront.
Friday, August 26, 2016
China Drafts new Draft of Cybersecurity Law
In a story in the Wall Street Journal today we have an interesting outlook on how China appears to be changing its so-called "draft legislation" again. It is obvious that in the five years it has been enforced on the businesses in China that is is not very popular and, beginning with Apple's reluctance to participate, causing some businesses to reconsider doing business there. The article says China is going to allow some businesses to be members of the Technical Committee 260 which drafts this sort of policy change. The article seems to believe that this is a milestone in improving relations with businesses operating in China. The select group will include Microsoft, Cisco, Intel, and IBM, all the big players over the long term, which have deep roots there. Apple wasn't mentioned.
I have to say this article sounds like it was written by the Chinese press and not the Wall Street Journal. It wouldn't be the first time that happened, but not usually with such a well known paper. The Chinese are reaping what they were sowing seven years ago. Businesses are finally saying they are not giving up their trade secrets just to do business in China. Source code is a trade secret. Encryption software is a trade secret or a patented product. The businesses that have to have a Chinese national senior leader appointed to run their Chinese company won't like that either. These are all things the Chinese have demanded of businesses set up there.
They call their legislation "draft" to give the idea that they are considering doing something like this, when in fact, they are already doing it. Microsoft, Intel, Cisco, and IBM all know it. Now, they publish a draft of the draft to try to placate some of the critics. There is hypocrisy in there somewhere, but they gloss it over with policy that looks like something we have in the US, but isn't the same. They are good at forming "joint ventures" that are not really the same as ours. They are very restrictive on some types of manufacturing ownership without admitting it. They have draft legislation in lots of areas where we have not raised objections to their behavior.
Draft legislation in the US is not enforced until it is passed. In China, it is.
I have to say this article sounds like it was written by the Chinese press and not the Wall Street Journal. It wouldn't be the first time that happened, but not usually with such a well known paper. The Chinese are reaping what they were sowing seven years ago. Businesses are finally saying they are not giving up their trade secrets just to do business in China. Source code is a trade secret. Encryption software is a trade secret or a patented product. The businesses that have to have a Chinese national senior leader appointed to run their Chinese company won't like that either. These are all things the Chinese have demanded of businesses set up there.
They call their legislation "draft" to give the idea that they are considering doing something like this, when in fact, they are already doing it. Microsoft, Intel, Cisco, and IBM all know it. Now, they publish a draft of the draft to try to placate some of the critics. There is hypocrisy in there somewhere, but they gloss it over with policy that looks like something we have in the US, but isn't the same. They are good at forming "joint ventures" that are not really the same as ours. They are very restrictive on some types of manufacturing ownership without admitting it. They have draft legislation in lots of areas where we have not raised objections to their behavior.
Draft legislation in the US is not enforced until it is passed. In China, it is.
The New York Times and Wikileaks
I have read several times now a book called Open Secrets, a story of government in action told through the release of classified information mostly by one Bradley Manning. In the opening, Bill Keller tells how he and the rest of the people involved in deciding what information to print and what to leave out. He says they were aware that Julian Assnge "clearly had his own agenda" in contacting the newspapers that were to publish the material, one the Times and Guardian were suspicious of. For that reason, and to protect the lives of people mentioned by name in the cables from various diplomats around the world, some of the material was censored by the publishers, though still retained by Wikileaks. There will always be questions about how successful that review was, or how important it may have turned out to be, since Wikileaks published some of the things that were left out.
Now comes the story by the Associated Press about Hillary Clinton's schedule in the State Department, a schedule the AP had to sue to get, and new claim by Assange that Wikileaks will go after anyone who does harm to one of its sources as a result of information passed to them. The Times did not carry the AP story, but did publish one that showed the "transparency of the Clinton Foundation".
We accept too easily the notion that newspapers and television outlets are owned and operated by political people with their own agendas, similar to those of Julian Assange. We used to have a free press, the kind that made Watergate a well known term. It is unlikely that we would see a scandal of that dimension repeated by the Washington Post or the New York Times which would have to overcome internal bias beyond description. That is why Wikileaks has not gone away in spite of considerable efforts on the parts of many to see it happen.
Now comes the story by the Associated Press about Hillary Clinton's schedule in the State Department, a schedule the AP had to sue to get, and new claim by Assange that Wikileaks will go after anyone who does harm to one of its sources as a result of information passed to them. The Times did not carry the AP story, but did publish one that showed the "transparency of the Clinton Foundation".
We accept too easily the notion that newspapers and television outlets are owned and operated by political people with their own agendas, similar to those of Julian Assange. We used to have a free press, the kind that made Watergate a well known term. It is unlikely that we would see a scandal of that dimension repeated by the Washington Post or the New York Times which would have to overcome internal bias beyond description. That is why Wikileaks has not gone away in spite of considerable efforts on the parts of many to see it happen.
Wednesday, August 24, 2016
Apple Bends to Cook
I'm confused. I worked for HP (then EDS), and a couple of other businesses that had clients in all parts of the world. We found it beneficial to business interests to keep our politics to ourselves, lest we offend a client or two who might not agree with our position. We were not alone in the IT marketplace, and business partners and clients had choices about where they went.
I was pretty surprised when Meg Whitman, the CEO at HP, announced she was endorsing Hillary Clinton. That kind of thing was discouraged when I was there. Sure, we had people in high level positions that gave money to parties, even went to conventions, but they did it as private citizens and not as company employees.
Now, I don't much care what Tim Cook or Meg Whitman does as a citizen of our country. They are allowed to say who they endorse and who they will vote for. They even have a right to hold fund raisers. But, I believe it is bad for business and I am a stockholder. If I were to be on the board, I think I might have something to say about it, and it is not hard to explain why.
You can't separate Tim Cook or Meg Whitman from the companies they represent. Unlike Justin Bieber, or any of the Hollywood elite, their brand is the corporate brand, not a personal one. At the level I worked at, people used to ask me who I worked for and we exchanged business cards. At the level they work at, nobody asks. They know who they represent. So, as a shareholder I want to avoid offending those people who might be supporting another candidate. We have enough trouble making money as it is.
I was pretty surprised when Meg Whitman, the CEO at HP, announced she was endorsing Hillary Clinton. That kind of thing was discouraged when I was there. Sure, we had people in high level positions that gave money to parties, even went to conventions, but they did it as private citizens and not as company employees.
Now, I don't much care what Tim Cook or Meg Whitman does as a citizen of our country. They are allowed to say who they endorse and who they will vote for. They even have a right to hold fund raisers. But, I believe it is bad for business and I am a stockholder. If I were to be on the board, I think I might have something to say about it, and it is not hard to explain why.
You can't separate Tim Cook or Meg Whitman from the companies they represent. Unlike Justin Bieber, or any of the Hollywood elite, their brand is the corporate brand, not a personal one. At the level I worked at, people used to ask me who I worked for and we exchanged business cards. At the level they work at, nobody asks. They know who they represent. So, as a shareholder I want to avoid offending those people who might be supporting another candidate. We have enough trouble making money as it is.
Kurds Bombed by Everyone
I'm sure whatever religion you are, there is a special place in heaven for the Kurds. Raja Abdulramim added description to the place of the Kurds in Syria in today's Wall Street Journal. These were the forces who had US help taking the town of Hasakah. Them US scrambled fighters to remind the Syrians (and by inference the Russians) that bombing ours soldiers (another word for "advisor" in this case) was not a good idea. They were bombed by Syria while trying to get ISIS out of town. You may well remember the bombing by the Russians on groups of the same ilk in the northern part of Syria. They too were supposed to be bombing ISIS. Did we miss something here? I think we all know what is going on.
Saddam Hussein killed the Kurds with gas to keep them from gaining any territory in Iraq. The pictures made headlines at the time because gas does not discriminate. Women and children were twisted into painful poses and covered with residue. Now the Kurds are back in that area and more powerful than ever before. They are good fighters and most in the Middle East know it. They will fight with next to nothing in weapons or troops, frequently taking heavy casualities because of it. The advantage to us is - they win. Iraq may complain about them, but they don't want to get into a knife fight with any of them either. The Russians have apparently convinced Syria that they are bad people who just happen to be fighting ISIS.
The Turks blame all of them for what the PKK does, so they bomb the same people the US is working with, saying they are PKK. In Syria, those little fighting groups do not have uniforms or national flags on their units, making it easier to characterize them all as one group. It has the same feel to it as the arguments about being Muslim or being a Radical Islamic Terrorist. The latter are only a small, out-of-control, minority population splinted into several groups. But, it is hard to see a Muslim in a swimsuit that covers her whole body and not tie the two together - even if it is as insane as Turkey pretending all the Kurds are PKK.
The Russians seem to value a regime that favors Russia over any of the other possible motives for fighting ISIS. They want to keep those bases in Syria at all cost. We saw what happened after the Russians bombed Syrian targets from bases in Iran. The Iranians suddenly decided the Russians talk too much. It was, by the Iranian view, a covert operation like the ones the Russians have in the Ukraine. Apparently the Russians did not understand it that way. What Iran is discovering is something they should have already known, the Russians are doing what is best for Russia, not the Middle East, not the EU, or the rest of the world. Their glorious mission to protect Assad has a hollow, dark hole in the middle.
Saddam Hussein killed the Kurds with gas to keep them from gaining any territory in Iraq. The pictures made headlines at the time because gas does not discriminate. Women and children were twisted into painful poses and covered with residue. Now the Kurds are back in that area and more powerful than ever before. They are good fighters and most in the Middle East know it. They will fight with next to nothing in weapons or troops, frequently taking heavy casualities because of it. The advantage to us is - they win. Iraq may complain about them, but they don't want to get into a knife fight with any of them either. The Russians have apparently convinced Syria that they are bad people who just happen to be fighting ISIS.
The Turks blame all of them for what the PKK does, so they bomb the same people the US is working with, saying they are PKK. In Syria, those little fighting groups do not have uniforms or national flags on their units, making it easier to characterize them all as one group. It has the same feel to it as the arguments about being Muslim or being a Radical Islamic Terrorist. The latter are only a small, out-of-control, minority population splinted into several groups. But, it is hard to see a Muslim in a swimsuit that covers her whole body and not tie the two together - even if it is as insane as Turkey pretending all the Kurds are PKK.
The Russians seem to value a regime that favors Russia over any of the other possible motives for fighting ISIS. They want to keep those bases in Syria at all cost. We saw what happened after the Russians bombed Syrian targets from bases in Iran. The Iranians suddenly decided the Russians talk too much. It was, by the Iranian view, a covert operation like the ones the Russians have in the Ukraine. Apparently the Russians did not understand it that way. What Iran is discovering is something they should have already known, the Russians are doing what is best for Russia, not the Middle East, not the EU, or the rest of the world. Their glorious mission to protect Assad has a hollow, dark hole in the middle.
Russia to Meet with Germany and France over Ukraine
Next month at the G-20, which President Obama attends, German Chancellor Merkel and French President Hollande will meet with Vladimir Putin to discuss the increase in fighting in the Ukraine. [see http://www.wsj.com/articles/russia-ukraine-crisis-prompts-meeting-with-putin-at-g-20-summit-1471964484 ]You can bet they have been talking about this all month since the little episode in Crimea which resulted in the deaths of two FSB officers. Since then, Russia has increased the fighting, making us wonder why they are able to do that if those rebel forces are not running their operations at Russian direction. Then, they moved more troops into the region. Those guys have been back and forth so much, they must be tired of traveling.
Curious that there is no mention of the US President who is a lame duck, about to leave office. Not even a whif of discussion about the US position.
Curious that there is no mention of the US President who is a lame duck, about to leave office. Not even a whif of discussion about the US position.
Monday, August 22, 2016
Sympathy for Hillary Clinton
I have some sympathy for Hillary Clinton in her emails. I'm doing some research on the Wikileaks site on some of the things she was getting from her so-called "advisors" and stumbled onto something else. Some advisors have no idea how to boil down a thought into a few sentences that can be used by a person at this level of government. I'm not talking about blogging or tweeting here. This is business.
Some of these emails went on for pages and pages, which is probably why every photo I see of her includes people in the background hopelessly bent trying to read the fine print. Yes, some of them were classified. Yes, they were kept on a private server. Those are certainly bad things. But the really bad thing is the length that some people go to to get an idea across. Let me tell you a secret. While researchers may read more than a couple of paragraphs, senior leaders do not.
Some of these emails went on for pages and pages, which is probably why every photo I see of her includes people in the background hopelessly bent trying to read the fine print. Yes, some of them were classified. Yes, they were kept on a private server. Those are certainly bad things. But the really bad thing is the length that some people go to to get an idea across. Let me tell you a secret. While researchers may read more than a couple of paragraphs, senior leaders do not.
Gulf of Tonkin Significance
The Chinese are not ones to miss a historical connection when they do something, so these live fire exercises in the Gulf of Tonkin, southeast of Hanoi, will miss the attention of most people outside of the region, if they don't know their history. The Gulf of Tonkin Incidents (Wikipedia has some good accounts of these) were the main excuse the U.S used to show cause for entry into the Vietnam war. So, when the Chinese announce to the world that no ships may enter that area during the exercises, they are trying to show their dominion over the territory they claim, tell Vietnam that the squabble over territory is not likely to go their way, and remind the U.S that their last attempt to keep the area independent did not go too well.
They are laying claim to a large piece of water that they want to control, and not one that the U.S can control, even if they wanted to. Vietnam, on the other hand, may have something to say about it. They have fought with China before and are not reluctant to do it again if fishing or trade routes become more difficult.
The Chinese are good at this sort of thing. For them, 100 years is like a patch of yesterday. The Vietnam War ended in 1975. We have forgotten; they haven't.
They are laying claim to a large piece of water that they want to control, and not one that the U.S can control, even if they wanted to. Vietnam, on the other hand, may have something to say about it. They have fought with China before and are not reluctant to do it again if fishing or trade routes become more difficult.
The Chinese are good at this sort of thing. For them, 100 years is like a patch of yesterday. The Vietnam War ended in 1975. We have forgotten; they haven't.
Friday, August 19, 2016
Iran Nuclear Deal Favors Politics
The Iranian nuclear deal has become one of the cornerstones of the Obama administration, enough that ransom payments were characterized in different ways to hide exactly how they were paid. It is a simple attempt, gone wrong, to avoid tarnishing the deal with Iran.
So too, the ZTE sanctions levied in March and put on hold the week after, are avoiding the tarnishing of China's second largest electronics company which sold electronics to Iran while the rest of world did not because it honored the sanctions. There was no doubt at the time those sanctions were let that the Chinese government allowed ZTE to violate the sanctions with Iran and a few other countries. ZTE internal documents outlining the scheme to avoid sanctions were published along with the announcement of the sanctions. In June, records from Huawei were requested, suggesting that they were also being investigated as a second company doing the same things - actually using the same documents that explained how to not get caught.
The sanctions from March were twice delayed, first "to give ZTE a chance to restore its reputation" and this time, "to give additional time for the investigation" until November 28. This is a clear attempt to dump it on the next President and avoid the possibility of tainting the Iran agreement again. I would guess that it will be delayed one more time- at least until the end of January. It is clearly politics over the national interest.
So too, the ZTE sanctions levied in March and put on hold the week after, are avoiding the tarnishing of China's second largest electronics company which sold electronics to Iran while the rest of world did not because it honored the sanctions. There was no doubt at the time those sanctions were let that the Chinese government allowed ZTE to violate the sanctions with Iran and a few other countries. ZTE internal documents outlining the scheme to avoid sanctions were published along with the announcement of the sanctions. In June, records from Huawei were requested, suggesting that they were also being investigated as a second company doing the same things - actually using the same documents that explained how to not get caught.
The sanctions from March were twice delayed, first "to give ZTE a chance to restore its reputation" and this time, "to give additional time for the investigation" until November 28. This is a clear attempt to dump it on the next President and avoid the possibility of tainting the Iran agreement again. I would guess that it will be delayed one more time- at least until the end of January. It is clearly politics over the national interest.
Russians Lean to Ukraine
There is an interesting piece in the Wall Street Journal today about the Russian build up in the west near Ukraine. Putin said he was not happy about the killing of two FSB agents in Crimea, which almost sounds plausible to everyone. That is how it is supposed to sound, only it isn't.
The story includes a note that the bases these troops were deployed to were built in 2015. They were built over a year ago during the worst of times, but not used for much since then. You may remember that the rebels managed to shoot down a civilian airliner with a Russian missile system around that time. They pulled back and regrouped because Europe and the US put sanctions on them. Nobody likes having airliners shot out of the sky. The Russians needed a good reason for going back in. Now they have one. The Russians have not stopped expanding. Just like the Chinese in the South China Sea, they are both claiming territory they say was once theirs. Nobody seems to be willing to stop them.
The story includes a note that the bases these troops were deployed to were built in 2015. They were built over a year ago during the worst of times, but not used for much since then. You may remember that the rebels managed to shoot down a civilian airliner with a Russian missile system around that time. They pulled back and regrouped because Europe and the US put sanctions on them. Nobody likes having airliners shot out of the sky. The Russians needed a good reason for going back in. Now they have one. The Russians have not stopped expanding. Just like the Chinese in the South China Sea, they are both claiming territory they say was once theirs. Nobody seems to be willing to stop them.
Syrians Bomb Kurds
In Today's Wall Street Journal, there is an article that says it all in the title: Syian Airstrikes Hit Kurdish-Arab Forces Fighting Islamic State. The Russians, Iranians and Syrians want anyone outside their sphere of influence gone from this area, including the Islamic State, the enemy they say is their objective. Hardly. As I said in a previous post Syria's Jabhat Fatah al-Sham is the supposed target of these latest attacks. Guess again.
China and the EB-5 Visa
How do the rich of China get U.S citizenship, which allows them to donate to political parties as US national's? They buy it, so they can donate directly to the people who allowed it to begin with. This corrupt practice was started in 1990, during the Clinton administration, with the start of a new program that had the right intentions but not much participation. According to an article in Atlantic Monthly the EB-5 visa is supposed to bring employment to US workers by offering an opportunity for investors to create 15 jobs. The problem was, there weren't enough people who could do that so they started "regional centers" that could pool the numbers so they could get 15. In 2014, 9200 of the 10,000 visas allowed were Chinese. The father of a young military officer killed in combat spoke out againt Donald Trump made at least part of his income from helping with this type of visa application.
What this practice does is make a class of donors from China that are legally US donors. We saw that applied in Virginia with donations from a Chinese businessman who was a US national. The political people getting the benefit of this are the Clinton Foundation and the governor of Virginia, most assuredly among others.
What this practice does is make a class of donors from China that are legally US donors. We saw that applied in Virginia with donations from a Chinese businessman who was a US national. The political people getting the benefit of this are the Clinton Foundation and the governor of Virginia, most assuredly among others.
Thursday, August 18, 2016
A Plan That Comes Together
As I said in a post two days ago if the Russians hacked the Democratic National Committee and the Clinton Campaign, they probably also hacked the Clinton Foundation. It turns out, they did. You can see the Reuters story toda at http://www.reuters.com/article/us-usa-cyber-democrats-idUSKCN10T01G. The Foundation hired FireEye where their expertise in Chinese hacking is well known. As a plan, it fits with my post on Russian Information War
Whoever this is has the donors names and is matching that up with the info on the Clinton Foundation - following the money. There is a good lesson in this for all political candidates. A little security goes a long way. A lot protects your information.
Whoever this is has the donors names and is matching that up with the info on the Clinton Foundation - following the money. There is a good lesson in this for all political candidates. A little security goes a long way. A lot protects your information.
Democrats Fear Fakes
As I said in a previous post the Democrats are starting to say that they fear some counterfeit emails may appear that look like they were stolen from the Democratic National Committee. That is called changing the narrative - from the fact that they did so poorly at protecting sensitive donor information, and actually did some of the things in those emails - to "this is all suspect information that might be lies spread by the Russian FSB". [ see Politico's story on this from yesterday]. There is another side to this narrative.
The Chinese are supporting the Democrats and the Russians, if what the DNC is saying is true, are supporting the Republicans. If we focus on any of that, we are misguided. We need to get these governments out of our political process. It is far more important to stop the flow of foreign money into politics at all levels, than to worry about hacking of one, or in this case both, political parties. The problem for both parties is the hacking and foreign money may be related. If the Russians were hacking the Democrats, they may have been looking for the sources of money from those donors. That would be something that would really enlighten the electorate.
It seems to be a very interesting change in Information War. There is so much foreign money in U.S. Politics that politicians do not want to give it up, even while saying how bad it is for the country. It is undermining the political process of our country. In case you wondered, that is the purpose.
The Chinese are supporting the Democrats and the Russians, if what the DNC is saying is true, are supporting the Republicans. If we focus on any of that, we are misguided. We need to get these governments out of our political process. It is far more important to stop the flow of foreign money into politics at all levels, than to worry about hacking of one, or in this case both, political parties. The problem for both parties is the hacking and foreign money may be related. If the Russians were hacking the Democrats, they may have been looking for the sources of money from those donors. That would be something that would really enlighten the electorate.
It seems to be a very interesting change in Information War. There is so much foreign money in U.S. Politics that politicians do not want to give it up, even while saying how bad it is for the country. It is undermining the political process of our country. In case you wondered, that is the purpose.
Wednesday, August 17, 2016
Objections to China's New Terrorisim laws
There was a piece in Fortune today that made me laugh out loud, and not because it was funny. China is finally getting resistance to its cyber terrorism "draft legislation" [ as the Fortune article called it -http://fortune.com/2016/08/17/china-cybersecurity-law-foreign-business/] that was being enforced 5 years ago. When I testified on the Hill, the entire first session of our Committee was on this legislation, and that was over a year ago. They call it draft until it suits them, but enforce it anyway while they bring more companies in. It is laughable to call a policy that has been enforced for so long "draft".
Not that I'm not glad to see a few businesses putting up a fuss about it, but they should have done it years ago. Companies that operate in China have often given in to Chinese demands under the pretext that "it's the law". That means if we passed a law that said all Chinese companies that operate in the US must turn over their source code and encryption mechanisms so we can allow NSA to be able to view their internal communications - just in case we have terrorists in those companies - that would be OK to the Chinese companies. Rediculous. They would be pounding on the doors of every Congressman on the Hill.
More than that, the article quotes an official response to Reuters from the Chinese government that basically says "don't worry about this because it is just for a few select companies". They are trying to negotiate on the fly with the most restrictive business policy ever drafted for data control. They keep this policy intentionally vague (another complaint from businesses) and hope businesses will voluntarily comply with a law that is called a "draft". Still, they won't back down, though they may move a step back until their position is consolidated and they have what they want. They are known for backing off, but always coming back with a new, more palatable version of the same thing.
What that response to Reuters also says was "every country does this." Not even close. China's biggest trading partners do not. Some countries other than those, do demand access to networks as a condition of operating in their country. That is not the same thing. Some countries demand services be unencrypted, but the majority do not. Some countries demand a man-in-the-middle but most countries don't operate in those places unless they have to. Not only does everyone not do it, but even those who do are criticized for it. They deserve the criticism they are getting.
I see this as a good sign that Boards of Directors are finally looking at the government's stance on data security - in places other than the U.S which is not stealing its proprietary data, building enterprises to compete with them, making it more difficult to operate in competition with state-owned or controlled entities, and thumbing their noses at any company that objects. Amen to that.
Not that I'm not glad to see a few businesses putting up a fuss about it, but they should have done it years ago. Companies that operate in China have often given in to Chinese demands under the pretext that "it's the law". That means if we passed a law that said all Chinese companies that operate in the US must turn over their source code and encryption mechanisms so we can allow NSA to be able to view their internal communications - just in case we have terrorists in those companies - that would be OK to the Chinese companies. Rediculous. They would be pounding on the doors of every Congressman on the Hill.
More than that, the article quotes an official response to Reuters from the Chinese government that basically says "don't worry about this because it is just for a few select companies". They are trying to negotiate on the fly with the most restrictive business policy ever drafted for data control. They keep this policy intentionally vague (another complaint from businesses) and hope businesses will voluntarily comply with a law that is called a "draft". Still, they won't back down, though they may move a step back until their position is consolidated and they have what they want. They are known for backing off, but always coming back with a new, more palatable version of the same thing.
What that response to Reuters also says was "every country does this." Not even close. China's biggest trading partners do not. Some countries other than those, do demand access to networks as a condition of operating in their country. That is not the same thing. Some countries demand services be unencrypted, but the majority do not. Some countries demand a man-in-the-middle but most countries don't operate in those places unless they have to. Not only does everyone not do it, but even those who do are criticized for it. They deserve the criticism they are getting.
I see this as a good sign that Boards of Directors are finally looking at the government's stance on data security - in places other than the U.S which is not stealing its proprietary data, building enterprises to compete with them, making it more difficult to operate in competition with state-owned or controlled entities, and thumbing their noses at any company that objects. Amen to that.
China's Quantum Leap
China launched into orbit a quantum computer on a satellite, in what was one of the most advanced computing events of modern time. Quantum computers are as mystical as bits of 1's and 0's floating in the silicon of a computer chip, and more advanced than any of those. Josh Chin, in his Wall Street Journal article yesterday, described it as a "hacker proof" satellite. We can dream about hacker proof things and hope, but I have seen a succession of them come and go. What we should be concerned about here is not that it was hacker proof, but how the Chinese got the technology to begin with.
The story being sold to the press is the leap was a research project heavily invested by the Chinese government. Not exactly, though partially. They did it the way the have been doing it for years, by putting some of their best researchers in schools and labs where the technology is being developed, then bringing them back to China to put all that information together. If you look at Universities today, a good number of the grad students in the sciences are Chinese and Indian. That has been true for a long time. What they are doing is bypassing the export laws of countries by pretending it is "just university research". Only those University students graduate, set up their own companies, or go to work for US companies and continue that research. They bring those people back to China too.
We see example after example of corporate thefts of data that start with Chinese national's who were educated and employed in the best research institutions and labs that are available. What disturbed me most is I investigated this the first time in 1979.
The story being sold to the press is the leap was a research project heavily invested by the Chinese government. Not exactly, though partially. They did it the way the have been doing it for years, by putting some of their best researchers in schools and labs where the technology is being developed, then bringing them back to China to put all that information together. If you look at Universities today, a good number of the grad students in the sciences are Chinese and Indian. That has been true for a long time. What they are doing is bypassing the export laws of countries by pretending it is "just university research". Only those University students graduate, set up their own companies, or go to work for US companies and continue that research. They bring those people back to China too.
We see example after example of corporate thefts of data that start with Chinese national's who were educated and employed in the best research institutions and labs that are available. What disturbed me most is I investigated this the first time in 1979.
Russia-Iran-Iraq
In case anyone was wondering how the Russians were getting along with Iran and Iraq, we got to find out today when they launched air strikes against Syria from a base in Iran. Iran hasn't let anyone do that since before the revolution. The base is not too far from Kirkuk and Mosul in Iraq.
It may have been more symbolic than they want to admit, but the symbolism speaks volumes on how they are doing with their relationships. They gave Iran S-300 advanced anti-air recently and they have, at least for the time being, cooperated in allowing the support aircraft and maintenance for these bombers to come into their country. The Russian runways in the west of Syria are said to be too short to accomodate the heavyweights they brought in.
They are said to be bombing Syria's Jabhat Fatah al-Sham, a group that formally split from al-Qaeda. We could probably be glad for the target at least, since al-Qaeda is not a friend to very many. However, we may remember that the last time the Russians started bombing, they were confused about who the enemy really was. They concentrated on US allies in the fight. They overflew Turkey repeatedly until one of their bombers was shot down. The Pershmega forces in the north who are our best allies in the fight, might need a little anti-air before this is over. Just about everybody wants their oil.
It may have been more symbolic than they want to admit, but the symbolism speaks volumes on how they are doing with their relationships. They gave Iran S-300 advanced anti-air recently and they have, at least for the time being, cooperated in allowing the support aircraft and maintenance for these bombers to come into their country. The Russian runways in the west of Syria are said to be too short to accomodate the heavyweights they brought in.
They are said to be bombing Syria's Jabhat Fatah al-Sham, a group that formally split from al-Qaeda. We could probably be glad for the target at least, since al-Qaeda is not a friend to very many. However, we may remember that the last time the Russians started bombing, they were confused about who the enemy really was. They concentrated on US allies in the fight. They overflew Turkey repeatedly until one of their bombers was shot down. The Pershmega forces in the north who are our best allies in the fight, might need a little anti-air before this is over. Just about everybody wants their oil.
Monday, August 15, 2016
Russia and the Democratic National Committee
There is a great deal of speculation about the possibility that Russia is trying to influence the US elections by stealing information and publishing it on the Internet. In most newspapers and press reports the inference is this is a bad thing being done by a foreign government bent on keeping the Democrats from getting into the Presidency for another term. This is said with a straight face and seriously, by people who should know better.
First, there is some really damning information in those documents which has so far gotten the head of the Democratic National Committee to step down - and be immediately hired by the campaign of Hillary Clinton, the Democratic candidate. The White House, Clinton campaign, and Clinton Foundations have been able to keep most of the dealings between them a secret. While the head of the State Department, Mrs. Clinton kept her e-mails on a private server to avoid any of this being discovered. That was naive at best, since servers run by technicians are not very secure ever when handling e-mail. This is why we have Google. Running this little side operation certainly left her open to state-sponsored attacks, as indicated by the Director of the FBI. But that wasn't all.
At the same time, the State Department was hacked, supposedly by the Russians. They were still trying to resolve all the issues with being hacked almost two years later. The Russian government knew more about the goings on of Hillary Clinton than even the most dedicated of her supporters. They probably hacked the Clinton Foundation, the State Department and her own e-mail server. We heard nothing about any of this information ever being leaked, though typically that isn't the way they work. They would want to use this data to influence the people involved and not expose them. Exposure does away with the ability to influence. Who does benefit from this exposure has yet to be determined. One day we will find out, but you can bet it won't be until after the election in November. The real reasons are tied up with the influence of foreign contributions to US elections, as I pointed out in https://www.blogger.com/blogger.g?blogID=9033304048882784982#editor/target=post;postID=7105271090170975562;onPublishedMenu=allposts;onClosedMenu=allposts;postNum=15;src=postname
First, there is some really damning information in those documents which has so far gotten the head of the Democratic National Committee to step down - and be immediately hired by the campaign of Hillary Clinton, the Democratic candidate. The White House, Clinton campaign, and Clinton Foundations have been able to keep most of the dealings between them a secret. While the head of the State Department, Mrs. Clinton kept her e-mails on a private server to avoid any of this being discovered. That was naive at best, since servers run by technicians are not very secure ever when handling e-mail. This is why we have Google. Running this little side operation certainly left her open to state-sponsored attacks, as indicated by the Director of the FBI. But that wasn't all.
At the same time, the State Department was hacked, supposedly by the Russians. They were still trying to resolve all the issues with being hacked almost two years later. The Russian government knew more about the goings on of Hillary Clinton than even the most dedicated of her supporters. They probably hacked the Clinton Foundation, the State Department and her own e-mail server. We heard nothing about any of this information ever being leaked, though typically that isn't the way they work. They would want to use this data to influence the people involved and not expose them. Exposure does away with the ability to influence. Who does benefit from this exposure has yet to be determined. One day we will find out, but you can bet it won't be until after the election in November. The real reasons are tied up with the influence of foreign contributions to US elections, as I pointed out in https://www.blogger.com/blogger.g?blogID=9033304048882784982#editor/target=post;postID=7105271090170975562;onPublishedMenu=allposts;onClosedMenu=allposts;postNum=15;src=postname
Saturday, August 13, 2016
Criminality and Re-Tweeting
Almost every criminal says, at some point, "It wasn't me." Hackers always say it when arrested to shift the burden of proof to the state arresting them - prove it was me.
Now along comes the case of Safya Roe Yassin, a 39-year-old U.S. citizen,
[see http://www.wsj.com/articles/isis-retweet-arrest-raises-free-speech-issues-1471033391 ] where it really wasn't her, but she communicated an ISIS threat listing the names and phone numbers of law enforcement officials and their addresses indicating "Wanted to Kill". She was arrested and indicted.
There is one obvious thing that this article shows is that ISIS is trying to incite US citizens to kill law enforcement officers, and at least of few of those reading this stuff on Twitter, are sympathetic to the cause. A few of those Black Lives Matter demonstrators chanting the same thing in New York should have been arrested for the same reasons Yassin was. Those are other matters for Twitter and the Justice Department, both of which seem unable to stop people in ISIS from using their networks to foster the kind of killing we saw elsewhere in the US. They do it in many countries and not just here. Try being a police officer in Iraq or Afghanistan.
Yassin's public defender has entered the not so novel defense that she merely replayed something that someone else wrote. Her defense is "free speech", something that was tried a number of times in Chicago, Los Angeles, and Washington D.C. in different contexts. There were fewer liberals in the Justice Department in those days, but it will not likely be considered in her defense. You can imagine that the Internet allows ISIS to communicate these ideas to any number of people - some who are not those people but pretend to be - and all of those retransmitting them would have a defense. If she were to win her case, they don't even have to work hard to get these ideas out.
You cannot say anything you want anywhere in the world. You cannot incite to riot, then pass along where to go to start one, suggest murdering your neighbors to other neighbors, propose children have their pictures taken naked so you can see them. There are reasons why free speech is not free all the time. Defense lawyers get paid for defending people like this, even though they are frequently conflicted by doing it. This person is accused, and will get a trial in a country where she was said to have proposed the killing of officers who keep us safe.
More than any of these things, ISIS is one of the least tolerant organizations to ever raise their collective heads. For those in ISIS territory, the penalty Miss Yassin spreading anti-ISIS messaging that includes killing their police and leadership is not jail time.
Now along comes the case of Safya Roe Yassin, a 39-year-old U.S. citizen,
[see http://www.wsj.com/articles/isis-retweet-arrest-raises-free-speech-issues-1471033391 ] where it really wasn't her, but she communicated an ISIS threat listing the names and phone numbers of law enforcement officials and their addresses indicating "Wanted to Kill". She was arrested and indicted.
There is one obvious thing that this article shows is that ISIS is trying to incite US citizens to kill law enforcement officers, and at least of few of those reading this stuff on Twitter, are sympathetic to the cause. A few of those Black Lives Matter demonstrators chanting the same thing in New York should have been arrested for the same reasons Yassin was. Those are other matters for Twitter and the Justice Department, both of which seem unable to stop people in ISIS from using their networks to foster the kind of killing we saw elsewhere in the US. They do it in many countries and not just here. Try being a police officer in Iraq or Afghanistan.
Yassin's public defender has entered the not so novel defense that she merely replayed something that someone else wrote. Her defense is "free speech", something that was tried a number of times in Chicago, Los Angeles, and Washington D.C. in different contexts. There were fewer liberals in the Justice Department in those days, but it will not likely be considered in her defense. You can imagine that the Internet allows ISIS to communicate these ideas to any number of people - some who are not those people but pretend to be - and all of those retransmitting them would have a defense. If she were to win her case, they don't even have to work hard to get these ideas out.
You cannot say anything you want anywhere in the world. You cannot incite to riot, then pass along where to go to start one, suggest murdering your neighbors to other neighbors, propose children have their pictures taken naked so you can see them. There are reasons why free speech is not free all the time. Defense lawyers get paid for defending people like this, even though they are frequently conflicted by doing it. This person is accused, and will get a trial in a country where she was said to have proposed the killing of officers who keep us safe.
More than any of these things, ISIS is one of the least tolerant organizations to ever raise their collective heads. For those in ISIS territory, the penalty Miss Yassin spreading anti-ISIS messaging that includes killing their police and leadership is not jail time.
Friday, August 12, 2016
"Shocking Details" of Congressional Brief
Reuters carries a story today that is called shocking. Congressional leaders were briefed a year ago that the Democratic National Committee was being hacked by the Russians, and kept quiet about it. We shouldn't be shocked that Congressional leaders could keep a secret for such a long time, but a lot of people were at least surprised. The ones who got briefed know a lot more about intelligence collection than most of the other leadership, and have learned that the only way they can know is if they keep those secrets to themselves. The ones who can't, or won't, don't get the briefings this group does. If we could say the same for the White House, the State Department, or the thousands of government leaders who get these types of briefings, we might have secrets that could be kept.
Keeping Secrets was my second book and the reason this blog has that same name. There are hundreds of "leaks" from people who have access to very sensitive material and each of those is supposed to have a leak investigation done. The only one I can remember in the last few years was when the White House leaked internal Democratic party information. Donor lists and employee recruitment information have replaced government secrets as the reason for a review of how losing data affects national security. Party politics has replaced damage to national security as the reason for protecting information.
Keeping that highly classified data secret for a year makes news in this era. Our government leaders need to consider the consequences of not being able to keep a secret. This isn't about openness; it's about our ability to protect ourselves from enemies. See also: http://dennispoindexter.blogspot.com/2016/07/dnc-warned-about-hackers.html
Keeping Secrets was my second book and the reason this blog has that same name. There are hundreds of "leaks" from people who have access to very sensitive material and each of those is supposed to have a leak investigation done. The only one I can remember in the last few years was when the White House leaked internal Democratic party information. Donor lists and employee recruitment information have replaced government secrets as the reason for a review of how losing data affects national security. Party politics has replaced damage to national security as the reason for protecting information.
Keeping that highly classified data secret for a year makes news in this era. Our government leaders need to consider the consequences of not being able to keep a secret. This isn't about openness; it's about our ability to protect ourselves from enemies. See also: http://dennispoindexter.blogspot.com/2016/07/dnc-warned-about-hackers.html
Thursday, August 11, 2016
Beating a Dead Horse
There is an old saying in this country that says there is not much point in beating a dead horse. It is applied to a number of circumstances where a person continues to make a point over and over, even after we all have gotten the message. That seems to be the way China is handling the South China Sea.
China, in China Daily, announced today that it has launched a satellite that will help with monitoring its sea lanes. This satellite could well be used for almost anything, but they make the point of saying it will help them watch sea lanes which are not in dispute and certainly do not especially need watching. However, in making one more point for the 108752 time, they mention that this thing is watching over its territory. The Artibration Tribunal says it isn't their territory, so they make the point over and over that they are enforcing the sea lanes and aircraft identification zones - among other things - ad nauseum - until we finally hold up our hands and surrender.
This horse is dead. They can beat it all they want but at some point they need to stop for fear of making some very unpleasant things happen just to make a point they have already made. They allude to those bad things that might happen as a way of saying "Do this our way or we will make bad things happen." Where have we heard this before? How about Russia in the Ukraine, Syria in Syria, and China for years. If we are going to ever get past this stage, we have to have the patience and perserverence to match them in beating the dead horse. Vietnam, Japan and the Philippines can help out. We can't let them win because we don't have the capacity to stand up for what we think is right. While we are at it, let's let Taiwan into the U.N, pass tariffs on every bit of Chinese goods that come from stolen technology, and put some muscle into defending our allies in the South China Sea.
China, in China Daily, announced today that it has launched a satellite that will help with monitoring its sea lanes. This satellite could well be used for almost anything, but they make the point of saying it will help them watch sea lanes which are not in dispute and certainly do not especially need watching. However, in making one more point for the 108752 time, they mention that this thing is watching over its territory. The Artibration Tribunal says it isn't their territory, so they make the point over and over that they are enforcing the sea lanes and aircraft identification zones - among other things - ad nauseum - until we finally hold up our hands and surrender.
This horse is dead. They can beat it all they want but at some point they need to stop for fear of making some very unpleasant things happen just to make a point they have already made. They allude to those bad things that might happen as a way of saying "Do this our way or we will make bad things happen." Where have we heard this before? How about Russia in the Ukraine, Syria in Syria, and China for years. If we are going to ever get past this stage, we have to have the patience and perserverence to match them in beating the dead horse. Vietnam, Japan and the Philippines can help out. We can't let them win because we don't have the capacity to stand up for what we think is right. While we are at it, let's let Taiwan into the U.N, pass tariffs on every bit of Chinese goods that come from stolen technology, and put some muscle into defending our allies in the South China Sea.
Crimea Killings Do Not Add UP
In this latest incident between Russia and the Ukraine [ see article ] one group of Ukrainians met Russian personnel who were in Crimea. The status and identification of both sides is suspect.
The Moscow Times describes the incident circumstances this way:
"One soldier was shot dead in the Crimean city of Armyansk on Aug. 6 during a raid on an alleged Ukrainian spy ring, Russian officials have claimed. Russian forces announced that they had seized a large quantity of explosives, weapons and military supplies and accused Ukraine of preparing a 'terrorist attack' on the peninsula. [Note: The actual attack, according to a few of the Russian papers, was directed at the Kerch Strait. For those with short memories, the Kerch bridge, which connects small islands much like the Florida Keys, is supposed to be Putin's idea for giving the Crimea support, most of which has to come from the Ukraine. It was originally Hitler's idea to facilitate putting his army into Russia. Today's bridge, however, has proven expensive and hard to build and is a bridge to nowhere - at the moment. [ see Russia's Kerch Bridge ].]
A second Russian soldier was shot and killed on the night of Aug. 7 after Ukrainian troops and armored vehicles fired from over the border, the FSB claimed." It almost sounds like the Russians knew they were coming which, given the amount of monitoring of Ukraine's computers and telecommunications, could be.
The Wall Street Journal described these two Russian men who were killed as FSB agents which sounds different than the Russian version, but isn't since the FSB is a military organization under Russian law. The London Telegraph says the Russians captured one of the shooters and he confessed to being a special operations force member from the Ukraine. If so, both sides have used the same strategy in the past. In May of last year, the Ukraine arrested two Russians who they claimed were terrorists because they were not in uniform but acting like terrorists would. The two claimed to be soldiers on Russian Army contracts to serve in the Ukraine.
Both sides are fighting a covert war, that every now and again, breaks out in hostilities that can't be covert. This is usually when someone gets killed or buildings explode. This time, it is the Crimea which the Russians seized and are finding difficult and expensive to support. When the Ukraine blew up electric transmissions lines in their own country, the Russians built "an electricity bridge" from mainland Russia to Crimea. That must have been expensive, but Crimea, even with all the sanctions on Russia in Europe and the United States, is still not too expensive for Putin. Just like the Chinese in the South China Sea, they have staked out territory they claim as their own, occupied it, and ignored every challenge to their authority to be there.
The Moscow Times describes the incident circumstances this way:
"One soldier was shot dead in the Crimean city of Armyansk on Aug. 6 during a raid on an alleged Ukrainian spy ring, Russian officials have claimed. Russian forces announced that they had seized a large quantity of explosives, weapons and military supplies and accused Ukraine of preparing a 'terrorist attack' on the peninsula. [Note: The actual attack, according to a few of the Russian papers, was directed at the Kerch Strait. For those with short memories, the Kerch bridge, which connects small islands much like the Florida Keys, is supposed to be Putin's idea for giving the Crimea support, most of which has to come from the Ukraine. It was originally Hitler's idea to facilitate putting his army into Russia. Today's bridge, however, has proven expensive and hard to build and is a bridge to nowhere - at the moment. [ see Russia's Kerch Bridge ].]
A second Russian soldier was shot and killed on the night of Aug. 7 after Ukrainian troops and armored vehicles fired from over the border, the FSB claimed." It almost sounds like the Russians knew they were coming which, given the amount of monitoring of Ukraine's computers and telecommunications, could be.
The Wall Street Journal described these two Russian men who were killed as FSB agents which sounds different than the Russian version, but isn't since the FSB is a military organization under Russian law. The London Telegraph says the Russians captured one of the shooters and he confessed to being a special operations force member from the Ukraine. If so, both sides have used the same strategy in the past. In May of last year, the Ukraine arrested two Russians who they claimed were terrorists because they were not in uniform but acting like terrorists would. The two claimed to be soldiers on Russian Army contracts to serve in the Ukraine.
Both sides are fighting a covert war, that every now and again, breaks out in hostilities that can't be covert. This is usually when someone gets killed or buildings explode. This time, it is the Crimea which the Russians seized and are finding difficult and expensive to support. When the Ukraine blew up electric transmissions lines in their own country, the Russians built "an electricity bridge" from mainland Russia to Crimea. That must have been expensive, but Crimea, even with all the sanctions on Russia in Europe and the United States, is still not too expensive for Putin. Just like the Chinese in the South China Sea, they have staked out territory they claim as their own, occupied it, and ignored every challenge to their authority to be there.
Wednesday, August 10, 2016
Big Banks & Cybersecurity
For those of you who have access to the Wall Street Journal, there is an interesting piece today about how banks are banding together to exchange information on cyber threats. It closes with interview comments from a deputy at Homeland Security, so you can see the motivation behind this is that Homeland leads this initiative and the banks are leading the effort to get exahanges of information about cyber threats to one another. Homeland, according to this article is "working hard" to declassify information to be shared with these cyber sharing partners, J.P. Morgan, BOA, Wells Fargo and Goldman, among others. The article also mentions some other interesting things about sharing of information: " Despite the new law, banks fear legal issues that could emerge if they share threat information with the government. Although the law provides liability protection to companies for sharing certain kinds of information, the banks are worried that such disclosures could open them up to shareholder lawsuits.".
Banks have been the leaders in information sharing since my time on the President's Critical Infrastructure Protection Committee, so they are not doing anything new. What is new is that Homeland may be trying to help them fix the problem of classification, which is also not new. Incidents get reported and combined with intelligence information. That makes the whole incident classified, even though it may have been reported by a commercial business and not releasable even to the people who reported it. This way of doing business could have been worked on 15 years ago, but was uniformity ignored by commercial and government interests who also didn't want to know things that might create liability for them- either professional or business liability. It isn't the banks, who have real targets with real losses; it is our Technology Sector which has no liability for anything they do, and does not want any. These special interests pay well to keep the status quo.
The Chamber of Commerce and some of the major technology companies in the US fought hard to water down the Cybersecurity Information Sharing Act, and for several years, from getting it to a vote. They used a variation of the "we might get sued" argument to justify that, when what they really mean is "I don't want to know about something that could give me liability". Thus, the shareholder suits that might result from not having due diligence over things they know about. As one of my professors told me, being right does not keep you from being sued. It just helps you to win. Delta Airlines will know that pretty soon.
Banks have been the leaders in information sharing since my time on the President's Critical Infrastructure Protection Committee, so they are not doing anything new. What is new is that Homeland may be trying to help them fix the problem of classification, which is also not new. Incidents get reported and combined with intelligence information. That makes the whole incident classified, even though it may have been reported by a commercial business and not releasable even to the people who reported it. This way of doing business could have been worked on 15 years ago, but was uniformity ignored by commercial and government interests who also didn't want to know things that might create liability for them- either professional or business liability. It isn't the banks, who have real targets with real losses; it is our Technology Sector which has no liability for anything they do, and does not want any. These special interests pay well to keep the status quo.
The Chamber of Commerce and some of the major technology companies in the US fought hard to water down the Cybersecurity Information Sharing Act, and for several years, from getting it to a vote. They used a variation of the "we might get sued" argument to justify that, when what they really mean is "I don't want to know about something that could give me liability". Thus, the shareholder suits that might result from not having due diligence over things they know about. As one of my professors told me, being right does not keep you from being sued. It just helps you to win. Delta Airlines will know that pretty soon.
When Politics Gets Rough
We all know that politics is rough game. Julian Assange has indicated that Seth Rich, a Democratic National Committee (DNC) staff member was an informant (he uses the word "source") who may have supplied information to Wikileaks. Seth Rich was murdered last week in what was described as a "failed robbery" by the D.C. Police. Considering the number of shootings in D.C every night, that is a plausible story, but nothing was taken from him that would indicate he was actually robbed. This leaves more questions than we really want to answer. The alternative explanations for what happened are going to be interesting.
The conspiracy theory runs that he was shot to stop the damage from the leaked e-mails, and making sure there were no more. That comes from believing that he was the source of those DNC e-mails, as he may well have been; someone knew he was the source, and used that reason to justify killing him. Law enforcement should at least look at that possibility, and after yesterday, they probably will. For the political process, which is layered with information war, this is something different.
Assange certainly would not love Hillary Clinton, since the Obama Administration has kept him in exile, yet he has been publishing e-mails from the DNC that are not going to help her campaign very much. In some places in the world, that would be enough to get you killed, but we would like to believe that the US isn't one of them. There is a lot of pressure on the system to favor debunking the conspiracy theory, just to just to make sure we don't have another Watergate, where President Nixon was complicit in ordering a break-in of the Democratic National Committee. Facing impeachment, he resigned.
What bothers me about this is the alternative stories to be explored: [1] Assange could be using Wikileaks for revenge against the Clintons who are not his favorite people in the world. That wouldn't be very nice, but it would be interesting for us spectators. Or.... [2] Assange is right and Rich was a source of the DNC internal e-mails. The latter does not necessarily lead to murder, but it could. As we found out in Watergate, police are not best investigators when it comes to political motivations. It was a burglary and lots of those happen every day in that part of the city. Had a reporter not recognized one of the burglars at his lockup, the story would have died quickly.
The conspiracy theory runs that he was shot to stop the damage from the leaked e-mails, and making sure there were no more. That comes from believing that he was the source of those DNC e-mails, as he may well have been; someone knew he was the source, and used that reason to justify killing him. Law enforcement should at least look at that possibility, and after yesterday, they probably will. For the political process, which is layered with information war, this is something different.
Assange certainly would not love Hillary Clinton, since the Obama Administration has kept him in exile, yet he has been publishing e-mails from the DNC that are not going to help her campaign very much. In some places in the world, that would be enough to get you killed, but we would like to believe that the US isn't one of them. There is a lot of pressure on the system to favor debunking the conspiracy theory, just to just to make sure we don't have another Watergate, where President Nixon was complicit in ordering a break-in of the Democratic National Committee. Facing impeachment, he resigned.
What bothers me about this is the alternative stories to be explored: [1] Assange could be using Wikileaks for revenge against the Clintons who are not his favorite people in the world. That wouldn't be very nice, but it would be interesting for us spectators. Or.... [2] Assange is right and Rich was a source of the DNC internal e-mails. The latter does not necessarily lead to murder, but it could. As we found out in Watergate, police are not best investigators when it comes to political motivations. It was a burglary and lots of those happen every day in that part of the city. Had a reporter not recognized one of the burglars at his lockup, the story would have died quickly.
Tuesday, August 9, 2016
Russia & Apple Price-fixing
As most of you know by now, Russia has begun investigating Apple for price fixing of its iPhone 6 and 6S. My first inclination was to be sympathetic with them over this, since I always thought of the iPhone the same way. You can go to any number of retailers and the price is always pretty close. Apple can give us the 100 business excuses for this, but it is still price-fixing to a consumer. It isn't like gasoline where stations can vary a little from place to place. But that kind of brings up my point.
Retail is a business that is cutthroat as any in the world. So, if an iPhone 6 costs $730 in China, where they are made by the way, and less in the U.S then something is wrong with the consumer pricing model, or other factors are entering in. Price-fixing is rampant, and even Russia participates in it on occasion. They are not in OPEC, but they certainly fix their oil price on the market mostly created by OPEC. That is price-fixing in the same way that Apple is doing it. It doesn't make me feel any better to know that gas, razor blades, toothpaste, and a host of other things all rely on consistent pricing on a regional basis. There is no such thing as margin for most of these goods. The price is fixed; the margin is fixed.
The other factors entering in are tariffs and taxes that vary from one country to another. That is why a Chinese iPhone 6 from down the street costs more than one shipped from China to the US and sold. The Russian oligarchs may be another. Apple distribution is done largely through MegaFon, the second largest telecom there. The largest shareholder in that company is Alisher Usamanov, Russia's richest man and a Friend of Putin. If there was really anything going on with Apple, you would think Mr. Putin could just call him up and work things out. The fact that he doesn't is more of a reflection on the relationship between the two, than on Apple and its iPhone.
Retail is a business that is cutthroat as any in the world. So, if an iPhone 6 costs $730 in China, where they are made by the way, and less in the U.S then something is wrong with the consumer pricing model, or other factors are entering in. Price-fixing is rampant, and even Russia participates in it on occasion. They are not in OPEC, but they certainly fix their oil price on the market mostly created by OPEC. That is price-fixing in the same way that Apple is doing it. It doesn't make me feel any better to know that gas, razor blades, toothpaste, and a host of other things all rely on consistent pricing on a regional basis. There is no such thing as margin for most of these goods. The price is fixed; the margin is fixed.
The other factors entering in are tariffs and taxes that vary from one country to another. That is why a Chinese iPhone 6 from down the street costs more than one shipped from China to the US and sold. The Russian oligarchs may be another. Apple distribution is done largely through MegaFon, the second largest telecom there. The largest shareholder in that company is Alisher Usamanov, Russia's richest man and a Friend of Putin. If there was really anything going on with Apple, you would think Mr. Putin could just call him up and work things out. The fact that he doesn't is more of a reflection on the relationship between the two, than on Apple and its iPhone.
Monday, August 8, 2016
Chinese Radar on Oil Platform
There are a few news outlets that picked up a story about China putting radars on their deep water oil and gas platforms. It seems likely that they are not just talking about weather radar, since other things are going on as well. There are Chinese ships and airplanes intruding into territory around the Senkakus Is, which I wrote about 5 years ago in my first book. These islands are hardly the kind of place anyone would want to live, but even then there were fishing vessels and Chinese coast guard ships in that area.
If you want to see them, see the Wall Street Journal article at http://www.wsj.com/articles/japan-pings-beijing-over-radar-in-east-china-sea-1470570816, or for a look at where they are off the coast of Taiwan go to Google at https://www.google.com/search?q=senkakus+google+maps&rlz=1C9BKJA_enUS669US669&oq=Senkakus&aqs=chrome.2.69i57j0l3.8688j0j7&hl=en-US&sourceid=chrome-mobile&ie=UTF-8
They are closer to China than some of the other islands like the Spratly chain, but China and Japan both claim them. This is not like having friendly discussions about a fence in the back yard; these two fought for several years before WW II actually started, and they haven't exactly been friends since then. There are still plenty of people alive who remember that war, so that feeling is not going away very fast.
So, the Japanese have protested the placement of those radars on these platforms - formally protested, as in embassy-to-embassy kinds of protests. This was similar to what the US did when Chinese ships were making their way around the Spratly Islands, now heavily militarized outposts. Speaking to a Chinese embassy will probably get no reaction from the Chinese, and they will probably not take the radars off the platforms. Then, Japan, as the Philippines and Vietnam before it, will have to send some military ships into the area, which will not get the radars off the platforms either. Short of sending a boarding party up to one of these things, which is tricky, there is very little anyone can do.
We have to give the Chinese a nice hand for their ingenuity. They militarize the areas of ocean that they can, and link those together into an aircraft identification zone. All the while, they say they are just doing what any country would do to protect its territory. They may also say, "Disregard that finding that says we don't own those islands," but that is really the point isn't it? China continues to act like they own it, and think the world will come around to their way of thinking if they just keep saying they own it and making up protests over anyone who says something contrary. It will take years to find out if they are right or wrong, but I wouldn't bet against them.
If you want to see them, see the Wall Street Journal article at http://www.wsj.com/articles/japan-pings-beijing-over-radar-in-east-china-sea-1470570816, or for a look at where they are off the coast of Taiwan go to Google at https://www.google.com/search?q=senkakus+google+maps&rlz=1C9BKJA_enUS669US669&oq=Senkakus&aqs=chrome.2.69i57j0l3.8688j0j7&hl=en-US&sourceid=chrome-mobile&ie=UTF-8
They are closer to China than some of the other islands like the Spratly chain, but China and Japan both claim them. This is not like having friendly discussions about a fence in the back yard; these two fought for several years before WW II actually started, and they haven't exactly been friends since then. There are still plenty of people alive who remember that war, so that feeling is not going away very fast.
So, the Japanese have protested the placement of those radars on these platforms - formally protested, as in embassy-to-embassy kinds of protests. This was similar to what the US did when Chinese ships were making their way around the Spratly Islands, now heavily militarized outposts. Speaking to a Chinese embassy will probably get no reaction from the Chinese, and they will probably not take the radars off the platforms. Then, Japan, as the Philippines and Vietnam before it, will have to send some military ships into the area, which will not get the radars off the platforms either. Short of sending a boarding party up to one of these things, which is tricky, there is very little anyone can do.
We have to give the Chinese a nice hand for their ingenuity. They militarize the areas of ocean that they can, and link those together into an aircraft identification zone. All the while, they say they are just doing what any country would do to protect its territory. They may also say, "Disregard that finding that says we don't own those islands," but that is really the point isn't it? China continues to act like they own it, and think the world will come around to their way of thinking if they just keep saying they own it and making up protests over anyone who says something contrary. It will take years to find out if they are right or wrong, but I wouldn't bet against them.
Sunday, August 7, 2016
China Ratchets Language about South China Sea
Besides the regular pace of news stories about China harassing ships from Japan and the Philippines, we have a new saga in the coming vision of a shooting war with China. It is an image that China wants to make, not an vision of the future. This is how they play the political manipulation game they are so good at.
The latest installment is the "combat patrols" they say they are starting up in the area around the Sprately Islands. They have been doing these for over a year and they weren't called combat patrols then. They weren't even mentioned, expect to justify the removal of some sick soldiers on a military aircraft. The US gave them grief over that because there weren't supposed to be soldiers on that island. The State Department said that would be militarization of the islands. You can see how much they cared about that.
This is language used for political purposes to give us a visual image that changes the game. Military aircraft flew out of their island airports for over a year, pretending to be innocent practice runs. Now they are "combat patrols". We react and dance around wondering if those combat patrols will be used for combat. They want us to wonder. They want us to conjure up an image of combat far from home with a Chinese force that is based in that area.
There isn't going to be any combat. Neither side wants to start a war over these little scraps of land in the middle of nowhere. They started with the use of the term "bloody nose" to describe what was going to happen there, they upped the ante by putting combat into the mix. They are great with language, and even better with information war. It is all part of the same game. They may have stolen every secret we have and applied that to their own aircraft, but it is still a dangerous game to play and the Chinese know it. In spite of considerable budget abuse to the military by an unfriendly administration, the words of Teddy Rosevelt still ring true - Speak softly and carry a big stick.
The latest installment is the "combat patrols" they say they are starting up in the area around the Sprately Islands. They have been doing these for over a year and they weren't called combat patrols then. They weren't even mentioned, expect to justify the removal of some sick soldiers on a military aircraft. The US gave them grief over that because there weren't supposed to be soldiers on that island. The State Department said that would be militarization of the islands. You can see how much they cared about that.
This is language used for political purposes to give us a visual image that changes the game. Military aircraft flew out of their island airports for over a year, pretending to be innocent practice runs. Now they are "combat patrols". We react and dance around wondering if those combat patrols will be used for combat. They want us to wonder. They want us to conjure up an image of combat far from home with a Chinese force that is based in that area.
There isn't going to be any combat. Neither side wants to start a war over these little scraps of land in the middle of nowhere. They started with the use of the term "bloody nose" to describe what was going to happen there, they upped the ante by putting combat into the mix. They are great with language, and even better with information war. It is all part of the same game. They may have stolen every secret we have and applied that to their own aircraft, but it is still a dangerous game to play and the Chinese know it. In spite of considerable budget abuse to the military by an unfriendly administration, the words of Teddy Rosevelt still ring true - Speak softly and carry a big stick.
Friday, August 5, 2016
Changing Cyber Policy in the US
A piece of political drivel purporting to show the "cyber policy" of Hillary Clinton and Donald Trump [http://lifehacker.com/hillary-clinton-and-donald-trumps-cybersecurity-platfor-1784790979 ] does nothing to that end, but it does point out what a machine can do when it gets warmed up. There are stories being circulated on almost every aspect of life that will be better under one of the political candidates, but they are stories that have no basis in fact. Cybersecurity is one of them.
Neither political candidate has a good record in security of their computers - Trump in his businesses, which have been repeatedly hacked; Clinton in her State Department which was hacked with equal frequency and her private e-mail server where "there was no evidence of any hacking there" which is a favorite line of any political person in government. We all remember the same comments about OPM and the lost security clearance data.
The author of the cyber policy comparison said neither candidate had a policy, but went on to say what great and wonderful things the Democrats will do if they win. He based that on all the great and wonderful things the White House has done over the last eight years. This must have come to him in a dream, since there is almost no policy of any consequence developed there and practice is less than stellar - "no evidence of any hacking at the White House" or quite a few other government offices was long since proved wrong.
Neither party has done anything about the major issues in cyber: persistent hacking by foreign powers; stealing trade secret and proprietary information; a lack of basic policy in computer protection. I don't get the warm feeling that either one is prepared, or willing to do very much. The Democrats should have learned from their own experience with defense against hacking - it is not a do-it-yourself project.
Defense requires a national policy on deterrence, and the ability to enforce it. We still don't have one. Second, we need to get policy for protection out of the hands of NIST which does nothing but pretend that systems will be secure if their policies are followed. Third, we can't have CIOs responsible for security of their networks making decisions about where to cut corners on security. There are too many of them. Look into that club and you will find agencies with 25 or 30 CIOs. You can't have good security with that kind of decision making matrix. There is no Republican or Democrat who doesn't want to see better security of networks, but they need to do something to get them. Pretending is not working out.
Neither political candidate has a good record in security of their computers - Trump in his businesses, which have been repeatedly hacked; Clinton in her State Department which was hacked with equal frequency and her private e-mail server where "there was no evidence of any hacking there" which is a favorite line of any political person in government. We all remember the same comments about OPM and the lost security clearance data.
The author of the cyber policy comparison said neither candidate had a policy, but went on to say what great and wonderful things the Democrats will do if they win. He based that on all the great and wonderful things the White House has done over the last eight years. This must have come to him in a dream, since there is almost no policy of any consequence developed there and practice is less than stellar - "no evidence of any hacking at the White House" or quite a few other government offices was long since proved wrong.
Neither party has done anything about the major issues in cyber: persistent hacking by foreign powers; stealing trade secret and proprietary information; a lack of basic policy in computer protection. I don't get the warm feeling that either one is prepared, or willing to do very much. The Democrats should have learned from their own experience with defense against hacking - it is not a do-it-yourself project.
Defense requires a national policy on deterrence, and the ability to enforce it. We still don't have one. Second, we need to get policy for protection out of the hands of NIST which does nothing but pretend that systems will be secure if their policies are followed. Third, we can't have CIOs responsible for security of their networks making decisions about where to cut corners on security. There are too many of them. Look into that club and you will find agencies with 25 or 30 CIOs. You can't have good security with that kind of decision making matrix. There is no Republican or Democrat who doesn't want to see better security of networks, but they need to do something to get them. Pretending is not working out.
Thursday, August 4, 2016
PPD 41, A Cyber Policy Document
After reading Presidential Policy Directive 41, United States Cyber Incident Coordination, [https://www.whitehouse.gov/the-press-office/2016/07/26/presidential-policy-directive-united-states-cyber-incident ] I think we have to be grateful that no matter who is elected in November, we will be better off with a new National Security Council. After 45 years of cyber related work, I have seen a few that got to the coordination of national events, especially those involving the National Command Authority. There is no evidence anywhere in this publication that anyone looked at what was written about this before, what Cyber Command has produced, or how industry is already involved in coordination of national events effecting an industry.
I mention only two things because these two are indicative of the total lack of thought that went into this document:
1. They are going to get a senior level group together after the incident has occurred, which is cyber is generally too late. This is why we have intelligence services and that whole area has been seriously neglected . It was added as "Oh, yes and we need some intelligence support". Long before the incident occurs we need lots of intelligence and it better be good enough to allow some response.
2. Homeland Security has a big role in putting together a response. NIST and Homeland are two places that don't actually do anything; they coordinate. We have people to do that already and they generally don't pay attention to Homeland.
I mention only two things because these two are indicative of the total lack of thought that went into this document:
1. They are going to get a senior level group together after the incident has occurred, which is cyber is generally too late. This is why we have intelligence services and that whole area has been seriously neglected . It was added as "Oh, yes and we need some intelligence support". Long before the incident occurs we need lots of intelligence and it better be good enough to allow some response.
2. Homeland Security has a big role in putting together a response. NIST and Homeland are two places that don't actually do anything; they coordinate. We have people to do that already and they generally don't pay attention to Homeland.
McAuliffe and Obama in Common
The governor of Virginia and the President of the US have one thing in common - they are both creating a class of voters from criminal elements in prisons. It must sound strange to anyone not in the US, but the President has just set a record for the number of prisoners who have had their sentences commuted. These 500 prisoners and their families will assuredly be voting if they can get their registrations completed in time. They will need help with that.
The governmor of Virginia tried to give some 200,000 parolees and ex prisoners the right to vote, but was taken down by the Supreme Court of Virginia which pointed out that this violated the State Constitution which required the hearings be done on a case-by-case basis. He said to line them up and he would sign them.
Neither one of these two has ever been in a prison for very long, nor understands what kinds of people are in prisons. A person almost never goes to prison the first time they commit an offense, aside from murder. I might argue that most murderers will not commit the crime again, and might benefit from this release and voter registration. Drug dealers, pimps, extortionists, thieves and other forms of multiple offenders make up the biggest part of the population. Many of these guys and gals are career criminals. They are not going to stop committing crimes when they are released, but they will be more careful about getting caught. The governor and the President will not be touched by any of them, but someone will be. I hope they remember who released these folks on the population.
The governmor of Virginia tried to give some 200,000 parolees and ex prisoners the right to vote, but was taken down by the Supreme Court of Virginia which pointed out that this violated the State Constitution which required the hearings be done on a case-by-case basis. He said to line them up and he would sign them.
Neither one of these two has ever been in a prison for very long, nor understands what kinds of people are in prisons. A person almost never goes to prison the first time they commit an offense, aside from murder. I might argue that most murderers will not commit the crime again, and might benefit from this release and voter registration. Drug dealers, pimps, extortionists, thieves and other forms of multiple offenders make up the biggest part of the population. Many of these guys and gals are career criminals. They are not going to stop committing crimes when they are released, but they will be more careful about getting caught. The governor and the President will not be touched by any of them, but someone will be. I hope they remember who released these folks on the population.
Wednesday, August 3, 2016
Slow Response from DNC
There is a good article in Reuters today [http://www.reuters.com/article/us-usa-cyber-democrats-reconstruct-idUSKCN10E09H ] about the DNC hack and the delay on getting security professionals into the place when they were first told about "unusual activity" on their computers. I have made contact with various political offices, big businesses, and other government agencies to tell them that we thought they should look for suspicious activity in their computers and they all respond in about the same way: "We will check on that." The tone us usually a "yeah-yeah-yeah" brush-off like "we know what we are doing over here" even if the evidence is pretty solid they don't. It is not possible to tell them everything, since certain aspects of an investigation like this are classified. They involve a foreign entity getting into US computers, and being detected by the US Government. If a contractor reports it we could tell them it was reported to us that the source was xxx country, but most of the time it isn't done that way. Better not to tell them too much or it tips off the other side that you know they are hacking and from where.
Most businesses are smart enough to know that when the FBI says "check that network for suspicious activity" they are not telling them on a whim or some general threat from anywhere. They go and get their security staff and start running checks. They us usually find the problem pretty quickly, or if they don't, they get more security and outside help. These are not kids hacking from Cleveland when the FBI calls.
It is apparent the DNC, at least by the dates in this article, did not exactly jump to the task and they are now complaining (as others have too) that they were not given enough information to find the intruder. That is like saying, "You didn't tell us exactly where to look or what to look for." The same things were said about OPM's hack.
From June of 2015 until May of 2016, they didn't call professionals in to look at the "suspicious activity", and now they are taking the heat from donors and political allies who are fretting about what was in the hands of Wikileaks and about to be published. In a year of hackers going around in the systems, we can probably say "everything they had" with a good degree of confidence. Some of them are innocent of wrong-doing but don't want to be known as contributors to Hillary. That is sad for them that this happened. Others were relying on the Hillary machine to protect that donation and they might be ratted out. It is hard to feel sorry for them.
I thought back to the Fortune 100 CIO who told me honestly that he really didn't want to have to go through all that was required to get damage from a hack out of the system and was looking for another way to get out of that. After getting only silence from us, he laughed, saying "OK, I'll do it," and he hung up.
Most businesses are smart enough to know that when the FBI says "check that network for suspicious activity" they are not telling them on a whim or some general threat from anywhere. They go and get their security staff and start running checks. They us usually find the problem pretty quickly, or if they don't, they get more security and outside help. These are not kids hacking from Cleveland when the FBI calls.
It is apparent the DNC, at least by the dates in this article, did not exactly jump to the task and they are now complaining (as others have too) that they were not given enough information to find the intruder. That is like saying, "You didn't tell us exactly where to look or what to look for." The same things were said about OPM's hack.
From June of 2015 until May of 2016, they didn't call professionals in to look at the "suspicious activity", and now they are taking the heat from donors and political allies who are fretting about what was in the hands of Wikileaks and about to be published. In a year of hackers going around in the systems, we can probably say "everything they had" with a good degree of confidence. Some of them are innocent of wrong-doing but don't want to be known as contributors to Hillary. That is sad for them that this happened. Others were relying on the Hillary machine to protect that donation and they might be ratted out. It is hard to feel sorry for them.
I thought back to the Fortune 100 CIO who told me honestly that he really didn't want to have to go through all that was required to get damage from a hack out of the system and was looking for another way to get out of that. After getting only silence from us, he laughed, saying "OK, I'll do it," and he hung up.
Hostage Money to Iran
The Wall Street Journal managed to scoop everyone today with the front-page story on $400 million in cash being flown to Iran just prior to the release of hostages. The White House denies there is any connection to the money and the hostage release, but there may be a more plausible story line in what Newt Gingrich said today on Fox Business. Our State Department, according to his version, actually thought they needed to make the payment look like ransom money to help out Iran's more moderate leaders. So State can say, "It wasn't ransom. We just wanted it to look like ransom." Is anyone paying attention to our government business? To what we look like to the rest of the world?
Foreign Money in White House Politics
There is enough written about how China has managed to get into US politics by supporting people at the local level, who will eventually rise in the system. We saw evidence of it in Virginia this year, which has yet to become a criminal case, with the governor and the Clinton Foundation. It involves a Chinese official who was made a resident alien so his contributions would come from a "US source". The case of Ng Lap Seng, the Macau billionaire was never fully investigated but widely reported in the press in 2012. These instances reminded me of someone, Charlie Trie, who apparently was being investigated for soliticing money from the Chinese government to support Bill Clinton. Both John Huang and Charlie Trie, two that were being investigated, were funneling money to the Clintons were both Clinton appointees to government positions. How these individuals passed background checks is something else again. There is enough similarity between the two cases that we don't have to guess about the Chinese-Clinton association. China may be doing the same thing with Republicans too, but the evidence hasn't risen to the level of this investigation in 1997. If we ever wondered how other governments managed to influence ours, it is plain. They buy our love.
This is from a statement signed by members of the Committee on Government Reform and Oversight in 1997:
" The committee has amassed considerable evidence relating to the activities of former senior DNC official and Clinton appointee John Huang, and former Clinton appointee Charlie Trie. We are, however, at the very beginning of this investigation. I have no allusions that our task will be an easy or a quick one. This is going to take some time.
This committee's hearings will cover many subjects, because the reported abuses of campaign laws and misuse of Government resources are vast. Our initial focus has been on how political parties took or raised contributions from foreign sources. I am gravely concerned about foreign governments, foreign companies or foreign nationals trying to influence our electoral process and also our foreign policy.
Of equal concern, however, is the possibility that the United States is perceived by other countries as so corrupt that they would believe that they could tamper with our democratic process to further their own agenda. At the end of the day, the individuals who are involved must be held accountable.
It was not, ''the system,'' which solicited millions of dollars in illegal contributions. The system did not rent out the Lincoln bedroom. The system didn't withhold subpoenaed records. The system is not responsible for individuals ignoring the campaign finance laws that we already have. It is individuals who are responsible for these actions. It is individuals who must be held accountable. The administration and others are using, ''the system,'' as an excuse to change the subject. We are talking about existing laws being broken here.
Although the Clinton White House is extremely adept at spin control and damage control, it claims to be hopelessly incompetent when it comes to locating records subpoenaed by this committee, the Senate committee, or its own Justice Department. As the Washington Post asked yesterday, quote, Can anyone believe this is on the up and up? end quote. You simply could not make up some of the more outlandish actions taken by this, 'anything goes White House.'
If this sounds familiar, it is what passes for politics in this country.
This is from a statement signed by members of the Committee on Government Reform and Oversight in 1997:
" The committee has amassed considerable evidence relating to the activities of former senior DNC official and Clinton appointee John Huang, and former Clinton appointee Charlie Trie. We are, however, at the very beginning of this investigation. I have no allusions that our task will be an easy or a quick one. This is going to take some time.
This committee's hearings will cover many subjects, because the reported abuses of campaign laws and misuse of Government resources are vast. Our initial focus has been on how political parties took or raised contributions from foreign sources. I am gravely concerned about foreign governments, foreign companies or foreign nationals trying to influence our electoral process and also our foreign policy.
Of equal concern, however, is the possibility that the United States is perceived by other countries as so corrupt that they would believe that they could tamper with our democratic process to further their own agenda. At the end of the day, the individuals who are involved must be held accountable.
It was not, ''the system,'' which solicited millions of dollars in illegal contributions. The system did not rent out the Lincoln bedroom. The system didn't withhold subpoenaed records. The system is not responsible for individuals ignoring the campaign finance laws that we already have. It is individuals who are responsible for these actions. It is individuals who must be held accountable. The administration and others are using, ''the system,'' as an excuse to change the subject. We are talking about existing laws being broken here.
Although the Clinton White House is extremely adept at spin control and damage control, it claims to be hopelessly incompetent when it comes to locating records subpoenaed by this committee, the Senate committee, or its own Justice Department. As the Washington Post asked yesterday, quote, Can anyone believe this is on the up and up? end quote. You simply could not make up some of the more outlandish actions taken by this, 'anything goes White House.'
If this sounds familiar, it is what passes for politics in this country.
Tuesday, August 2, 2016
Chinese Sabres Rattle Again
The Chinese have a way of trying to manipulate public opinion in other countries by allowing certain types of things to be published in their own. These publications favor the Party's view of the world which frequently does not approximate reality. Say it often enough and they will believe it.
The latest of these is two fold. First, the press reports military brass in China have decided they think the U.S should be put in its place and given "a bloody nose" over their incursions into the South China Sea. [ see http://www.reuters.com/article/us-southchinasea-ruling-china-insight-idUSKCN10B10G ]. This is a rediculous idea and one I remember well from many years ago when a Chinese PLA General thought it was a good idea to drop a nuclear weapon on Los Angeles to even things out in a dispute they were having with us. Nobody took that seriously then because they considered it an over reaction that would never be considered by the leadership. This situation seems to be extreme, but not as extreme as the use of nuclear weapons in diplomacy. A bloody nose is a descriptive term that implies blood will be spilled to demonstrate the Chinese resolve to hold onto a vast expanse of ocean that is not theirs. They held joint military exercises with Russia last week to tell us they have more friends in their claim to the South China Sea. The Russians are laughing up their sleeves at this and are not going to come to China's aid in a dispute over territory even they can't believe the Chinese have claimed. Sailing around in open ocean with the flags up is one thing; shooting and being shot at are another.
The second thing is demonstrations like the smashing of iPhones and boycotting Kentucky Fried Chicken, both things that are so outrageous that even the people doing them must have wondered why anyone would want to demonstrate this way. It makes the news, though only barely in the United States. It is supposed to bring a vision that the Chinese people are up in arms over the ships sailing into an ocean 1000 miles from the capital city. Please. They could care less, and the Chinese know it. Yet, this nonsense continues until it strikes a chord that the press in other countries will latch onto.
This is the kind of dangerous manipulation that leads to bad things happening. One of these reactionaries will be stoked up enough to do some real harm to someone or the military will get itself worked up in a frenzy and shoot off a missile. That is exactly what the Chinese want us to believe.
We have lived with this kind of manipulation long enough. The press has to learn to not repeat the intentional statements made by China's own. They are helping the Chinese and doing themselves no good.
The latest of these is two fold. First, the press reports military brass in China have decided they think the U.S should be put in its place and given "a bloody nose" over their incursions into the South China Sea. [ see http://www.reuters.com/article/us-southchinasea-ruling-china-insight-idUSKCN10B10G ]. This is a rediculous idea and one I remember well from many years ago when a Chinese PLA General thought it was a good idea to drop a nuclear weapon on Los Angeles to even things out in a dispute they were having with us. Nobody took that seriously then because they considered it an over reaction that would never be considered by the leadership. This situation seems to be extreme, but not as extreme as the use of nuclear weapons in diplomacy. A bloody nose is a descriptive term that implies blood will be spilled to demonstrate the Chinese resolve to hold onto a vast expanse of ocean that is not theirs. They held joint military exercises with Russia last week to tell us they have more friends in their claim to the South China Sea. The Russians are laughing up their sleeves at this and are not going to come to China's aid in a dispute over territory even they can't believe the Chinese have claimed. Sailing around in open ocean with the flags up is one thing; shooting and being shot at are another.
The second thing is demonstrations like the smashing of iPhones and boycotting Kentucky Fried Chicken, both things that are so outrageous that even the people doing them must have wondered why anyone would want to demonstrate this way. It makes the news, though only barely in the United States. It is supposed to bring a vision that the Chinese people are up in arms over the ships sailing into an ocean 1000 miles from the capital city. Please. They could care less, and the Chinese know it. Yet, this nonsense continues until it strikes a chord that the press in other countries will latch onto.
This is the kind of dangerous manipulation that leads to bad things happening. One of these reactionaries will be stoked up enough to do some real harm to someone or the military will get itself worked up in a frenzy and shoot off a missile. That is exactly what the Chinese want us to believe.
We have lived with this kind of manipulation long enough. The press has to learn to not repeat the intentional statements made by China's own. They are helping the Chinese and doing themselves no good.
Russian Anthrax News
In case the news has escaped you, the Russians have had a small anthrax outbreak in Siberia, reported today by the BBC. The Russians say it was caused by a thawing reindeer carcass [ another story says 1200 reindeer have died along with a young boy ]. The inconsistencies in stories are nothing new and they have the commonality of all referring to reindeer and thawing, where a lot of anthrax has been contaminating humans. There is anthrax everywhere so it sounds like a reasonable explanation.
It sounds reasonable unless you have heard of Sverdlovsk, where the same explaination accounted for the deaths of thousands of people in 1979. You can read the whole story at http://nsarchive.gwu.edu/NSAEBB/NSAEBB61/. In that case, an explosion at a military facility produced enough anthrax in the air to kill most of the casualities. I would be hard pressed to say that was what happened in this case, but I would also not be too quick to accept the thawing reindeer carcass theory. The problem with a lie is, once told, it does not go away. The Russians have lived with this one for about 35 years.
The other problem with a lie is that you lose credibility with any other truth. We might want to check into the sources of this story and start finding out what killed all those reindeer. Can it be an unusually warm winter? Maybe. Can it be another accident? Maybe. The truth is out there somewhere.
It sounds reasonable unless you have heard of Sverdlovsk, where the same explaination accounted for the deaths of thousands of people in 1979. You can read the whole story at http://nsarchive.gwu.edu/NSAEBB/NSAEBB61/. In that case, an explosion at a military facility produced enough anthrax in the air to kill most of the casualities. I would be hard pressed to say that was what happened in this case, but I would also not be too quick to accept the thawing reindeer carcass theory. The problem with a lie is, once told, it does not go away. The Russians have lived with this one for about 35 years.
The other problem with a lie is that you lose credibility with any other truth. We might want to check into the sources of this story and start finding out what killed all those reindeer. Can it be an unusually warm winter? Maybe. Can it be another accident? Maybe. The truth is out there somewhere.
Monday, August 1, 2016
The Russian Information War
I usually like to read Gordon Crovitz but this week he got a little off track with an article on "Russia's Information War with the United States". An Information War is complicated and the Russians have been doing it for years, so let's not think that they don't know what they are doing, or that they don't have plausible deniability for anything that might be done. They are not as crude as they were in the Cold War, though they may be a little less competent than the Chinese. That is relative. My second book, The New Cyberwar is mostly about Russia and their use of cyber.
His complaint, if we can call it that, is that the Russians are trying to interfere with the United States national elections by releasing e-mails from the stash at the Democratic National Committee and the Hillary Clinton campaign. He, and most of the liberal end of the press, want retaliation for this theft of data. This is similar to the US actions taken after the North Koreans stole e-mail from Sony. The US took some actions after that, but nothing to speak of. We have done nothing about the Chinese theft of security clearance data from OPM.
This is not really the kind of Information War that can be made with this kind of information, though I would agree that it is part of the way to fight. The Russians have been doing this for years so they know how to use it. Modification of documents, letters and content of e-mail is their stock in trade. They did this to the Reagan Administration and they have done it since in international politics. They plant articles that say something that isn't true, but has the format of other things that are true. The problems for us is figuring out which ones are "originals" and which are fake. This kind of thing has gone on for hundreds of years, so we have all seen it done. So far, nobody from the campaign has said any of the emails are fake. There is still time for that.
Intelligence services that steal information only rarely post it on the Internet. Anonymous and similar groups with a political bent will do that kind of thing. Even the Russians learned that the US electorate is very hard to influence, so this kind of effort, especially involving the loose cannons at Wikileaks, doesn't sound like something they would want to do. All that work that they put into defeating Ronald Reagan failed, so they will think twice before paying for a lot of effort that gets nothing in return.
His complaint, if we can call it that, is that the Russians are trying to interfere with the United States national elections by releasing e-mails from the stash at the Democratic National Committee and the Hillary Clinton campaign. He, and most of the liberal end of the press, want retaliation for this theft of data. This is similar to the US actions taken after the North Koreans stole e-mail from Sony. The US took some actions after that, but nothing to speak of. We have done nothing about the Chinese theft of security clearance data from OPM.
This is not really the kind of Information War that can be made with this kind of information, though I would agree that it is part of the way to fight. The Russians have been doing this for years so they know how to use it. Modification of documents, letters and content of e-mail is their stock in trade. They did this to the Reagan Administration and they have done it since in international politics. They plant articles that say something that isn't true, but has the format of other things that are true. The problems for us is figuring out which ones are "originals" and which are fake. This kind of thing has gone on for hundreds of years, so we have all seen it done. So far, nobody from the campaign has said any of the emails are fake. There is still time for that.
Intelligence services that steal information only rarely post it on the Internet. Anonymous and similar groups with a political bent will do that kind of thing. Even the Russians learned that the US electorate is very hard to influence, so this kind of effort, especially involving the loose cannons at Wikileaks, doesn't sound like something they would want to do. All that work that they put into defeating Ronald Reagan failed, so they will think twice before paying for a lot of effort that gets nothing in return.
Pay to Play Politics
There was an interesting article by Jay Solomon in the Wall Street Journal. It concerned paying claims to Cuba for whatever kind of grievances they could dream up [ see http://www.wsj.com/articles/u-s-and-cuba-take-steps-to-expedite-claims-process-1469814705 ]. The State Department wants to speed up this claims process before anyone finds out we are engaged with another pay to play scheme in international politics. The first one, you remember, was Iran, where we paid billions of dollars to settle mythical claims to get them to agree to a nuclear deal that the ink was barely dry on when Iran started saying we owned them money. Cuba is trying to do the same thing, and nobody would blame them if the United States is stupid enough to pay money for a deal that Cuba doesn't really want or care about.
This is a kind of diplomacy we are unfamiliar with, though it sets an interesting precedent. Every time we get a peace agreement between Assad and his allies, with the opposition, we could lay the groundwork for "claims" against each side which would be settled if the peace agreement held. We could get China to pay billions for the islands they dispute in the South China Sea. The Philippines might take a few billion to walk away from their win on claims to territory. A novel idea. Novel foreign policy. Except in the Cuba and Iran cases, we are paying taxpayer dollars to people who hate us and have worked against us for years. There is no line item in the budget to fund this kind of policy and somewhere they are going to have to dig up the money. I want to be on the Hill the day that comes up for debate.
This is a kind of diplomacy we are unfamiliar with, though it sets an interesting precedent. Every time we get a peace agreement between Assad and his allies, with the opposition, we could lay the groundwork for "claims" against each side which would be settled if the peace agreement held. We could get China to pay billions for the islands they dispute in the South China Sea. The Philippines might take a few billion to walk away from their win on claims to territory. A novel idea. Novel foreign policy. Except in the Cuba and Iran cases, we are paying taxpayer dollars to people who hate us and have worked against us for years. There is no line item in the budget to fund this kind of policy and somewhere they are going to have to dig up the money. I want to be on the Hill the day that comes up for debate.
Subscribe to:
Posts (Atom)