You may have noticed a story in Reuters today that says China and South Korea have patched up their differences over THAAD just days before President Trump visits Asia. This amazing realignment comes after China had curbed tourism to the South, manipulated everything they could to limit Latte Group in China (Latte sold the land that THAAD is on to allow the deployment), and make vague threats about how the future of trade and international relations hinged on the South Koreans moving THAAD out. It cost the South nearly half a percentage point in GNP. THAAD is only a defensive anti-missile system, which has made the world wonder why all the fuss.
The simple truth is China likes having the US hostage to missiles in the North of Korea, and happy to perpetuate that as long as they can. THAAD has been a pretty successful interceptor and could likely hit its target, making that threat less. The North has deployed and test fired more missiles in groups that might overwhelm a single battery, but that tactical move does not seem to change the strategic situation. The Chinese are not worried about THAAD’s radar peering into China; they are worried about the North keeping its focus on the US. In past administrations leaders could only focus on one shiny object at time. While China built up the South China Sea, the US worried about the North. That doesn’t seem to be the case anymore, so watch for President Trump to make some friends of his own in Vietnam over the next couple of weeks.
Tuesday, October 31, 2017
The Russians Did More than Charges Show
For a good look at what the Russians really did during and after the US national election take a look at the story in the Wall Street Journal today. So, some of those rallies at Black Lives Matter and rallies against shootings on both police and victims of police were engineered by payments funneled and managed by real Russians meddling in US politics. No doubt more of that will come out in today’s hearings on the Hill. Nothing brings social media to the truth faster than testimony that is bound to make the news, with regulation to follow. Where was there patriotic interest before regulation was proposed?
Monday, October 30, 2017
Too Few in Cyber Security
I saw a Journal article about a shortage of people in Cyber Security today that kind of surprised me. It said there were upwards of a million unfilled Cyber Security jobs in the world and AI was going to help fill them. Since this is a story that I have heard since 1977 when I got into this business, I kind of wondered why they thought that was going to happen now, when it hasn’t happened in all these years.
First, to keep those thinking of getting into the cyber security business, I doubt that number is anywhere close to realistic. If you total up all the businesses in the world that need cyber security specialists there just aren’t that many. Small businesses rely on services that help them, many of those cloud services that are growing faster than corn in Iowa. The clouds might have a couple of hundred thousand people doing cyber and a bunch of administrators who know it well enough to do their jobs. It takes a little of both operations and security to get by in the business.
Second, AI is no better at solving these kinds of problems until it can find new exploits that get into systems and compromise them. One of the biggest flaws in our security systems today is the inability to discover new methods of attack until the attacks have already taken place. We need to find and monitor groups of hackers who develop code to do that, and companies that devote the kind of time it takes get good rewards- ask Mandiant how much money they made when FireEye purchased them.
Then, of course, we need to disrupt them at least to the point that it becomes very expensive to maintain their business models. Businesses, especially International Banking, seem content to stay on the sidelines and watch hackers get better. We need much more security because we don’t have anyone doing the disruption that needs to be done.
Third, much of the world’s cyber defenses are now operating against foreign governments. The real need for cyber defense is in government which has neither the desire nor the capacity to hire and train the best. Admittedly, some of them get sucked into industry but not as many as one might think. Government security is not sophisticated enough to get people prepared for life in the commercial world. It teaches all the wrong skills and worries about this form or that rather than if a system is secure. The government policies, if followed, will not make a system reasonably secure. Worse yet, it produces drones who don’t know how to secure a system, but only to make paper descriptions look like they do.
So, AI, what can you do for these kinds of problems? Not much. It might be better than the endless stream of alarms over a network intrusion detection system, but not a whole lot better. Those sensors are programmed to watch for things we already know have happened. Give me a system that adapts to new attack techniques we have never seen before and I will buy it in a minute. I just don’t think the systems I have seen will do that. Give me a system that will adapt to new attack techniques and reconfigure the network without stopping operations and I will buy that in a minute. We have people who said they could do that 10 years ago. We are still waiting.
Now, do we need more people in Cyber Security? No. We need better skills in the ones we have. Those skills have nothing to do with certificates or letters after a person’s name. These are skills with managing and security of networks that interconnect across the world. Human Resources has no way to measure that kind of thing anymore. Shame on them. It keeps ones who can do that from getting into the places we really need them. It reminds me of new security architects coming into my office for an interview. I asked them to sketch out the last architecture they had developed and fill in some details as they went. It was surprising at the number who couldn’t do that. They didn’t need certs to do that. They needed experience.
First, to keep those thinking of getting into the cyber security business, I doubt that number is anywhere close to realistic. If you total up all the businesses in the world that need cyber security specialists there just aren’t that many. Small businesses rely on services that help them, many of those cloud services that are growing faster than corn in Iowa. The clouds might have a couple of hundred thousand people doing cyber and a bunch of administrators who know it well enough to do their jobs. It takes a little of both operations and security to get by in the business.
Second, AI is no better at solving these kinds of problems until it can find new exploits that get into systems and compromise them. One of the biggest flaws in our security systems today is the inability to discover new methods of attack until the attacks have already taken place. We need to find and monitor groups of hackers who develop code to do that, and companies that devote the kind of time it takes get good rewards- ask Mandiant how much money they made when FireEye purchased them.
Then, of course, we need to disrupt them at least to the point that it becomes very expensive to maintain their business models. Businesses, especially International Banking, seem content to stay on the sidelines and watch hackers get better. We need much more security because we don’t have anyone doing the disruption that needs to be done.
Third, much of the world’s cyber defenses are now operating against foreign governments. The real need for cyber defense is in government which has neither the desire nor the capacity to hire and train the best. Admittedly, some of them get sucked into industry but not as many as one might think. Government security is not sophisticated enough to get people prepared for life in the commercial world. It teaches all the wrong skills and worries about this form or that rather than if a system is secure. The government policies, if followed, will not make a system reasonably secure. Worse yet, it produces drones who don’t know how to secure a system, but only to make paper descriptions look like they do.
So, AI, what can you do for these kinds of problems? Not much. It might be better than the endless stream of alarms over a network intrusion detection system, but not a whole lot better. Those sensors are programmed to watch for things we already know have happened. Give me a system that adapts to new attack techniques we have never seen before and I will buy it in a minute. I just don’t think the systems I have seen will do that. Give me a system that will adapt to new attack techniques and reconfigure the network without stopping operations and I will buy that in a minute. We have people who said they could do that 10 years ago. We are still waiting.
Now, do we need more people in Cyber Security? No. We need better skills in the ones we have. Those skills have nothing to do with certificates or letters after a person’s name. These are skills with managing and security of networks that interconnect across the world. Human Resources has no way to measure that kind of thing anymore. Shame on them. It keeps ones who can do that from getting into the places we really need them. It reminds me of new security architects coming into my office for an interview. I asked them to sketch out the last architecture they had developed and fill in some details as they went. It was surprising at the number who couldn’t do that. They didn’t need certs to do that. They needed experience.
Friday, October 27, 2017
Trusting China with Chip Making
Dan Nidess had an opinion piece in the Wall Street Journal today that seems perfectly intuitive to anyone doing information war. He says, in short, Don’t let the Chinese make chips for our military and points to some of the bad things that can happen when a country does. His example of some chips sold to the US military which would stop missiles from firing, is a good one.
So, I wonder, how is it that the military in any country would buy chips made in China? I used an earlier example of some chips counterfeited in China, then slightly altered. That story was in my first book, and in the second edition coming out early next year, I showed how the Chinese were buying up chip making facilities over the last 3 years. That is now under some scrutiny. What we have to wonder is how those chips get into the supply chain of any military.
One reason is we don’t look at third tier subs on government contracts. Not just the Chinese take advantage of that. They sell these chips to companies that need chips, sometimes not knowing where they will be used. They probably know what system the chips will be used in - say an F-35 fighter - but may not know what country bought one or where that aircraft will be. They probably don’t care or need to know that to sabatoge F-35 fighters. Do them all and sort that part out later. But let’s be clear here, they build a chip that they can control performance of. They aren’t doing it to sell chips in the world market and increase market share. It isn’t normal business. It is war business.
Nidess may well be right that the militaries of the world should not buy anything made with chips from China, but that means redirecting manufacturing back to countries who have given it up to China. That is a long, slow slog. In the meantime, the Chinese deny any involvement in the remote hack of Intel chips leading to remote hijacking caused by a flaw in some Intel chipsets which are said to go back to 2010, when Intel started making chips in China. There is some urgency to getting that manufacturing capability back for at least some critical components of weapon and command and control systems. We are responding to mistakes made 10-15 years ago and the legacy of those mistakes will be around for along time.
So, I wonder, how is it that the military in any country would buy chips made in China? I used an earlier example of some chips counterfeited in China, then slightly altered. That story was in my first book, and in the second edition coming out early next year, I showed how the Chinese were buying up chip making facilities over the last 3 years. That is now under some scrutiny. What we have to wonder is how those chips get into the supply chain of any military.
One reason is we don’t look at third tier subs on government contracts. Not just the Chinese take advantage of that. They sell these chips to companies that need chips, sometimes not knowing where they will be used. They probably know what system the chips will be used in - say an F-35 fighter - but may not know what country bought one or where that aircraft will be. They probably don’t care or need to know that to sabatoge F-35 fighters. Do them all and sort that part out later. But let’s be clear here, they build a chip that they can control performance of. They aren’t doing it to sell chips in the world market and increase market share. It isn’t normal business. It is war business.
Nidess may well be right that the militaries of the world should not buy anything made with chips from China, but that means redirecting manufacturing back to countries who have given it up to China. That is a long, slow slog. In the meantime, the Chinese deny any involvement in the remote hack of Intel chips leading to remote hijacking caused by a flaw in some Intel chipsets which are said to go back to 2010, when Intel started making chips in China. There is some urgency to getting that manufacturing capability back for at least some critical components of weapon and command and control systems. We are responding to mistakes made 10-15 years ago and the legacy of those mistakes will be around for along time.
“One China” Travel Restrictions
A Reuters story today stretches the meaning of “One China” to new ends. China is actually asking the US to not allow travel through US territory for Taiwan’s President Tsai Ing-wen. On the face of it, this is farce which not even the Chinese can be serious about. The US is not going to ban the head of a country it recognizes as independent because China thinks Taiwan still belongs to them - along with the entire piece of ocean called the South China Sea. This kind of imperialism went out with the end of the 1950s.
Yet, we shouldn’t ignore this kind of request and chalk it up to a misguided bureaucrat who slipped up in applying policy he might not understand.
The Chinese have not missed very many chances in the last 10 years to claim Taiwan as its own. Every step we concede in that war of words is a step too far. Previous US Presidents have allowed this kind of creep to surround and isolate Taiwan until is gradually becomes what China wants, part of the mainland. Few of these tirades are done in isolation. Tsai Ing-wen is making friends and allies. She strengthens her position and keeps China back. We have just added another aircraft carrier group to the Pacific as a sign that we are not going to have China taking over the trade routes in their economic war, a war that envisions retaking Taiwan and South Korea. They have pushed in both places at every opportunity, but they don’t get enough pushback from other countries. Japan is starting to, as is South Korea. The Philippines, Vietnam, and Indonesia need to join in.
Yet, we shouldn’t ignore this kind of request and chalk it up to a misguided bureaucrat who slipped up in applying policy he might not understand.
The Chinese have not missed very many chances in the last 10 years to claim Taiwan as its own. Every step we concede in that war of words is a step too far. Previous US Presidents have allowed this kind of creep to surround and isolate Taiwan until is gradually becomes what China wants, part of the mainland. Few of these tirades are done in isolation. Tsai Ing-wen is making friends and allies. She strengthens her position and keeps China back. We have just added another aircraft carrier group to the Pacific as a sign that we are not going to have China taking over the trade routes in their economic war, a war that envisions retaking Taiwan and South Korea. They have pushed in both places at every opportunity, but they don’t get enough pushback from other countries. Japan is starting to, as is South Korea. The Philippines, Vietnam, and Indonesia need to join in.
A Little Historical Surprise in S. Korea
Once in awhile, there are surprises in history that just grab hold and won’t let go. I saw one of those this morning when a story in the Wall Street Journal documented a little footnote in the history of the Korean War - in time of war, the United States military controls the South Korean military. Day to day control lies with the South.
I have dealt with the South Korean Army for 30 years or so and never knew that little fact. How can a sovereign nation not control its own military in time of war? The official explanation, as shown in this article, is that they are not ready. That means, since 1953 when the war sort of ended, the Korean Army has not gotten itself ready to fight a war without US supervision.
They certainly seem competent as a military force. They do have a little trouble keeping secrets at times, especially those war plans the North claims to have gotten from the South, but they are good fighters and they know how to defend their country. The North would find them a capable enemy if it ever came to that. So, you have to ask yourselve why they are not ready to act independently in a time of war? I don’t have an answer for that question, but it needs to be asked more often of the US Defense Department.
I have dealt with the South Korean Army for 30 years or so and never knew that little fact. How can a sovereign nation not control its own military in time of war? The official explanation, as shown in this article, is that they are not ready. That means, since 1953 when the war sort of ended, the Korean Army has not gotten itself ready to fight a war without US supervision.
They certainly seem competent as a military force. They do have a little trouble keeping secrets at times, especially those war plans the North claims to have gotten from the South, but they are good fighters and they know how to defend their country. The North would find them a capable enemy if it ever came to that. So, you have to ask yourselve why they are not ready to act independently in a time of war? I don’t have an answer for that question, but it needs to be asked more often of the US Defense Department.
Wednesday, October 25, 2017
Exporting Darkness
I have to admit, Andrew Browne at the Journal has put things together on China that others seem to miss. This time, he talks about a darkness that is hard for us to see, but something the Chinese come face to face with every day - a kind of darkness that hides the inner workings of government from the people. As Browne puts it, “Increasingly, economic, diplomatic and military power in the 21st century will emanate from an organization that was born in secrecy and still obsessively guards its inner workings.”
Every government has secrecy for several reasons, the first of which is national security. It has to hide parts of its budget and China does that pretty well. It has to have technological development of its military and Intelligence Services which collect huge amounts of data from around the world. We understand that kind of security.
Every government has some secrets about how it goes about “making sausages”, the what goes on behind the scenes before policies get to public view. Making sausage, for those who have never seen it done, is an apt description. You don’t really want to know what went into that tube. We understand that kind of secrecy.
Every government has to have a managed economy and some of those backroom deals that make that happen are not things we want to discuss in public. We understand that kind of secrecy.
But not every government has the level of censorship, control of the press, influence on other countries activities relative to China. That is because they want the trust of the people. As Browne says, “The paradox of power in China is that the stronger the country grows, the more insecure the party feels and thus more prone to bouts of repression.”.
This is always the case with dictatorships. We see it over and over. The country does well and the leadership rises to the top, maintains the economic growth and silences the enemies of the state. But, let things go wrong and trust will turn quickly to people in the street expressing their views. Even that can be controlled for awhile, but not forever.
If you read this entire article, you will come away with an uncomfortable feeling that the central Chinese government can hold things together for a time, maybe a long time, but not forever. It is a little like the feeling you get when the GPS takes you to the wrong place, and you are alone at the end of a road with no place to go. There is a little bit of panic, and some irrational thoughts about being lost somewhere you don’t belong. We should all be concerned about that day coming.
Every government has secrecy for several reasons, the first of which is national security. It has to hide parts of its budget and China does that pretty well. It has to have technological development of its military and Intelligence Services which collect huge amounts of data from around the world. We understand that kind of security.
Every government has some secrets about how it goes about “making sausages”, the what goes on behind the scenes before policies get to public view. Making sausage, for those who have never seen it done, is an apt description. You don’t really want to know what went into that tube. We understand that kind of secrecy.
Every government has to have a managed economy and some of those backroom deals that make that happen are not things we want to discuss in public. We understand that kind of secrecy.
But not every government has the level of censorship, control of the press, influence on other countries activities relative to China. That is because they want the trust of the people. As Browne says, “The paradox of power in China is that the stronger the country grows, the more insecure the party feels and thus more prone to bouts of repression.”.
This is always the case with dictatorships. We see it over and over. The country does well and the leadership rises to the top, maintains the economic growth and silences the enemies of the state. But, let things go wrong and trust will turn quickly to people in the street expressing their views. Even that can be controlled for awhile, but not forever.
If you read this entire article, you will come away with an uncomfortable feeling that the central Chinese government can hold things together for a time, maybe a long time, but not forever. It is a little like the feeling you get when the GPS takes you to the wrong place, and you are alone at the end of a road with no place to go. There is a little bit of panic, and some irrational thoughts about being lost somewhere you don’t belong. We should all be concerned about that day coming.
Tuesday, October 24, 2017
A Sanctimonious Microsoft
In what is one of the longest blog posts I have ever seen from anyone, Brad Smith, Chief Legal Counsel for Microsoft, claims victory for the “people’s privacy rights” when they store information in a cloud. As I said in my previous post, the whole issue of privacy is about Microsoft’s vision of what privacy for users of clouds is about. It has nothing to do with privacy in a more general sense, and I doubt that Microsoft will be doing anything to warn its customers that any government has requested data on one of its accounts. That is what makes this a sanctimonious argument.
Smith’s lengthy blog is about something I have some sympathy for - secrecy orders that are overly long and last forever. I’m sure there are enough people in the FBI who agree. It is too easy to make long lists of things you are searching for and ask for secrecy with the company that gets the National Security Letter. It is partly laziness on the part of agents who want everything and can’t really justify having it. A National Security Letter gives them cover to explore and they get protection from the providers of information. There were several public reports about abuses of NSLs, so this would not be a surprise to very many people in Justice. The fact that Justice is now “tightening up” their policies has very little to do with Microsoft per se. It has been a long time coming and should have been done in the previous Administration.
But, for me to believe that Microsoft is at all concerned about the privacy of its users and really wants to notify them of attempts by any government to access information on one of its users, is a bit of a stretch. Microsoft points to the number of NSLs it gets ( it is a compromise to allow them to do that since the NSLs are classified) but the NSLs are only the tip of the iceberg in a global company. While they quibble about the ones in the US, they give the Chinese access to their own people’s data, and probably the Russians too. Who knows how many counties in the world do exactly the same things when it comes to data stored on one of their citizens?
Vodafone published a long country-by-country list of which ones asked for data access all the time, part of the time, or with warrants. It was astonishing to read. Vodafone was not the only company affected by these govnement policies, but they were the only one that published them. The rest of the service providers do not want us to know that the equivalent of NSLs are being presented to service providers all over the world, every day. Many countries bypass that step altogether and get access to the data directly with no oversight at all. Should we wonder if Microsoft warns its users that is happening? We probably don’t have to wonder about that one.
So, now tell me that when a country requests data on a Microsoft user that Microsoft is going to tell that user that the request has been made. Surely, Microsoft does not just want this policy of theirs to apply in the US and nowhere else? That would be hypocracy for a company so committed to “peoples’ rights”. I suggest you look for another reason for Microsoft’s position. This one is not very plausible.
Smith’s lengthy blog is about something I have some sympathy for - secrecy orders that are overly long and last forever. I’m sure there are enough people in the FBI who agree. It is too easy to make long lists of things you are searching for and ask for secrecy with the company that gets the National Security Letter. It is partly laziness on the part of agents who want everything and can’t really justify having it. A National Security Letter gives them cover to explore and they get protection from the providers of information. There were several public reports about abuses of NSLs, so this would not be a surprise to very many people in Justice. The fact that Justice is now “tightening up” their policies has very little to do with Microsoft per se. It has been a long time coming and should have been done in the previous Administration.
But, for me to believe that Microsoft is at all concerned about the privacy of its users and really wants to notify them of attempts by any government to access information on one of its users, is a bit of a stretch. Microsoft points to the number of NSLs it gets ( it is a compromise to allow them to do that since the NSLs are classified) but the NSLs are only the tip of the iceberg in a global company. While they quibble about the ones in the US, they give the Chinese access to their own people’s data, and probably the Russians too. Who knows how many counties in the world do exactly the same things when it comes to data stored on one of their citizens?
Vodafone published a long country-by-country list of which ones asked for data access all the time, part of the time, or with warrants. It was astonishing to read. Vodafone was not the only company affected by these govnement policies, but they were the only one that published them. The rest of the service providers do not want us to know that the equivalent of NSLs are being presented to service providers all over the world, every day. Many countries bypass that step altogether and get access to the data directly with no oversight at all. Should we wonder if Microsoft warns its users that is happening? We probably don’t have to wonder about that one.
So, now tell me that when a country requests data on a Microsoft user that Microsoft is going to tell that user that the request has been made. Surely, Microsoft does not just want this policy of theirs to apply in the US and nowhere else? That would be hypocracy for a company so committed to “peoples’ rights”. I suggest you look for another reason for Microsoft’s position. This one is not very plausible.
Harassment of Russia’s Press
I worked on a section of my newest book last year and found several examples of the harassment of reporters who work for news outlets that publish unfavorable stories about the leadership in the Kremlin. Living in the US, we tend to think that all countries allow reporters to say and do almost anything that pops into their heads, true or not, with impunity. By increasing numbers, we don’t believe very many of the press reports we see about anything, especially things political.
In Russia, there were a disturbing number of deaths of reporters who were chasing down corruption in the central government, but that situation has improved. Harassment has not. More editors and reporters leave “to spend more time with their families” or “seek other opportunities” both phrases we all know. As story in the BBC today reminded me of some of the others who suffered the fate described here. A woman newsreader has her face sprayed with feces and her car set on fire. The lead in this story is stabbed in the neck by a guy who looks like he is portrayed- a guy who could be a nut case in any circumstance. It is plausible for him to do what he did, without any association with the government. That is the way Intelligence Services work. At least one degree of separation from their government. You have to look at the other instances of this same kind of thing to see the whole picture of harassment of those who work for radio stations and news outlets who don’t always stick to the Party line.
In Russia, there were a disturbing number of deaths of reporters who were chasing down corruption in the central government, but that situation has improved. Harassment has not. More editors and reporters leave “to spend more time with their families” or “seek other opportunities” both phrases we all know. As story in the BBC today reminded me of some of the others who suffered the fate described here. A woman newsreader has her face sprayed with feces and her car set on fire. The lead in this story is stabbed in the neck by a guy who looks like he is portrayed- a guy who could be a nut case in any circumstance. It is plausible for him to do what he did, without any association with the government. That is the way Intelligence Services work. At least one degree of separation from their government. You have to look at the other instances of this same kind of thing to see the whole picture of harassment of those who work for radio stations and news outlets who don’t always stick to the Party line.
Monday, October 23, 2017
Czech Election Sabatoge, Lesson for US
Well, if the Russians are nothing else, they are consistent. This story by Reuters, which almost all the other news services ignored, says the target was the website which showed the summary results of the parliamentary election. This is similar to what they did in the Ukraine when they tried to keep the votes from being tabulated. In both cases, the only thing affected is a delay in the results being posted. So, if you can’t get to the election system, you could delay the results. I’m not saying this has any useful purpose except to let the populations know that they are messing with election tablulation. Certainly, they are trying to improve their capabilities and have fallen a little short, but with our own mid-term elections coming up, let’s hope there is a little more preparation for these kinds of attacks than we saw in the last election.
We tend, a little too much, to focus on what was done to the election systems and not where the Russians are trying to go with their sabatoge. They want to affect election results, not just the posting of them.
We tend, a little too much, to focus on what was done to the election systems and not where the Russians are trying to go with their sabatoge. They want to affect election results, not just the posting of them.
Chinese Still After Guo Wengui
A few years ago the Financial Times wrote a story about charities and China’s biggest businesses that named a mysterious man about which they could find very little. That man has shown resilience by staying in the US even after the President said he should be removed. That is because the Chinese are deep into US politics in ways the Russians have never been, and nobody seems inclined to discuss it or investigate it.
A Wall Street Journal article today illustrates the point. It reads like a Cold War spy drama, with denials and counter-claims galore. The Chinese want Guo back in China and seem to go to lengths that endanger their own personnel to achieve their objective.
Most of my previous examples of Chinese involvement in the US national election were favoring the Democrats, but it seems the Chinese are like any other country trying to buy influence - they are not discriminatory. How does a man who manages to be named in a personal letter from the Chinese government, hand delivered to the White House, read by President Trump, after which the President said he should be deported back to China, remain in the country? The answers are here somewhere.
Over the past five years, (not 3 as the article suggests) the Chinese have sent agents to the US to harass and cajole Chinese nationals into returning to China. They use tourist visas which do not allow them to conduct official business. In Guo’s case, they said they would unfreeze assets frozen by the government, which would do him little good if he were in jail waiting to get them. He declined. They persisted, even after a visit by the FBI which told them they were operating outside their visas and should exit the country. They ignored those warnings. Had they been in China, they would have been arrested.
The Democrats are not anxious to investigate the Chinese involvement in the US national election because they benefited from the largess of several Chinese businessmen who came to the US - and became resident aliens- due to a little known visa program, the EB-5. Resident aliens can legally donate to political parties and are not representatives of a foreign interest, even though they retain dual citizenship with China. Both major political parties are up to their necks in this one, but California, Texas, and New York are in deeper than the rest. Go to the Hill and mention this one to any lobbies or staffers and they look away or talk about how nice the weather is today.
It should be no secret how a man who donates to both political parties can remain in the US.
A Wall Street Journal article today illustrates the point. It reads like a Cold War spy drama, with denials and counter-claims galore. The Chinese want Guo back in China and seem to go to lengths that endanger their own personnel to achieve their objective.
Most of my previous examples of Chinese involvement in the US national election were favoring the Democrats, but it seems the Chinese are like any other country trying to buy influence - they are not discriminatory. How does a man who manages to be named in a personal letter from the Chinese government, hand delivered to the White House, read by President Trump, after which the President said he should be deported back to China, remain in the country? The answers are here somewhere.
Over the past five years, (not 3 as the article suggests) the Chinese have sent agents to the US to harass and cajole Chinese nationals into returning to China. They use tourist visas which do not allow them to conduct official business. In Guo’s case, they said they would unfreeze assets frozen by the government, which would do him little good if he were in jail waiting to get them. He declined. They persisted, even after a visit by the FBI which told them they were operating outside their visas and should exit the country. They ignored those warnings. Had they been in China, they would have been arrested.
The Democrats are not anxious to investigate the Chinese involvement in the US national election because they benefited from the largess of several Chinese businessmen who came to the US - and became resident aliens- due to a little known visa program, the EB-5. Resident aliens can legally donate to political parties and are not representatives of a foreign interest, even though they retain dual citizenship with China. Both major political parties are up to their necks in this one, but California, Texas, and New York are in deeper than the rest. Go to the Hill and mention this one to any lobbies or staffers and they look away or talk about how nice the weather is today.
It should be no secret how a man who donates to both political parties can remain in the US.
Thursday, October 19, 2017
India Better Partner than China for US
Rex Tillerson, the US Secretary of State, said Yesterday that India was a better long-term bet for the US than was China. Then he gave reasons why that was true: (1) they don’t steal our technology and use it to compete against us. (2) they don’t make territorial claims on other countries and (3) they abide by international law , though he was also mentioning that in the context of violating sanctions the vote for in the UN. This must have not gone over well with the Chinese. I guess we have not been considering the obvious: when you have a friend like China, you might want to look for new friends.
Kurds Running from Iraqi Army
In an attempt to regain the Kirkuk oil region, the Iraqis Army has taken back cities it once abandoned to ISIS. The Kurds took it from ISIS and settled in. When the Iraqi Army came back, in what looks like an orchestrated move allowed by the allied forces in the area, it blocked the roads and asked the Kurds to stay. Most did not. Given the history, we can see why. They don’t trust the Iraqi Army nor the Iranian-backed groups that fight with them.
During the wars fought in that area, the Iraqi Army has not been good enough to hold onto the land it had. It fled as fast as those Humvees could take them when ISIS started to roll in. They don’t like causalities. They are perfectly willing to let the Kurds take them in coming back into the region. The reward they get for working so hard is just like the reward they have always gotten from those countries that put troops into that region - they get pushed out, usually violently.
Leave no doubt that this will be about oil. If the Kurds have it, they have a self-sustaining economy that the Iraqi government cannot stop from cementing its hold on territory. They have a home and that home is theirs. Iraq will not have an easy time of taking any more than they have gotten back in the last few days. Nobody likes to fight the Kurds, and soon enough they are going to let Iraq know that they will not retreat any further.
During the wars fought in that area, the Iraqi Army has not been good enough to hold onto the land it had. It fled as fast as those Humvees could take them when ISIS started to roll in. They don’t like causalities. They are perfectly willing to let the Kurds take them in coming back into the region. The reward they get for working so hard is just like the reward they have always gotten from those countries that put troops into that region - they get pushed out, usually violently.
Leave no doubt that this will be about oil. If the Kurds have it, they have a self-sustaining economy that the Iraqi government cannot stop from cementing its hold on territory. They have a home and that home is theirs. Iraq will not have an easy time of taking any more than they have gotten back in the last few days. Nobody likes to fight the Kurds, and soon enough they are going to let Iraq know that they will not retreat any further.
Wednesday, October 18, 2017
Xi Gives 3-Hour Speech
You have to look around for examples of speeches that last longer than an hour. People just don’t have an attention span that supports listening that long. The Castro family in Cuba was famous for long speeches, as were Hugo Chavez, and Saddam Hussein. I can’t imagine a US President giving a speech more than an hour long. The heads of state in Europe are equally thoughtful in giving speeches. Too long, is too long. It seems like only dictators give speeches that run for three hours. Am I wrong here?
N Korea Group Hacking Financials
Most of my friends know that Bangladesh’s central bank was hacked by people who got in through SWIFT, something that never should have happened if the banks followed the rules. Now, that same group is said to have hacked the Far Eastern International Bank in Taiwan. Perhaps we are not seeing thefts of banks in their proper light.
Banks, especially big banks, are not supposed to get hacked, especially by a state-managed group. North Korea does not have rouge gangs out stealing stuff in the international banking scene. It requires too much resources and a safe place to operate from. The North is a little short on both. Can a gang operate there and the government not know? Unlikely.
This looks to me like a state enterprise trying to disrupt the international banking infrastructure, a stated goal of the Chinese military preparing for war with the US. In my second edition of my first book I have some examples quoting Chinese generals who seek that goal but would not want to be associated with actually doing it. They say, in fact, that no war would be fought if the financial infrastructure were to be disrupted. North Korea gets that kind of work to test out these new forms of war and hide the real culprits behind it.
This is really dangerous and potentially disruptive beyond anything cyberspace has produced so far. Yes, the Russians can knock out power in a couple of cities, and that counts for disruption. But this is demonstrating a capability to disrupt the banking system. They make it look like theft to hide the real purpose. The financial community needs to take this more seriously than it has. Security in big banks is not what it used to be and needs a quantum improvement to keep up. SWIFT needs to get its act together. This is not the same as theft for profit and the banks need help with intelligence and techniques being used. They also need tighter oversight of operations. All in all, they need to step up their game.
Banks, especially big banks, are not supposed to get hacked, especially by a state-managed group. North Korea does not have rouge gangs out stealing stuff in the international banking scene. It requires too much resources and a safe place to operate from. The North is a little short on both. Can a gang operate there and the government not know? Unlikely.
This looks to me like a state enterprise trying to disrupt the international banking infrastructure, a stated goal of the Chinese military preparing for war with the US. In my second edition of my first book I have some examples quoting Chinese generals who seek that goal but would not want to be associated with actually doing it. They say, in fact, that no war would be fought if the financial infrastructure were to be disrupted. North Korea gets that kind of work to test out these new forms of war and hide the real culprits behind it.
This is really dangerous and potentially disruptive beyond anything cyberspace has produced so far. Yes, the Russians can knock out power in a couple of cities, and that counts for disruption. But this is demonstrating a capability to disrupt the banking system. They make it look like theft to hide the real purpose. The financial community needs to take this more seriously than it has. Security in big banks is not what it used to be and needs a quantum improvement to keep up. SWIFT needs to get its act together. This is not the same as theft for profit and the banks need help with intelligence and techniques being used. They also need tighter oversight of operations. All in all, they need to step up their game.
Tuesday, October 17, 2017
Microsoft’s E-mail Case to Supreme Court
Well, these always take time to get anywhere, and this one certainly took 4 years to get where it was going, to the highest court in the United States.
It is a simple case. The US law enforcement was investigating a drug case and got a warrant for e-mail from the suspect. This is fairly standard thing to do. But, the response was anything but standard. Microsoft gave up e-mail that was in the US but not the e-mail stored in Ireland. Microsoft has data stored in 100 centers in 40 countries. The lower court upheld the warrant, but on appeal, the 2nd Circuit Court decided against it. Microsoft said it would leave itself open to having other countries do the same thing - requesting data stored in the US.
This seems to have some importance to data storage in general, and I would guess, is more important to Azure than to e-mail which is why Microsoft is fighting so hard. Cloud services could be affected by the same type of ruling.
The cloud companies cannot have their cake and eat it too. The US does not have the same kinds of rules on data storage that Russia and China have - store here that data you collect here. We should have the same kind of rules. That would simplify Microsoft’s concerns, and ease the issue with overseas warrants. If you think about it, Microsoft is asking law enforcement to get warrants in every country where they store data to cover all the places that data might be, an equally preposterous demand.
We got into this several times on defense data being stored in places outside the US and we didn’t like it very much. Microsft was using an overflow system for servers that sent some of our emails (hence other data attached) to storage in Eastern Europe. We didn’t like that very much. You can bet that it is not so simple as having data stored in the US and Ireland because that data is sent many places that are clearly not the US or Ireland before they get to storage. Microsoft may have opened Pandora’s Box by going this far with this case.
We were concerned that some of that data might end up in China or places that were not very friendly to the US. Microsoft does have data storage in China because Chinese law says they have to keep data collected in China, stored in China. But, they may have some US data stored there too, something nobody in their right mind would want. On any given day, I wonder if they could say where all that cloud data was stored. In the few cases we identified, Microsoft, as a policy matter, did not direct the data to be stored anywhere. It was stored where operations put it. Tell me that Microsoft knew that e-mail was in Ireland before the warrant was issued. At some point it may have passed through US servers even though it wasn’t stored there for long. Microsoft could probably not answer a question about where it passed through any country of those 40 it serves.
So, it is a simple case, if you listen to how Microsoft and their brethren have described it. It may not be so simple after all, if the Justice Department asks the right questions.
It is a simple case. The US law enforcement was investigating a drug case and got a warrant for e-mail from the suspect. This is fairly standard thing to do. But, the response was anything but standard. Microsoft gave up e-mail that was in the US but not the e-mail stored in Ireland. Microsoft has data stored in 100 centers in 40 countries. The lower court upheld the warrant, but on appeal, the 2nd Circuit Court decided against it. Microsoft said it would leave itself open to having other countries do the same thing - requesting data stored in the US.
This seems to have some importance to data storage in general, and I would guess, is more important to Azure than to e-mail which is why Microsoft is fighting so hard. Cloud services could be affected by the same type of ruling.
The cloud companies cannot have their cake and eat it too. The US does not have the same kinds of rules on data storage that Russia and China have - store here that data you collect here. We should have the same kind of rules. That would simplify Microsoft’s concerns, and ease the issue with overseas warrants. If you think about it, Microsoft is asking law enforcement to get warrants in every country where they store data to cover all the places that data might be, an equally preposterous demand.
We got into this several times on defense data being stored in places outside the US and we didn’t like it very much. Microsft was using an overflow system for servers that sent some of our emails (hence other data attached) to storage in Eastern Europe. We didn’t like that very much. You can bet that it is not so simple as having data stored in the US and Ireland because that data is sent many places that are clearly not the US or Ireland before they get to storage. Microsoft may have opened Pandora’s Box by going this far with this case.
We were concerned that some of that data might end up in China or places that were not very friendly to the US. Microsoft does have data storage in China because Chinese law says they have to keep data collected in China, stored in China. But, they may have some US data stored there too, something nobody in their right mind would want. On any given day, I wonder if they could say where all that cloud data was stored. In the few cases we identified, Microsoft, as a policy matter, did not direct the data to be stored anywhere. It was stored where operations put it. Tell me that Microsoft knew that e-mail was in Ireland before the warrant was issued. At some point it may have passed through US servers even though it wasn’t stored there for long. Microsoft could probably not answer a question about where it passed through any country of those 40 it serves.
So, it is a simple case, if you listen to how Microsoft and their brethren have described it. It may not be so simple after all, if the Justice Department asks the right questions.
Monday, October 16, 2017
North Korea Attacks British TV
Yes, another amazing story of the North Koreans not being able to take a joke. They must live in a humorless society, with no fun. When British television decided to take on the North in a drama about a scientist taken captive in the North, you would think the North would yawn and ignore the whole things. Then we find out the studio, Mammoth Screen, was cyber attacked before the picture ever got funding. Channel 4 which sponsored the show, was also attacked. This is not nice behavior and would not have been well received in the US.
This is a case where a private company is attacked and the government has not come to its aid, either through some diplomatic measure to deter further aggression, or by like cyber measures to subdue the attackers. Why do they have to let a film studio defend itself against an a government sponsored attack? This comes under the heading of National Security, and not something any government should tolerate. They are forfeiting any sovereign defense of the country’s networks when they take such a stand. What do they think will happen now? The North Koreans will continue their attacks and won’t even have to launch to make a threat now. The British seem to be no better at deterrence and retaliation than the Obama Administration was.
This is a case where a private company is attacked and the government has not come to its aid, either through some diplomatic measure to deter further aggression, or by like cyber measures to subdue the attackers. Why do they have to let a film studio defend itself against an a government sponsored attack? This comes under the heading of National Security, and not something any government should tolerate. They are forfeiting any sovereign defense of the country’s networks when they take such a stand. What do they think will happen now? The North Koreans will continue their attacks and won’t even have to launch to make a threat now. The British seem to be no better at deterrence and retaliation than the Obama Administration was.
Saturday, October 14, 2017
China Internal Borrowing
There is a good opinion piece in the Wall Street Journal a couple of days ago with an interesting title - China’s Reform Canary, a clever statement of the purpose in having the Governor of the People’s Bank of China say what needs to be done with the economy the week before the Communist Party’s annual conference. This canary will not be dying anytime soon, in case you were wondering.
He is talking about debt - lots of debt built up over years of lending to keep state-owned companies afloat. He is talking about business debt unrelated to productivity. “This combination, known as financial repression, has contributed to the massive increase in lending over the past decade. Total debt in the economy soared to 280% of GDP by some estimates.” Debt to GDP ratios in the U.S. are about 105% and getting worse. The two largest economies in the world are in debt up to their ears.
I don’t know about you, but spending seems to be a problem neither one of us can solve. They think it is OK to be in debt up to your ears, and don’t know how to say no to increases in spending. Do we think that can go on forever?
He is talking about debt - lots of debt built up over years of lending to keep state-owned companies afloat. He is talking about business debt unrelated to productivity. “This combination, known as financial repression, has contributed to the massive increase in lending over the past decade. Total debt in the economy soared to 280% of GDP by some estimates.” Debt to GDP ratios in the U.S. are about 105% and getting worse. The two largest economies in the world are in debt up to their ears.
I don’t know about you, but spending seems to be a problem neither one of us can solve. They think it is OK to be in debt up to your ears, and don’t know how to say no to increases in spending. Do we think that can go on forever?
Friday, October 13, 2017
Census Security for 2020
The US has a census every 10 years and that report answers a lot of questions for researchers and news outlets. It is usually far too intrusive for most of us. Do they really need to know how many bathrooms my house has? No. So, does anyone think it is a good idea to allow them to do their survey responses online - to save money? No.
Talk about the mother load of data. There is not a hacker anywhere in Eastern Europe who will not be fiddling around with that system trying to extract the data. How many bathrooms are in that movie star’s house? How many people live with her? How many illegal immigrants live on the grounds? We have the locations of almost any US person all in one place, which beats Equifax. Equifax only had those with a credit history.
Databases are not safe anymore. OPM and Equifax should have taught us that part. Trying to do the same thing over, thinking the results will be different, is the definition of idiocy. Our government does not understand how to say no. These kinds of projects wing along under the radar “making progress” on security and Internet access when those two things are contradictory. The security problems have already started and they sound way too much like the ones we heard with the ObamaCare website. You can be sure there will be statements like “We have no reason to believe that data was removed from the database,” the stock response for people who don’t have enough security to make that determination.
Yes, it costs more to collect data without using the Internet. Yes, keeping the data off the Internet is harder. But, tell me why we want to prove all over again that we can’t secure data of this importance?
Talk about the mother load of data. There is not a hacker anywhere in Eastern Europe who will not be fiddling around with that system trying to extract the data. How many bathrooms are in that movie star’s house? How many people live with her? How many illegal immigrants live on the grounds? We have the locations of almost any US person all in one place, which beats Equifax. Equifax only had those with a credit history.
Databases are not safe anymore. OPM and Equifax should have taught us that part. Trying to do the same thing over, thinking the results will be different, is the definition of idiocy. Our government does not understand how to say no. These kinds of projects wing along under the radar “making progress” on security and Internet access when those two things are contradictory. The security problems have already started and they sound way too much like the ones we heard with the ObamaCare website. You can be sure there will be statements like “We have no reason to believe that data was removed from the database,” the stock response for people who don’t have enough security to make that determination.
Yes, it costs more to collect data without using the Internet. Yes, keeping the data off the Internet is harder. But, tell me why we want to prove all over again that we can’t secure data of this importance?
Hacking Made Easy
The “hack” done on some Australian defense industries is anything but, and it reminds me that administration of computer systems has fallen off a good bit over the past few years. One of our administrators once left the default passwords on a client system and came within an eyelash of getting fired over it. We were a well respected business that knew security, and sold that expertise to other businesses. Those kinds of companies are not supposed to do things like that. Our clients recognized stupid as well as we did.
The current cases in the news are showing us that bad administration still includes the use of “Admin” or “Guest”as both account name and password. This is stupid. I don’t mean poor judgement, failure to follow proper policy, or mistakes in administration. I mean stupid.
As one of my engineers once said, “Boss, we cannot engineer-out “stupid”. There are a host of things that administrators of all kinds do that fall in this category, but we can’t build security systems that compensate for all of them. It speaks to the lack of education, starting in college, that gives no credible amounts of time to anything Security-related in the curriculum. Some even make it an elective that you can take or not. Security can go look for stupid and try to identify where these kinds of passwords have been used - and should have in those cases. Hacker programs look for those in their password lists because stupid is almost everywhere in the world. But stupid is not just passwords.
I should make up a list for SANS that covers the Top 20 Stupid Mistakes, if it hasn’t been done already. Using one password for administrators across an enterprise comes to mind. Embedding passwords in code. Putting unsecured test system on the Internet is number 3. There are a host of them, probably exceeding 20 since I can think of more at the moment. And, these only involve passwords, which we should have done away with years ago. We have policies in government that required two-factor authentication many years ago, and that was a common finding in inspections - no two-factor authentication had been implemented. Stupid.
The current cases in the news are showing us that bad administration still includes the use of “Admin” or “Guest”as both account name and password. This is stupid. I don’t mean poor judgement, failure to follow proper policy, or mistakes in administration. I mean stupid.
As one of my engineers once said, “Boss, we cannot engineer-out “stupid”. There are a host of things that administrators of all kinds do that fall in this category, but we can’t build security systems that compensate for all of them. It speaks to the lack of education, starting in college, that gives no credible amounts of time to anything Security-related in the curriculum. Some even make it an elective that you can take or not. Security can go look for stupid and try to identify where these kinds of passwords have been used - and should have in those cases. Hacker programs look for those in their password lists because stupid is almost everywhere in the world. But stupid is not just passwords.
I should make up a list for SANS that covers the Top 20 Stupid Mistakes, if it hasn’t been done already. Using one password for administrators across an enterprise comes to mind. Embedding passwords in code. Putting unsecured test system on the Internet is number 3. There are a host of them, probably exceeding 20 since I can think of more at the moment. And, these only involve passwords, which we should have done away with years ago. We have policies in government that required two-factor authentication many years ago, and that was a common finding in inspections - no two-factor authentication had been implemented. Stupid.
China Tightens Noose on Social Media
China has a way of strangling like a boa constrictor. Most of these snakes are big, not particularly fast, but can wrap themselves around a small animal and squeeze until the bones are broken, then
injest the whole thing when it is softened up, but still warm. China is doing the same thing to its big social media giants, first criticizing them for their laxness in censorship, now getting the government involved in managing the companies more directly. They do not like the platforms that allow too much criticism of the central government, and spread ideas that don’t include the Communist Party running the country. Shame, shame.
China pretends its purpose is to help the people. It’s real purpose, tucked away in guidance and policy, is to preserve the Communist Party. Woe be anyone who gets those two confused. The Party cannot rule a democracy. There is nothing democratic about a one-party system.
injest the whole thing when it is softened up, but still warm. China is doing the same thing to its big social media giants, first criticizing them for their laxness in censorship, now getting the government involved in managing the companies more directly. They do not like the platforms that allow too much criticism of the central government, and spread ideas that don’t include the Communist Party running the country. Shame, shame.
China pretends its purpose is to help the people. It’s real purpose, tucked away in guidance and policy, is to preserve the Communist Party. Woe be anyone who gets those two confused. The Party cannot rule a democracy. There is nothing democratic about a one-party system.
Thursday, October 12, 2017
Russian Influence on US Election
We have been hearing a lot about Russian payments for ads in social media, but we have not been hearing about payments for people who write comments on social media platforms and news agencies. The Russians are leaning on Chinese expertise for some of the same types of Internet controls that China uses. They are growing increasingly like the Chinese who know how to do Political Warfare. The Chinese go directly to the heart of their campaigns to sway public opinion by paying for comments. The cited article says, “They estimate the Chinese government ‘fabricates and posts about 448 million social media comments a year.’ They say the operation is massive and secretive, the goal being to ‘distract the public and change the subject.’” If the Russians paid for ads, you can bet they also paid for writers for mass media and social media outlets.
Even When They Know
Citizen Lab at the University of Toronto has always done good research, especially things China related that show how deep intelligence can get when it is applied through applications, but this time they focused on Korea and their apps for kids’ cellphones.
We all know that kids and cells are what we might call a “dynamic mix” that is capable of producing more than either one could. Only the apps they looked at left them vulnerable to outsiders who might also like to have some of the data these teen generate. This is a lesson in the difficulty of getting changes to flaws in software identified and fixed by the people who produce it.
Citizen Lab, et al, found vulnerabilities in government funded software developed under a 2015 law “requires all South Korean telecommunications operators that enter into service contracts with children under the age of 19 to provide a means to block content deemed “harmful” on their mobile phones and ensure parents receive notifications whenever the blocking mechanism becomes inoperative.” Those apps were reviewed and the flaws indentified to the developers and government.
The response by the vendors was predictable, but not satisfactory. In one case the original software was taken off the market and replaced by a rebranded version of the same software with a reduced subset of the same flaws. We should also note the second versions passed a government security review. In another instance the same software was rereleased saying the vulnerabilities had been fixed, when they hadn’t. The government reviewers were obviously focused on functionality and not security.
This points to an obvious conclusion that identification of flaws in software does not motivate the developers or government to reduce the risk. They may discount the risks to children who may not have as many credit cards or on-line banking apps as their parents - but the kids around this neighborhood are using on-line apps to pay for almost everything.
I wish this kind of behavior was limited to a few developers in South Korea, but it isn’t. Vendors are not liable for the software they produce and the impact of that is widespread. They don’t fix flaws because there is no penalty for leaving them in, or rebranding a product that is seriously deficient. When can we have liability laws that hold a vendor to reasonable standards for software they produce?
We all know that kids and cells are what we might call a “dynamic mix” that is capable of producing more than either one could. Only the apps they looked at left them vulnerable to outsiders who might also like to have some of the data these teen generate. This is a lesson in the difficulty of getting changes to flaws in software identified and fixed by the people who produce it.
Citizen Lab, et al, found vulnerabilities in government funded software developed under a 2015 law “requires all South Korean telecommunications operators that enter into service contracts with children under the age of 19 to provide a means to block content deemed “harmful” on their mobile phones and ensure parents receive notifications whenever the blocking mechanism becomes inoperative.” Those apps were reviewed and the flaws indentified to the developers and government.
The response by the vendors was predictable, but not satisfactory. In one case the original software was taken off the market and replaced by a rebranded version of the same software with a reduced subset of the same flaws. We should also note the second versions passed a government security review. In another instance the same software was rereleased saying the vulnerabilities had been fixed, when they hadn’t. The government reviewers were obviously focused on functionality and not security.
This points to an obvious conclusion that identification of flaws in software does not motivate the developers or government to reduce the risk. They may discount the risks to children who may not have as many credit cards or on-line banking apps as their parents - but the kids around this neighborhood are using on-line apps to pay for almost everything.
I wish this kind of behavior was limited to a few developers in South Korea, but it isn’t. Vendors are not liable for the software they produce and the impact of that is widespread. They don’t fix flaws because there is no penalty for leaving them in, or rebranding a product that is seriously deficient. When can we have liability laws that hold a vendor to reasonable standards for software they produce?
Wednesday, October 11, 2017
North Korea May have Stolen Secrets
These stories with North Korea just keep coming. This time, a few news outlets have reported that North Korea may have stolen some war plans describing different options, including assassination of the Great Leader. The theft may have happened, but I am skeptical of the whole claim and even more skeptical that it happened electronically as it is described. The alternative may be worse, depending upon how you look at the North.
War plans are not something easy to come by. They are very highly classified and require access control beyond the normal stuff a military usually has. If they were in a computer, they were not in a computer that would have been attached to the Internet. Not everyone has access to them even if they have the clearances for this kind of material. Most people do not. So, only a small number of people had access to these plans and none of them were in North Korea.
If the North really did get these, it did not likely steal them. Somebody gave them the documents and that someone was either a spy for North Korea, Russia or China. None of these countries would want anyone to know they had a spy in the location he was in, so they would try to pretend they stole the documents from a computer. But the stealing was more likely the Chelsea Manning kind of theft, by an authorized person who had access to the documents. There is more an more of that kind of theft being engineered by Russia and China. They get people with clearances into places they want to steal from, then take the information they are given and publish it, or use it to make trouble between allies. That is exactly what they think they can do here.
There is more sympathy for the North if we think the world is ganging up on them and may kill off the leadership, but I have never seen a war plan that didn't think about doing away with some leaders - not many - and write down that thought. Those are plans, i.e. potential actions that give leadership a range of possibilities. It does not mean any person will actually do any of the things described. In my previous post, I talked about the two dozen plans drawn up after the North shot down a US surveillance plane in international waters, in 1969. They are options and nothing more. They would have to be negligent not to consider having this leader removed - permanently, so there is no reason for there to not be a plan for that. How they got that plan, if they did, would be of more interest.
War plans are not something easy to come by. They are very highly classified and require access control beyond the normal stuff a military usually has. If they were in a computer, they were not in a computer that would have been attached to the Internet. Not everyone has access to them even if they have the clearances for this kind of material. Most people do not. So, only a small number of people had access to these plans and none of them were in North Korea.
If the North really did get these, it did not likely steal them. Somebody gave them the documents and that someone was either a spy for North Korea, Russia or China. None of these countries would want anyone to know they had a spy in the location he was in, so they would try to pretend they stole the documents from a computer. But the stealing was more likely the Chelsea Manning kind of theft, by an authorized person who had access to the documents. There is more an more of that kind of theft being engineered by Russia and China. They get people with clearances into places they want to steal from, then take the information they are given and publish it, or use it to make trouble between allies. That is exactly what they think they can do here.
There is more sympathy for the North if we think the world is ganging up on them and may kill off the leadership, but I have never seen a war plan that didn't think about doing away with some leaders - not many - and write down that thought. Those are plans, i.e. potential actions that give leadership a range of possibilities. It does not mean any person will actually do any of the things described. In my previous post, I talked about the two dozen plans drawn up after the North shot down a US surveillance plane in international waters, in 1969. They are options and nothing more. They would have to be negligent not to consider having this leader removed - permanently, so there is no reason for there to not be a plan for that. How they got that plan, if they did, would be of more interest.
Formulating China Trade Investigative Criteria
It is fairly obvious from a report in the Wall Street Journal today that the US Trade Representative is close to formulating the bounds of an investigation into China’s theft of trade secrets from businesses operating in China. I have talked to people who have been there and know the urgency of doing something. China asks first, tries to establish business relationships that benefit both parties, then steals what they can’t get through legitimate means. It used to be easier to say no than it is today and that kind of behavior is hard to quantify.
The Journal piece is looking at the balance between legitimate trade and theft of trade secrets, but there is a lot of grey between those two. The article quotes Chinese business leaders this way: ‘“Both U.S. and Chinese companies can enter into contracts or choose business partners freely and independently,” said Wang Guiqing, vice president of a Chinese business group.’. Were it not for the unequal export rules of the two countries, that statement would be true. That is the view that China wants us to have over the joint ventures formed between companies that have data China wants. Those ventures are supposed to be able to protect trade secrets and proprietary lines of business, but cannot. The Chinese know that, so encourage it. In the rest of the world, it is pretty safe to do joint ventures because the parties don’t join together to steal each other’s secrets. They have mutually beneficial business that benefits both parties. Nobody in China should trust that relationship. It isn’t intended to be mutually beneficial for long. It will benefit the Party in the end.
The balance is between leadership that seeks short term profits for long term proprietary losses of technology. Some are doing this without more than a tacit approval of Boards of Directors. If the Board had to actually approve any new relationship with China, they would be fools to allow them to go through. This is an area of due diligence that needs work. Given the track record of the aircraft, electronics, and automobile industries we should be ready to say the technology to manufacture competitive goods will be bought, bartered or stolen in 3-5 years. Are the short-term profits going to balance the loss of technology - in other words, can we out innovate China in the short time frame? Our business leaders think they can.
I’m glad to see this come to an issue with the US Trade Representative now. A succession of government leaders have igorned the obvious disadvantage in dealing with a State that steals trade secrets as a part of its normal operations.
The Journal piece is looking at the balance between legitimate trade and theft of trade secrets, but there is a lot of grey between those two. The article quotes Chinese business leaders this way: ‘“Both U.S. and Chinese companies can enter into contracts or choose business partners freely and independently,” said Wang Guiqing, vice president of a Chinese business group.’. Were it not for the unequal export rules of the two countries, that statement would be true. That is the view that China wants us to have over the joint ventures formed between companies that have data China wants. Those ventures are supposed to be able to protect trade secrets and proprietary lines of business, but cannot. The Chinese know that, so encourage it. In the rest of the world, it is pretty safe to do joint ventures because the parties don’t join together to steal each other’s secrets. They have mutually beneficial business that benefits both parties. Nobody in China should trust that relationship. It isn’t intended to be mutually beneficial for long. It will benefit the Party in the end.
The balance is between leadership that seeks short term profits for long term proprietary losses of technology. Some are doing this without more than a tacit approval of Boards of Directors. If the Board had to actually approve any new relationship with China, they would be fools to allow them to go through. This is an area of due diligence that needs work. Given the track record of the aircraft, electronics, and automobile industries we should be ready to say the technology to manufacture competitive goods will be bought, bartered or stolen in 3-5 years. Are the short-term profits going to balance the loss of technology - in other words, can we out innovate China in the short time frame? Our business leaders think they can.
I’m glad to see this come to an issue with the US Trade Representative now. A succession of government leaders have igorned the obvious disadvantage in dealing with a State that steals trade secrets as a part of its normal operations.
Tuesday, October 10, 2017
The Russians Claim US Cuts Back Bombing of ISIS
Now there is an oddity that should not go unnoticed, a Russian military spokesman says the US has cut back on bombing ISIS to slow the advance of Syrian and Russian fighters advancing on territory held by ISIS. This is, of course, the same Russian military that bombed US allies in Syria while claiming to bomb ISIS. This is the same military that said it was going to withdraw from Syria but hung around for several more years to help clean up. This is the same military that would not recognize Turkey’s borders until Turkey shot down one of the Russian fighter-bombers. They bomb the Kurds at every opportunity, though they seemingly are not alone in that. Please.... give us a break here.
Understating Russian Google Ads
The big Washington news outlets have all been talking about ads on Google paid for by the Russians. Facebook has already gone through this messy review of its ads to see (1) did the groups pay in rubles, (2) did they have IPs in Russia, (3) were the keyboards set to Russian language communications to the place the ads were purchased from?
Few, if any of these news outlets have focused on the right thing. It is foreign involvement in influencing the outcome of a U.S. election that we should be concerned about. The kinds of reviews social media companies have done will not do that, and grossly underestimate the numbers of ads paid for by anybody trying to influence the election. Here is why.
1. Most of the money given to US politicians is given to their party or to their campaign directly. They pay for the ads themselves using that money. That money is laundered through US entities as I previously described in posts dealing with Chinese contributions to US charities that paid money to the Clintons during the last campaign. The money is almost untraceable, as most politicians already know. They can get on their soapboxes and wail about the amount of Russian ads running on Facebook, Twitter and Google, while they pay for their own ads with foreign money given to their friends. They don’t even see the hypocracy.
2. Governments are not stupid, or as naive as they would have to be to run ads in the US from computers that are set to Russian language, paid for in rubles, or located in Russia where IPs were known to be Russian. They don’t have to do any of those things and would not unless they were off the rails, or non-government entities. Nobody has ever accused the Russians - as we are doing by inference in some of these Congressional Committees - as being that dumb. They run very sophisticated campaigns against many different governments who know how to run those kinds of operations themselves.
3. The US is not the only country the Russians are trying to influence. There are traceable activities in Germany, France, Estonia, Ukraine, Latvia and a number of others that show the Russians will do most anything to influence the outcome of an election - or bend a policy to fit their agenda. This is Political Warfare which is not particularly new, having been around in its current form since WWII. Some researchers believe it went on hundreds of years ago, but that is debated.
4. Many other countries were trying to influence political candidates in the US and the Russians were only one of them. By focusing on the Russians, we avoid looking at the sources of campaign money paid by other countries, laundered though political groups, and paying for all kinds of ads directly.
We should not be worried about the crude that floats to the surface of our election baths, and never quite gets to go down the drain with the water. This is left-over that materializes every election. The “their is no evidence of election fraud” theme plays out in a system that has plenty of election fraud every year. I saw it in Chicago with the votes of dead people counted over and over in every single election. We saw it in Virginia where illegal immigrants were voting.
We really want to believe that the Russians were paying for ads to lead us astray. Only that wasn’t what the Russians were doing, since those ads were not trying to influence votes. They wanted to promote dissent. They were looking for causes that promoted hatred, bias, and disruption of both our political system and our election. They found some, and they have not stopped promoting them.
The Russians could not have been very effective with such a small amount of ads placed in all of the social media. Political campaigns spend billions of dollars without having the desired effect, and the Russians are accused of spending less than a million. They would have had to have the most effective ad campaign ever to have achieved sufficient influence to affect voters. People all over the world would have been flocking to their doors to buy that kind of influence. They may be good, but they are not that good.
Few, if any of these news outlets have focused on the right thing. It is foreign involvement in influencing the outcome of a U.S. election that we should be concerned about. The kinds of reviews social media companies have done will not do that, and grossly underestimate the numbers of ads paid for by anybody trying to influence the election. Here is why.
1. Most of the money given to US politicians is given to their party or to their campaign directly. They pay for the ads themselves using that money. That money is laundered through US entities as I previously described in posts dealing with Chinese contributions to US charities that paid money to the Clintons during the last campaign. The money is almost untraceable, as most politicians already know. They can get on their soapboxes and wail about the amount of Russian ads running on Facebook, Twitter and Google, while they pay for their own ads with foreign money given to their friends. They don’t even see the hypocracy.
2. Governments are not stupid, or as naive as they would have to be to run ads in the US from computers that are set to Russian language, paid for in rubles, or located in Russia where IPs were known to be Russian. They don’t have to do any of those things and would not unless they were off the rails, or non-government entities. Nobody has ever accused the Russians - as we are doing by inference in some of these Congressional Committees - as being that dumb. They run very sophisticated campaigns against many different governments who know how to run those kinds of operations themselves.
3. The US is not the only country the Russians are trying to influence. There are traceable activities in Germany, France, Estonia, Ukraine, Latvia and a number of others that show the Russians will do most anything to influence the outcome of an election - or bend a policy to fit their agenda. This is Political Warfare which is not particularly new, having been around in its current form since WWII. Some researchers believe it went on hundreds of years ago, but that is debated.
4. Many other countries were trying to influence political candidates in the US and the Russians were only one of them. By focusing on the Russians, we avoid looking at the sources of campaign money paid by other countries, laundered though political groups, and paying for all kinds of ads directly.
We should not be worried about the crude that floats to the surface of our election baths, and never quite gets to go down the drain with the water. This is left-over that materializes every election. The “their is no evidence of election fraud” theme plays out in a system that has plenty of election fraud every year. I saw it in Chicago with the votes of dead people counted over and over in every single election. We saw it in Virginia where illegal immigrants were voting.
We really want to believe that the Russians were paying for ads to lead us astray. Only that wasn’t what the Russians were doing, since those ads were not trying to influence votes. They wanted to promote dissent. They were looking for causes that promoted hatred, bias, and disruption of both our political system and our election. They found some, and they have not stopped promoting them.
The Russians could not have been very effective with such a small amount of ads placed in all of the social media. Political campaigns spend billions of dollars without having the desired effect, and the Russians are accused of spending less than a million. They would have had to have the most effective ad campaign ever to have achieved sufficient influence to affect voters. People all over the world would have been flocking to their doors to buy that kind of influence. They may be good, but they are not that good.
Sunday, October 8, 2017
More North Korea Sanctions Likely
Last week, several news sources reported Congressional interest in more sanctions on North Korea. The source of that contemplated action was a United Nations report - that report was supposed to be confidential but, according to Foreign Policy, was posted on-line by the Ukraine government. FP promised to post the whole report, but I haven't seen it yet. None-the-less, FP quotes from the report describing a "whack-a-mole strategy" that does not prevent North Korea from suffering under sanctions, nor building nuclear weapons. We have mostly China to thank for that.
North Korea stops getting money or equipment from one Chinese company and the companies change to new ones. China votes for sanctions, then does not enforce them. In a country where censorship is an art form, there is no way China cannot know which companies are violating sanctions. They have to be condoning it. China has the most elaborate Internet monitoring in the world. They will not miss anything going on in their own country. Those sanctions violations go on because China condones them, probably even encouraging it. Anyone who has ever seen the schemes cooked up by ZTE and another unnamed Chinese company to circumvent Iranian sanctions, can be there is the same kind of things going on here. Iran and North Korea are not the only countries involved. Sudan, Cuba, and Syria are also included in their sanctions violations.
So, China votes for sanctions in the UN, then works around them at every opportunity. Does anyone wonder why we trust China to anything they say they will do?
North Korea stops getting money or equipment from one Chinese company and the companies change to new ones. China votes for sanctions, then does not enforce them. In a country where censorship is an art form, there is no way China cannot know which companies are violating sanctions. They have to be condoning it. China has the most elaborate Internet monitoring in the world. They will not miss anything going on in their own country. Those sanctions violations go on because China condones them, probably even encouraging it. Anyone who has ever seen the schemes cooked up by ZTE and another unnamed Chinese company to circumvent Iranian sanctions, can be there is the same kind of things going on here. Iran and North Korea are not the only countries involved. Sudan, Cuba, and Syria are also included in their sanctions violations.
So, China votes for sanctions in the UN, then works around them at every opportunity. Does anyone wonder why we trust China to anything they say they will do?
Thursday, October 5, 2017
Contractor Gives Up Secrets
A story just published a few minutes ago, says the Russians stole data from an intelligence community contractor of the NSA that gave them inside information on some of the techniques used by NSA to penetrate other computer systems, the tools they used, and how the US defends its networks.
The IC has been getting away with some preposterous things lately because their security is not what it used to be, and I put that as mildly as I can because that is not what I would like to say. How are contractors, including one who put documents in her pantyhose before leaving the building, managing to take secrets home to use on their own computers or send to newspapers? This is the kind of stuff that does not happen when there is a disciplined security program that tracks downloads, printing, and inventory of documents. What has happened to that kind of security? Why are you doing all that insider threat stuff, if you aren’t paying attention to the indicators of what insiders do?
Somebody has lost sight of why we do security to begin with and some of those are management people at the very top of these organizations. A few are security organizations who have forgot why they exist and have filled out checklists blindly while people walked out the door with secrets. We should know by now that rote security will not do much for an organization, even if they are paying attention. Contractors are not exempt from these programs, but in too many places contractors are both the workforce and the guardians of secrets. That does not work very well. The interests of the contractors are not the same as the best interests of the government agency. They get lax, as do their Government oversight folks, and they don’t have a penalty for that. Who is going to report their laxness?
We need to reexamine any contracts for security of organizations and get back to what is inherently a government function, start training our people to recognize the events that software is showing them, and do a little internal security. We have said for decades that the insider is our biggest threat, but have never acted accordingly. These examples in the news are just indicators of how bad things have gotten. Snowden was the prime example and you would have thought organizations would have responded accordingly. The fact that they haven’t tells us something about the leadership they are getting.
The IC has been getting away with some preposterous things lately because their security is not what it used to be, and I put that as mildly as I can because that is not what I would like to say. How are contractors, including one who put documents in her pantyhose before leaving the building, managing to take secrets home to use on their own computers or send to newspapers? This is the kind of stuff that does not happen when there is a disciplined security program that tracks downloads, printing, and inventory of documents. What has happened to that kind of security? Why are you doing all that insider threat stuff, if you aren’t paying attention to the indicators of what insiders do?
Somebody has lost sight of why we do security to begin with and some of those are management people at the very top of these organizations. A few are security organizations who have forgot why they exist and have filled out checklists blindly while people walked out the door with secrets. We should know by now that rote security will not do much for an organization, even if they are paying attention. Contractors are not exempt from these programs, but in too many places contractors are both the workforce and the guardians of secrets. That does not work very well. The interests of the contractors are not the same as the best interests of the government agency. They get lax, as do their Government oversight folks, and they don’t have a penalty for that. Who is going to report their laxness?
We need to reexamine any contracts for security of organizations and get back to what is inherently a government function, start training our people to recognize the events that software is showing them, and do a little internal security. We have said for decades that the insider is our biggest threat, but have never acted accordingly. These examples in the news are just indicators of how bad things have gotten. Snowden was the prime example and you would have thought organizations would have responded accordingly. The fact that they haven’t tells us something about the leadership they are getting.
Good Luck With That
Amusing story about a draft bill that will try to restrict foreign money from paying for ads in social media. That is almost laughable, being brought in the wake of the Russian attempts to influence the national elections of several different countries.
First, the Russians paid in rubles for some of the items that were posted. That is not what an intellgence operation would do, so we can almost say the target of the this legislation is probably not the people who actually tried to manipulate the election. Let’s give the Russians some credit for knowing how to run a Political Warfare campaign.
Second, the ads were designed to not favor one candidate or another. They were aimed to support dissent of one kind or another. We have 1000 groups that would love to get money to favor some cause, and giving it to them is not something that qualifies as disruption. We allow that kind of thing to happen here, and the Russians just took advantage of our political system. The Chinese do that better than the Russians and were not even mentioned as being involved in the US election, even though they were.
Third, the only people who know the source of money coming into the US to buy these ads are central banks and intelligence services. The social media companies don’t know, and don’t want to know how that money finds its way into their bottom line. Getting any kind of enforcement of this kind of legislation is almost impossible. That doesn’t mean we don’t want to know who is doing it and how. That information will never be made public and even Congress knows that.
First, the Russians paid in rubles for some of the items that were posted. That is not what an intellgence operation would do, so we can almost say the target of the this legislation is probably not the people who actually tried to manipulate the election. Let’s give the Russians some credit for knowing how to run a Political Warfare campaign.
Second, the ads were designed to not favor one candidate or another. They were aimed to support dissent of one kind or another. We have 1000 groups that would love to get money to favor some cause, and giving it to them is not something that qualifies as disruption. We allow that kind of thing to happen here, and the Russians just took advantage of our political system. The Chinese do that better than the Russians and were not even mentioned as being involved in the US election, even though they were.
Third, the only people who know the source of money coming into the US to buy these ads are central banks and intelligence services. The social media companies don’t know, and don’t want to know how that money finds its way into their bottom line. Getting any kind of enforcement of this kind of legislation is almost impossible. That doesn’t mean we don’t want to know who is doing it and how. That information will never be made public and even Congress knows that.
Russian Monitoring of Smartphones
There is a cute article in the Wall Street Journal about Russian monitoring of cellphones among the 4000 NATO troops in Eastern Europe. I was kind of wondering if any of the NATO forces had ever had an OPSEC briefing, which focuses on security of a different kind - operational security. This is the same kind of security that let the Vietnamese know when troop movements were about to happen. They focused on service people around the military who could feed information that the troops were planning to move out. Troops generally talk too much, and we all know that part. That was before cellphones.
The difference is the Russians are monitoring cellphones and playing games with the troops who have them. They specifically target some individuals in command. They turned on the phone locator, deleted contacts, and generally let them know they were manipulating the devices to see where they were. That is intimidation, a more subtle use of the principles used to gather intelligence from these kinds of devices. NATO forces tried to ban cellphones but the troops worked around policy without realizing how much risk their was to their actions. The military commander who gets a message that someone is trying to access his phone from Moscow is being acquainted with a problem he should already have been briefed on. Anyone who takes personal electronics into combat is putting himself and his comrades at risk. You can tell that to the Russian soldier who posted Facebook photos from both sides of the border in the Ukraine. Soldiers are soldiers everywhere.
Most of us know the 1983 story of the US soldier who, during the invasion of Grenada phoned his operations center to get help. Everyone thought that was the enterprising soldier adapting to a bad situation overcome it. The officer was praised for it at the time. He should know better today. There are no secure cellphones. They ride on networks built and maintained by Chinese and Russian network services. They are too easily hacked, usually through application services that the phone maker does little to check out (Apple being the exception). They are not combat communications, and even Apple can’t do that level of protection for a soldier. A little OPSEC monitoring might help everyone here. Find those phones before your enemy does.
The difference is the Russians are monitoring cellphones and playing games with the troops who have them. They specifically target some individuals in command. They turned on the phone locator, deleted contacts, and generally let them know they were manipulating the devices to see where they were. That is intimidation, a more subtle use of the principles used to gather intelligence from these kinds of devices. NATO forces tried to ban cellphones but the troops worked around policy without realizing how much risk their was to their actions. The military commander who gets a message that someone is trying to access his phone from Moscow is being acquainted with a problem he should already have been briefed on. Anyone who takes personal electronics into combat is putting himself and his comrades at risk. You can tell that to the Russian soldier who posted Facebook photos from both sides of the border in the Ukraine. Soldiers are soldiers everywhere.
Most of us know the 1983 story of the US soldier who, during the invasion of Grenada phoned his operations center to get help. Everyone thought that was the enterprising soldier adapting to a bad situation overcome it. The officer was praised for it at the time. He should know better today. There are no secure cellphones. They ride on networks built and maintained by Chinese and Russian network services. They are too easily hacked, usually through application services that the phone maker does little to check out (Apple being the exception). They are not combat communications, and even Apple can’t do that level of protection for a soldier. A little OPSEC monitoring might help everyone here. Find those phones before your enemy does.
Wednesday, October 4, 2017
Senator Warner’s Contradiction
Senator Warner from Virginia gave public statements today to WTOP radio, and to the general press with Senator Burr, on what is, in this country, euphemistically called “the Russia investigation” about Russia’s meddling in our national elections. In the first statement he laid out the that facts on Russian hacks of both political parties. He said the Russians then released information on only one candidate, Hillary Clinton. This was a direct attempt to favor Donald Trump.
In the nationally broadcast press conference this afternoon, Both Burr and Warner deferred comments about releasing of one party’s memos over another, and Senator Burr did not answer the same question the same way Warner did earlier. Neither person mentioned any favoritism, one way or another.
Warner was playing to a local constituency on WTOP and a national audience this afternoon. The Democrats still push the narrative that the Russians wanted Hillary Clinton to lose the election and that is one reason she lost. If they avoid talking about it in a joint press conference, there still must be reason to think that part was not conclusive.
The Russians tried hard to make sure Ronald Reagan was not re-elected going after his staff and the President himself. They didn’t use Facebook or Twitter because they didn’t exist then. Give credit to the Russians for adapting their media to fit the times. They must think there is nothing we can do about it, but they are having an election of their own next year. Maybe there could be some reciprocal games played to even the score.
In the nationally broadcast press conference this afternoon, Both Burr and Warner deferred comments about releasing of one party’s memos over another, and Senator Burr did not answer the same question the same way Warner did earlier. Neither person mentioned any favoritism, one way or another.
Warner was playing to a local constituency on WTOP and a national audience this afternoon. The Democrats still push the narrative that the Russians wanted Hillary Clinton to lose the election and that is one reason she lost. If they avoid talking about it in a joint press conference, there still must be reason to think that part was not conclusive.
The Russians tried hard to make sure Ronald Reagan was not re-elected going after his staff and the President himself. They didn’t use Facebook or Twitter because they didn’t exist then. Give credit to the Russians for adapting their media to fit the times. They must think there is nothing we can do about it, but they are having an election of their own next year. Maybe there could be some reciprocal games played to even the score.
Tuesday, October 3, 2017
Russian Oppostion
As the BBC points out today, the Russians have a slightly different way of handling political opposition parties. They want to hold elections that look democratic, but they prefer not to have a “loyal opposition” especially one that identifies corruption in the ruling party. They really haven’t changed much in their approach, though they may have cut down on the shooting of political opposition figures in public places. That was crude and got international attention in a hurry.
What they are doing instead is criminalizing behavior, then prosecuting the candidate for those “crimes”, then using that prosecution as a basis for denying them a place on the ballot. You could ask Alexei Navalny how this works, since he is the latest target, though he has been for quite awhile. He needs venues to speak to crowds, but to get a permit he needs permission from local governments. Local governments won’t give permission, so he holds the rallies anyway. He gets arrested and given a short jail sentence, or as the first case, a suspended jail sentence requiring him to avoid further such crimes. Before our local politicians see this and say, “Gosh, I wish I had thought of that,” we need to condem this kind of transparent dictatorship for what it is.
What they are doing instead is criminalizing behavior, then prosecuting the candidate for those “crimes”, then using that prosecution as a basis for denying them a place on the ballot. You could ask Alexei Navalny how this works, since he is the latest target, though he has been for quite awhile. He needs venues to speak to crowds, but to get a permit he needs permission from local governments. Local governments won’t give permission, so he holds the rallies anyway. He gets arrested and given a short jail sentence, or as the first case, a suspended jail sentence requiring him to avoid further such crimes. Before our local politicians see this and say, “Gosh, I wish I had thought of that,” we need to condem this kind of transparent dictatorship for what it is.
Facebook Posts Seen by !0 Mil Users
For such an inconsequential run of ads on Facebook, it seems like 10 million users is a lot. But, that is what the estimate for views of Russian ads run on Facebook. There were 470 “inauthentic accounts”, whatever that means to someone. They bought $!00,000 in ads, half of which Facebook says were not seen until after the election. We have to wonder why anyone would want ads run after the election, or pay for those that were. Maybe, they were not intended just to influence the election, but the post election operation of the US government.
Some of the actual ads were shown yesterday. They included anti-immigrant ads about the cost of illegal immigrants, a few promoting racism, a couple supporting Black Lives Matter, and one promoting the killing of Muslims in the US. These pages had more than a million followers before they were pulled by Facebook. Their intent is to resist the new government, no matter who won. They need a base to do that from, and there were readymade ones all over the place after this election. You can bet they paid for a few of those “resist” banners that went up anywhere they could be tolerated as free speech, and quite a bit more. If there is one thing we should have learned from the Russian operations in the Ukraine, they don’t stop when the election is over.
Some of the actual ads were shown yesterday. They included anti-immigrant ads about the cost of illegal immigrants, a few promoting racism, a couple supporting Black Lives Matter, and one promoting the killing of Muslims in the US. These pages had more than a million followers before they were pulled by Facebook. Their intent is to resist the new government, no matter who won. They need a base to do that from, and there were readymade ones all over the place after this election. You can bet they paid for a few of those “resist” banners that went up anywhere they could be tolerated as free speech, and quite a bit more. If there is one thing we should have learned from the Russian operations in the Ukraine, they don’t stop when the election is over.
Russian Facebook Posts in US Election
We are only just finding out now the extent of Russian involvement in manipulation of public opinion about issues connected to the US national election in November. This is not something the social media giants want investigated. Just the thought of it leads them to censorship of content on their own platforms, something they don’t want to do, and don’t want to be seen as liable for. “We just provide the platform for ideas” they say. Just about every mass media has gone through this at one point so they are not unique.
What the Russians did was what they have done before in the Ukraine and elsewhere. Funding billboards for people who don’t have television, manipulating social media, arresting journalists who don’t report their way, buying journalists who support their cause, going after the voting infrastructure that counted votes in the national election, and funding political candidates directly. They have done all of these things in the US national election and we have yet to discover the extent of it. This is all part of the New Cyberwar, I described in my last book.
Newspaper stories about Spain’s treatment of Cubans twisted stories to fit a narrative that the US should be helping the Cubans overcome their oppressors. The US sent the battleship Maine down to help out, and the Maine blew up. Newspapers fostered the idea that the Maine was blown up by somebody - most likely Spain. It took years to discover the real reason was linked to problems with the boilers that had blown up on other ships. We entered a war we didn’t even want to settle a wrong that was not even legitimate.
Motion pictures and television have both had similar experiences with content, using the medium to manipulate ideas and positions on social and public policy to suit a Hollywood or New York perception of events. Both still do it today, with television dominated by slanted views of events that have turned off viewers, left and right.
We still don’t know the extent of involvement by the Russians in the reporting of events by news media, what political causes were suppported by them, what groups were sponsored by them. Facebook finally did a weak internal investigation only after they had said the Russians had no sponsored activity on their site. Somebody pointed out to them the fallacy of that idea and should point to the methodology used in their current study to minimize the count of Russian sponsored ads. Facebook treated the Russians taking out the ads like they were stupid amateurs.
Now Twitter is finding out more accounts were fake and those “thought leaders” might have been being paid for their ideas. I don’t see newspapers doing internal investigations on writers who were paid to generate stories slanted a particular way, but that is the way the Russians work. Money for politicians is also their stock in trade. We don’t see people pouring through donations looking for Russian sponsored money, but you can bet it is there. In Germany, Russian proxies heckled senior leaders to the point that they actually complained to Mr. Putin about being harassed. Some of those groups we saw in the US could have been from the same sources. The Russians are not as stupid as Facebook pretends. The social media platforms, the press, and politicians have a good bit to hide and no single Special Prosecutor is going to be able to find it all.
What the Russians did was what they have done before in the Ukraine and elsewhere. Funding billboards for people who don’t have television, manipulating social media, arresting journalists who don’t report their way, buying journalists who support their cause, going after the voting infrastructure that counted votes in the national election, and funding political candidates directly. They have done all of these things in the US national election and we have yet to discover the extent of it. This is all part of the New Cyberwar, I described in my last book.
Newspaper stories about Spain’s treatment of Cubans twisted stories to fit a narrative that the US should be helping the Cubans overcome their oppressors. The US sent the battleship Maine down to help out, and the Maine blew up. Newspapers fostered the idea that the Maine was blown up by somebody - most likely Spain. It took years to discover the real reason was linked to problems with the boilers that had blown up on other ships. We entered a war we didn’t even want to settle a wrong that was not even legitimate.
Motion pictures and television have both had similar experiences with content, using the medium to manipulate ideas and positions on social and public policy to suit a Hollywood or New York perception of events. Both still do it today, with television dominated by slanted views of events that have turned off viewers, left and right.
We still don’t know the extent of involvement by the Russians in the reporting of events by news media, what political causes were suppported by them, what groups were sponsored by them. Facebook finally did a weak internal investigation only after they had said the Russians had no sponsored activity on their site. Somebody pointed out to them the fallacy of that idea and should point to the methodology used in their current study to minimize the count of Russian sponsored ads. Facebook treated the Russians taking out the ads like they were stupid amateurs.
Now Twitter is finding out more accounts were fake and those “thought leaders” might have been being paid for their ideas. I don’t see newspapers doing internal investigations on writers who were paid to generate stories slanted a particular way, but that is the way the Russians work. Money for politicians is also their stock in trade. We don’t see people pouring through donations looking for Russian sponsored money, but you can bet it is there. In Germany, Russian proxies heckled senior leaders to the point that they actually complained to Mr. Putin about being harassed. Some of those groups we saw in the US could have been from the same sources. The Russians are not as stupid as Facebook pretends. The social media platforms, the press, and politicians have a good bit to hide and no single Special Prosecutor is going to be able to find it all.
Monday, October 2, 2017
HP Gives Russians Code
I am appalled at a story today in Reuters. According to the news service, HP has given the code to ArcSight to the Russians as part of a program like the one the Chinese have, to show that code is “secure” against the kinds of threats they see as important to securing a product. So, that means HP was looking at selling ArcSight to the Russians or they wouldn’t have been going through the review process, and the violated existing export laws prohibiting the transfers of this kind of software without a license. Somebody should go to jail for this, and maybe more than just people at HP.
If they applied for a license and got one, that is another problem to look at. Nobody in their right mind would give anyone the software, especially somebody who has not exactly been our friend. HP should have known better in the first place, and the government should have never allowed the licensing of the software. This is beyond stupid. These are undoubtedly marketing people with their collective heads somewhere they can’t be seen. In the name of making a dollar they have compromised the software the Defense uses for its computers. One has to wonder where they got the idea they could do that.
If they applied for a license and got one, that is another problem to look at. Nobody in their right mind would give anyone the software, especially somebody who has not exactly been our friend. HP should have known better in the first place, and the government should have never allowed the licensing of the software. This is beyond stupid. These are undoubtedly marketing people with their collective heads somewhere they can’t be seen. In the name of making a dollar they have compromised the software the Defense uses for its computers. One has to wonder where they got the idea they could do that.
Subscribe to:
Posts (Atom)