The really big news of the day was not North Korea’s missile or the stock market highs; it was a buried story of the US position on China’s status in the World Trade Organization.
Within the WTO there are market economies and non-market economies and China has always been the latter since it came into the organization. Non-market economies have state-run businesses and funding of state monopolies that conflict with the way market economies work. They can manipulate markets to their own advantage so market economies can respond by adding additional tariffs. In several public statements made to any country that would listen, China has said it is a market economy and would be treated like one. It went on to say that in any future trade talks, that issue was “non negotiable”.
So, non-negotiable meets contrary position, and we are about to find out what China can do about changing its status in the WTO, which is probably nothing. Still, it will be interesting to see what they try. China claims, as it always does, that the WTO entry was conditional upon China being named a market economy in 15 years from its entry. The US is saying that was contingent on certain changes that China has not made. The drumbeat will be that the member nations are “not living up to their obligations under the membership agreement”. You will probably hear this from every trade official in every WTO country China visits. There will be scholarly articles written explaining how the WTO works, and Businessmen pointing to their independence from the Chinese Central Government. We are just like you, they will say. They will keep this up for 100 years if need be. Non-negotiable to the Chinese is forever.
Thursday, November 30, 2017
Apple Root Follies
Nothing has ruined my day more than High Sierra, but I’m having problems figuring out how testing did not discover this serious flaw before it was deployed to the mass of people using MACs. I was able to see that something was wrong when I started the new OS and another user showed up on the login screen. I don’t allow guest users, so that got my attention. It was not something a tester would not notice. When I couldn’t get Apple to fix it, I took the computer in and had it overwritten and Sierra reinstalled. That worked, but one little thing happened as a result - the new file system of High Sierra changed the file structure and I could no longer get access to them with Sierra. It corrupted my backup drive. I expect better from Apple. We all spend more for Apple products than those of other companies because they provide good security and testing before we get a new OS. Take away that and you don’t have a material difference between the competition and Apple, except for the best service techs anywhere. It is unfortunate that they have to explain this to users.
Apple has done more to damage its business reputation in one day than in any other day I can think of. Users are not going to forgive them quickly.
Apple has done more to damage its business reputation in one day than in any other day I can think of. Users are not going to forgive them quickly.
Wednesday, November 29, 2017
NOKO Missile Politics
North Korea does not do a lot without China approving it. This time they sent what was called an ICBM into the Sea of Japan. An ICBM can travel a good bit further than that, so we only have some missile experts to say it is really an ICBM. I did look like one, in fact it looked a good bit like an old Chinese missile, which it probably was. While China loves to say that it is trying to restrain the North, the proof of that is in the actions the North actually takes. Shooting off a string of missiles and raising the stakes is exactly what the Chinese want, otherwise it would not be happening.
For those worried about an attack by these idiots, I don’t think we have very much to worry about. The United States is a big country and anyone wanting to engage us would have to drop a few weapons on big cities - but then they would have to duck because missiles would be coming back their way pretty quickly. There are not as many targets in the North, so the ones there are will be taken out pretty quickly. Nobody day can convince me that the North does not care. They will cease to exist as a country. China will not have to worry about unification or lots of people coming across the border.
The South may have something to say about a strategy that blows up the North, as will China. Radiation follows the wind.
For those worried about an attack by these idiots, I don’t think we have very much to worry about. The United States is a big country and anyone wanting to engage us would have to drop a few weapons on big cities - but then they would have to duck because missiles would be coming back their way pretty quickly. There are not as many targets in the North, so the ones there are will be taken out pretty quickly. Nobody day can convince me that the North does not care. They will cease to exist as a country. China will not have to worry about unification or lots of people coming across the border.
The South may have something to say about a strategy that blows up the North, as will China. Radiation follows the wind.
When Caught, Remove the Problem
Before a spy gets caught there is a brief period when escape is possible, but after they are caught, the best option is to limit damage as much as possible. We are seeing that in China with the company Guangdong Bo Yu Information Technology Co., also known as Boyusec. Three of its employees have been identified as being responsible for hacks seeking sensitive information in commercial facilities. A month ago, the US tried to get China’s help in stopping this behavior. After waiting without reply, the US decided to indict instead.
Instead of the usual response, today’s Wall Street Journal says the Chinese disbanded the company. While odd to some, it is anything but.
Boyusec had links to the Ministry of State Security. If this spying was related to any of the tasking given by the Ministry, then their work would be traceable back to official government hacking-by-proxy which violates a 2015 agreement with the US to stop doing that kind of thing. The Chinese took their hacking out of the Army and brought it under control in agencies with better expertise and less chance of being caught. The downside is that commercial work has a tendency to drift away from multiple government partners who pay for this kind of work. Closing the company may have a couple of effects: (1) warning government agencies that their tasking of contractors should stay within Central Government guidelines, (2) putting tighter controls on how they carry out their work - so they don’t get caught and (3) giving the appearance of doing something to stop hacking, without interfering with that work.
Instead of the usual response, today’s Wall Street Journal says the Chinese disbanded the company. While odd to some, it is anything but.
Boyusec had links to the Ministry of State Security. If this spying was related to any of the tasking given by the Ministry, then their work would be traceable back to official government hacking-by-proxy which violates a 2015 agreement with the US to stop doing that kind of thing. The Chinese took their hacking out of the Army and brought it under control in agencies with better expertise and less chance of being caught. The downside is that commercial work has a tendency to drift away from multiple government partners who pay for this kind of work. Closing the company may have a couple of effects: (1) warning government agencies that their tasking of contractors should stay within Central Government guidelines, (2) putting tighter controls on how they carry out their work - so they don’t get caught and (3) giving the appearance of doing something to stop hacking, without interfering with that work.
Tuesday, November 28, 2017
Much More to Follow
A spokesman for the Justice Department said the three Chinese nationals that were hacking Moodys and Siemens were employees of a technology company, BoYu Information Technology Co. in Guangzhou, China but were not in custody. A Journal article on the same subject says the US tried to get China to assist in stopping the three individuals in September but got no response. Subsequent to that, Justice filed charges.
This is partly an outgrowth of the agreement to stop hacking industry targets. The Chinese moved their collection efforts from the military people who got caught, and into portions of the government and govenment companies that were better at hacking and didn’t get caught so often. At least that is what they thought.
The Chinese do not do what they say; they only do what they want. Agreements with the UN or WTO are just pieces of paper that can be ignored. It does no good to make an agreement with a country like that.
This is partly an outgrowth of the agreement to stop hacking industry targets. The Chinese moved their collection efforts from the military people who got caught, and into portions of the government and govenment companies that were better at hacking and didn’t get caught so often. At least that is what they thought.
The Chinese do not do what they say; they only do what they want. Agreements with the UN or WTO are just pieces of paper that can be ignored. It does no good to make an agreement with a country like that.
Russia Uses Mercenaries for War
There is a good piece in The Cipher Brief yesterday on the Russians use of Private Military Companies to augment or replace their special forces in deployed locations like Syria and Ukraine. These are mercenaries, and we would also have to believe their may be some foreign contractors as well in this mix, though none were identified in this article. Pay for play soldiers are very much the same the world over.
The obvious cited advantage is plausible denial. We have no soldiers in that area; we don’t have any idea who shot off those mortars; we promise to assist in any investigation. The Russians have already hired people individually who were captured with “contracts” from their government still in their pockets. Not wanting to be called spies, these people quickly confessed and were hustled off to jail.
There is not much new in this, but mercenaries have some disadvantages. Private military forces have occasionally gone beyond their “mission” and hired themselves out to more than one agency in the same government, sometimes, different governments with similar roles in the same areas. Peter Benicsak’s article hits some of the more obvious drawbacks: the costs are higher; “loose cannon” effects; less transparency and accountability; and, of course, they encourage the same type of contracts from other governments.
Let’s not make too much of this. Most every government has some contractors who are employed to do things the government does not have the expertise to do. Cyber often enters into this equation, so I ran into a few. Experts have their own arrogance and think because they are good at what they do, nobody will ever catch them, but the other side hires the same kinds of people. Like the contract killers I wrote about a couple of days ago, these are specialists who are hunted by other specialists and, like their fictional parallels, the Secretary will disavow them if they are caught. Not a very comfortable way to live. They are always looking over their shoulder, often literally.
The obvious cited advantage is plausible denial. We have no soldiers in that area; we don’t have any idea who shot off those mortars; we promise to assist in any investigation. The Russians have already hired people individually who were captured with “contracts” from their government still in their pockets. Not wanting to be called spies, these people quickly confessed and were hustled off to jail.
There is not much new in this, but mercenaries have some disadvantages. Private military forces have occasionally gone beyond their “mission” and hired themselves out to more than one agency in the same government, sometimes, different governments with similar roles in the same areas. Peter Benicsak’s article hits some of the more obvious drawbacks: the costs are higher; “loose cannon” effects; less transparency and accountability; and, of course, they encourage the same type of contracts from other governments.
Let’s not make too much of this. Most every government has some contractors who are employed to do things the government does not have the expertise to do. Cyber often enters into this equation, so I ran into a few. Experts have their own arrogance and think because they are good at what they do, nobody will ever catch them, but the other side hires the same kinds of people. Like the contract killers I wrote about a couple of days ago, these are specialists who are hunted by other specialists and, like their fictional parallels, the Secretary will disavow them if they are caught. Not a very comfortable way to live. They are always looking over their shoulder, often literally.
Monday, November 27, 2017
Arrogance Knows No Bounds
We have a government employee of a small office in consumer protection, Leandra English, suing the President of the United States over his appointment of a new director of that office. She claims she is the “rightful acting director” and the President has no right to replace her. I can’t think of one other country in the world where this kind of thing would be tolerated. In fact, I can’t think of any country in the world where it should be tolerated. It is the height of arrogance.
Being Good Does Not Help
Ask Lu Wei if being popular and doing great things his boss wanted done will get you ahead for long in China. This guy did some of the hardest things that have ever been done in any country - getting the Internet under control and censorship of the population of people who use it. It was an impossible task he came close to doing well. He was the Cyberspace Administration until he lost that post last year.
When the Russians wanted to know how to get their networks under control, they called him and he came. He was, after all, the expert who helped create the Great Firewall, the Great Cannon, and the technology that provides the infrastructure for China’s Internet. His expertise was in policy and politics, but the technology that went into implementing that policy was noteworthy. At a time when most people thought the Internet could not be controlled, he did almost control it.
How times have changed. Too much popularity or power is not a good thing. There is only one boss in China. Now he is under investigation for who knows what because the billing says “corruption” which can be almost anything the government wants it to be. Time to retire.
Friday, November 24, 2017
A Novel Made in Ukraine
In what makes one of the most interesting stories in a long time, a hired killer ends up in the murkiest of places hunting Russian paid killers trying to make the Ukraine a dangerous place to live. The twists and turns make for a sure novel or true-to-life spy thriller, only this is not fiction. It may not be a true representation of the facts, but it is true to someone buried deep inside an unsavory job of killing people for a living.
Don’t say you haven’t thought about it. Being a paid spy like James Bond seems like a job that few could say no to, but what this shows is those killers are in a circle of targets trying to kill one another. In the meantime, they covertly kill some of the most sensitive targets in governments like the Ukraine. The Russians show their lack of patience in allowing persuasion and political warfare to win wars; they just kill off those they know are hurting their operations in the border areas of the south. Someone else will take those jobs but they won’t have the political will or veracity of the person killed off. Would you?
These kinds of people have no conscious, and most of them work for both sides of the game. Working for just one makes you a target for the other, so how better to protect yourself than by playing both ends against the middle? On the surface it makes sense, like arms dealers who sell to both sides, but Assassins are a peculiar bunch who can be targets as much as targeting someone else. It makes for a paranoid existence without many friends.
In the meantime, the Ukraine will be thinking about reciprocity for the dead. How do you even the score for that head of special operations killed by Russian funded bad guys? You hire your own.
Don’t say you haven’t thought about it. Being a paid spy like James Bond seems like a job that few could say no to, but what this shows is those killers are in a circle of targets trying to kill one another. In the meantime, they covertly kill some of the most sensitive targets in governments like the Ukraine. The Russians show their lack of patience in allowing persuasion and political warfare to win wars; they just kill off those they know are hurting their operations in the border areas of the south. Someone else will take those jobs but they won’t have the political will or veracity of the person killed off. Would you?
These kinds of people have no conscious, and most of them work for both sides of the game. Working for just one makes you a target for the other, so how better to protect yourself than by playing both ends against the middle? On the surface it makes sense, like arms dealers who sell to both sides, but Assassins are a peculiar bunch who can be targets as much as targeting someone else. It makes for a paranoid existence without many friends.
In the meantime, the Ukraine will be thinking about reciprocity for the dead. How do you even the score for that head of special operations killed by Russian funded bad guys? You hire your own.
Wednesday, November 22, 2017
Speaking of Long-Term Hacks...
There was a Wall Street Journal article describing the concerns about software made in Russia’s Kaspersky Labs in 2004 by the Defense Intelligence Agency. The warning said they thought it could be used by Russian Intelligences Services to get into US systems.
I have some sympathy for those that ignored the internal discussions about this, if they did not see the classified intelligence reports the article cites. Many civil agencies do not have enough people cleared to see those kinds of reports, so they don’t see them. But other do have them, and still ignore any warning that is “not specific enough to say that it is a threat”. In other words, unless the threat of being hacked using that software was not found on one of our computers, we are not going to change what we see as a good product. Usually, this is the height of arrogance.
In either case, too many government agencies do not take action on this kind of threat because there is no central management of the threats to agencies. That is left to each agency to decide. That includes the morons at the Office of Personel Management who allowed the Chinese to steal the most sensitive records we had over years of ignoring the signs, the Internal Revenue Service which got hacked twice in the same year using the same methods, and an NSA contractor who took hacking tools home with him.
Now, there is a known hacking tool out there running on government systems for over 10 years. The damage that was done is done, but doesn’t go away because we stop using Kapersky software. Too many things have been undone by long-term hacks of government systems that got patched and covered over with new paint. The hackers are still in there, as the State Department found out when for three years they tried to get rid of them. The same is true of the Intel chip vulnerability in my last post. It goes on much longer than the chip itself because, even if you try - and most agencies don’t - you still won’t be able to get those guys out of the systems without a lot of work.
Get NIST our of the policy business and put an agency that can do something in charge. Start going through these systems and closing them off or rebuilding whole parts of them to be secure against the insiders that we now have. Close down the Operations centers that are supposed to be doing security for all of these agencies but just employ friends of the Directors and CIOs. Put the money into making these systems safe again.
I have some sympathy for those that ignored the internal discussions about this, if they did not see the classified intelligence reports the article cites. Many civil agencies do not have enough people cleared to see those kinds of reports, so they don’t see them. But other do have them, and still ignore any warning that is “not specific enough to say that it is a threat”. In other words, unless the threat of being hacked using that software was not found on one of our computers, we are not going to change what we see as a good product. Usually, this is the height of arrogance.
In either case, too many government agencies do not take action on this kind of threat because there is no central management of the threats to agencies. That is left to each agency to decide. That includes the morons at the Office of Personel Management who allowed the Chinese to steal the most sensitive records we had over years of ignoring the signs, the Internal Revenue Service which got hacked twice in the same year using the same methods, and an NSA contractor who took hacking tools home with him.
Now, there is a known hacking tool out there running on government systems for over 10 years. The damage that was done is done, but doesn’t go away because we stop using Kapersky software. Too many things have been undone by long-term hacks of government systems that got patched and covered over with new paint. The hackers are still in there, as the State Department found out when for three years they tried to get rid of them. The same is true of the Intel chip vulnerability in my last post. It goes on much longer than the chip itself because, even if you try - and most agencies don’t - you still won’t be able to get those guys out of the systems without a lot of work.
Get NIST our of the policy business and put an agency that can do something in charge. Start going through these systems and closing them off or rebuilding whole parts of them to be secure against the insiders that we now have. Close down the Operations centers that are supposed to be doing security for all of these agencies but just employ friends of the Directors and CIOs. Put the money into making these systems safe again.
New Warnings About Chinese Intel Chips
Reuters is today saying that US businesses have been warned to check for vulnerabilities in Intel chips embedded in business computers sold by HP, Dell, Lenovo and others ( though there can’t be too many others when preceeeded by the three largest). In my previous post on this I said the discovery matched up with events that led back to when Intel started making chips in China. The Chinese have never been shy about putting things in computers for the good of people who use them, though most of that was software. Apparently, what is good for China is good for the rest of the world.
Intel was quick to say they know of no known use of this vulnerability to gain access to computers. How would they know? It is a vulnerability in the chipset that would show administrator access in an audit log. Most administrators access their computers every day, for long periods of time. It may be recorded by audit software, but would seldom be seen as unusual. That is what makes it so useful as a hacking tool. Their second feint was the old “well you have to have it set for remote access and have the password and user name of the administrator” thinking we would buy that as something that was very hard to get. Come on, not even children believe that fairytale. That is what root kits do and there must be a few hundred of them around that work pretty well. Administrators must not use remote access where these fairies live.
Nobody has said yet (it may still come) that this Homeland Security warning was issued “out of an abundance of caution” rather than known exploits they have seen. As one comment said, “This has been going on for 7 years and nobody (at Intel) found it?” It is not so easy to find. It is built in.
The great harm in this kind of exploit is that nobody will ever know how much damage has been done by root access to so many computers, over such a long time. Patching this is not something that should make a user feel good.
Most businesses do not allow such things to happen because it does tremendous damage to a company’s business reputation.
Intel was quick to say they know of no known use of this vulnerability to gain access to computers. How would they know? It is a vulnerability in the chipset that would show administrator access in an audit log. Most administrators access their computers every day, for long periods of time. It may be recorded by audit software, but would seldom be seen as unusual. That is what makes it so useful as a hacking tool. Their second feint was the old “well you have to have it set for remote access and have the password and user name of the administrator” thinking we would buy that as something that was very hard to get. Come on, not even children believe that fairytale. That is what root kits do and there must be a few hundred of them around that work pretty well. Administrators must not use remote access where these fairies live.
Nobody has said yet (it may still come) that this Homeland Security warning was issued “out of an abundance of caution” rather than known exploits they have seen. As one comment said, “This has been going on for 7 years and nobody (at Intel) found it?” It is not so easy to find. It is built in.
The great harm in this kind of exploit is that nobody will ever know how much damage has been done by root access to so many computers, over such a long time. Patching this is not something that should make a user feel good.
Most businesses do not allow such things to happen because it does tremendous damage to a company’s business reputation.
Tuesday, November 21, 2017
Looking for Collusion
Gerald Seib has a good analysis piece in the Wall Street Journal today that looks at collusion between Russia and China to disrupt democracies. I’m sure he would say it isn’t that simple, but this article talks about something I have been looking at for the past few years - the Russians and Chinese are using different parts of Inforamtion Warfare to undermine democracies in the West. More important than that, they are succeeding.
The Russians use Political Warfare and the Chinese use Economic Warfare to achieve their objectives. Again, it is not all that simple, but if you want t a place to start analyzing what they are doing, that is the best place. In May, 2015, the Russians and Chinese announced they had signed 32 bilateral agreements that cover everything from military cooperation to cyber operations against each other. Of course, since we have never seen all of these agreements, we can guess there are probably some that are state secrets.
These agreements do not benefit the rest of the world, particularly and I was a little surprised that they announced them at all. Since then, we have had organized intrusions in almost every election in any country that does not favor the two of them. None of those campaigns stopped when the election was over. Germany is now in trouble; Britain is not going quite as well as we thought; the target on the back of President Trump is clear for all to see. This is not a conspiracy theory, unless you believe that these political disruptions are caused by the rotting of democracy in every country that uses that form of government.
The sad truth is that democracies have within them a flaw not found in dictatorships like Russia and China - they allow conflicting views to be ironed out in public. Minority parties seem more than willing to help them out by “resisting” a term used in other countries as well as the US, impeding and disrupting their own government. If they have found the silver bullet of policial and economic domination we are in a lot of trouble.
The Russians use Political Warfare and the Chinese use Economic Warfare to achieve their objectives. Again, it is not all that simple, but if you want t a place to start analyzing what they are doing, that is the best place. In May, 2015, the Russians and Chinese announced they had signed 32 bilateral agreements that cover everything from military cooperation to cyber operations against each other. Of course, since we have never seen all of these agreements, we can guess there are probably some that are state secrets.
These agreements do not benefit the rest of the world, particularly and I was a little surprised that they announced them at all. Since then, we have had organized intrusions in almost every election in any country that does not favor the two of them. None of those campaigns stopped when the election was over. Germany is now in trouble; Britain is not going quite as well as we thought; the target on the back of President Trump is clear for all to see. This is not a conspiracy theory, unless you believe that these political disruptions are caused by the rotting of democracy in every country that uses that form of government.
The sad truth is that democracies have within them a flaw not found in dictatorships like Russia and China - they allow conflicting views to be ironed out in public. Minority parties seem more than willing to help them out by “resisting” a term used in other countries as well as the US, impeding and disrupting their own government. If they have found the silver bullet of policial and economic domination we are in a lot of trouble.
Counterfeiting for Fun
The latest sanctions on Iran have a peculiar but not surprising target - counterfeiting. That would be counterfeiting of currency by the Iranian government. This much is in the Wall Street Journal today, though there is probably a lot more to this than the surface story of counterfeiters making Yemeni bank notes so as to bypass European export control restrictions. If they are doing it on Yemeni bank notes, you can bet they have been doing it with other currency exchanges as well. They paid for a lot of high-quality equipment to do good counterfeiting and Yemeni bank notes would not be high up on the list of things I would take for payment of anything. Apparently, some banks are not too particular. They made hundreds of millions of dollars worth of these bonds and are probably paying for mischief in Yemen with the proceeds.
What we have to ask ourselves about this is how does a government sanction, and support, counterfeiting of currency anywhere? The risk they take is just the one demonstrated here - they get caught. There are more consequences to getting caught than just sanctions.
Iran must believe that it is OK to make money that way. As long as they don’t get caught, that may be true. The real outcome is to make Yemeni bonds less valuable by flooding the markets with fakes. You have to think about this for a minute. Suppose those Swiss francs the Iranians use to pay for that watch are fake? Suppose the Iranian rials that pay for international exchanges are fake. People have to start worrying about this kind of thing when a government becomes a counterfeiter. How do I know the currency is real when the source is Iran? Check it.
Counterfeiting is a big business and I have watched bank clerks, without much experience or practice, run money through a machine to check it. You can buy one of these things for yourself at Staples for less than $200. I didn’t see one that did Yemeni bank notes, but the vendor could probably have one made up in a day or two. I don’t know how good they are, but banks can afford to have ones that work. Eventually, banks get pictures of the people bringing in these fakes and start hunting them down. Taking money from anyone associated with Iran, business or personal, would good reason to check. This is what happens when a country becomes a counterfeiter.
What we have to ask ourselves about this is how does a government sanction, and support, counterfeiting of currency anywhere? The risk they take is just the one demonstrated here - they get caught. There are more consequences to getting caught than just sanctions.
Iran must believe that it is OK to make money that way. As long as they don’t get caught, that may be true. The real outcome is to make Yemeni bonds less valuable by flooding the markets with fakes. You have to think about this for a minute. Suppose those Swiss francs the Iranians use to pay for that watch are fake? Suppose the Iranian rials that pay for international exchanges are fake. People have to start worrying about this kind of thing when a government becomes a counterfeiter. How do I know the currency is real when the source is Iran? Check it.
Counterfeiting is a big business and I have watched bank clerks, without much experience or practice, run money through a machine to check it. You can buy one of these things for yourself at Staples for less than $200. I didn’t see one that did Yemeni bank notes, but the vendor could probably have one made up in a day or two. I don’t know how good they are, but banks can afford to have ones that work. Eventually, banks get pictures of the people bringing in these fakes and start hunting them down. Taking money from anyone associated with Iran, business or personal, would good reason to check. This is what happens when a country becomes a counterfeiter.
Monday, November 20, 2017
The Empire Strikes Back
For those of you familiar with the movie, the evil Empire is unhappy with the destruction of the death star and sets out to even the score. In this version, George Soros, by his own accounts, and those of his paid-for-views associations, suggest the Hungarian government has launched attacks against the rebels. The rebels have held out against the giants and fought bravely. Cheers and applause follow.
This rebel has a net worth of $8 billion. He certainly could spend his money on better things.
This rebel has a net worth of $8 billion. He certainly could spend his money on better things.
Out in the Middle of Nowhere
In a previous post I talked about the dispute between China and India over a small piece of land on the border with Bhutan, a country most people have never heard of. Both Bhutan and Arunachal Pradesh, one of the 29 states of India, are in an area that is in dispute. Indian President Ram Nath Kovind visited there and set off a diplomatic exchange like he had invaded the little place all by himself. This is typical of the way the Chinese react to anything they don’t like - especially when it involves territory they want. They do it with Taiwan and the South China Sea almost every day.
There is actually a dispute about who owns this land and soldiers tried to settle that a few years ago, without success. If it is a state in India, as the Indians say, then it seems like nobody else could claim it. I did find some news stories claiming it was not a state in India which seems odd. It either is or it isn’t.
The whole mess is centered around a familiar theme that goes back to 1913-1914 with negotiations between India, China, and Tibet producing the Simia Accord. The Chinese representative refused to accept the territorial claims, similar to how the UN Tribunal took up the settlement of islands in the South China Sea, where China did not participate. When things don’t go their way, they take their ball and go home. When they do go their way, the expound the “multinational agreement” to the high heavens, and deliver a barrage of messages about how everyone agrees. One China is the best example.
This is the “what’s mine is mine; what’s yours is negotiable” style of the Russians and Chinese. We allow this type of diplomacy for reasons that seem beyond my understanding. Apparently, India sees this the same way and is not giving up. With the Chinese, the only thing that succeeds is force. It doesn’t have to be armed force, but it has to be forceful diplomacy or force of armed men to get their attention, then, it has to be applied forever - not just a few days. They won’t quit, so India can’t either. In the case of the South China Sea and Taiwan (and South Korea) we are in it forever. There won’t be a time when we can say we can negotiate the release of Taiwan to China as the British did with Hong Kong. We saw how that worked out, and the people living there can be lessons for Taiwan too. We are not going to give up control of the trade routes for what China believes is their territory. Forever is a long time, but we better get used to it.
There is actually a dispute about who owns this land and soldiers tried to settle that a few years ago, without success. If it is a state in India, as the Indians say, then it seems like nobody else could claim it. I did find some news stories claiming it was not a state in India which seems odd. It either is or it isn’t.
The whole mess is centered around a familiar theme that goes back to 1913-1914 with negotiations between India, China, and Tibet producing the Simia Accord. The Chinese representative refused to accept the territorial claims, similar to how the UN Tribunal took up the settlement of islands in the South China Sea, where China did not participate. When things don’t go their way, they take their ball and go home. When they do go their way, the expound the “multinational agreement” to the high heavens, and deliver a barrage of messages about how everyone agrees. One China is the best example.
This is the “what’s mine is mine; what’s yours is negotiable” style of the Russians and Chinese. We allow this type of diplomacy for reasons that seem beyond my understanding. Apparently, India sees this the same way and is not giving up. With the Chinese, the only thing that succeeds is force. It doesn’t have to be armed force, but it has to be forceful diplomacy or force of armed men to get their attention, then, it has to be applied forever - not just a few days. They won’t quit, so India can’t either. In the case of the South China Sea and Taiwan (and South Korea) we are in it forever. There won’t be a time when we can say we can negotiate the release of Taiwan to China as the British did with Hong Kong. We saw how that worked out, and the people living there can be lessons for Taiwan too. We are not going to give up control of the trade routes for what China believes is their territory. Forever is a long time, but we better get used to it.
Thursday, November 16, 2017
Silence the Messenger
I heard a rumor a few days ago that there was an effort to close down the US- China Economic and Security Review Committee. This is the group that first identified the use of joint ventures as a way to steal US technology, and how China was doing that. This is a group that found the targeting of US chip manufacturers for purchase by China. This is the group that pushed for changes in CFIUS to stop China’s incursions in US markets that affect national security. This is the group that pointed fingers at China for stealing US technology by computer. Who benefits from doing away with them?
Not the citizens of the US. There are a few international businesses that depend on manufacturing in China for a sizeable chunk of their income. They don’t like the Commission and want it to go away. The researchers there go into too many aspects of business in China and how closely those are tied to the Chinese central government. That has resulted in proposed legislation to change the way CFIUS These businesses want us to believe Chinese businesses are “just like ours” even though there are offices of the Communist Party ri/ght in their plants, and Chinese officials are put in senior leadership positions in their companies.
We wouldn’t know half of what we know about the real China if it had not been for this group. I’m not surprised that Chinese interests would have targeted it, but I am surprised to hear they have made headway in stopping them.
Not the citizens of the US. There are a few international businesses that depend on manufacturing in China for a sizeable chunk of their income. They don’t like the Commission and want it to go away. The researchers there go into too many aspects of business in China and how closely those are tied to the Chinese central government. That has resulted in proposed legislation to change the way CFIUS These businesses want us to believe Chinese businesses are “just like ours” even though there are offices of the Communist Party ri/ght in their plants, and Chinese officials are put in senior leadership positions in their companies.
We wouldn’t know half of what we know about the real China if it had not been for this group. I’m not surprised that Chinese interests would have targeted it, but I am surprised to hear they have made headway in stopping them.
The Russian White Knight
If anyone could save Venezuela, we could not imagine it being Russia. As it turns out, Russia is restructuring the debt of $3.2 Billion to offer more favorable terms to keep them from defaulting on their debt. This allows one more breath for the country which owes the world $142 Billion. Russia and China have put a lot of money into Venezuela as a friend a long way from home. China gets oil in return, Russia not so much. Both get political support in our hemisphere, being scooped up at a fairly fast pace in the years of past Presidents. Maybe nobody pays attention to South America, but the two allies sure have been.
China Stands on NOKO, Sits on US
There is no negotiating with China. It wants things its own way, and proceeds on that path regardless of what anyone says, including the UN, the US or any other entity in the world. They smile when they do it.
I reference the stand on North Korea which is that the US should stop holding exercises with the South in exchange for an agreement from North Korea to stop developing nuclear weapons. This is new kind of nuclear blackmail, which I am sure we will see again. A country no longer has to have have nuclear weapons; all a country has to do is announce that they want them.
We hold joint exercises with the South to show the North that we have the capability to defeat them if they move to take over the South as they did 40 years ago. That is ancient history to millennials, but yesterday to the Chinese. Most millennials don’t even know that we had a war with North Korea and China on that same ground. The only reason North Korea is developing nuclear weapons is because China allows its companies to do business with them and help them with the development. They could stop it any time but don’t.
So, China holds out the carrot and says we stop having exercises with the South - our readiness for a hostile takeover of the South - in exchange for delaying the nuclear program of North Korea the same way we agreed to delay the nuclear program of Iran. We must have STUPID written across our negotiators foreheads to allow the suggestion of this kind of agreement.
The treatment of President Trump in China was a clear indication they know how to get what they want. The rolled him in butter and fluff. They signed some trade agreements to make him look good. Then they offered him a solution to the North Korean nuclear problem.
In the meantime, China tightens its grip on the South China Sea. Three aircraft carriers are not going to stop them. Only an alliance of our friends in the area can do that - undoubtedly the reasons for the visits before and after China. I hope those visits were more productive than we can imagine.
I reference the stand on North Korea which is that the US should stop holding exercises with the South in exchange for an agreement from North Korea to stop developing nuclear weapons. This is new kind of nuclear blackmail, which I am sure we will see again. A country no longer has to have have nuclear weapons; all a country has to do is announce that they want them.
We hold joint exercises with the South to show the North that we have the capability to defeat them if they move to take over the South as they did 40 years ago. That is ancient history to millennials, but yesterday to the Chinese. Most millennials don’t even know that we had a war with North Korea and China on that same ground. The only reason North Korea is developing nuclear weapons is because China allows its companies to do business with them and help them with the development. They could stop it any time but don’t.
So, China holds out the carrot and says we stop having exercises with the South - our readiness for a hostile takeover of the South - in exchange for delaying the nuclear program of North Korea the same way we agreed to delay the nuclear program of Iran. We must have STUPID written across our negotiators foreheads to allow the suggestion of this kind of agreement.
The treatment of President Trump in China was a clear indication they know how to get what they want. The rolled him in butter and fluff. They signed some trade agreements to make him look good. Then they offered him a solution to the North Korean nuclear problem.
In the meantime, China tightens its grip on the South China Sea. Three aircraft carriers are not going to stop them. Only an alliance of our friends in the area can do that - undoubtedly the reasons for the visits before and after China. I hope those visits were more productive than we can imagine.
Wednesday, November 15, 2017
Offense and Defense in Cyberworld
According to a Reuters’ article today Trump Administration is going to publish guidance on what to disclose about security flaws discovered by intelligence agencies. I have sympathy for the cause, but the discussion is about the wrong thing.
The issue for many years has been that flaws are found by the offense side of cyber and those flaws are used to get into systems outside the US. When I started, we didn’t admit that we had an offense, but since Snowden it is a little harder to avoid. The defense in cyber finds the same flaw and sets out to get the vendor to correct it to make for better security. We used to call the difference between the two sides equities. Is it more important to be able to get into a foreign system or fix a flaw that occurred but was not detected by the public or the vendor? I know that sounds like a rational question, but it is the wrong question.
The real question should be, “Should we allow the offensive side of cyber to work with the defensive side of cyber to improve defenses?” That answer is no, even though every rational person in cyber security thinks it is a great idea. It is counter-intuitive to say no to the question.
First, both sides look for flaws in systems. One side wants to exploit them; the other side wants to fix them. Cooperation seems to be of mutual benefit. Only in this one case, it isn’t. What the offense gives up in this is its ability to exploit systems from defects that already exist and have not been defected by the defensive sides of the world. Sharing those with the defense side reduces their effectiveness and ability to collect. It is not in their collective interest to do it. Those kinds of flaws should be state secrets and not published anywhere. The tools that are used to exploit them should be state secrets and protected accordingly. Never publicly talk about what they do or how they do it.
Second, the defense cannot be entirely open about what they have discovered either. Vendors have to develop patches before they want to advertise that the flaw has been discovered. It would be easier to handle this if vendors had liability for what they produce, but they don’t, so it takes a long time to correct those flaws. During that time, criminals, other state hackers (who probably already know) and other security firms are discovering that these flaws exist. That creates pressure on the vendor to get a change out that actually fixes the flaw. That is the real difference between the two sides - in equities, how long can we allow that exploit to exist before it starts to hurt us because we have told nobody, except the vendors, that it exists. Note that this is a question for the defense and not the offense. The offense will continue to use an exploit until it is patched.
The defensive side of cyber never needs to know what the offense is doing. Sometimes the offense will complain that something or another has been disrupted by something the defense has done, but that goes with the job. They don’t run over to the other side and tell then what they have done to disrupt them. They find something else that works.
The offensive side has a vested interest in keeping the status quo in cyber security, so the less they say about what they do and how, the better. The defense thinks it can get better by finding and fixing those flaws. The simple rule is not allow the two sides to cooperate, even where it seems like both might benefit. Only the defense benefits, and we take away important intelligence assets by thinking any other way.
So while we might think guidance on how to treat flaws exposed by the intelligence community is a good idea, unless it says “keep quiet about them” it isn’t helping.
The issue for many years has been that flaws are found by the offense side of cyber and those flaws are used to get into systems outside the US. When I started, we didn’t admit that we had an offense, but since Snowden it is a little harder to avoid. The defense in cyber finds the same flaw and sets out to get the vendor to correct it to make for better security. We used to call the difference between the two sides equities. Is it more important to be able to get into a foreign system or fix a flaw that occurred but was not detected by the public or the vendor? I know that sounds like a rational question, but it is the wrong question.
The real question should be, “Should we allow the offensive side of cyber to work with the defensive side of cyber to improve defenses?” That answer is no, even though every rational person in cyber security thinks it is a great idea. It is counter-intuitive to say no to the question.
First, both sides look for flaws in systems. One side wants to exploit them; the other side wants to fix them. Cooperation seems to be of mutual benefit. Only in this one case, it isn’t. What the offense gives up in this is its ability to exploit systems from defects that already exist and have not been defected by the defensive sides of the world. Sharing those with the defense side reduces their effectiveness and ability to collect. It is not in their collective interest to do it. Those kinds of flaws should be state secrets and not published anywhere. The tools that are used to exploit them should be state secrets and protected accordingly. Never publicly talk about what they do or how they do it.
Second, the defense cannot be entirely open about what they have discovered either. Vendors have to develop patches before they want to advertise that the flaw has been discovered. It would be easier to handle this if vendors had liability for what they produce, but they don’t, so it takes a long time to correct those flaws. During that time, criminals, other state hackers (who probably already know) and other security firms are discovering that these flaws exist. That creates pressure on the vendor to get a change out that actually fixes the flaw. That is the real difference between the two sides - in equities, how long can we allow that exploit to exist before it starts to hurt us because we have told nobody, except the vendors, that it exists. Note that this is a question for the defense and not the offense. The offense will continue to use an exploit until it is patched.
The defensive side of cyber never needs to know what the offense is doing. Sometimes the offense will complain that something or another has been disrupted by something the defense has done, but that goes with the job. They don’t run over to the other side and tell then what they have done to disrupt them. They find something else that works.
The offensive side has a vested interest in keeping the status quo in cyber security, so the less they say about what they do and how, the better. The defense thinks it can get better by finding and fixing those flaws. The simple rule is not allow the two sides to cooperate, even where it seems like both might benefit. Only the defense benefits, and we take away important intelligence assets by thinking any other way.
So while we might think guidance on how to treat flaws exposed by the intelligence community is a good idea, unless it says “keep quiet about them” it isn’t helping.
Russians Meddling in Everything
Reuters says the Russians interfered with the Brexit vote in the UK by publishing through social media, various stories by fake users of Twitter and Facebook. The UK government is in the process of looking at that right now. The British papers, all citing a London Times article showing research by Swansea and U of California, are saying the Russians had upwards of 150,000 Twitter accounts going at the same time, publishing both “exit” and “stay” positions, but mostly favoring exit. My US readers would find this similar to the Russian influence in our own election.
We should have the idea now that the Russians are meddling in almost every foreign policy issue they are interested in. They use social media to cause trouble, stir up interest and plan events. Then, they write about those events in their press outlets like Sputnik and RT. Yesterday, we heard RT is going to be required to register as an agent of a foreign government. The prodding of government officials actually was said to come from the Washington Post, that bastion of “free speech”. That is going to cause a stink because it carves out new territory in the definition of what representing a foreign interest actually means. More about this later. The Chinese press is just as active in doing both writing favorable articles and influencing what other press outlets say about issues important to them. If we are going to do it to one, we should be doing it to all foreign press outlets that are operated by national governments. There are a lot of those.
Today, BBC is reporting that the Russians are trying to drum up support for a law making any foreign press outlier in Russia register as a foreign agent. That sounds like the kind of thing they would want to publish.
We should have the idea now that the Russians are meddling in almost every foreign policy issue they are interested in. They use social media to cause trouble, stir up interest and plan events. Then, they write about those events in their press outlets like Sputnik and RT. Yesterday, we heard RT is going to be required to register as an agent of a foreign government. The prodding of government officials actually was said to come from the Washington Post, that bastion of “free speech”. That is going to cause a stink because it carves out new territory in the definition of what representing a foreign interest actually means. More about this later. The Chinese press is just as active in doing both writing favorable articles and influencing what other press outlets say about issues important to them. If we are going to do it to one, we should be doing it to all foreign press outlets that are operated by national governments. There are a lot of those.
Today, BBC is reporting that the Russians are trying to drum up support for a law making any foreign press outlier in Russia register as a foreign agent. That sounds like the kind of thing they would want to publish.
Russians Decide News is Better than None
Reuters claims an exclusive on an interesting story about guidance issued by the energy sector in Russia. Letters went to fourty-five of the largest companies, both state-owned and private, to publish stories that show how well the economy is going. This is in the run-up period of the national election in March. If this had happened in the United States, it would have been the Obama Administration telling the major oil and gas companies to publish favorable stories about how well their businesses were going, and how much support they had gotten from his Adminstration. Overall, this is just Russia doing what political parties do in elections - make their side sound great. But that is not all there is to it, I’m sure. They are probably also tamping down stories that do not reflect that good side.
Tuesday, November 14, 2017
Chinese Hardware Makes News Again
For the fifth time recently we have a press article about Chinese hardware being a risk to people outside of China. This particlular one is in the Wall Street Journal and talks about security cameras being used in sensitive locations. Most of them are made in China by state-run entities which could certainly take advantage of their placement to get sensitive information. I doubt that anyone is going to be moved by this kind of thing. Security cameras are not the things we should be worried about; network equipment is more important.
You can hardly find a laptop, home computer, router, hard disk, or USB drive that is not made in China. Security cameras are the least of my worries, and I’m sure mine are made in China too. My alarm system is too. Our real problem is chips for all these devices which are fabricated in China. I have had two posts on this previously [hijacking flaw in some Intel chipsets] and having the flaws in Intel Chips discovered after seven years has caused me some concern. Imagine thousands of devices, all over the world, made with backdoors in that can give the Chinese access. We need to make our own chips under US control and build our devices here too, especially for sensitive applications like our military and critical infrastructure. We might actually be too late for that if the Intel case is any indication.
You can hardly find a laptop, home computer, router, hard disk, or USB drive that is not made in China. Security cameras are the least of my worries, and I’m sure mine are made in China too. My alarm system is too. Our real problem is chips for all these devices which are fabricated in China. I have had two posts on this previously [hijacking flaw in some Intel chipsets] and having the flaws in Intel Chips discovered after seven years has caused me some concern. Imagine thousands of devices, all over the world, made with backdoors in that can give the Chinese access. We need to make our own chips under US control and build our devices here too, especially for sensitive applications like our military and critical infrastructure. We might actually be too late for that if the Intel case is any indication.
Monday, November 13, 2017
Russians Know Propaganda
The BBC has a good story today on how the Russians use propaganda (we actually don’t use this term often enough these days) to undermine the Ukraine in its South-East. They are doing the same thing there that they are accused of in the US national elections- sowing discontent on both sides and watching the fires - literally - burn. They have been doing this for longer than I have been alive, so they should be good at it, but they have adapted to the use of social media, fake news, and churning from one fake news story to another while backing up both sides with news stories from their national press outlets at RT and Sputnik. It is looking like their success makes all that trouble worthwhile.
Attacks Create News from Nothing
The news media in the United States can make news from nothing - we knew that already - but they are increasingly making news for all the wrong reasons. Case in point, a stabbing in the Mall of America which is filled with shoppers doing their Christmas shopping. Why does a local crime of stabbing a person trying to steal goods from another person make the national news? In September, three people were stabbed to death in Washington D.C. (the folks at MOA were just injured) and it made the local news, but not once did anyone mention it on the national news. It happens frequently enough that the news media already knows why it happened.
Because the national news media are so anxious to be the first to get to a terrorism story that they bring the world details of an everyday occurrence. ISIS has undoubtedly, somewhere, claimed responsibility for this act of terror even though there was no way for them to anticipate that a stabbing would occur under these circumstances. This is why ISIS gets so much help from the press. All someone has to do is stab a person at a mall and that is broadcast all over the place as national news. It isn’t. The press would know that if they did even a tiny bit of due diligence before publishing their story. They can’t wait for the police report. They can’t wait for the witnesses to say what happened. They know, as the old newspaper saying goes, blood sells.
“ When those who get news online from each source type were asked specifically about each’s accuracy, news organizations again sit at the top; 15% of those who get news from news organizations online find them very accurate, compared with 7% who say the same about people they are close with and just 2% for people they are not particularly close with.” See Trust and Accuracy from Pew Research
The FBI says you are three times more likely to be killed with a knife or club than with an AR-15. In fact, you are more likely to be stabbed or clubbed than shot with either a rifle or a shotgun. Yet, this is national news for a few minutes on Sunday. The clear and simple truth is the pace of news is so fast that reporters no longer try to verify facts or circumstances. They assume the worst and publish. In intelligence circles, sources of information are scored for their reliability and accuracy. We need a national scoring system for news outlets.
Because the national news media are so anxious to be the first to get to a terrorism story that they bring the world details of an everyday occurrence. ISIS has undoubtedly, somewhere, claimed responsibility for this act of terror even though there was no way for them to anticipate that a stabbing would occur under these circumstances. This is why ISIS gets so much help from the press. All someone has to do is stab a person at a mall and that is broadcast all over the place as national news. It isn’t. The press would know that if they did even a tiny bit of due diligence before publishing their story. They can’t wait for the police report. They can’t wait for the witnesses to say what happened. They know, as the old newspaper saying goes, blood sells.
“ When those who get news online from each source type were asked specifically about each’s accuracy, news organizations again sit at the top; 15% of those who get news from news organizations online find them very accurate, compared with 7% who say the same about people they are close with and just 2% for people they are not particularly close with.” See Trust and Accuracy from Pew Research
The FBI says you are three times more likely to be killed with a knife or club than with an AR-15. In fact, you are more likely to be stabbed or clubbed than shot with either a rifle or a shotgun. Yet, this is national news for a few minutes on Sunday. The clear and simple truth is the pace of news is so fast that reporters no longer try to verify facts or circumstances. They assume the worst and publish. In intelligence circles, sources of information are scored for their reliability and accuracy. We need a national scoring system for news outlets.
Saturday, November 11, 2017
Putin Uses Free Speech
The major wire services have picked up a story today about a familiar complaint- free speech. What President Putin really is complaining about is US restrictions on Sputnik and RT, both news services operated by the Kremlin. If the two countries operated free press outlets, that comparison might stand up, but the US press is not operated on behalf of the State. Ask anyone in the US and they would tell you, our press does not exactly favor our current president, but absolutely loved his predecessors.
So, can state run media outlets be unbiased, able to report on corruption or the abuses of government leaders? Especially, we add, that the discovery of abuses by Russia during the US elections. That “free press” he is talking about is trying to undermine our form of government by supporting mass media stories, to the benefit of his own.
We used to identify state- run media fairly easily. VOA and BBC were the originals. Now, we find it hard to tell the difference between independent news and state-run news outlets. And, there will be more discussion about this as the AT&T - Time-Warner merger moves along. When people with political agendas buy news outlets, there is very little difference between the free press in Russia and the free press here. Look at what happened to CNN where many of our news people got their training. It has become biased and blind to news of the world, looking to focus on narrow elements of domestic politics. Is that what we think of when we say “ free press”?
Russia would love to run its state news services in the US, but those services are not free anymore than CNN is free today. Divestiture is the answer - for both countries. Think that will happen in Russia? Let’s see if either country can manage it.
So, can state run media outlets be unbiased, able to report on corruption or the abuses of government leaders? Especially, we add, that the discovery of abuses by Russia during the US elections. That “free press” he is talking about is trying to undermine our form of government by supporting mass media stories, to the benefit of his own.
We used to identify state- run media fairly easily. VOA and BBC were the originals. Now, we find it hard to tell the difference between independent news and state-run news outlets. And, there will be more discussion about this as the AT&T - Time-Warner merger moves along. When people with political agendas buy news outlets, there is very little difference between the free press in Russia and the free press here. Look at what happened to CNN where many of our news people got their training. It has become biased and blind to news of the world, looking to focus on narrow elements of domestic politics. Is that what we think of when we say “ free press”?
Russia would love to run its state news services in the US, but those services are not free anymore than CNN is free today. Divestiture is the answer - for both countries. Think that will happen in Russia? Let’s see if either country can manage it.
Thursday, November 9, 2017
Black Ops is not Just for War
This is one of the most interesting stories of black operations to come along in a long time. It is interesting because it has nothing to do with war, drugs or politics, places where black ops have been applied very well. This story is about black ops used to discover and disrupt potential witnesses in a civil suit or criminal act of an individual, Harvey Weinstein. We have another instance in those things alleged in the case of Fusion GPS, a story that will go on forever, no doubt.
Black ops seems to be accepted in these circles. Paying someone to pretend to be investigating a case of sexual harassment, then using what is collected to head off that investigation is a trick that only shyster defense lawyers use - and then only rarely. These guys are not lawyers and apply their trade as “investigators” who are looking for facts. They even try to disguise themselves as people who are trying to help the person they are interviewing.
But, when I thought about this, I find many more instances of black ops in use outside of its normal realm. It seems to be acceptable to pretend to be a reporter from a newspaper, a representative of some company, or agency that helps people, like the Red Cross. When governments do this, it is intelligence gathering. When private companies do it, it should be illegal.
If a person pretends to be a government official, police, or FBI they can be arrested. When they pretend to represent someone who they do not represent, or fail to disclose their relationship with a foreign government, that should be a crime too. The real crimes are going on above this kind of thing, but it is what is called a lesser, included offense. We need to clamp down on “investigators” who misrepresent themselves. Leave intelligence collection to governments and get these guys out of this kind of corrupted business.
Black ops seems to be accepted in these circles. Paying someone to pretend to be investigating a case of sexual harassment, then using what is collected to head off that investigation is a trick that only shyster defense lawyers use - and then only rarely. These guys are not lawyers and apply their trade as “investigators” who are looking for facts. They even try to disguise themselves as people who are trying to help the person they are interviewing.
But, when I thought about this, I find many more instances of black ops in use outside of its normal realm. It seems to be acceptable to pretend to be a reporter from a newspaper, a representative of some company, or agency that helps people, like the Red Cross. When governments do this, it is intelligence gathering. When private companies do it, it should be illegal.
If a person pretends to be a government official, police, or FBI they can be arrested. When they pretend to represent someone who they do not represent, or fail to disclose their relationship with a foreign government, that should be a crime too. The real crimes are going on above this kind of thing, but it is what is called a lesser, included offense. We need to clamp down on “investigators” who misrepresent themselves. Leave intelligence collection to governments and get these guys out of this kind of corrupted business.
Applied Censorship
China has made censorship an art form. In a special report from Citizen Lab, the folks at the University of Toronto have looked at censorship in China, and elsewhere, to see when and how it is being applied. Their work looks at policy as it is being applied, and the technical aspects of how they do it. They probably know more about Chinese censorship than most other institutions.
The latest from them has several notable areas of interest. First, the application of censorship is not steady. In the run up to the National Communist Party Conference censorship increased. The China Digital Times described these activities as “wide-spread ‘lock-down measures that authorities are taking to secure economic, social and atmospheric stability during the highly sensitive political event.” Those measures included a lot more than just censorship. This is probably the best article I have seen lately on Chinese censorship and its releationship to national security, and well worth reading.
But Citizen Lab also looks at how these things are done - the technical aspects of how news and internal chats actually get censored. Then they show how that policy is developed and applied. The number of search terms and level of censorship actually increased in the run up to the NCPC. New legislation pushes down the responsibility for censorship to the persons running the chat group, even down to the individual level in some cases. They detained some dissidents and curtailed the activities of others. If this sounds like harmony, then we are missing some important aspects of how to achieve it.
The U.S. election might have been a much happier event had we put these kinds of controls in place. We could have closed Fox News down, driven out some of its reporters and contributors; we could have undermined the opposition candidates by filtering their messages in social media and press reports. We could have used the national security apparatus to spy on opposition and feed that information back into the ruling government offices. We could have manipulated polls to show only good results for our candidates and publicized those with the major news outlets. We could have helped our candidates with money and resources while limited those of the small number of dissidents.
But, while we might recognize when these kinds of things are being done, the Chinese have added a layer of protection, forcing individuals to be responsible for the speech of people they associate with on social media. This is the same thing the Russians did when they bought ads and funded fake accounts on Facebook and Twitter, but much more subtle. Stir up trouble for the opposition was the Russian mantra, but the Chinese were better by eliminating any mention of them. Those of you of follow these things know Russia has brought in the people who made Chinese censorship what it is. They want to get better and know where the experts are.
The latest from them has several notable areas of interest. First, the application of censorship is not steady. In the run up to the National Communist Party Conference censorship increased. The China Digital Times described these activities as “wide-spread ‘lock-down measures that authorities are taking to secure economic, social and atmospheric stability during the highly sensitive political event.” Those measures included a lot more than just censorship. This is probably the best article I have seen lately on Chinese censorship and its releationship to national security, and well worth reading.
But Citizen Lab also looks at how these things are done - the technical aspects of how news and internal chats actually get censored. Then they show how that policy is developed and applied. The number of search terms and level of censorship actually increased in the run up to the NCPC. New legislation pushes down the responsibility for censorship to the persons running the chat group, even down to the individual level in some cases. They detained some dissidents and curtailed the activities of others. If this sounds like harmony, then we are missing some important aspects of how to achieve it.
The U.S. election might have been a much happier event had we put these kinds of controls in place. We could have closed Fox News down, driven out some of its reporters and contributors; we could have undermined the opposition candidates by filtering their messages in social media and press reports. We could have used the national security apparatus to spy on opposition and feed that information back into the ruling government offices. We could have manipulated polls to show only good results for our candidates and publicized those with the major news outlets. We could have helped our candidates with money and resources while limited those of the small number of dissidents.
But, while we might recognize when these kinds of things are being done, the Chinese have added a layer of protection, forcing individuals to be responsible for the speech of people they associate with on social media. This is the same thing the Russians did when they bought ads and funded fake accounts on Facebook and Twitter, but much more subtle. Stir up trouble for the opposition was the Russian mantra, but the Chinese were better by eliminating any mention of them. Those of you of follow these things know Russia has brought in the people who made Chinese censorship what it is. They want to get better and know where the experts are.
Wednesday, November 8, 2017
Law Firms Lax Security
The New York Times was quick to point out that Apple has stored some of its off-shore money in Jersey, an island far from the USA. Of course it wasn’t just The NY Times, because a number of investigative reporters and journalists were right in there with them. They got their information from Appleby’s, a well known law firm based in a place lawyers like to visit, Bermuda. They hold a lot of doctor’s training down there for the same reason.
This is the second time somebody has stolen and published information from law firm that specialized in shell companies. I previously looked at the establishment of shell companies to hold China’s US debt, so it would appear the amounts were going down. Parts of that information and the family holdings of Chairman Xi’s family were discovered in the Panama Papers, and published by the Times. More to come, no doubt, since that kind of behavior is unlikely to change. In both cases, the International Consortium of Investigative Journalists is involved and that group got some of its funding from George Soros. Their site has a summary of the information posted. For a different look at this case, see the 9 Nov opinion piece by Holman Jenkins Jr. who asks who stole the information to begin with. That is a good question.
But what this shows is the lack of security at the law firms that are holding the information about all of these shell companies they have established. This is the kind of information that, once it gets out, cannot be put back without a lot of work - hopefully not billed to the client. I wonder about that part, but don’t care what it costs. It was nice to see these fat cats fur flying.
As an industry, law firms have some of the most sensitive information any company holds, and these law firms that were hacked had some of the most sensitive of all. With this kind of information available on a corporate system, you have not just the law firms secrets about its clients, but the clients secrets about their external dealings. That kind of material is very valuable monetarily, and politically. So, all the more reason to get a better security system than some of the people who use their services. It is not good enough to figure out, after the fact, that the data was stolen. Law firms should know better than most what due diligence is. They need to get together and establish standards for the protection of legal data, little things like encryption at rest come to mind, and do some external audits of their systems to make sure people adhere to those standards.
This is the second time somebody has stolen and published information from law firm that specialized in shell companies. I previously looked at the establishment of shell companies to hold China’s US debt, so it would appear the amounts were going down. Parts of that information and the family holdings of Chairman Xi’s family were discovered in the Panama Papers, and published by the Times. More to come, no doubt, since that kind of behavior is unlikely to change. In both cases, the International Consortium of Investigative Journalists is involved and that group got some of its funding from George Soros. Their site has a summary of the information posted. For a different look at this case, see the 9 Nov opinion piece by Holman Jenkins Jr. who asks who stole the information to begin with. That is a good question.
But what this shows is the lack of security at the law firms that are holding the information about all of these shell companies they have established. This is the kind of information that, once it gets out, cannot be put back without a lot of work - hopefully not billed to the client. I wonder about that part, but don’t care what it costs. It was nice to see these fat cats fur flying.
As an industry, law firms have some of the most sensitive information any company holds, and these law firms that were hacked had some of the most sensitive of all. With this kind of information available on a corporate system, you have not just the law firms secrets about its clients, but the clients secrets about their external dealings. That kind of material is very valuable monetarily, and politically. So, all the more reason to get a better security system than some of the people who use their services. It is not good enough to figure out, after the fact, that the data was stolen. Law firms should know better than most what due diligence is. They need to get together and establish standards for the protection of legal data, little things like encryption at rest come to mind, and do some external audits of their systems to make sure people adhere to those standards.
Secrets of Unmasking Reports
We have not forgotten that there are still many secrets about who asked for the identities of US persons who were caught up in some aspect of foreign surveillance. These would be especially nice to know, given all the hoopla about Russian involvement with US Government officials and the campaigns of political candidates. There is a report from the US Director of National Intelligence called Statistical Transparency Report, Regarding Use of National Security Authorities, for Calendar Year 2016 and this report has an addendum that starts on page 11. The whole report is well worth reading because it shows how many of various types of US persons were identified and for what reason, in 2016 - that was the election year.
I have never seen numbers this big before because it was rare to ask for that kind of information unless there was a a really good reason. Most cases could come to a resolution without asking for those names. Our UN Ambassador has already mentioned that she was not responsible for the many requests that were made in her name, making all of us wonder who else could have done it. I don’t think we realized when she said that there were quite this many - there were only 634 total requests, but within those were 1934 identities. That is a lot of people.
We would have to wonder why NSA could not have a list of those who did the requests ready in 10 minutes on a subject so narrow as this one. There are long procedures and limited numbers of approval authorities at NSA, according to the Director’s Congressional testimony. After they are received, there are equal controls on dissemination of that information within the government. If the UN Ambassador didn’t ask for all the material that was requested in her name, those dissemination controls would be impossible to enforce.
Something smells bad here. The politicalization of Intelligence is a dangerous game to play. It gets very close to the way dictators stay in power. Whoever did this needs to go to jail and collect no more information. I’m also wondering how many people actually knew this was going on. Usually Congress is going to get periodic briefings of this kind of investigation being done. Who got briefed, we wonder? There are a few people with secrets that we really need to know.
I have never seen numbers this big before because it was rare to ask for that kind of information unless there was a a really good reason. Most cases could come to a resolution without asking for those names. Our UN Ambassador has already mentioned that she was not responsible for the many requests that were made in her name, making all of us wonder who else could have done it. I don’t think we realized when she said that there were quite this many - there were only 634 total requests, but within those were 1934 identities. That is a lot of people.
We would have to wonder why NSA could not have a list of those who did the requests ready in 10 minutes on a subject so narrow as this one. There are long procedures and limited numbers of approval authorities at NSA, according to the Director’s Congressional testimony. After they are received, there are equal controls on dissemination of that information within the government. If the UN Ambassador didn’t ask for all the material that was requested in her name, those dissemination controls would be impossible to enforce.
Something smells bad here. The politicalization of Intelligence is a dangerous game to play. It gets very close to the way dictators stay in power. Whoever did this needs to go to jail and collect no more information. I’m also wondering how many people actually knew this was going on. Usually Congress is going to get periodic briefings of this kind of investigation being done. Who got briefed, we wonder? There are a few people with secrets that we really need to know.
Tuesday, November 7, 2017
Tax and Spend the Congressional Way
In spite of the fact that I worked on the Hill for several years, I did not know that when sexual harassment charges are brought against a Congressman, their lawyers are paid for with taxpayer money. I understand how this could be abused, thus the need for such an arrangement. But come on, where else in the world can there be such a deal? While we are discussing budget and tax policy, maybe we can end this.
What’s Mine is Mine....
I read an article last week that reminded me of an old saying, What’s Mine is Mine, and What’s Yours is Negotiable. We actually used to accuse the Russians of applying this principle all over the world, but it has come to China to really make it work. Jacob Schlesinger had a piece in the Wall Street Journal about how China manages the World Trade Organization where it has put a stake in the ground and said China was a “market economy”, though by what standard is not clear. They said, in trade that position was “non-negotiable” as if China could say it, and everyone else would go along because they said it. That is arrogance talking, and we seem to see a lot of that in China recently.
The South China Sea is the most egregious. The demand that the President of Taiwan be barred from travel in US territory is another example. Europe is finally paying attention to this and actually trying to stop the drumbeats from drowning out their position with respect to trade. They have ignored the same situation with Russia. That seems conflicted to those of us on this side of the Atlantic, but since diplomacy seems to be in the realm of the Wizard of Oz, it is not surprising.
China has a way of demanding, and getting its way. Look at what they did to South Korea after the THAAD deployment. They cut back on tourism, trade, and positive press about the South. They went after South Korean businesses in China. THAAD is still there, but you can bet President Trump and Chaiman Xi will be talking about it soon enough. The Chinese start down a path, pause, and start back up. They don’t get off the path and keep the goal in mind. Unlike Russia, they are patient and believe they have history on their side.
The South China Sea is the most egregious. The demand that the President of Taiwan be barred from travel in US territory is another example. Europe is finally paying attention to this and actually trying to stop the drumbeats from drowning out their position with respect to trade. They have ignored the same situation with Russia. That seems conflicted to those of us on this side of the Atlantic, but since diplomacy seems to be in the realm of the Wizard of Oz, it is not surprising.
China has a way of demanding, and getting its way. Look at what they did to South Korea after the THAAD deployment. They cut back on tourism, trade, and positive press about the South. They went after South Korean businesses in China. THAAD is still there, but you can bet President Trump and Chaiman Xi will be talking about it soon enough. The Chinese start down a path, pause, and start back up. They don’t get off the path and keep the goal in mind. Unlike Russia, they are patient and believe they have history on their side.
Digital Leninism is Not
There have been a couple of reminders of the roots of Communism this week. The Gathering In Beijing is a reminder that Communism took over there in what is a short time in history. A celebration of 100 years of it in Russia follows that. A Wall Street Journal article quotes several academics who view what Xi has accomplished as Digital Leninism, which is catchy, as slogans go, but represents something that is anything but. Leninism is ugly, and Communism, at least as it is practiced in China, is not far behind. I would have you look to the MCLC Resource Center at Ohio State for examples.
Xi can digitize almost anything, and Western scholars can twist that into fancy slogans, but it doesn’t work out very well with what is happening in the world today. Russian and China have a series of agreements between the two of them to cooperate against all enemies, and these seem to be working pretty well. The commonality between them is that they keep two totalitarian state leaders in power. Both of those leaders see the world as a place where they can lead, both economically and politically. This is an alignment of Communist China and Socialist Russia against the democracies of the world. It is also something more.
There is a belief in these systems of government that government is good and knows best. They are led from the top down, and discourage thought and action through censorship and control of public media. Ideas, and economic well being, come from the government to the people. Government will take care of the people and they will be grateful in return. If they aren’t, that can be dealt with. There is an untold thought that the people are not really that smart and have to be managed to keep harmony. If that reminds you of someone, it should. That is not Lenin; it is George Orwell.
A man who came to the US from one of those countries told me once that people in democracies “act free” and anyone can tell the difference between them and somebody who lives under the digital oversight of these kinds of government. Fox had a reporter trying to interview people in China about how they felt about North Korea. One actually said something, all the others ignored him. One woman delegate to the National Party Conference said she had to go help a sick person and could not talk to him. A few literally ran from him.
It reminded me of the KGB agents who used to accompany academic speakers to conferences. I asked one of them if he was enjoying the conference, and will never forget the look on his face. I’m not sure he even knew what the conference was about, and he hastily looked to his packet to find out. I thought about the people he was here to monitor and what kind of life that was.
There were nothing but accolades from the business leaders who attended Xi. These are the same types who take donations from China to run seminars and teach at US schools. China pays to have their views expressed in news outlets, political parties, and businesses they control. They dominate digitally and use that domination to undermine contrary opinions. Follow the way China does this and most people living in free societies would not want to take the place of citizens there. That is the real meaning of digital Leninism.
Xi can digitize almost anything, and Western scholars can twist that into fancy slogans, but it doesn’t work out very well with what is happening in the world today. Russian and China have a series of agreements between the two of them to cooperate against all enemies, and these seem to be working pretty well. The commonality between them is that they keep two totalitarian state leaders in power. Both of those leaders see the world as a place where they can lead, both economically and politically. This is an alignment of Communist China and Socialist Russia against the democracies of the world. It is also something more.
There is a belief in these systems of government that government is good and knows best. They are led from the top down, and discourage thought and action through censorship and control of public media. Ideas, and economic well being, come from the government to the people. Government will take care of the people and they will be grateful in return. If they aren’t, that can be dealt with. There is an untold thought that the people are not really that smart and have to be managed to keep harmony. If that reminds you of someone, it should. That is not Lenin; it is George Orwell.
A man who came to the US from one of those countries told me once that people in democracies “act free” and anyone can tell the difference between them and somebody who lives under the digital oversight of these kinds of government. Fox had a reporter trying to interview people in China about how they felt about North Korea. One actually said something, all the others ignored him. One woman delegate to the National Party Conference said she had to go help a sick person and could not talk to him. A few literally ran from him.
It reminded me of the KGB agents who used to accompany academic speakers to conferences. I asked one of them if he was enjoying the conference, and will never forget the look on his face. I’m not sure he even knew what the conference was about, and he hastily looked to his packet to find out. I thought about the people he was here to monitor and what kind of life that was.
There were nothing but accolades from the business leaders who attended Xi. These are the same types who take donations from China to run seminars and teach at US schools. China pays to have their views expressed in news outlets, political parties, and businesses they control. They dominate digitally and use that domination to undermine contrary opinions. Follow the way China does this and most people living in free societies would not want to take the place of citizens there. That is the real meaning of digital Leninism.
Monday, November 6, 2017
Yemen Claims Missile Attack on Saudi Targets
Yemen rebels are telling their friends they fired a Burkan 2-H missile into Saudi Arabia, landing somewhere near the airport. Janes says the Saudis claim to have shot down missiles on 17 and 20 March. They have made this claim before, as the reference shows, but I kind of wonder where all this missile technology is coming from since Yemen is not exactly like North Korea in its development of missiles. There is a hint of their direction in this strategy: build missiles that can hit your enemies. With Saudi aircraft bombing them almost every day, we can figure they are enemies.
The Chinese have been avoiding any responsibility for what happens in the Middle East by funding weapons development in the countries that want and need it. They make AK=47s a number of places and other things that make war. Missiles too.
But a number of articles on this subject lay claim to a belief that this is part of a proxy war between Saudi Arabia and Iran, a religious war of sorts. I think their might be a little more to it than that.
Not too many countries fire ballistic missiles at one another. They usually fire smaller, less capable, things that are not very accurate or powerful. The kind of missiles we are talking about here are not very accurate and it would be easy for one of them to hit a school or hospital, rather than their intended target. Most terrorist organizations find that leads to recruiting problems and more hostile enemies than they want to have. Ask ISIS about that one.
But one small thing got my attention in that article about Yemen’s missiles. It was the idea that threatening your adversaries with missiles is something they are trying to promote. They didn’t get that idea in school in Yemen. There is a lot going on in this war that the world is ignoring, probably to keep the peace with Iran. Ships from Iran are being intercepted. Missile technology continues to improve in a country that has missile technology it got from other countries - not likely from Europe or the United States. Iran and North Korea have been working together on nuclear programs, and Iran attended at least one of North Korea’s nuclear tests. I don’t think that was what we had in mind with the Iranian nuclear deal, but some of the countries involved are looking the other way - and changing the subject as fast as they can.
The Chinese have been avoiding any responsibility for what happens in the Middle East by funding weapons development in the countries that want and need it. They make AK=47s a number of places and other things that make war. Missiles too.
But a number of articles on this subject lay claim to a belief that this is part of a proxy war between Saudi Arabia and Iran, a religious war of sorts. I think their might be a little more to it than that.
Not too many countries fire ballistic missiles at one another. They usually fire smaller, less capable, things that are not very accurate or powerful. The kind of missiles we are talking about here are not very accurate and it would be easy for one of them to hit a school or hospital, rather than their intended target. Most terrorist organizations find that leads to recruiting problems and more hostile enemies than they want to have. Ask ISIS about that one.
But one small thing got my attention in that article about Yemen’s missiles. It was the idea that threatening your adversaries with missiles is something they are trying to promote. They didn’t get that idea in school in Yemen. There is a lot going on in this war that the world is ignoring, probably to keep the peace with Iran. Ships from Iran are being intercepted. Missile technology continues to improve in a country that has missile technology it got from other countries - not likely from Europe or the United States. Iran and North Korea have been working together on nuclear programs, and Iran attended at least one of North Korea’s nuclear tests. I don’t think that was what we had in mind with the Iranian nuclear deal, but some of the countries involved are looking the other way - and changing the subject as fast as they can.
Saturday, November 4, 2017
Nobody Gets to See the Wizard
A phrase from the Wizard of Oz says that nobody really sees the wizard. They have audiences with believers, and those close to him, but nobody knows what is really behind those words. When they see him, they are not looking at the real wizard.
So, when the leaders of Facebook, Apple, The Blackstone Group, etc visited the Chairman of the Communist Party, fresh from his announcement of ascendancy to another reign, they were all agog at the illustriousness of his leadership. They were among the first to be allowed to speak. You can bet the Broadcom executives were not invited.
This is a kind of political correctness, since those who suck up to the leaders control their fate. But, does that mean any more than seeing the Wizard of Oz? I think not. The Wizard shows one face to the world, and another to his visitors. True statesmen are like that. They are a little humble, but can be because they have the power to be so. The US leaders who bowed to the Chairman must have seen the movie.
RATS in Poland
So, those of you who follow SANS Storm Center know they come up with things all the time on new hacking techniques. Today, they have a RAT, which gives the developer access to another computer, that was embedded in spam. The RAT links back to a host in Poland. That has me thinking about the wisdom of keeping all those spam files in my spam folder. Maybe I should just delete them when they come in. There are so many of these things - spam, bogus emails, messaging, et al, that I can’t keep up. Not surprising, since it is the favored weapon for gettting access to other computers.
I have long ago given up on the tech giants protecting me from being hacked. I just act as if it has already happened. Verizon , COMCAST, and AT&T could do a lot better at filtering this stuff out. Just like Facebook, Twitter, Google it is time for them to take notice of their responsibility to protect us from threats that use their medium to get onto our systems. We have a reasonable expectation that hackers will not operate with impunity on networks we pay to use. They could do a lot better at it, and they will surely find out when the hearings start.
I have long ago given up on the tech giants protecting me from being hacked. I just act as if it has already happened. Verizon , COMCAST, and AT&T could do a lot better at filtering this stuff out. Just like Facebook, Twitter, Google it is time for them to take notice of their responsibility to protect us from threats that use their medium to get onto our systems. We have a reasonable expectation that hackers will not operate with impunity on networks we pay to use. They could do a lot better at it, and they will surely find out when the hearings start.
Thursday, November 2, 2017
Charging Russian Hackers
In a news piece today , the Wall Street Journal says the US Justice Department is preparing a case against the people who hacked the Democratic National Committee (DNC) before the national election a year ago. This is a bad idea, gone completely off the rails.
This is, of course, similar to charging 5 Army officers in China who were hacking US businesses. The Army officers were not going to be able to travel to the US or to any place with an extradition agreement with the US. That can be annoying, but not stressful to a person who is hired and helped to hack. It is part of the business and only a small number of people are ever caught doing this kind of thing. Of those who are, only a couple have ever been arrested. Bringing those charges leads to open court presentation of sources and methods used to identify who they were and how the prosecutors knew it was that person. That knowledge only helped the Chinese not make the same mistakes again.
The Journal article points to a belief that the Russian Intelligence Services are involved and this is part of a campaign by Russia to undermine the US election. If so, you can bet nobody identified by name can be tried since Russia will never agree to help out. The names are probably cover names used while they hack. People have been tried under pseudonyms (hacker handles) and the real person was eventually identified but this is an intelligence agent or a contractor unlikely to give his/her real name. The Russians deny any involvement in the US elections.
What is Justice thinking? I’m beginning to think there are still too many Obama appointees still working at the Justice Department. The previous Director of National Intelligence publicly warned a Senate Committee about his kind of thing, using the analogy that people who live in glass houses shouldn’t throw stones. They still brought charges against the Chinese Army officers, who are slightly different because they were stealing proprietary and trade secret information. I doubt that he wanted to bring charges against the Chinese hackers who go into the security clearances at OPM, the context for his comments. None have been.
The charges, if brought, might make somebody feel good and show that “we are aggressively pursuing hackers” but neither of those would be worthwhile. The feel good feeling only lasts until the next hack. The aggressive pursuit of hackers does not extend to the intelligence services of other countries for a good reason. Every country spies, to DNI Clapper’s point.
This is, of course, similar to charging 5 Army officers in China who were hacking US businesses. The Army officers were not going to be able to travel to the US or to any place with an extradition agreement with the US. That can be annoying, but not stressful to a person who is hired and helped to hack. It is part of the business and only a small number of people are ever caught doing this kind of thing. Of those who are, only a couple have ever been arrested. Bringing those charges leads to open court presentation of sources and methods used to identify who they were and how the prosecutors knew it was that person. That knowledge only helped the Chinese not make the same mistakes again.
The Journal article points to a belief that the Russian Intelligence Services are involved and this is part of a campaign by Russia to undermine the US election. If so, you can bet nobody identified by name can be tried since Russia will never agree to help out. The names are probably cover names used while they hack. People have been tried under pseudonyms (hacker handles) and the real person was eventually identified but this is an intelligence agent or a contractor unlikely to give his/her real name. The Russians deny any involvement in the US elections.
What is Justice thinking? I’m beginning to think there are still too many Obama appointees still working at the Justice Department. The previous Director of National Intelligence publicly warned a Senate Committee about his kind of thing, using the analogy that people who live in glass houses shouldn’t throw stones. They still brought charges against the Chinese Army officers, who are slightly different because they were stealing proprietary and trade secret information. I doubt that he wanted to bring charges against the Chinese hackers who go into the security clearances at OPM, the context for his comments. None have been.
The charges, if brought, might make somebody feel good and show that “we are aggressively pursuing hackers” but neither of those would be worthwhile. The feel good feeling only lasts until the next hack. The aggressive pursuit of hackers does not extend to the intelligence services of other countries for a good reason. Every country spies, to DNI Clapper’s point.
Wednesday, November 1, 2017
The Feinstein Summary
At the beginning of yesterday’s hearings on Russian use of social media to influence the national election in the United States, Senator Feinstein laid out a summary of what she had already been briefed on before attending this session. We have seen this information before, but it was interesting to hear it all put together in one place.
The Russians really did have quite a bit of effort going into managing Twitter, Facebook and YouTube messaging. Facebook had 470 accounts, Twitter had 2752, and there were over 37,000 that generated some kind of election content. Imagine the number of people that had to be employed just to keep that many accounts active. Most of the content was incendiary, intended to spread discontent on both sides of the political spectrum, both right and left. Of course, thousands of less thoughtful people also jumped on those bandwagons, prompted by feeds from RT news services that promoted the stories to make them more real. The press trolls were aided by lazy press outlets who repeat “news” by any name without checking their stories. Political groups loved it and used it for their own ends.
The only satisfaction I get from any of this is the fact that the US and Russian publics do not believe much of what their press puts out. In Washington, we call all of this “spin”. The reason we understand it so well is that various political parties have done exactly the same thing for so long we have grown tired of it while becoming increasingly skeptical about the sources of information. Maybe that was the real objective of the program.
The Russians really did have quite a bit of effort going into managing Twitter, Facebook and YouTube messaging. Facebook had 470 accounts, Twitter had 2752, and there were over 37,000 that generated some kind of election content. Imagine the number of people that had to be employed just to keep that many accounts active. Most of the content was incendiary, intended to spread discontent on both sides of the political spectrum, both right and left. Of course, thousands of less thoughtful people also jumped on those bandwagons, prompted by feeds from RT news services that promoted the stories to make them more real. The press trolls were aided by lazy press outlets who repeat “news” by any name without checking their stories. Political groups loved it and used it for their own ends.
The only satisfaction I get from any of this is the fact that the US and Russian publics do not believe much of what their press puts out. In Washington, we call all of this “spin”. The reason we understand it so well is that various political parties have done exactly the same thing for so long we have grown tired of it while becoming increasingly skeptical about the sources of information. Maybe that was the real objective of the program.
Subscribe to:
Posts (Atom)