Secretary Pompeo struck an unusual chord with his comments on the International Monetary Fund paying money to Pakistan. What said was the funds should not be authorized to pay Chinese bond holders or China itself. Apparently, the new government of Pakistan needs some $12 Billion in loans to get going. The US doesn't want that money to go to China, and you can't really blame them. China seems to make loans easily so it maintains economic leverage over countries that take the offers. They reduce their risk by helping countries get alternative loans to pay back that money. We have to wonder how far this goes, and how much debt some of these countries have accumulated. Forbes says the same model used in Pakistan was used previously in Sri Lanka, resulting in China's acquisition of another big port to settle part of it.
Forbes says the Pakistan debt to GDP was 67.30% in 2017:
Pakistan accumulated a government debt equivalent to 67.20% of the country's Gross Domestic Product in 2017. The country’s government debt to GDP averaged 69.30% from 1994 until 2017, reaching an all-time high of 87.90% in 2001 and a record low of 56.40% in 2007.
If Pakistan can't pay that debt, they could just default on it, but China would make that difficult. They could trade for satisfaction of some of it. How nice of China to allow that.
Tuesday, July 31, 2018
Monday, July 30, 2018
China and the World Trade Organization
This weekend, the Wall Street Journal had a good story about the background of China getting in the WTO. It brought back to mind a lot of the rhetoric that surrounded the Clinton White House effort to get China into the organization as a way to push China into a more constructive deal with other world traders. The language used in 2000 sounds naive by what we have seen since. China didn't do much it promised, and did not become a better trading partner to other countries. Robert Lightizer was among those saying it was not such a good idea. It cost the US about 2.4 million manufacturing jobs, making him sound like a prophet.
While investing in state-owned enterprises went down for a time, over the past three years it started to grow three times faster than it had before. China had promised not to force companies doing business there to hand over proprietary intellectual property, a promise that was more hollow than we now know. They didn't say until much later that they would not steal it, but it was not something China could stop doing. They are hooked on their own criminal success.
There was good and bad in the outcomes for China's behavior after joining the WTO, and this article is well worth the time to read just to go over those. They are revealing because the world thought China could be a normal business partner that followed the rules of international trade behavior. We have leaned a lot since then.
While investing in state-owned enterprises went down for a time, over the past three years it started to grow three times faster than it had before. China had promised not to force companies doing business there to hand over proprietary intellectual property, a promise that was more hollow than we now know. They didn't say until much later that they would not steal it, but it was not something China could stop doing. They are hooked on their own criminal success.
There was good and bad in the outcomes for China's behavior after joining the WTO, and this article is well worth the time to read just to go over those. They are revealing because the world thought China could be a normal business partner that followed the rules of international trade behavior. We have leaned a lot since then.
Saturday, July 28, 2018
Is Russia Really Paying some the U.S. Press?
Most of you have heard of Devin Nunes, the whipping boy for every news outlet in Washington D.C. and Chairman of the House Permanent Select Committee on Intelligence, though you would never find that information in any of the press reports about him. They don't mention it.
Nunes said, in what I saw as a kind of off-hand remark, that some of the press were getting paid by the Russians. I stopped doing what I was working on and listened for the follow-up. There wasn't any.
He might have meant RT and a few of the other Russian news outlets are being paid by Russia, but that is not likely. Everyone knows the Russian press is controlled by the Intelligence Services and the senior leaders in the Kremlin. That would not be news. What would be more likely is that some of the press corps in the U.S. is being paid for by the Russians. Given the vitriol by the press on a daily basis, aimed directly at the Trump White House and anyone supporting them, that would make more sense. It is something the Chinese do, so it would not be too surprising if the Russians did too. We certainly would like to hear more about this Congressman.
Nunes said, in what I saw as a kind of off-hand remark, that some of the press were getting paid by the Russians. I stopped doing what I was working on and listened for the follow-up. There wasn't any.
He might have meant RT and a few of the other Russian news outlets are being paid by Russia, but that is not likely. Everyone knows the Russian press is controlled by the Intelligence Services and the senior leaders in the Kremlin. That would not be news. What would be more likely is that some of the press corps in the U.S. is being paid for by the Russians. Given the vitriol by the press on a daily basis, aimed directly at the Trump White House and anyone supporting them, that would make more sense. It is something the Chinese do, so it would not be too surprising if the Russians did too. We certainly would like to hear more about this Congressman.
Friday, July 27, 2018
Qualcomm- NXP Deal Collapses with nothing from China
Let's Blame China for the collapse of the Qualcomm - NXP deal, if only for the reason that China says "Don't blame us". The deal was announced in 2016, so the Chinese have had two years to think about a response to it. They claim they were thinking about it really hard.
They also claim that they asked for more information and did not get enough. That is an easy thing to say, but we don't know what they were asking for. It cost Qualcomm $2 Billion to abandon the deal, so who would you believe - the Chinese government which dragged along for two years with their collective fingers in their noses, or the guys who bet $2 Billion that they could get the six regulatory bodies of the world to approve this deal? Not even close. The Chinese are pushing the envelope to have us believe that any of the business entities involved or the other regulatory bodies that did approve it, would have combined to stop the deal. Not going to happen with this much money on the line.
Most of us growing up had a moment when our mother said, "Who did that?" You and your siblings point to each other quickly before mom figures it out. We were playing Mom for stupid. She wasn't, any more than people who can figure out this kind of thing for themselves. Mom thinks for herself, "Do they really think I'm that dumb?" China thinks we are that dumb.
They also claim that they asked for more information and did not get enough. That is an easy thing to say, but we don't know what they were asking for. It cost Qualcomm $2 Billion to abandon the deal, so who would you believe - the Chinese government which dragged along for two years with their collective fingers in their noses, or the guys who bet $2 Billion that they could get the six regulatory bodies of the world to approve this deal? Not even close. The Chinese are pushing the envelope to have us believe that any of the business entities involved or the other regulatory bodies that did approve it, would have combined to stop the deal. Not going to happen with this much money on the line.
Most of us growing up had a moment when our mother said, "Who did that?" You and your siblings point to each other quickly before mom figures it out. We were playing Mom for stupid. She wasn't, any more than people who can figure out this kind of thing for themselves. Mom thinks for herself, "Do they really think I'm that dumb?" China thinks we are that dumb.
Preparing for the Cyber Midterms
I was really surprised to see Congress and a few people in the White House talk about preparing for the midterm elections in November. That is about three months away on any calendar, Russian or US. This tells us quite a bit about how people view hackers who have been trying to influence US voters, get into voting machines, and make life miserable for election officials. They shouldn't be worried.
If there is hacking to be done, it is well underway and most of the systems and people who are targets have already been hacked. About all anyone can do is try to find out where they have been hacked and what they can do about it now. The hackers who have gotten in have been in these systems for a a few months, and probably a good deal longer - some at least back to 2016. They just haven't been discovered yet.
It is much harder to find these people than the Intelligence reports would indicate unless you have really good hackers inside the networks that are attacking. Most election officials not only don't, but don't have the access to classified information that would allow them to know what others have done to help out. The best they can expect is someone saying "We have information that would indicate you are a target of hackers and may have been breached." Most people can reason that out for themselves by reading newspapers, but a few of them don't keep up with current attacks the way they should. Most do not have good security and don't want help getting more. Only about 40% of any of them asked for help when it was offered. This is the "we have this under control" syndrome common in state governments and lots of Federal agencies.
The only way to find out is to test security from the outside and do it with the level of expertise that hacks from Russia. Nobody likes this, but it has to be done. If we really consider this to be a national security issue, then we should treat it like one. Penetration testing and assessments are the only way to do that. There are big issues with states' rights and security cognizance in all of this, and that takes time to work out. Nothing can be done for the midterms, but a lot can be done before 2020.
It took me over a year to arrange an assessment of networks across a whole military complex and all of the supporting contractors that connected to that complex, but it was worth doing. We found a lot more than we wanted to know. What the owners of those systems found out was they did not have it under control. They were good about fixing things that were wrong, but the realization had to be there first. A lot could be done before 2020, but the thinking about the need has to be more realistic than the midterm elections.
If there is hacking to be done, it is well underway and most of the systems and people who are targets have already been hacked. About all anyone can do is try to find out where they have been hacked and what they can do about it now. The hackers who have gotten in have been in these systems for a a few months, and probably a good deal longer - some at least back to 2016. They just haven't been discovered yet.
It is much harder to find these people than the Intelligence reports would indicate unless you have really good hackers inside the networks that are attacking. Most election officials not only don't, but don't have the access to classified information that would allow them to know what others have done to help out. The best they can expect is someone saying "We have information that would indicate you are a target of hackers and may have been breached." Most people can reason that out for themselves by reading newspapers, but a few of them don't keep up with current attacks the way they should. Most do not have good security and don't want help getting more. Only about 40% of any of them asked for help when it was offered. This is the "we have this under control" syndrome common in state governments and lots of Federal agencies.
The only way to find out is to test security from the outside and do it with the level of expertise that hacks from Russia. Nobody likes this, but it has to be done. If we really consider this to be a national security issue, then we should treat it like one. Penetration testing and assessments are the only way to do that. There are big issues with states' rights and security cognizance in all of this, and that takes time to work out. Nothing can be done for the midterms, but a lot can be done before 2020.
It took me over a year to arrange an assessment of networks across a whole military complex and all of the supporting contractors that connected to that complex, but it was worth doing. We found a lot more than we wanted to know. What the owners of those systems found out was they did not have it under control. They were good about fixing things that were wrong, but the realization had to be there first. A lot could be done before 2020, but the thinking about the need has to be more realistic than the midterm elections.
Thursday, July 26, 2018
Iran's Houthi Stop Oil Shipments
The Wall Street Journal article today kind of slanted this news to the public perception of events. I think we have to look beyond those and say that Iran is forcing Saudi Arabia to stop shipments of oil through the Red Sea. This has been contemplated for a number of years because Iran controls a lot of territory along the shipping routes for oil.
The Houthis have been firing at ships for a few months, but they were missing. On this, and a previous incident exactly like it, the rebels said they were shooting at Saudi military vessels and came close to commercial ships. We have to believe the same country that manages to acquire Iranian missiles and shoots several of them at Saudi refining and transport facilities wasn't trying to hit tankers.
Let's clarify something here that Iran and Saudi Arabia know. Oil is not a commodity sold to any single country. The receivers of oil need it for energy and they don't like doing without. That is one of the things that makes traffic in the Straits of Hormuz so important to both countries. If the Houthis start messing with that, it will be more than the Saudis and the US who are going to start thinking about protecting that area against disruption. Iran is going to find many countries are willing to defend their access to oil.
The Houthis have been firing at ships for a few months, but they were missing. On this, and a previous incident exactly like it, the rebels said they were shooting at Saudi military vessels and came close to commercial ships. We have to believe the same country that manages to acquire Iranian missiles and shoots several of them at Saudi refining and transport facilities wasn't trying to hit tankers.
Let's clarify something here that Iran and Saudi Arabia know. Oil is not a commodity sold to any single country. The receivers of oil need it for energy and they don't like doing without. That is one of the things that makes traffic in the Straits of Hormuz so important to both countries. If the Houthis start messing with that, it will be more than the Saudis and the US who are going to start thinking about protecting that area against disruption. Iran is going to find many countries are willing to defend their access to oil.
Chinese Theft of IMAX Tech
Richard Gelfond, the CEO of IMAX, was on Fox Business this morning and told a story of IP theft I had not heard before. He said that about "seven or eight years ago" they had an "ugly episode" with the Chinese government. A former employee of theirs, who was sponsored by the Chinese government, stole the technology for IMAX. He did not say how much of the technology was taken. This story has a ring to it that is familiar. Other cases I have heard about have used former employees- most dramatically, Sinovel which stole technology from a US company and used it for years before Chinese courts finally found Sinovel stole the technology. By that time, they had embedded it in their products. In that famous case, there were indicators the employee may have been bought off before he left the company.
This is a good reason to sharpen up those termination procedures and make sure corporate accounts are suspended or revoked when a person leaves the company. Before that, check to see if the person downloaded proprietary data that was sensitive IP.
This is a good reason to sharpen up those termination procedures and make sure corporate accounts are suspended or revoked when a person leaves the company. Before that, check to see if the person downloaded proprietary data that was sensitive IP.
A Task Too Large
GAO has tried to put together a report on Cyber Security Strategies for the Nation, but this is a task that can't be undertaken by an agency that doesn't have responsibility for the national infrastructure. This report has regurgitated all the findings from past years without getting to the real issues that drive cyber security in any of the environments they are responsible for. I don't blame GAO for this. They tried to do something they should never have been tasked to do.
There were similar reports written over the years, but none better than a simple one done by the President's Council on Integrity and Efficiency in the mid 1980's. That said that there were really three things, which I shortened for this piece, wrong with the way cyber security was being done.
First, the policies for security of information systems were too complicated for most people to understand. That is more complicated than just reading and comprehending what a policy says. It means the implementation of a given policy must be understood by the people who have to do it. That often means somebody other than a security function, since security rarely does the actual work. Our systems today are governed by a list mentality fostered by NIST policies that are based on lists of controls that are not well understood, nor responsive to the threats information systems have today. Organizations do some of these controls, but not all of them, and there is no way to measure the effectiveness of the holes that are left. Vendors put some of those holes too and those cannot be known or compensated for by following a list. The interactions of systems in large-scale networks makes discovery of faults and flaws almost impossible to find since organizations cannot go outside their own systems to discover them.
Second, the policies are not reflective of what is needed to protect systems from existing threats. They actually put this a different way in the report: there is not a proven relationship between policy and security level attained in a system. The government follows the lists without knowing if the implementation of them leads to a secure system. The reports on cyber incidents in government clearly show they do not.
Third, the quality of people required to do the security of a system is a difficult standard to meet. Since the 80's, standards for cyber security training has been outsourced by the government to private firms that test for all kinds of things that no single person can possibly know. The tests have become more general because nobody could pass ones that tested knowledge of all of these areas. When the first CISSP test was first given, only about 10% of the people who took it got a passing score. Was that a reflection of the test, or the knowledge of the people who took it? The tests, and similar ones from other testing organizations, have been watered down to the point that they are not good measures of how well a person will perform any task on the job. There is no profit in having a majority of people not able to pass a test.
GAO cannot write a report on what the nation needs to do for cyber security because government is only responsible for a small part of the layers of networks that government uses. They need to ask the people who do security of networks what should be done to make them more secure. The Financial Sector used to be the leaders in this because they did what kept criminals from stealing money from them at unacceptable rates. I would start there.
There were similar reports written over the years, but none better than a simple one done by the President's Council on Integrity and Efficiency in the mid 1980's. That said that there were really three things, which I shortened for this piece, wrong with the way cyber security was being done.
First, the policies for security of information systems were too complicated for most people to understand. That is more complicated than just reading and comprehending what a policy says. It means the implementation of a given policy must be understood by the people who have to do it. That often means somebody other than a security function, since security rarely does the actual work. Our systems today are governed by a list mentality fostered by NIST policies that are based on lists of controls that are not well understood, nor responsive to the threats information systems have today. Organizations do some of these controls, but not all of them, and there is no way to measure the effectiveness of the holes that are left. Vendors put some of those holes too and those cannot be known or compensated for by following a list. The interactions of systems in large-scale networks makes discovery of faults and flaws almost impossible to find since organizations cannot go outside their own systems to discover them.
Second, the policies are not reflective of what is needed to protect systems from existing threats. They actually put this a different way in the report: there is not a proven relationship between policy and security level attained in a system. The government follows the lists without knowing if the implementation of them leads to a secure system. The reports on cyber incidents in government clearly show they do not.
Third, the quality of people required to do the security of a system is a difficult standard to meet. Since the 80's, standards for cyber security training has been outsourced by the government to private firms that test for all kinds of things that no single person can possibly know. The tests have become more general because nobody could pass ones that tested knowledge of all of these areas. When the first CISSP test was first given, only about 10% of the people who took it got a passing score. Was that a reflection of the test, or the knowledge of the people who took it? The tests, and similar ones from other testing organizations, have been watered down to the point that they are not good measures of how well a person will perform any task on the job. There is no profit in having a majority of people not able to pass a test.
GAO cannot write a report on what the nation needs to do for cyber security because government is only responsible for a small part of the layers of networks that government uses. They need to ask the people who do security of networks what should be done to make them more secure. The Financial Sector used to be the leaders in this because they did what kept criminals from stealing money from them at unacceptable rates. I would start there.
Wednesday, July 25, 2018
Rules for Being Currency Manipulator
President Trump said he was going to call out China for being a currency manipulator but has not done it. Perhaps his own Treasury rules are the reason, and not a more simple view of the outright manipulation of currency by the Central Bank. That isn't enough.
Today's Wall Street Journal has an interesting explanation of why that might be. In it, are listed the constraints put on anyone trying to interpret actions by another country's central bank.
1. The economy of the country in question must have a trade surplus of at least $20 Billion. Riddle me that one. It is really hard to say why a country has to have any trade surplus to qualify, but it does.
2. The economy must have an overall current account surplus of at least 3% of its gross domestic product. Meaning, as the article goes on to explain, that it must not just have a trade surplus with the US, but the entire world. China doesn't, as hard as that one is to believe.
3. The economy must conduct "persistent, one-sided intervention" in the currency market. China does not, by most definitions. They choose their times carefully for effect.
So we have a sense of why currency manipulation is seldom called out. We have set rules that are not met by the countries doing it. How clever is that?
Today's Wall Street Journal has an interesting explanation of why that might be. In it, are listed the constraints put on anyone trying to interpret actions by another country's central bank.
1. The economy of the country in question must have a trade surplus of at least $20 Billion. Riddle me that one. It is really hard to say why a country has to have any trade surplus to qualify, but it does.
2. The economy must have an overall current account surplus of at least 3% of its gross domestic product. Meaning, as the article goes on to explain, that it must not just have a trade surplus with the US, but the entire world. China doesn't, as hard as that one is to believe.
3. The economy must conduct "persistent, one-sided intervention" in the currency market. China does not, by most definitions. They choose their times carefully for effect.
So we have a sense of why currency manipulation is seldom called out. We have set rules that are not met by the countries doing it. How clever is that?
Russians Undermine US General
I must say the Russians do not miss a trick to divide US policy makers over the most trivial of issues. This time we have the Russians claiming that comments made by General Joseph Votel, heading up the U.S. Central Command, contradict those of his President. The issue is Syria, where they say “With his statements, Gen. Votel not only discredited the official position of his supreme commander-in-chief, but also exacerbated the illegality under international law and U.S. law of the military presence of American servicemen in Syria,” Russia’s Defense Ministry said in a statement published on social media."
Syria is part of Central Command's responsibility, so commenting on anything in that area is well within the General's prerogative. He did say that working with the Russians there "gave him pause" which it would if you were concerned that many of these Russian forces don't wear uniforms and don't look like soldiers. That would give anyone pause. There are many paramilitary groups fighting in Syria, some from Iran who fought side-by-side with the Russians. We should have pause for that too. Syria's leadership is not exactly the kind of leaders found in other countries. They bomb their own people, hospitals, and aide groups, so they should give us some pause there. Of course, the Russians did most of that bombing themselves, another reason to think about it more.
We should remember that comments made by the Russian Defense Minister when he is so concerned about our military commander in that region should give us pause too. He is much like the Wizard of Oz, amplifying his voice and blustering over things he cannot do much about. Don't look behind the curtain General Votel. Our military is smarter than that. Let's hope our press is too.
Syria is part of Central Command's responsibility, so commenting on anything in that area is well within the General's prerogative. He did say that working with the Russians there "gave him pause" which it would if you were concerned that many of these Russian forces don't wear uniforms and don't look like soldiers. That would give anyone pause. There are many paramilitary groups fighting in Syria, some from Iran who fought side-by-side with the Russians. We should have pause for that too. Syria's leadership is not exactly the kind of leaders found in other countries. They bomb their own people, hospitals, and aide groups, so they should give us some pause there. Of course, the Russians did most of that bombing themselves, another reason to think about it more.
We should remember that comments made by the Russian Defense Minister when he is so concerned about our military commander in that region should give us pause too. He is much like the Wizard of Oz, amplifying his voice and blustering over things he cannot do much about. Don't look behind the curtain General Votel. Our military is smarter than that. Let's hope our press is too.
Tuesday, July 24, 2018
Russia and China Cooperate on THAAD
Russia and China cooperate on a lot more than most people realize. They have signed at least 32 private agreements and we don't even know what most of them are about. This time, they have come together on getting the Terminal High Altitude Area Defense anti-missile system, which both oppose in South Korea.
Only China really cares about this system put in South Korea. The Chinese say its radar can see secret things inside China and is a danger to its national security. Their claim is not supported by any facts, as their claims often aren't. I had 9 years in Missile Defense and it is a really good radar, but nothing like the Chinese make it out to be. This is a weak argument, but that has not stopped them before. More than likely something else is behind the teeth gnashing.
The Chinese managed to get Russian support and want to threaten South Korea to get them to back down from keeping it operational. As long as North Korea is threatening a missile attack, it is a good thing to have in the South. As to China, there is only one unit of THAAD in South Korea so it isn't going to do well against a large-scale attack. China doesn't even need ballistic missiles to hit South Korea if they wanted to do it, and they probably don't. China doesn't want those missiles, which are pretty accurate in tests, to be deployed anywhere in their area. Imagine if we put some of them in Taiwan, the Philippines, and a few other little countries around China. It would make some interesting defenses for the countries just outside the 9-dash line. That is something the Chinese do not want.
China's problem on occasion is she makes up her mind about something and keep moving towards the objective until it is met. Even where things change, they stay on the path using all of their resources. That is a tough ship to turn. If North Korea decides to show more action to denuclearize, it might be worth reconsidering THAAD. That is many years away. We don't need to hurry any faster than China and North Korea. Start looking for more countries that will accept it.
Only China really cares about this system put in South Korea. The Chinese say its radar can see secret things inside China and is a danger to its national security. Their claim is not supported by any facts, as their claims often aren't. I had 9 years in Missile Defense and it is a really good radar, but nothing like the Chinese make it out to be. This is a weak argument, but that has not stopped them before. More than likely something else is behind the teeth gnashing.
The Chinese managed to get Russian support and want to threaten South Korea to get them to back down from keeping it operational. As long as North Korea is threatening a missile attack, it is a good thing to have in the South. As to China, there is only one unit of THAAD in South Korea so it isn't going to do well against a large-scale attack. China doesn't even need ballistic missiles to hit South Korea if they wanted to do it, and they probably don't. China doesn't want those missiles, which are pretty accurate in tests, to be deployed anywhere in their area. Imagine if we put some of them in Taiwan, the Philippines, and a few other little countries around China. It would make some interesting defenses for the countries just outside the 9-dash line. That is something the Chinese do not want.
China's problem on occasion is she makes up her mind about something and keep moving towards the objective until it is met. Even where things change, they stay on the path using all of their resources. That is a tough ship to turn. If North Korea decides to show more action to denuclearize, it might be worth reconsidering THAAD. That is many years away. We don't need to hurry any faster than China and North Korea. Start looking for more countries that will accept it.
Russians Hacking Utilities are Not Alone
I saw a story today that a new version of an old problem. Countries are putting software in US utility grids that, when triggered, will damage or shut down portions of the grid. This latest report from Homeland Security cites the Russians in "hundreds of instances" getting into control rooms and having potential control of networks. In the past, the Chinese, Russians, Iranians and some homeless people in the middle of Eastern Europe have been accused of the same thing. This does not say much about the control systems for these utilities.
Homeland Security is describing these events as if they are new, which they aren't. There are several countries doing the same thing in the name of "battlefield preparation" so we have every reason to look for this kind of penetration. But, utilities are privately funded and independent. They don't have to have the NSA-quality security that we would expect from a secret organization.
This is not new, since we addressed it over and over in the President's Critical Infrastructure Protection Committee during the Clinton Administration. Railroads, Banking, Emergency Services, Electrical grids, National Networks etc all have the same vulnerabilities and people trying to lay the groundwork for a war that might come. We just have to decide if we want to pay for the improvements that are needed. So far, nobody has.
The simple thing is, the Internet is not a safe transmission system for these kinds of systems. Even the large networks of Defense have had problems maintaining a level of security to keep the Russians and Chinese out. These are Defense networks run by people who understand the need for security and try. What has to be done is to build secure transmission capability for the national infrastructure, cutting out the Internet. The Internet is the vehicle being used to get into our national assets and we have done almost nothing to negate that part of our threat. Years ago, we tried to get the Defense Department off the Internet in times of emergency. It was not done in spite of very high interest in doing something about the Internet's lack of security. Time to renew that effort and get some security across our national networks. When war comes, it will be too late to discuss it.
Homeland Security is describing these events as if they are new, which they aren't. There are several countries doing the same thing in the name of "battlefield preparation" so we have every reason to look for this kind of penetration. But, utilities are privately funded and independent. They don't have to have the NSA-quality security that we would expect from a secret organization.
This is not new, since we addressed it over and over in the President's Critical Infrastructure Protection Committee during the Clinton Administration. Railroads, Banking, Emergency Services, Electrical grids, National Networks etc all have the same vulnerabilities and people trying to lay the groundwork for a war that might come. We just have to decide if we want to pay for the improvements that are needed. So far, nobody has.
The simple thing is, the Internet is not a safe transmission system for these kinds of systems. Even the large networks of Defense have had problems maintaining a level of security to keep the Russians and Chinese out. These are Defense networks run by people who understand the need for security and try. What has to be done is to build secure transmission capability for the national infrastructure, cutting out the Internet. The Internet is the vehicle being used to get into our national assets and we have done almost nothing to negate that part of our threat. Years ago, we tried to get the Defense Department off the Internet in times of emergency. It was not done in spite of very high interest in doing something about the Internet's lack of security. Time to renew that effort and get some security across our national networks. When war comes, it will be too late to discuss it.
Abolish the FISA Court
I saw an opinion piece in the Wall Street Journal today that said abolish the FISA court because it was subject to abuse. The only people who say that are people who have not had the occasion to use one on a national security case. The writer of this piece is an exception.
FISA courts have to hear cases that include some of the most sensitive classified information. Sometimes, that information is so sensitive the government has to consider whether it wants to allow any judge, even one with a security clearance, to see it. I know that sounds extreme, but some of the information is only accessed by a few individuals in the world. It may be so sensitive that it is better to not prosecute a crime than risk the information being exposed. Without a FISA court that would happen much more often.
Yes, there will be abuses of FISA and the judges are partly responsible for making decisions a little too quickly, without asking questions. That happens in any court, not just FISA. That doesn't mean we abolish courts because they make mistakes, or don't take the time to review every filing. The volume of some of these filings is unbelievable. Sometimes, this forces the judge to make a decision without taking the time to review all of it, maybe even skipping the footnotes, or some of the other paperwork. That is how they learn to be better judges.
You have to remember we are talking about people who might be planning to attack a mall or shoot-up a New Years Eve party. It is not someone like Carter Page very often. Let's not get hasty about abolishing a needed court because the FBI left holes in their explanations on the warrant application.
FISA courts have to hear cases that include some of the most sensitive classified information. Sometimes, that information is so sensitive the government has to consider whether it wants to allow any judge, even one with a security clearance, to see it. I know that sounds extreme, but some of the information is only accessed by a few individuals in the world. It may be so sensitive that it is better to not prosecute a crime than risk the information being exposed. Without a FISA court that would happen much more often.
Yes, there will be abuses of FISA and the judges are partly responsible for making decisions a little too quickly, without asking questions. That happens in any court, not just FISA. That doesn't mean we abolish courts because they make mistakes, or don't take the time to review every filing. The volume of some of these filings is unbelievable. Sometimes, this forces the judge to make a decision without taking the time to review all of it, maybe even skipping the footnotes, or some of the other paperwork. That is how they learn to be better judges.
You have to remember we are talking about people who might be planning to attack a mall or shoot-up a New Years Eve party. It is not someone like Carter Page very often. Let's not get hasty about abolishing a needed court because the FBI left holes in their explanations on the warrant application.
Security Clearances Not Easy to Pull
I did a report once on why certain people had their security clearances suspended, denied or revoked. Some of those people had done things that I found so horrible that suspension of a security clearance was only one small thing that should have been done. In a couple of instances, especially those involving children, hanging was not enough to satisfy justice. But in others, people retained the basis for their clearance while still being denied access to classified information. Those people were usually in jail for crimes they had yet to be convicted of. Once convicted, they could have their clearances revoked.
But the President thinks he might want to pull the clearances of some people who know a lot more about them than he does. That is not as likely as he thinks. I was surprised at reporters' lack of knowledge about security clearances and why people who leave government still have them. Who do they think does most of the government's work? Contractors. These leaders become high-paid consultants because they have had positions and access very few others have had. They can have access to the same computer networks they had at their government offices. (That is an area worth looking into) Some start their own companies; some work for other companies doing some of the same work they did before. They make money that way.
So, there are procedures for taking a clearance away. A letter is sent to the individual stating the reasons why the clearance is going to be taken away. Suspending a clearance means the individual still have one but does not have access pending a review of the case or circumstances leading up to the suspension. One guy had killed his wife, was put in jail and awaiting trial. His clearance was suspended until he was tried, even though he was not going to have access in jail anyway. Once convicted, his clearance was revoked.
I can imagine the former heads of the CIA and DNI getting a letter saying his clearance was going to be suspended. In the case of contractors, the individual can have a hearing on the circumstances and an administrative judge presides over that hearing. I testified twice at hearings, both being cases where computers were involved and the individuals thought security was not important. They both lost theirs and deserved to lose them, but I doubt that a former head of the CIA, even if he is an obnoxious individual, would lose his. There has to be something pretty serious to justify that, and so far we have not seen anything that rises to that standard. As we are finding, over time, our President gets briefed on things ahead of the news curve and may have seen something that justifies this consideration. We will find out pretty soon, but in the meantime, let's not rush into doing anything with clearances. There is due process in revoking one. Be patient.
But the President thinks he might want to pull the clearances of some people who know a lot more about them than he does. That is not as likely as he thinks. I was surprised at reporters' lack of knowledge about security clearances and why people who leave government still have them. Who do they think does most of the government's work? Contractors. These leaders become high-paid consultants because they have had positions and access very few others have had. They can have access to the same computer networks they had at their government offices. (That is an area worth looking into) Some start their own companies; some work for other companies doing some of the same work they did before. They make money that way.
So, there are procedures for taking a clearance away. A letter is sent to the individual stating the reasons why the clearance is going to be taken away. Suspending a clearance means the individual still have one but does not have access pending a review of the case or circumstances leading up to the suspension. One guy had killed his wife, was put in jail and awaiting trial. His clearance was suspended until he was tried, even though he was not going to have access in jail anyway. Once convicted, his clearance was revoked.
I can imagine the former heads of the CIA and DNI getting a letter saying his clearance was going to be suspended. In the case of contractors, the individual can have a hearing on the circumstances and an administrative judge presides over that hearing. I testified twice at hearings, both being cases where computers were involved and the individuals thought security was not important. They both lost theirs and deserved to lose them, but I doubt that a former head of the CIA, even if he is an obnoxious individual, would lose his. There has to be something pretty serious to justify that, and so far we have not seen anything that rises to that standard. As we are finding, over time, our President gets briefed on things ahead of the news curve and may have seen something that justifies this consideration. We will find out pretty soon, but in the meantime, let's not rush into doing anything with clearances. There is due process in revoking one. Be patient.
Monday, July 23, 2018
Malicious Compliance
I used to be a military officer, and every once in awhile I would give an order that wasn't quite what it should have been. My troops would sometimes do malicious compliance by following the order exactly like it was given without regard to what they might have thought it meant. That is the idea behind malicious compliance, and we have the best example of it in a long time in the redaction of documents Judicial Watch filed suit to get from the FBI.
I read through all of these documents and noted the number of redaction of content i.e. the part of the email below the subject line. In about 1/3 of these documents the content was completely redacted. So these guys, being smart-asses, decided to leave the addressees in place (though some of them were redacted too), any disclaimers for general email, and redacted the content. That kind of email doesn't do anybody any good and they must know that. Still, they complied by sending the email anyway. It was obviously malicious compliance.
There were some duplicates of this kind of nonsense, which makes less sense than having all the content redacted. Sometimes the content contained a sentence with no other information that would tell a reader what the subject actually was. That is malicious too.
I have to give Judicial Watch some credit for seeing this kind of thing through. It must be frustrating, which is the purpose behind malicious compliance. Congress is having the same kind of redactions in materials they are seeking about the run-up to the establishment of a Special Counsel. The FBI has excuses for their way of redacting, but none of them make real sense. We saw in previous exchanges that redactions were made to protect the FBI and not to protect a source or something classified. That is called an abuse of power. Malicious compliance is too.
I read through all of these documents and noted the number of redaction of content i.e. the part of the email below the subject line. In about 1/3 of these documents the content was completely redacted. So these guys, being smart-asses, decided to leave the addressees in place (though some of them were redacted too), any disclaimers for general email, and redacted the content. That kind of email doesn't do anybody any good and they must know that. Still, they complied by sending the email anyway. It was obviously malicious compliance.
There were some duplicates of this kind of nonsense, which makes less sense than having all the content redacted. Sometimes the content contained a sentence with no other information that would tell a reader what the subject actually was. That is malicious too.
I have to give Judicial Watch some credit for seeing this kind of thing through. It must be frustrating, which is the purpose behind malicious compliance. Congress is having the same kind of redactions in materials they are seeking about the run-up to the establishment of a Special Counsel. The FBI has excuses for their way of redacting, but none of them make real sense. We saw in previous exchanges that redactions were made to protect the FBI and not to protect a source or something classified. That is called an abuse of power. Malicious compliance is too.
Does Maria Butina Remind You of Someone?
That "Russian Spy"is anything but, though Reuters is claiming in an exclusive report that she got into see a couple of Treasury Department officials. The visits were arranged by the Washington D.C. think tank, Center for the National Interest, a group favoring better relations between Russia and the US. This will surely be played into something sinister by the press, but it is hard to claim much benefit from meeting with two Treasury officials.
It reminds of another Russian influence peddler, Anna Chapman. The similarities are interesting, a conclusion the New York Post published today. The Russians thought enough about the 10 people around Chapman that they traded four people being held in Russia for all 10 of them. Chapman was doing the same kind of influence peddling that Butina was doing, and she may have been more successful at it. Because she and her gang weren't interested in classified information, nobody really took them seriously. Now the US knows there can be some benefit in influencing thought leaders. We might point out here that the Russians were doing a lot of the things prior to the 2016 election to influence behavior of policy makers in the US. They are getting better at it in the 8 years since Chapman was caught, but if you look at what each of these groups were doing, there is not much difference in approach.
It reminds of another Russian influence peddler, Anna Chapman. The similarities are interesting, a conclusion the New York Post published today. The Russians thought enough about the 10 people around Chapman that they traded four people being held in Russia for all 10 of them. Chapman was doing the same kind of influence peddling that Butina was doing, and she may have been more successful at it. Because she and her gang weren't interested in classified information, nobody really took them seriously. Now the US knows there can be some benefit in influencing thought leaders. We might point out here that the Russians were doing a lot of the things prior to the 2016 election to influence behavior of policy makers in the US. They are getting better at it in the 8 years since Chapman was caught, but if you look at what each of these groups were doing, there is not much difference in approach.
China Challenges Wisconsin Foxconn
China is building a new display making plant that comes as a counter to the one being built in Wisconsin by Foxconn. No doubt that was sure to happen since Apple seemed willing to accept that some of its new displays would come from the US. It didn't take China long to build a competitor that can cut costs and try to stave off Apple doing anymore work in the US. Whether China can stop the flow of work on Apple products and keep them in China is another thing entirely.
China works against Apple in a lot of ways and this is the first step Apple has taken to let them know it is possible to build its products somewhere else. China has cut off sales from applications and music and forced Apple into putting its domain storage in China under Chinese control. Neither of those things were things Apple wanted to do. How many times do you have to get a stick in the eye before you get angry?
They fought long a hard to keep products away from Chinese "national security" reviewers who are just passing those products along to the intelligence services for exploitation and the state controlled enterprises who compete with Apple for smartphones, tablets and laptops. They didn't think Apple would consider not taking any more of their intrusions into Apple's proprietary secrets and moving to some other place. The Chinese have gone too far, and now they are pretty sure they have to do more to keep Apple in China. Good luck with that. The cost of doing business in China has finally become too much for some of the vendors there, and it has nothing to do with the benefits of low labor costs. It has a lot to do with the stealing of secrets that cost long-term business that outweigh those short-term profits.
China works against Apple in a lot of ways and this is the first step Apple has taken to let them know it is possible to build its products somewhere else. China has cut off sales from applications and music and forced Apple into putting its domain storage in China under Chinese control. Neither of those things were things Apple wanted to do. How many times do you have to get a stick in the eye before you get angry?
They fought long a hard to keep products away from Chinese "national security" reviewers who are just passing those products along to the intelligence services for exploitation and the state controlled enterprises who compete with Apple for smartphones, tablets and laptops. They didn't think Apple would consider not taking any more of their intrusions into Apple's proprietary secrets and moving to some other place. The Chinese have gone too far, and now they are pretty sure they have to do more to keep Apple in China. Good luck with that. The cost of doing business in China has finally become too much for some of the vendors there, and it has nothing to do with the benefits of low labor costs. It has a lot to do with the stealing of secrets that cost long-term business that outweigh those short-term profits.
Saturday, July 21, 2018
Another Use for EB-5 Visa Program
As many of my readers know, I have been trying to influence the use of the EB-5 Visa Program which is used mainly by Chinese persons who do some business in the US. The Justice Department issued a forfeiture request today against Jack Wang aka Jack Wei, one of China's richest men. What he allegedly has done is use the EB-5 project, the Cleveland International Fund, to funnel banned goods through front companies which passed then onto Iranian companies. This violates sanctions against Iran. The details on how this was done or what goods they were transferring are not in the documents put out by the Justice Department. If true, this means Wang used a US program to buy goods that were intended to be given to Iran to violate sanctions. This should be a good case to follow. It is the first time I have heard of using the EB-5 program for doing anything except contributing to local politicians election funds.
Friday, July 20, 2018
Russian Denials
There are very few advanced intelligence services who get caught as often as the Russians. This time it is in Salisbury, England where the police say they have identified the people who brought the poison bound for the attempted murder of Sergei and Yulia Skripal.
The BBC article says "They (the investigators) are sure they (the suspects) are Russian." Now we have something of note. If the suspects are Russian, and they are traced to the area where the poison was found (CCTV has already done that), then the denials of Russian involvement will be difficult. That doesn't stop the most brazen of them from making denials anyway, even in private meetings where nobody else would know. The President of the United States knows that all too well.
The BBC story says this was done as a warning two weeks before the Russian elections. That is not exactly subtle, but when have the Russians ever been? It is in-your-face diplomacy more characteristic of the Mafia than a state government.
The BBC article says "They (the investigators) are sure they (the suspects) are Russian." Now we have something of note. If the suspects are Russian, and they are traced to the area where the poison was found (CCTV has already done that), then the denials of Russian involvement will be difficult. That doesn't stop the most brazen of them from making denials anyway, even in private meetings where nobody else would know. The President of the United States knows that all too well.
The BBC story says this was done as a warning two weeks before the Russian elections. That is not exactly subtle, but when have the Russians ever been? It is in-your-face diplomacy more characteristic of the Mafia than a state government.
UK Questions Huawei Safety
The UK was one to not figure in the discussion about Huawei and ZTE being threats to networks of the world. Apparently they may have changed their minds about Huawei. I wrote about this extensively in my first book, and denials from both companies followed. But the evidence of what the US was doing to keep Huawei and ZTE out of the US infrastructure was clear after CFIUS blocked several purchases and questioned teaming arrangements with technology companies in the US. I wrote that book 7 years ago, and added the new stories in the latest edition. This was not new.
The stated reason was some of Huawei's "engineering practices" which is a huge area that is always an issue to any company. There is a report done by the Huawei Cyber Security Evaluation
Centre (HCSEC) Oversight Board (Huawei has a seat on this board) that says only that there were two low level concerns about Huawei, on a rating scale that went low, medium, high. Both "were mitigated". Both were apparently security issues. That would not be any reason to say that the UK viewed Huawei with some suspicion. Either there is some other reason for this concern, or the story is overblown, I'm not sure which. There are certainly a lot of inconsistencies in stories that covered the conclusion that the UK had changed its mind about Huawei.
The stated reason was some of Huawei's "engineering practices" which is a huge area that is always an issue to any company. There is a report done by the Huawei Cyber Security Evaluation
Centre (HCSEC) Oversight Board (Huawei has a seat on this board) that says only that there were two low level concerns about Huawei, on a rating scale that went low, medium, high. Both "were mitigated". Both were apparently security issues. That would not be any reason to say that the UK viewed Huawei with some suspicion. Either there is some other reason for this concern, or the story is overblown, I'm not sure which. There are certainly a lot of inconsistencies in stories that covered the conclusion that the UK had changed its mind about Huawei.
Thursday, July 19, 2018
EU Does It to Google
Three years ago I wrote a piece on the face of the EU’s Commisioner for Competition. I was sure then that I didn’t like this woman and her policies. She was working on a fine for Google then and has never given up that fight. Some people might admire her for her steadfastness, but I see that a blind ambition not related to any substantive issues that grounds for going after the US tech giant. The side benefit of that is the US is considering a look at the same thing. Both approaches are absolutely wrong.
Google is being blamed for doing what most manufacturers, including those in Europe also do. They bundle their products in ways that give a consumer a broad range of capabilities that can be tailored. Selling an Android phone bundled with a Chrome browser makes technical sense. Microsoft can have Bing and Apple can have Safari for the same reason. They worked the technical issues between operating system and browser and bundled them knowing they work. They don’t have an obligation, but do test other browsers as well, largely for the same reason - giving their customers choices. Google has 90% of searches because they are really good at doing that, but the EU wants to penalize that success. To what end?
Does Europe have a better browser or search engine that is being denied a place in the market? No. It certainly is not an issue of keeping competition out of the browser market, because there are plenty of browsers, but no competition.
What gives the EU legal status to take own the whole tech world to make a point that will not benefit anybody in the EU, but will make money to continue this kind of nonsense? This is the kind of case that led to Brexit. Too many regulations of too many things. Eventually, people get tired of it and revolt. The EU may love sticking it to a big US company, but that should come back to bite them. Instead of looking at Google, our Congress should be looking at how the EU uses our tech companies as a piggy bank to keep revenue coming in. Look at how the EU tried to structure the Brexit deal to keep the US out of the markets there. What kind of competition is that? Look at all the regulations that favor a country’s products over another. The EU should not be throwing stones when it lives in a glass house.
Google is being blamed for doing what most manufacturers, including those in Europe also do. They bundle their products in ways that give a consumer a broad range of capabilities that can be tailored. Selling an Android phone bundled with a Chrome browser makes technical sense. Microsoft can have Bing and Apple can have Safari for the same reason. They worked the technical issues between operating system and browser and bundled them knowing they work. They don’t have an obligation, but do test other browsers as well, largely for the same reason - giving their customers choices. Google has 90% of searches because they are really good at doing that, but the EU wants to penalize that success. To what end?
Does Europe have a better browser or search engine that is being denied a place in the market? No. It certainly is not an issue of keeping competition out of the browser market, because there are plenty of browsers, but no competition.
What gives the EU legal status to take own the whole tech world to make a point that will not benefit anybody in the EU, but will make money to continue this kind of nonsense? This is the kind of case that led to Brexit. Too many regulations of too many things. Eventually, people get tired of it and revolt. The EU may love sticking it to a big US company, but that should come back to bite them. Instead of looking at Google, our Congress should be looking at how the EU uses our tech companies as a piggy bank to keep revenue coming in. Look at how the EU tried to structure the Brexit deal to keep the US out of the markets there. What kind of competition is that? Look at all the regulations that favor a country’s products over another. The EU should not be throwing stones when it lives in a glass house.
Wednesday, July 18, 2018
No Sanction is Good Enough
China seems willing to do what it wants and ignore sanctions by any country on, any country. I have commented before on their ability to use ZTE and Huawei to violate Iran sanctions which they agreed to in the UN. They are doing equally well by buying oil from Iran, so the US can sanction Iran’s oil all it wants, even granting exceptions to Korea and India, but China still buys oil from Iran. China is not credible when it agrees to sanctions, and it didn’t agree to the ones the US put on Iranian oil. Trying to sanction something these days is too hard and it will not serve the purpose intended. It just gets China more oil. It is a useless jesture.
Two Intelligence Services
My new book has a chapter on the Russian Intelligence Services that got into and used mail from the Democratic National Committee. All the attention has come to only one of them - the GRU - but two of them actually hacked the same sites. Today, there is a good opinion piece in the Wall Street Journal on the same subject.
My version of this story goes that there were two Russian groups that were hacking in the US and they are both given names by the security groups that discovered them: Cozy Bear and Fancy Bear. Cozy Bear had been sitting quietly inside these sites without disclosing their location - the way an intelligence service should. Fancy Bear joined the fun at least a year later and was discovered. That lead to the discovery of Cozy Bear. It would not be the first time that two groups hacked the same target, but the two are not usually from the same government. Not usually, but it happens.
You have to wonder why the activities were not more coordinated, since they certainly involved risks of exposure for a central government that was already doing very well observing the activities going on inside the Democratic campaign. There is no reason to believe they didn’t have similar efforts inside the Republican campaign too. China has been doing the same for years. Having them exposed could not have been a very good thing for Russia. Groups have a tendency to beef up their security when that happens, making it harder to get in the next time. The exposure leads to retaliation and the kinds of reactions we see today from politicians.
The details in the indictment of the 12 Russian intelligence officers show their capabilities and how they were identified, but they don’t tell us why they were willing to compromise their entire operations when things were well hidden and caused no trouble to them. They could influence without attribution. Changing that actually makes no sense. Putin is an in-your-face kind of guy, but he continues to deny that this was his operation. That makes no sense.
My version of this story goes that there were two Russian groups that were hacking in the US and they are both given names by the security groups that discovered them: Cozy Bear and Fancy Bear. Cozy Bear had been sitting quietly inside these sites without disclosing their location - the way an intelligence service should. Fancy Bear joined the fun at least a year later and was discovered. That lead to the discovery of Cozy Bear. It would not be the first time that two groups hacked the same target, but the two are not usually from the same government. Not usually, but it happens.
You have to wonder why the activities were not more coordinated, since they certainly involved risks of exposure for a central government that was already doing very well observing the activities going on inside the Democratic campaign. There is no reason to believe they didn’t have similar efforts inside the Republican campaign too. China has been doing the same for years. Having them exposed could not have been a very good thing for Russia. Groups have a tendency to beef up their security when that happens, making it harder to get in the next time. The exposure leads to retaliation and the kinds of reactions we see today from politicians.
The details in the indictment of the 12 Russian intelligence officers show their capabilities and how they were identified, but they don’t tell us why they were willing to compromise their entire operations when things were well hidden and caused no trouble to them. They could influence without attribution. Changing that actually makes no sense. Putin is an in-your-face kind of guy, but he continues to deny that this was his operation. That makes no sense.
Tuesday, July 17, 2018
ZTE : Open for Business
Many of you noticed that ZTE was allowed to buy products in the US that were withheld from them in an effort to show our concern with violations of sanctions that ZTE’s officers were involved in. There are several stories on this.
I rarely agree with Marco Rubio on much of anything, but he may be right on this one. Allowing ZTE to get back in business was not a good idea, unless there is a lot more to this than we know. They probably violated sanctions at the direction of the central government, but since they are an agent of the government, not an independent company, they didn't see the consequences coming.
Since they had government protection, they figured to be able to get away with shipping all those goods to Iran and North Korea. They had every right to believe that since under the Obama Administration very little happened to them. Nothing happened to the other company that did the same thing but got no sanctions and was never named. There is something really wrong with both parts of this - sanctions against one and not the other - and lifting sanctions after they were made.
I rarely agree with Marco Rubio on much of anything, but he may be right on this one. Allowing ZTE to get back in business was not a good idea, unless there is a lot more to this than we know. They probably violated sanctions at the direction of the central government, but since they are an agent of the government, not an independent company, they didn't see the consequences coming.
Since they had government protection, they figured to be able to get away with shipping all those goods to Iran and North Korea. They had every right to believe that since under the Obama Administration very little happened to them. Nothing happened to the other company that did the same thing but got no sanctions and was never named. There is something really wrong with both parts of this - sanctions against one and not the other - and lifting sanctions after they were made.
The Side-Show Act
There is an interesting side show going on with the arrest of a Russian woman, Maria Butina, in the US on a student visa. While she was here, she was acting as an agent of Russia - in other words, she was not here to be a student but to engage with politicians who were mostly Republicans (the party in power here). That won’t be good news since many of them are Congressmen, political leaders, and organizations. The accompanying documents are really thin on sustantive facts of what those organizations and people were doing. It looks like dinners and emails to establish contacts. This is hardly new to the Russians who have done that for 35 years or more after the birth of email. She was getting direction from Moscow on her activities and it is certainly illegal to act as a representative of a foreign government without registering. It is more frequent than most of my readers know.
What concerns me here is the language used by the press release and the supporting documents. This is starting to sound like the same kind of accusations made during the McCarthy Era when the Russians were doing the same kinds of things but the brunt of the government came down on those who were cooperating with anything Russian. We forget sometimes that the McCarthy Era was based on real Russians doing real activities to undermine the institutions of the US. That was in the late 1940’s to the 1950’s. The Russian threat was not just imagined then, or now because it was real.
J.Edgar Hoover was the head of the FBI at that time, and he started a campaign to rid the world of some of the organizers in the US. He conducted surveillance, indicted organizers and ran a number of them out of the country without trial. He also inserted damaging information on some US Congressmen to the press to influence public opinion. Starting in 1954 he managed to get a Committee to make some of these accusations public through formal hearings. After three years the government and press had had enough of the good Congressman and stopped the activity. If you have never seen the movie Good Night, and Good Luck, you can watch that and get a flavor of what kinds of things the Committee was doing and the reaction to it.
I remember this time as ugly. We were writing anti-Communist papers in the third grade, and gleefully followed our teachers’ directions to stand against Communism and for Democracy. That part wasn’t such a bad idea, but the methods of Hoover and McCarthy look a lot like what we are seeing today. It took them 10 years to get geared up and rolling. It sneaks up on a third grader and his parents and it can easily sneak up on the adults we have grown into. Our current Justice Department and FBI look a lot like the one Hoover was influencing.
What concerns me here is the language used by the press release and the supporting documents. This is starting to sound like the same kind of accusations made during the McCarthy Era when the Russians were doing the same kinds of things but the brunt of the government came down on those who were cooperating with anything Russian. We forget sometimes that the McCarthy Era was based on real Russians doing real activities to undermine the institutions of the US. That was in the late 1940’s to the 1950’s. The Russian threat was not just imagined then, or now because it was real.
J.Edgar Hoover was the head of the FBI at that time, and he started a campaign to rid the world of some of the organizers in the US. He conducted surveillance, indicted organizers and ran a number of them out of the country without trial. He also inserted damaging information on some US Congressmen to the press to influence public opinion. Starting in 1954 he managed to get a Committee to make some of these accusations public through formal hearings. After three years the government and press had had enough of the good Congressman and stopped the activity. If you have never seen the movie Good Night, and Good Luck, you can watch that and get a flavor of what kinds of things the Committee was doing and the reaction to it.
I remember this time as ugly. We were writing anti-Communist papers in the third grade, and gleefully followed our teachers’ directions to stand against Communism and for Democracy. That part wasn’t such a bad idea, but the methods of Hoover and McCarthy look a lot like what we are seeing today. It took them 10 years to get geared up and rolling. It sneaks up on a third grader and his parents and it can easily sneak up on the adults we have grown into. Our current Justice Department and FBI look a lot like the one Hoover was influencing.
Monday, July 16, 2018
Putin Says He Will Prosecute
Yes, I know everyone who heard it thought it was amusing, but he so much as said "show me your case and we will prosecute it". He must have known we would not show him the case because there are aspects of it that show sources and methods of collecting this kind of information. There are some cases that are not prosecuted because the cost of doing so is too great. In spite of that, our Justice Department seeming to invite such things, even though it isn't done. It may have been popular in the Obama Administration to bring indictments against intelligence operatives, but it invites retaliation and we have plenty of people Putin seems willing to bring charges against. He even mentioned a couple.
Countries do not bring charges against Intelligence Officers. They run operations against them. They blunt or corrupt Russian operations with operations of their own. They don't talk about it; they do it. The choice is always between retaliation in kind, or retaliation of some other kind. The Obama Administration thought any retaliation was fine as long as it could be linked to what we were responding to. I don't agree with that since retaliation in kind is a reminder that what they are doing can be done to them too. I don't see a whole lot of anything being done by the current administration but they talk less in public than the Obama White House did. They could be doing a lot and nobody would ever know. That would be good, but we can't be sure that it would be effective at convincing the public that the US was responsive to such threats, and that is our weakness.
Voters have to believe that the US is doing something and not just talking a good game. The Obama White House gave secrets away that compromised programs like Stuxnet to prove they were doing something in response to a threat - the Iran nuclear program. That kind of thing got votes. But, you get no votes from keeping quiet about what you are doing in these covert programs and the results are obvious only to the country you do it to, assuming they actually realize it. No votes, but some deterrent to future types of attacks. One can hope we are doing something about our upcoming elections and going after the Russians where it hurts.
Law Enforcement should stay out of this kind of business. It moves too slow and provides no deterrence what-so-ever. The Mueller investigation is a good example. Two years in they bring indictments against people known to them when the Intelligence Community wrote its original report during the election in 2016. Instead of an investigation, they should have struck back at the Russians right away, and followed up with an operation those guys couldn't miss.
Countries do not bring charges against Intelligence Officers. They run operations against them. They blunt or corrupt Russian operations with operations of their own. They don't talk about it; they do it. The choice is always between retaliation in kind, or retaliation of some other kind. The Obama Administration thought any retaliation was fine as long as it could be linked to what we were responding to. I don't agree with that since retaliation in kind is a reminder that what they are doing can be done to them too. I don't see a whole lot of anything being done by the current administration but they talk less in public than the Obama White House did. They could be doing a lot and nobody would ever know. That would be good, but we can't be sure that it would be effective at convincing the public that the US was responsive to such threats, and that is our weakness.
Voters have to believe that the US is doing something and not just talking a good game. The Obama White House gave secrets away that compromised programs like Stuxnet to prove they were doing something in response to a threat - the Iran nuclear program. That kind of thing got votes. But, you get no votes from keeping quiet about what you are doing in these covert programs and the results are obvious only to the country you do it to, assuming they actually realize it. No votes, but some deterrent to future types of attacks. One can hope we are doing something about our upcoming elections and going after the Russians where it hurts.
Law Enforcement should stay out of this kind of business. It moves too slow and provides no deterrence what-so-ever. The Mueller investigation is a good example. Two years in they bring indictments against people known to them when the Intelligence Community wrote its original report during the election in 2016. Instead of an investigation, they should have struck back at the Russians right away, and followed up with an operation those guys couldn't miss.
Israel Discloses Iran Nuclear Black Bag Op
Well, this is certainly curious. There are many stories today about how Israel managed to steal documents related to the Iran nuclear weapons program from a warehouse in Tehran. You have to admit the brazenness of this is off the charts, but we are used to that from Israel, as anyone who has ever seen The Raid on Entebbe can testify.
The story Israel is telling is a fanciful one, but plausible, the most important ingredient of a covert operation. It basically says Israeli agents went into Iran in January and stole documents out of an occasionally unguarded warehouse. That would have to say the Iranians did not see the importance of these documents. They were stored in safes, but the safes were breached and the documents (including electronic media) were extracted and brought back to Israel. The article says: “They said the stash is enormous, running to some 50,000 pages of printed material, plus 183 computer disks with additional files”. That would be an enormous amount of data, some of it very sensitive in that it disclosed underground facilities being used which were not known before. Now the inspectors have more data to work with, if they ever get to see the places before Iran undoes what was disclosed. The Iranians certainly knew what happened so that possibility is probably long been eliminated.
Many Europeans will poo poo the idea that this information is of any value because it was created before Iran promised to stop developing nuclear weapons and focus on peaceful development of nuclear technologies. Those people have their heads in the sand. Among the documents was a summary of what technologies have to be protected from outside eyes because they were solely weapons related.
Remember how many people still have political capital in the Iran Nuclear Agreements. The signatories are still leaders in their respective parties and look like they were taken in by a not so clever evasion. The US former Secretary of State was all over Europe trying to protect his bosses’s “legacy” and preserving an agreement that was thin at the beginning, and transparent now. I would not want my legacy riding on such a thing, but the same leaders that put it together are reluctant to admit they were taken by Iran.
The story Israel is telling is a fanciful one, but plausible, the most important ingredient of a covert operation. It basically says Israeli agents went into Iran in January and stole documents out of an occasionally unguarded warehouse. That would have to say the Iranians did not see the importance of these documents. They were stored in safes, but the safes were breached and the documents (including electronic media) were extracted and brought back to Israel. The article says: “They said the stash is enormous, running to some 50,000 pages of printed material, plus 183 computer disks with additional files”. That would be an enormous amount of data, some of it very sensitive in that it disclosed underground facilities being used which were not known before. Now the inspectors have more data to work with, if they ever get to see the places before Iran undoes what was disclosed. The Iranians certainly knew what happened so that possibility is probably long been eliminated.
Many Europeans will poo poo the idea that this information is of any value because it was created before Iran promised to stop developing nuclear weapons and focus on peaceful development of nuclear technologies. Those people have their heads in the sand. Among the documents was a summary of what technologies have to be protected from outside eyes because they were solely weapons related.
Remember how many people still have political capital in the Iran Nuclear Agreements. The signatories are still leaders in their respective parties and look like they were taken in by a not so clever evasion. The US former Secretary of State was all over Europe trying to protect his bosses’s “legacy” and preserving an agreement that was thin at the beginning, and transparent now. I would not want my legacy riding on such a thing, but the same leaders that put it together are reluctant to admit they were taken by Iran.
Sunday, July 15, 2018
Oppositions Says Trump Cancel Meeting with Putin
I heard a series of senior people in government - among them one of Virginia’s finest- say President Trump should cancel his visit to Russia because of the US indictment of 12 Russian officers of the GRU. Don’t believe it.
They knew before the 2016 election that the Russians had been trying to hack the very people they were indicted for hacking. The Intelligence Community of the US published a report then that said so - an unclassified summary of a highly classified report. It just takes a long time to put together a case against someone that can be prosecuted in court. Unless these Congressmen were asleep during that time, they were briefed on the classified elements of that in the closed-door hearings. So, they already knew. So did the President when he took office. So did the prior President.
The only big news out of this indictment was the Guccifer 2.0 and DCLeaks ties to the GRU, something most of us had already figured out without as much evidence as would be required to prosecute. Who are these folks kidding? They are clinging to the old news in hopes the Mueller investigation can bring more charges to save them before they lose the elections in November. Is there going to be an “October surprise”? Of course.
They knew before the 2016 election that the Russians had been trying to hack the very people they were indicted for hacking. The Intelligence Community of the US published a report then that said so - an unclassified summary of a highly classified report. It just takes a long time to put together a case against someone that can be prosecuted in court. Unless these Congressmen were asleep during that time, they were briefed on the classified elements of that in the closed-door hearings. So, they already knew. So did the President when he took office. So did the prior President.
The only big news out of this indictment was the Guccifer 2.0 and DCLeaks ties to the GRU, something most of us had already figured out without as much evidence as would be required to prosecute. Who are these folks kidding? They are clinging to the old news in hopes the Mueller investigation can bring more charges to save them before they lose the elections in November. Is there going to be an “October surprise”? Of course.
Friday, July 13, 2018
Why Indict Russians in Intelligence?
See also my post. I know a lot of people will wonder why the US Justice Department would want to indict 12 Russian GRU officers when there is no chance of them ever getting arrested. Certainly in the Obama Administration such things were done with the rationale that they were a form of deterrence. I doubt that.
James Clapper, when he was the Director of National Intelligence said it is not a good idea to do this kind of indictment because (to paraphrase) it invites similar indictments by other countries if other intelligence officials are caught doing something like this. He even said that this was the "living in glass houses" kind of defense. We all do this kind of thing, so indictments do no good and encourage retaliation. In that context, he was talking about the theft of the OPM database of cleared personnel, done by the Chinese.
It appears that in this case Justice thought it was important to announce the indictment with the idea that there were several US citizens who did not know they were dealing with Russians. Those listening to Guccifer 2.0 certainly thought he was an independent hacker, when he was really a GRU asset. What we are really waiting for is those US citizens who cooperated knowing these hackers were really from Russia. There may not be any, if the Russians are any good at what they were doing. Don’t hold your breath on that one.
James Clapper, when he was the Director of National Intelligence said it is not a good idea to do this kind of indictment because (to paraphrase) it invites similar indictments by other countries if other intelligence officials are caught doing something like this. He even said that this was the "living in glass houses" kind of defense. We all do this kind of thing, so indictments do no good and encourage retaliation. In that context, he was talking about the theft of the OPM database of cleared personnel, done by the Chinese.
It appears that in this case Justice thought it was important to announce the indictment with the idea that there were several US citizens who did not know they were dealing with Russians. Those listening to Guccifer 2.0 certainly thought he was an independent hacker, when he was really a GRU asset. What we are really waiting for is those US citizens who cooperated knowing these hackers were really from Russia. There may not be any, if the Russians are any good at what they were doing. Don’t hold your breath on that one.
China Slips on Currency Manipulation
It turns out that some economies can’t always manipulate their currencies, even as hard as they try. In the Journal yesterday was a story about the manipulation of the value of China’s currency that fell the day before because China wanted it to, but didn’t stay down so that had the desired effect. It fell, by the way, by the largest amount in the past 18 months, .7%.
China tried hard to offset the tariffs threatened by the US by devaluing its currency. That makes those goods cheaper in China and more expensive in the US. They were trying to match the numbers on their costs to the amount of tariffs the US was imposing. It would have been a cute trick if it had worked, but the central bank is going to have to do quite a bit more to make that happen because the currency did not stay down. It went back up today and hardly moved in trading in China itself which allows trading at 2% less than the official exchange rate.
If the Yuan goes down too fast, the ultimate consequence is lower investment in China. We know that, but the threat is demonstrated anyway without much consequence to China’s economy. If they have to do it over a longer term, the manipulation may cost them as much as it does the US.
China tried hard to offset the tariffs threatened by the US by devaluing its currency. That makes those goods cheaper in China and more expensive in the US. They were trying to match the numbers on their costs to the amount of tariffs the US was imposing. It would have been a cute trick if it had worked, but the central bank is going to have to do quite a bit more to make that happen because the currency did not stay down. It went back up today and hardly moved in trading in China itself which allows trading at 2% less than the official exchange rate.
If the Yuan goes down too fast, the ultimate consequence is lower investment in China. We know that, but the threat is demonstrated anyway without much consequence to China’s economy. If they have to do it over a longer term, the manipulation may cost them as much as it does the US.
Imports from China
We are about to find out the range of things that are being imported from China when they are also made in quantity in the US. On Varney & Co, the Fox Business morning show, we heard yesterday some of the products we buy from China that one wonders about, orange juice being the one that got my attention. I lived in Florida for a time and thought all orange juice came from that neighborhood. Not so, we import some from China. Orange juice. Just unbelievable.
What this next round of tariffs is going to show is how many of our goods that are produced in China that are also made in the USA. They are produced in China, shipped over here, and still can beat the prices of domestic goods. That, of course, is because China’s wage rates, while steadily rising, are still so much lower than in the US. We recently began cutting our regulations on industries to make it easier to produce goods and services. China did not start doing that because it slows down their economic gains. You see the disadvantages of that in pollution, overbuilding of housing, and borrowing, among others. Of ourse their labor rates are lower, and they cheat at every turn. Amazon still sells “generic” products from China that are just copies of products with no names and no instructions on how to use the product. They push this stuff on us because it is cheap. Maybe not in the future.
What this next round of tariffs is going to show is how many of our goods that are produced in China that are also made in the USA. They are produced in China, shipped over here, and still can beat the prices of domestic goods. That, of course, is because China’s wage rates, while steadily rising, are still so much lower than in the US. We recently began cutting our regulations on industries to make it easier to produce goods and services. China did not start doing that because it slows down their economic gains. You see the disadvantages of that in pollution, overbuilding of housing, and borrowing, among others. Of ourse their labor rates are lower, and they cheat at every turn. Amazon still sells “generic” products from China that are just copies of products with no names and no instructions on how to use the product. They push this stuff on us because it is cheap. Maybe not in the future.
Enemies and Competitors
We see a long-held view by business leaders coming out in a statement by the US President Donald Trump that Russia is a competitor rather than an enemy. Many are skeptical of that claim, and the closer a country is to Russia, the harder that is to swallow. That is certainly a business approach to how countries make money, but that is also a much broader word than it has been taken to mean.
It is one of the reasons governments and businesses are want to call hostilities between countries by its real name: war. Businesses find it much harder to do business with a declared enemy. Exposure of those deals can lead to embarrassment like that of companies that traded with Germany and Japan leading up to the second World War. Denial is harder after that exposure. So building guns and ammunition for Russian forces in Ukraine is OK if Russia is not at war with Ukraine. Try selling that idea to the Ukrainians who need US weapons to stay even with the forces Russia has put in there - and they are getting them.
But, I do know his context for calling Russia a competitor. In business you deal with a lot of companies that are all called “competitors”, but some of them are more than that implies. Some will take your cooperation as a “temporary evil” and stab you in the back, taking your contracts in the mix, stealing some of your best talent, and undercutting your labor rates at every turn. They force their teaming partners to accept rates they can’t meet themselves. They will cooperate long enough to get the contract, but cut your company out of actual performance, even though the contracts has requirements for such things. And, everyone knows where these companies are. They avoid doing business with them, unless there is some big contracts involved. Even the worst of them still can manage to get teaming partners when they bid. Everyone smiles at team meetings and pretends to cooperate when the client is around. Most of the real actions take place above people doing the work.
The President is smiling and cooperating with a country that is trying to undermine the democratic institutions our country is founded upon. He knows what they have been doing, and he knows what effects that has had. He has a large number of people who gather intelligence for him and they do am OK job most of the time. He is not naively approaching Russia and pretending that Russia is our friend. He is like all those business leaders who deal with the pariah companies that steal your contracts. “It’s just business”, they say. I’m sure that is what Putin would say to Trump in a private meeting. They both know it is a lie, but they smile and try to get past the formalities so they can do business where it can be done, even knowing that will not always go well. A business ends up working with some real bad companies to stay in business, and President Trump knows that better than Putin who has been in government his whole life.
It is one of the reasons governments and businesses are want to call hostilities between countries by its real name: war. Businesses find it much harder to do business with a declared enemy. Exposure of those deals can lead to embarrassment like that of companies that traded with Germany and Japan leading up to the second World War. Denial is harder after that exposure. So building guns and ammunition for Russian forces in Ukraine is OK if Russia is not at war with Ukraine. Try selling that idea to the Ukrainians who need US weapons to stay even with the forces Russia has put in there - and they are getting them.
But, I do know his context for calling Russia a competitor. In business you deal with a lot of companies that are all called “competitors”, but some of them are more than that implies. Some will take your cooperation as a “temporary evil” and stab you in the back, taking your contracts in the mix, stealing some of your best talent, and undercutting your labor rates at every turn. They force their teaming partners to accept rates they can’t meet themselves. They will cooperate long enough to get the contract, but cut your company out of actual performance, even though the contracts has requirements for such things. And, everyone knows where these companies are. They avoid doing business with them, unless there is some big contracts involved. Even the worst of them still can manage to get teaming partners when they bid. Everyone smiles at team meetings and pretends to cooperate when the client is around. Most of the real actions take place above people doing the work.
The President is smiling and cooperating with a country that is trying to undermine the democratic institutions our country is founded upon. He knows what they have been doing, and he knows what effects that has had. He has a large number of people who gather intelligence for him and they do am OK job most of the time. He is not naively approaching Russia and pretending that Russia is our friend. He is like all those business leaders who deal with the pariah companies that steal your contracts. “It’s just business”, they say. I’m sure that is what Putin would say to Trump in a private meeting. They both know it is a lie, but they smile and try to get past the formalities so they can do business where it can be done, even knowing that will not always go well. A business ends up working with some real bad companies to stay in business, and President Trump knows that better than Putin who has been in government his whole life.
Thursday, July 12, 2018
Facebook’s Foreign Data Connection
In a story by Wired a couple of days ago, there was mention that one of the original investors in Facebook was Yuri Milner, the Russian billionaire. Most billionaires in Russia are Friends of Putin or they don’t stay billionaires very long. Wired tracked down some of the business relationships in Russia and made a good start on the links between Moscow and the billionaires involved. It is a story worth reading if you follow the kinds of manipulation of public opinion Russia is trying to exploit.
But, it is also a crack in some of the smoothing over Mark Zuckerberg has been doing in Washington. Why didn’t the connection between Facebook’s funding come up during the hearings? What was Mail.RU doing in Facebook with their app, which had access to user data, an access that was continued by Zuckerberg even after he knew it was going to come up one day? Why didn’t the connection to sales of data to Huawei come up? Was Congress so concerned about Cambridge Analytica that is lost site of the other connections Facebook had? They were so wound up about the potential use of data for the Trump Campaign that they overlooked the much more serious aspects of a major player like Facebook giving data on users to Russian and Chinese companies.
But, it is also a crack in some of the smoothing over Mark Zuckerberg has been doing in Washington. Why didn’t the connection between Facebook’s funding come up during the hearings? What was Mail.RU doing in Facebook with their app, which had access to user data, an access that was continued by Zuckerberg even after he knew it was going to come up one day? Why didn’t the connection to sales of data to Huawei come up? Was Congress so concerned about Cambridge Analytica that is lost site of the other connections Facebook had? They were so wound up about the potential use of data for the Trump Campaign that they overlooked the much more serious aspects of a major player like Facebook giving data on users to Russian and Chinese companies.
When Enemies Move in Next Door
A recent GAO report on the Defense Establishment’s inability to respond to issues that could or should go to the Committee on Foreign Investment in the US (CFIUS) points out an interesting problem that military installations have faced since Caesar went into Gall (or for the true historians, since organized combat started). Foreign Intelligence Services like to locate front companies or “liaisons” close to military bases where they can spy on the activities that go on there.
As the GAO points out, this is not a problem CFIUS can solve for them. And, they weren’t doing very well on things that CFIUS can do for them. What solves one problem is OPSEC, which most military units have stopped thinking about. Most of them have no idea what counter surveillance operations are like or why they are done. Few even bother to check on their neighbors - and they don’t have to be enemies to cause concern. I have seen some allies and drug cartels put intelligence operations in close proximity to secret activities of governments. You can bet those border guards are under surveillance 100% of the time. Nobody even batted an eyelash until they were reported, and even then those operations move faster than governments respond. Pick up the pace Defense. You know what to do; you just aren’t doing it.
As the GAO points out, this is not a problem CFIUS can solve for them. And, they weren’t doing very well on things that CFIUS can do for them. What solves one problem is OPSEC, which most military units have stopped thinking about. Most of them have no idea what counter surveillance operations are like or why they are done. Few even bother to check on their neighbors - and they don’t have to be enemies to cause concern. I have seen some allies and drug cartels put intelligence operations in close proximity to secret activities of governments. You can bet those border guards are under surveillance 100% of the time. Nobody even batted an eyelash until they were reported, and even then those operations move faster than governments respond. Pick up the pace Defense. You know what to do; you just aren’t doing it.
China Hushes Press on Trade War
Reuters today gave a really interesting analysis of press guidance related to he “trade war” being discussed in every other paper outside China. Reuters says this was “unusually strict” but I guess that depends on your perspective. They are strict on a lot of things.
They do this regularly and are very specific in what can be said about certain things e.g. certain stories, particularly violent or sexually explicit ones, cannot be covered at all, or can only issue reports written by a single office. “Use only official accounts about the man who killed his wife and ran off with the opera singer” is the kind of thing issued every day.
The gist of this guidance is interesting because it pertains to the negotiations on trade that everyone thinks is being driven by the Trump Administration putting tariffs on Chinese goods. The Chinese have managed perceptions on this as they always do. The world hardly hears the US issue with these tariffs. Poor China, besieged by Washington, trying to behave rationally and calmly to these threats.
That tells me that something is going on behind the scenes and maybe some of the things that the Trump folks say about the negotiations might be true. The Chinese are worried about stories stoking up fears in China’s own economy: “ ‘Media outlets must help “stabilize the economy, growth, employment, stabilize foreign trade, investment, finance, stabilize the stock market, the foreign exchange market, the housing market, and basically stabilize the peoples’ thinking, hearts and expectations’, it said.” Perhaps the Trump Administration is having more of an effect than the Chinese want to admit.
They do this regularly and are very specific in what can be said about certain things e.g. certain stories, particularly violent or sexually explicit ones, cannot be covered at all, or can only issue reports written by a single office. “Use only official accounts about the man who killed his wife and ran off with the opera singer” is the kind of thing issued every day.
The gist of this guidance is interesting because it pertains to the negotiations on trade that everyone thinks is being driven by the Trump Administration putting tariffs on Chinese goods. The Chinese have managed perceptions on this as they always do. The world hardly hears the US issue with these tariffs. Poor China, besieged by Washington, trying to behave rationally and calmly to these threats.
That tells me that something is going on behind the scenes and maybe some of the things that the Trump folks say about the negotiations might be true. The Chinese are worried about stories stoking up fears in China’s own economy: “ ‘Media outlets must help “stabilize the economy, growth, employment, stabilize foreign trade, investment, finance, stabilize the stock market, the foreign exchange market, the housing market, and basically stabilize the peoples’ thinking, hearts and expectations’, it said.” Perhaps the Trump Administration is having more of an effect than the Chinese want to admit.
Wednesday, July 11, 2018
FireEye on TEMP.Periscope
FireEye has published a second blog on a Chinese group they call Temp.Periscope, and these little boys and girls have been busy hacking more than the US. There is an earlier report that focuses on the attacks on US “maritime industry, as well as engineering-focused entities, and include research institutes, academic organizations, and private firms in the United States....”. The controlling and patching services seem to come from Hainan China, the same place Ghostnet came from. Hainan’s activities are probably mostly from the military complexes on the island. It is covered with them.
The second blog looked at what the Chinese were hacking in the run-up to the elections in Cambodia. this modus operandi is similar to what the Russians are accused of doing in the US elections and in Germany, France and Italy. The targets are:
The second blog looked at what the Chinese were hacking in the run-up to the elections in Cambodia. this modus operandi is similar to what the Russians are accused of doing in the US elections and in Germany, France and Italy. The targets are:
- National Election Commission, Ministry of the Interior, Ministry of Foreign Affairs and International Cooperation, Cambodian Senate, Ministry of Economics and Finance
- Member of Parliament representing Cambodia National Rescue Party
- Multiple Cambodians advocating human rights and democracy who have written critically of the current ruling party
- Two Cambodian diplomats serving overseas
- Multiple Cambodian media entities
There must not be too many people on social media in Cambodia because there is not much indication of a campaign to influence voters leading up to the election. That may not be as important in countries that are not democracies. Still, the Chinese are still willing to pick their targets and focus on the people who count. They are patient and don’t get caught very often. Odd that they did this time.
Germany Makes Agreements with China
Before anyone makes a big deal out of the agreements made between Germany and China, announced yesterday, look closer at what they were. One is bringing SEAT the small Spanish car maker in a joint venture between BMW and Anhui Jianghuai Automobile Group Corp, Ltd. (confusing, so read JAC). They called this “expanding the joint venture” which sounds better. The German companies BASF and Siemens also announced similar agreements, typical of those noted to make a point, but not produce much. Germany’s Chancellor said his was to demonstrate the need for “free trade” presumably because the US is going its own way and trying to disrupt the cozy arrangements some of these companies have with China. None of this speaks to free trade in any aspect. Just the opposite.
Joint ventures are the way most Chinese companies steal technology now. Years ago, the US-China Economic and Security Review Commission did a long review of the Chinese aircraft industry and documented how these JVs were used to steal the technology. It is probably working that way for the Germans too.
Joint ventures are the way most Chinese companies steal technology now. Years ago, the US-China Economic and Security Review Commission did a long review of the Chinese aircraft industry and documented how these JVs were used to steal the technology. It is probably working that way for the Germans too.
Tuesday, July 10, 2018
Nuclear Posture Changes
I can’t comment on this, but you can review the new US posture on nuclear weapons and how they are used. https://fas.org/issues/nuclear-weapons/nuclear-posture-review/
For sure, the US has had trouble keeping secrets where it needs to, and his one is certainly a secret worth keeping a little closer than leaking it to FAS would indicate. Our defense establishment needs to spend a little time tracking that leak and getting itself under control.
For sure, the US has had trouble keeping secrets where it needs to, and his one is certainly a secret worth keeping a little closer than leaking it to FAS would indicate. Our defense establishment needs to spend a little time tracking that leak and getting itself under control.
China’s Man-Made Disaster
The BBC has highlighted an important aspect of international treaties favoring China because of its “developing nation” status in the world. As rediculous as it sounds, China continues to use the very chemical that causes the depletion of the ozone layer of our earth. There is big hole in our protection from the sun caused partly by this chemical. I don’t understand the science, nor do I need to, to see the points of the story.
I still remember the Paris Climate Accords as a strange agreement that has the intent of providing some structure to the world’s effort to reduce chemicals and other things affecting out existence on the planet:
“The Paris Agreement builds upon the Convention and for the first time brings all nations into a common cause to undertake ambitious efforts to combat climate change and adapt to its effects, with enhanced support to assist developing countries to do so. As such, it charts a new course in the global climate effort.” See Paris Agreement
Like most agreements the Chinese sign, this one was ignored from the beginning. But, the agreement was structured to give them an advantage in continuing to pollute while others, like the US, were supposed to cut their emissions to make the world a safer place. This was the Obama Administration and the EU binding with the UN to make the world a better place. Well, at least China was going to be a better place. Someday, the Chinese were supposed to be able to cut back their pollutants and become a proper member of the world order. It was nonsense from the start, and even the climate control scientists knew it. Now they have proof.
That big hole in the protection is visible from space. It is so big it cannot be hidden like the violations by China have been. China pumps out CFC-11, a banned substance since 2010, like it was clean water. They signed the accords and ignored them because this chemical was used in blown insulation. If it gave them an advantage, they were not going to reduce its use. Someday, maybe.
I still remember the Paris Climate Accords as a strange agreement that has the intent of providing some structure to the world’s effort to reduce chemicals and other things affecting out existence on the planet:
“The Paris Agreement builds upon the Convention and for the first time brings all nations into a common cause to undertake ambitious efforts to combat climate change and adapt to its effects, with enhanced support to assist developing countries to do so. As such, it charts a new course in the global climate effort.” See Paris Agreement
Like most agreements the Chinese sign, this one was ignored from the beginning. But, the agreement was structured to give them an advantage in continuing to pollute while others, like the US, were supposed to cut their emissions to make the world a safer place. This was the Obama Administration and the EU binding with the UN to make the world a better place. Well, at least China was going to be a better place. Someday, the Chinese were supposed to be able to cut back their pollutants and become a proper member of the world order. It was nonsense from the start, and even the climate control scientists knew it. Now they have proof.
That big hole in the protection is visible from space. It is so big it cannot be hidden like the violations by China have been. China pumps out CFC-11, a banned substance since 2010, like it was clean water. They signed the accords and ignored them because this chemical was used in blown insulation. If it gave them an advantage, they were not going to reduce its use. Someday, maybe.
Monday, July 9, 2018
Micron Chips and AMD-China
So, at the same time China decides Micron violates a patent held by a Taiwanese company, it bans the sale of Micron chips. Then, it starts production of AMD-x86 chips in China, making Intel, which has devoted billions of dollars to Chinese manufacturing, look over its shoulder.
Intel always took the chance that the gains made by Chinese investment would give them a dominate position in the markets there. That would pay off handsomely. Only they are in the same boat that a lot of other companies are in, and that boat is being hijacked on the high seas. China still makes a lot of Intel chips as a percentage of their market production, but now they have a competitor in China that can beat them at domestic production. That is the kind of justice a business gets in China. They are “licensing” the production from AMD, but it won’t be long before they have stolen that technology and produce their own chips without a license from anyone. AMD will be out in the cold with Intel then. There is no patent protection in China and those licenses won’t be worth the paper they are printed on.
So, AMD Board members, will the short-term profits over the next few years make up for the long-term loss of market position in the world? If past is prologue, no. Plenty of companies take this risk without understanding what it really is. They see the money pouring in and think how wonderful life is when China is their customer. Take a longer term view of the company - like China does.
Intel always took the chance that the gains made by Chinese investment would give them a dominate position in the markets there. That would pay off handsomely. Only they are in the same boat that a lot of other companies are in, and that boat is being hijacked on the high seas. China still makes a lot of Intel chips as a percentage of their market production, but now they have a competitor in China that can beat them at domestic production. That is the kind of justice a business gets in China. They are “licensing” the production from AMD, but it won’t be long before they have stolen that technology and produce their own chips without a license from anyone. AMD will be out in the cold with Intel then. There is no patent protection in China and those licenses won’t be worth the paper they are printed on.
So, AMD Board members, will the short-term profits over the next few years make up for the long-term loss of market position in the world? If past is prologue, no. Plenty of companies take this risk without understanding what it really is. They see the money pouring in and think how wonderful life is when China is their customer. Take a longer term view of the company - like China does.
Sunday, July 8, 2018
North Korea Statements
I always get a kick out of a country that says one thing and does something else - that would be just about all of them. We can’t believe the “regrettable” meeting held last week with North Korea until we see what North Korea is really doing. So far, not much.
Kim says he is no going to meet with the Secretary of State, when he has been glad to meet with him in the past. This is just smoke. The President of the United States is not going to be meeting with the leader of such a small country on anything like a regular basis. That is China talking. They have already gotten the US President to meet with him once, giving him a stature even they don’t afford him very often. They made him get on a train and come up the last time. Part of that was to stage these public “meetings” which are just like a press conference for the scolding of a child.
So long as North Korea stays on course for testing and employing nuclear weapons and the delivery vehicles, there is till progress in the right direction in spite of their protestations to the contrary. That seems to be in both the US and China’s best interests. Until it isn’t, it will move along.
Kim says he is no going to meet with the Secretary of State, when he has been glad to meet with him in the past. This is just smoke. The President of the United States is not going to be meeting with the leader of such a small country on anything like a regular basis. That is China talking. They have already gotten the US President to meet with him once, giving him a stature even they don’t afford him very often. They made him get on a train and come up the last time. Part of that was to stage these public “meetings” which are just like a press conference for the scolding of a child.
So long as North Korea stays on course for testing and employing nuclear weapons and the delivery vehicles, there is till progress in the right direction in spite of their protestations to the contrary. That seems to be in both the US and China’s best interests. Until it isn’t, it will move along.
China Trade War in April
China made it sound like they were responding to US announced trade tariffs by jacking up the duties on soybeans. That is not the truth of the matter by any means. China cut purchases of US goods in April - soybeans, corn, and pork. They weren’t waiting for the announcement of US tariffs, and the US did not “fire the first shot in the trade war” as the press would have you believe. The justice of this all is that Brazil raised the price of soybeans they sell to China, so the US may be selling less, but China is paying more.
Friday, July 6, 2018
China is the Bernie Madoff of Trade
As we are finding out from the “trade war” some of that shine on China’s economy may be nickel and not silver. That is something companies should note. The Sinovel case, the latest with Micron, and all the others in between are clear indicators that this is a fraud bent entirely to the benefit of China. Bernie Madoff operated the largest private ponzi scheme in the world from a separate computer in the back room - it was a big computer, but nobody ever saw it. It generated good news for all kinds of investors, but the real, lasting investments were sucked out and the investors were stuck with the end results. Most of the investors said, “I didn’t see that coming” but it did look too good to be true.
China is a thief disguised as a regular guy who is friendly and has a big pot of money for anyone who joins him. That lure is Chinese customers for a business. In order to get that business there are few things a company has to do: join in a business deal with a Chinese vendor for the products you are selling there. The Chinese are quick to point out that only about 10% of companies have to do this, but they don’t say that certain types of businesses are banned entirely from investment there. Management of these ventures are to be run by Chinese nationals. I described a lot of these things in my second edition of the Chinese Information War. You have to turn over software so it can be examined for “National Security” impact. This gives the government access to proprietary code. China promises not to abuse that access. If they can’t get it that way, they steal it. There are a number of other restrictions too, but they are too lengthy for a short story.
When a business buys into this “We have Customers for you” routine, it is more than just a business opportunity. China has managed to get us to believe they are just like us and allow their businesses to thrive on their own. But, they are really stealing money from any investor by skimming off money from the top, double dealing, applying tariffs and restrictions, and using a corrupt legal system to support their political objectives. In that environment, they fund state-owned entities from the money pit. Then too, they are buying politicians in the US though business dealings in their states. All the while they are buying up major ports, planting more flags in the South China Sea, and buying their way into places through trade deals. It sounds like something much bigger than any country could pull off, but Bernie Madoff did it from 1960 to 2008, just about by himself.
China is a thief disguised as a regular guy who is friendly and has a big pot of money for anyone who joins him. That lure is Chinese customers for a business. In order to get that business there are few things a company has to do: join in a business deal with a Chinese vendor for the products you are selling there. The Chinese are quick to point out that only about 10% of companies have to do this, but they don’t say that certain types of businesses are banned entirely from investment there. Management of these ventures are to be run by Chinese nationals. I described a lot of these things in my second edition of the Chinese Information War. You have to turn over software so it can be examined for “National Security” impact. This gives the government access to proprietary code. China promises not to abuse that access. If they can’t get it that way, they steal it. There are a number of other restrictions too, but they are too lengthy for a short story.
When a business buys into this “We have Customers for you” routine, it is more than just a business opportunity. China has managed to get us to believe they are just like us and allow their businesses to thrive on their own. But, they are really stealing money from any investor by skimming off money from the top, double dealing, applying tariffs and restrictions, and using a corrupt legal system to support their political objectives. In that environment, they fund state-owned entities from the money pit. Then too, they are buying politicians in the US though business dealings in their states. All the while they are buying up major ports, planting more flags in the South China Sea, and buying their way into places through trade deals. It sounds like something much bigger than any country could pull off, but Bernie Madoff did it from 1960 to 2008, just about by himself.
Thursday, July 5, 2018
Micron, Sinovel and Taiwan, China
Now we see another aspect of the Taiwan, China naming convention China is insisting on. Fox ran a story on Fox Business today that is worth noting, because this has been coming for a long time. The Chinese are pressing all their companies to file patents on their technologies - no matter how they are acquired - so the government can protect them from infringement from outside China. China files more patents in the US than we do. So, as the story was expressed today, the Chinese stole technology. A company used that technology in manufacturing in Taiwan. The Chinese claim Taiwan as their own, so they can take this “infringement” to their own courts and find against the likes of Micron. The Court then decided the remedy was to ban chip sales in China by Micron. Micron stock drops like a stone, which is what China wanted anyway. When that happens they can buy assets of Micron and start the whole process of again.
I have written about this for a long time, since the solar panel management business went the same way. The Chinese stole the technology, ignored our complaints, then manufactured the very same devices using stolen software to manage the generators. They imbedded the technology in product in that case. As a note to this, China’s highest court has finally ruled against Sinovel Wind Group for infringement - this week - after a crime that occurred in 2011 and has dragged on through lower courts all this time. In the meantime, Sinovel had already damaged the patent holder by imbedding and distributing the software.
But, there is a similar case, Aixtron which happened in a different way.
Chinese vendors cut orders, dropped the stock price, then tried to finance a purchase of the German company. They would get the intellectual property and the manufacturing capability and secrets that go with that. CFIUS managed to stop that on National Security grounds, but not without a fight. The complete story did not come out until the investigation. How many times China has gotten away with this nobody knows.
This is wholesale abuse of a long trusted system which protects a company from intellectual property theft. Micron’s Board is probably rethinking its decision to allow operations in China with sensitive patented materials involved. Access to those markets looked good in those days, but doens’t look so good now. I have no sympathy for them. They knew the risks; they took the short-term benefits over the long term profits. The rest of those Chinese businesses should take note. All those Chinese customers are of no value if you can’t have access to them for long enough to enjoy the benefits.
I have written about this for a long time, since the solar panel management business went the same way. The Chinese stole the technology, ignored our complaints, then manufactured the very same devices using stolen software to manage the generators. They imbedded the technology in product in that case. As a note to this, China’s highest court has finally ruled against Sinovel Wind Group for infringement - this week - after a crime that occurred in 2011 and has dragged on through lower courts all this time. In the meantime, Sinovel had already damaged the patent holder by imbedding and distributing the software.
But, there is a similar case, Aixtron which happened in a different way.
Chinese vendors cut orders, dropped the stock price, then tried to finance a purchase of the German company. They would get the intellectual property and the manufacturing capability and secrets that go with that. CFIUS managed to stop that on National Security grounds, but not without a fight. The complete story did not come out until the investigation. How many times China has gotten away with this nobody knows.
This is wholesale abuse of a long trusted system which protects a company from intellectual property theft. Micron’s Board is probably rethinking its decision to allow operations in China with sensitive patented materials involved. Access to those markets looked good in those days, but doens’t look so good now. I have no sympathy for them. They knew the risks; they took the short-term benefits over the long term profits. The rest of those Chinese businesses should take note. All those Chinese customers are of no value if you can’t have access to them for long enough to enjoy the benefits.
Have a Little Faith
There is a interesting article in the weekend Wall Street Journal which expresses the view that some in the US are losing faith in democracy. I should remind you that was one of the goals of the Russian Information Warfare campaign examined by Congress this past year.
David Ignatius wrote about this in January of 2017 in the Washington Post and I covered a lot of it in my new book because it is part of a concerted effort to limit the US and keep us bound up with internal matters. The Ignatius article points to a directed campaign at the highest levels of government in Russia, and the belief that it will put Russia on an equal footing with the US like the Russian atomic bomb did many years ago. That is a big statement to make, but a reflection of the success of these types of campaigns - at least in the minds of the Russians. They push their achievements in these areas, and refine them at each interaction. We can expect better in the 2020 elections, and it will likely be something we have not entirely anticipated. Perhaps they will try to unseat the Trump Administration and get another Barack Obama to run. At least we don’t have Hillary Clinton to kick around any more.
Some of the political dirty tricks in the run up to the election included attacks against Wisconsin Governor Scott Walker and New Jersey Governor (at the time) Chris Christi - who didn’t need much help from anyone to eliminate himself. These are long running campaigns that were supported by many of the social media outlets. After the Primaries started it was more difficult to get the kind of long-running campaign to work. They largely rely on campaign contributions to be successful, an area where the Chinese excel. These campaigns rely on changing attitudes which takes some time, and time is on their side.
The Russians don’t necessarily do any of these things themselves, but use the activities as reference points to disrupt the coming elections. They did the same things in other countries so let’s not believe that they were not doing it here too. Our government did not chose to look further back to find out how long the types of interference have been going on, when it would have been prudent to do that kind of exploration. Since the Democrats were in power, they had little incentive to look.
David Ignatius wrote about this in January of 2017 in the Washington Post and I covered a lot of it in my new book because it is part of a concerted effort to limit the US and keep us bound up with internal matters. The Ignatius article points to a directed campaign at the highest levels of government in Russia, and the belief that it will put Russia on an equal footing with the US like the Russian atomic bomb did many years ago. That is a big statement to make, but a reflection of the success of these types of campaigns - at least in the minds of the Russians. They push their achievements in these areas, and refine them at each interaction. We can expect better in the 2020 elections, and it will likely be something we have not entirely anticipated. Perhaps they will try to unseat the Trump Administration and get another Barack Obama to run. At least we don’t have Hillary Clinton to kick around any more.
Some of the political dirty tricks in the run up to the election included attacks against Wisconsin Governor Scott Walker and New Jersey Governor (at the time) Chris Christi - who didn’t need much help from anyone to eliminate himself. These are long running campaigns that were supported by many of the social media outlets. After the Primaries started it was more difficult to get the kind of long-running campaign to work. They largely rely on campaign contributions to be successful, an area where the Chinese excel. These campaigns rely on changing attitudes which takes some time, and time is on their side.
The Russians don’t necessarily do any of these things themselves, but use the activities as reference points to disrupt the coming elections. They did the same things in other countries so let’s not believe that they were not doing it here too. Our government did not chose to look further back to find out how long the types of interference have been going on, when it would have been prudent to do that kind of exploration. Since the Democrats were in power, they had little incentive to look.
Tuesday, July 3, 2018
North Korea Hasn’t Changed
So, we saw last week (several stories of which this is one) that North Korea continues to build up their nuclear capabilities in spite of statements to the contrary. The cited reference from the Stimson Center in Washington is worth reading too (ref). Remember that NK is a puppet, not an independent actor in all of this. They don’t do anything without China’s permission, though occasionally they exceed expectations and do more than they should. They get slapped for that.
Just to be clear, a friend of mine who is a nuclear physicist, did the analysis and said they are not likely to be building weapons grade material with this place. It is not that big. The press is playing this up when it is not relevant to nuclear weapons development.
So, from both of these articles, it appears the frost on the pumpkin is North Korea is continuing on with its nuclear development, given time by a pause created by the meeting between the US and NK leaders. Over the years this seems to be their routine. Ratchet things up, then calm them down and go on doing what you were doing. The Chinese run this operation and North Korea has fun doing its part, but this time they are facing an administration that might not like that way of doing business. This one does not like promises that are not kept. No doubt General Mattis made that clear on his visit to China.
China consistently believes that it can do what it wants, anytime it wants, and proceeds accordingly. When they meet resistance, they move around it or slow down. They don’t quit. If they really want nuclear weapons in North Korea, they may have taken on a task that exceeds what the US will accept. They know that, of course, yet proceed to find out what we will do. They have been doing that for a long time. They are observing, correcting their path to strategic goals, but they don’t quit.
The next steps are for us to go back to the successful strategy of suggesting military options to this problem. China does not want a North Korea that is radioactive anymore than we do. If we start bombing this nuclear sites, the rubble will be there for a couple of hundred years before anyone can clean it up. Though maybe North Korea wouldn’t care about the risk to cleanup, and just send people in anyway. The cleanup crews love their leader - or else.
Just to be clear, a friend of mine who is a nuclear physicist, did the analysis and said they are not likely to be building weapons grade material with this place. It is not that big. The press is playing this up when it is not relevant to nuclear weapons development.
So, from both of these articles, it appears the frost on the pumpkin is North Korea is continuing on with its nuclear development, given time by a pause created by the meeting between the US and NK leaders. Over the years this seems to be their routine. Ratchet things up, then calm them down and go on doing what you were doing. The Chinese run this operation and North Korea has fun doing its part, but this time they are facing an administration that might not like that way of doing business. This one does not like promises that are not kept. No doubt General Mattis made that clear on his visit to China.
China consistently believes that it can do what it wants, anytime it wants, and proceeds accordingly. When they meet resistance, they move around it or slow down. They don’t quit. If they really want nuclear weapons in North Korea, they may have taken on a task that exceeds what the US will accept. They know that, of course, yet proceed to find out what we will do. They have been doing that for a long time. They are observing, correcting their path to strategic goals, but they don’t quit.
The next steps are for us to go back to the successful strategy of suggesting military options to this problem. China does not want a North Korea that is radioactive anymore than we do. If we start bombing this nuclear sites, the rubble will be there for a couple of hundred years before anyone can clean it up. Though maybe North Korea wouldn’t care about the risk to cleanup, and just send people in anyway. The cleanup crews love their leader - or else.
Monday, July 2, 2018
T Mobile and Sprint Merger Complicatiions
This is a more complicated deal than the one AT&T did with Time Warner. The owner of T Mobile is Deutsche Telecom and the owner of Sprint is SoftBank. In theory is is a Japanese company buying a German company to operate in the US as one, but SoftBank has a lot of Chinese holdings like Tencent so the integration of that conglomerate is a little more tricky.
The Chinese do a lot of this kind of dealing, using second-tier companies to get a foot in the door under a larger roof like SoftBank. They pretty much ignore the owner after that, though they send all the right people to Board meetings and corporate picnics. Remember Alipay for that lesson. This one bears looking into in a little more detail. It is not just about control, which SoftBank has with 66% of Sprint, but it about influence - that third part of foreign ownership, control and influence. Conglomerates are a world of their own and they have many governments trying to stick fingers in their business. But where that becomes important is when China has to pass on some business deals because they have ownership of companies by state-owned institutions. Yes, its complicated, and China wants us to think their companies are just like the rest of businesses in the world. We know they aren’t.
The Chinese do a lot of this kind of dealing, using second-tier companies to get a foot in the door under a larger roof like SoftBank. They pretty much ignore the owner after that, though they send all the right people to Board meetings and corporate picnics. Remember Alipay for that lesson. This one bears looking into in a little more detail. It is not just about control, which SoftBank has with 66% of Sprint, but it about influence - that third part of foreign ownership, control and influence. Conglomerates are a world of their own and they have many governments trying to stick fingers in their business. But where that becomes important is when China has to pass on some business deals because they have ownership of companies by state-owned institutions. Yes, its complicated, and China wants us to think their companies are just like the rest of businesses in the world. We know they aren’t.
Shift to Malwareless E-mail Attacks
FireEye has an interesting report that they put together using email from July to December last year. It shows a shift from malware infected email to other types not using malware. The big 4 among those were whaling, credential harvesting, spear phishing and W-2 scams. That last one is because these are businesses FireEye is protecting and the scams are at the corporate level. We have had some of those around here. Several people have reported trouble with their credentials of late and I wonder what use that credential is being put to.
Subscribe to:
Posts (Atom)