I don't think it is very effective deterrent strategy to name names and issue indictments for intelligence officers who hack for a living. Most of them have several false identifies that they use on-line and they are not going to stop just because we identify them by name. They get another name and move on.
This time, there are 10 named individuals from China’s Ministry of State Security who were hacking aviation related companies in Arizona, Massachusetts, Oregon and anywhere else they can get into. There is not a chance any of these people will ever be charged in a crime and arrested in the US. Well, I suppose they might come over to the US and get caught at the border, but somehow that does not seem very likely.
There is a twist in this indictment - one of these guys told a Chinese national working for a French aviation company to install malware. When law enforcement started an investigation, another Chinese national deleted a link to the group of Chinese agents. This is another indication of why we should be examining the use of Chinese nationals in critical technology areas like aviation.
Wednesday, October 31, 2018
China Diverts US and Canadian Traffic
I wrote about China Telecom's rerouting of Internet traffic several years ago, but because my example lasted only 18 minutes there wasn't much interest in what actually happened there. Now comes a new report from two writers for Military Cyber Affairs. The Chinese have already said this report is based upon "groundless speculation" which means they cared enough to read it. I downloaded the report and recommend you read the report instead of the newspaper accounts. There is none of the usual academic qualifiers - they get straight to the point and are not quibbling about what they found.
These two, Chris Demchak and Yuval Shavitt, leave no doubt that China Telecom is diverting communications from their points of presence around the world. They speculate that this is to compensate for agreements to stop hacking industries, but allow "intelligence based hacking", which unfortunately the Chinese see as just another way of spying on domestic industries of other countries. They have a long explanation of how these kinds of attacks are orchestrated, and give specific examples for Italian banking, Canadian traffic to South Korea, and several others.
This is a report worth reading. China seems to be doing rerouting on an industry specific basis, giving them access to massive amounts of data being transmitted over time. Because it is an infrastructure attack, it is very hard to detect. Encryption would help to protect data being intercepted this way, so I'm a little surprised that financial data could be transported without it.
The report recommends "access reciprocity" meaning China has PoPs in the US but the US has none in China. How stupid is that?
These two, Chris Demchak and Yuval Shavitt, leave no doubt that China Telecom is diverting communications from their points of presence around the world. They speculate that this is to compensate for agreements to stop hacking industries, but allow "intelligence based hacking", which unfortunately the Chinese see as just another way of spying on domestic industries of other countries. They have a long explanation of how these kinds of attacks are orchestrated, and give specific examples for Italian banking, Canadian traffic to South Korea, and several others.
This is a report worth reading. China seems to be doing rerouting on an industry specific basis, giving them access to massive amounts of data being transmitted over time. Because it is an infrastructure attack, it is very hard to detect. Encryption would help to protect data being intercepted this way, so I'm a little surprised that financial data could be transported without it.
The report recommends "access reciprocity" meaning China has PoPs in the US but the US has none in China. How stupid is that?
Sunday, October 28, 2018
China-Brazil Cooling Off
Just when China has had enough problems for most countries to handle, Brazil is sounding like another one. A Reuters story has Jair Bolsonaro, Brazil's leading Presidential candidate as saying China, its largest trading partner, looks to dominate certain sectors of the economy. He has said the Chinese are not buying into Brazil with all this money - they are trying to buy Brazil. I feel his pain. Trading is supposed to benefit both sides and not result in domination of one over the other, by his account. He must be new to dealing with the Chinese, but is catching on fast.
To make matters worse, the new politico has decided to favor Taiwan's claim to independence. This is sacrilege to the Chinese, who must be looking for ways to influence this new guy before he gets into office. They are working on people around him and have invited some of them to China to show them a good time. Trade is the usual way of getting influence, but trade is already up because of the trade problems between China and the US. Soybeans for China is one aspect of it. That won't be enough to stop a person who is a nationalist first and is probably saying "Brazil first" on his trade discussions. Sound familiar?
To make matters worse, the new politico has decided to favor Taiwan's claim to independence. This is sacrilege to the Chinese, who must be looking for ways to influence this new guy before he gets into office. They are working on people around him and have invited some of them to China to show them a good time. Trade is the usual way of getting influence, but trade is already up because of the trade problems between China and the US. Soybeans for China is one aspect of it. That won't be enough to stop a person who is a nationalist first and is probably saying "Brazil first" on his trade discussions. Sound familiar?
Thursday, October 25, 2018
Are Those Generics OK?
My doctor gave me a good lesson in generic manufacturing when I had problems with a dose of a drug that helped diabetes. He said, "Well, we get reports on the generics all the time saying this one or that one has the wrong compound added and we need to tell the customers to take them back."
What?
"They are mostly made in India and China, and they do not always get the formula right. We even had one that added a toxic substance to Valsartan a generic, commonly used angiotensin receptor blockers (ARBs) used for high blood pressure and heart failure to its compound. It isn't often, but more often than we would really like."
The Financial Times has an article on this that shows India far exceeds China in the number of generic approvals (38 for China, 300 for India). There are 900+ generics approved by the Food and Drug Administration. Not getting those formulae right has some concerns when you take them. The next time my diabetes drug doesn't work well, I will remember this, but doing something about it is beyond me.
What?
"They are mostly made in India and China, and they do not always get the formula right. We even had one that added a toxic substance to Valsartan a generic, commonly used angiotensin receptor blockers (ARBs) used for high blood pressure and heart failure to its compound. It isn't often, but more often than we would really like."
The Financial Times has an article on this that shows India far exceeds China in the number of generic approvals (38 for China, 300 for India). There are 900+ generics approved by the Food and Drug Administration. Not getting those formulae right has some concerns when you take them. The next time my diabetes drug doesn't work well, I will remember this, but doing something about it is beyond me.
China's ReEducation Camps
BBC published a good special report on the camps in Northwest China that have mostly Uighur in them, Muslims who are denied their faith and customs in favor of "unity" and harmony. The BBC got satellite imagery of these places and showed the growth since 2015 - basically from arid domain to full scale camps in that amount of time. BBC used map overlays and sequenced layers to add a dimension to this that only imagery analysts are used to getting.
BBC also has good insight into how the press is treated in China, and this article does a lot to expose the tactics that the observers who followed them around were really interested in protecting. (the BBC has been good at this for a long time) The locals around these camps know a lot about them and the people who have been released back into the communities. They are the ones who talk and China has difficulty controlling that part.
There are more than 10 million Uighurs in Xinjiang, and these camps are holding nearly a million people. Imagine a country that can put 1 in 10 of a population in jails and think the outcome will be better for everyone. China is going to be living with the aftermath of this solution for a lot longer than the problem warranted.
BBC also has good insight into how the press is treated in China, and this article does a lot to expose the tactics that the observers who followed them around were really interested in protecting. (the BBC has been good at this for a long time) The locals around these camps know a lot about them and the people who have been released back into the communities. They are the ones who talk and China has difficulty controlling that part.
There are more than 10 million Uighurs in Xinjiang, and these camps are holding nearly a million people. Imagine a country that can put 1 in 10 of a population in jails and think the outcome will be better for everyone. China is going to be living with the aftermath of this solution for a lot longer than the problem warranted.
Wednesday, October 24, 2018
Bomb Hoax
For all the drama surrounding the set of "bombs" sent to prominent Democrats and CNN, this whole thing is a hoax. Anyone who has ever been involved with a real bomb knows what one looks like, and the devices sent to various politicos do not qualify. The FBI characterizes a cherry bomb in a mailbox as a bomb, and they show up in the national statistics on bombs, even as ridiculous as that is. Even the New York Times recognizes that the device sent to George Soros wasn't a real bomb. It was black powder, with apparently no detonator. That does not even qualify as an explosive device. It might go off if you strike a match and hold it close, in which case black powder can burn the person holding it.
I went to bomb classes to be able to recognize a bomb and have never seen a device that looked was a serious bomb that didn't have a detonator of some kind. The recipients have played this to the hilt, notably CNN which evacuated to the street outside and used cell phones and cameras to "broadcast" like they had been brave little boys and girls. Grim in the face of terror. DeBlasio called this a "terrorist threat" that would never deter New Yorkers from their appointed rounds, or business. Wow, how brave they are. The Clintons and Obama never saw the devices but Chelsea Clinton thanked the Secret Service anyway, a nice gesture.
A serious bomber knows his audience and how to get a bomb to them. One of these bombs was sent to John Brennen at CNN and Brennen does not work for CNN. They do research on where the people live and how they get their mail. They pick people who are prominent, and Debbie Wasserman Shultz is not. They make bombs that blow up, since that is the intent of most bomb makers. Apparently, not all of them.
If you want to know what a bomber does read the accounts of the Unibomber. He knew how to make bombs and how to send them to his targets. It took a long time to find him, and these guys will likely be arrested in less than the two weeks before the midterms. This is farce, designed only to garner some sympathy for one political party. Unless they are naive, very few will fall for it.
I went to bomb classes to be able to recognize a bomb and have never seen a device that looked was a serious bomb that didn't have a detonator of some kind. The recipients have played this to the hilt, notably CNN which evacuated to the street outside and used cell phones and cameras to "broadcast" like they had been brave little boys and girls. Grim in the face of terror. DeBlasio called this a "terrorist threat" that would never deter New Yorkers from their appointed rounds, or business. Wow, how brave they are. The Clintons and Obama never saw the devices but Chelsea Clinton thanked the Secret Service anyway, a nice gesture.
A serious bomber knows his audience and how to get a bomb to them. One of these bombs was sent to John Brennen at CNN and Brennen does not work for CNN. They do research on where the people live and how they get their mail. They pick people who are prominent, and Debbie Wasserman Shultz is not. They make bombs that blow up, since that is the intent of most bomb makers. Apparently, not all of them.
If you want to know what a bomber does read the accounts of the Unibomber. He knew how to make bombs and how to send them to his targets. It took a long time to find him, and these guys will likely be arrested in less than the two weeks before the midterms. This is farce, designed only to garner some sympathy for one political party. Unless they are naive, very few will fall for it.
Petrochemical Tampering Traced to Russia
Ever hear of something called the Central Scientific Research Institute of Chemistry and Mechanics, Moscow? Perhaps you should remember it the next time someone is accused of tampering with the safety systems on petrochemical plants. The software is the fairly well-known Triton, which FireEye has linked to a specific professor at the research facility. The target was apparently a petrochemical plant in Saudi Arabia, though FireEye did not name that location.
A Wall Street Journal article says, "Schneider Electric , a French multinational firm that makes the emergency shut-off system that was targeted—known as Triconix—conducted additional analysis in January that found Triton was able to manipulate Schneider devices’ memory and run unauthorized programs on the system by leveraging a previously unknown bug." So, let's hope they have patched that bug and that users have installed the patch by now.
Russia does not seem to have any reservations about using malware to cause harm in infrastructures and test it out in various places, usually in Eastern Europe. They usually suffer no harm by doing it and until someone retaliates in way they will remember, they will keep doing it. Tampering with safety mechanisms to make them fail is not a good idea and one of these targets is going to make Russia wish they had picked somewhere else to do their testing. Iran got blamed for the attacks on Aramco many years ago, and the Saudis were powerless to retaliate. If they learned one lesson from that it was that being unable to respond to a cyberattack is important to any government that doesn't want to be attacked again. The Russians think they can thumb their noses at every country that they don't favor, but that is going to cost them one day. They are going to kick the wrong tiger one day.
A Wall Street Journal article says, "Schneider Electric , a French multinational firm that makes the emergency shut-off system that was targeted—known as Triconix—conducted additional analysis in January that found Triton was able to manipulate Schneider devices’ memory and run unauthorized programs on the system by leveraging a previously unknown bug." So, let's hope they have patched that bug and that users have installed the patch by now.
Russia does not seem to have any reservations about using malware to cause harm in infrastructures and test it out in various places, usually in Eastern Europe. They usually suffer no harm by doing it and until someone retaliates in way they will remember, they will keep doing it. Tampering with safety mechanisms to make them fail is not a good idea and one of these targets is going to make Russia wish they had picked somewhere else to do their testing. Iran got blamed for the attacks on Aramco many years ago, and the Saudis were powerless to retaliate. If they learned one lesson from that it was that being unable to respond to a cyberattack is important to any government that doesn't want to be attacked again. The Russians think they can thumb their noses at every country that they don't favor, but that is going to cost them one day. They are going to kick the wrong tiger one day.
Tuesday, October 23, 2018
Wrong on Hardware Manipulation
The capability the Chinese have for insertion of components to allow access to a device are very high. They have shown a willingness to use software to grant access and there is no reason to believe they would not use hardware as well. They have both the ability and opportunity to do so, since most of the worlds routers, computers, disk drives and most electronic components are made there. So, when Bloomberg claimed the story line that Super Micro had a board with an unauthorized modification and that might affect Amazon, Apple and others, nobody blinked. Bloomberg claimed to have interviewed 17 people, an unusually high number, before making the story public.
So, Tim Cook at Apple says Bloomberg needs to withdraw the story. Amazon Web Services said the same thing. Super Micro says they don't believe it but will look. No lawsuits have followed.
That doesn't happen very often. These things are questions of fact, not prediction of some future event, or analysis of a string of thoughts that might lead to a conclusion. Either it did happen, or it didn't. I think there is more to this than any of the vendors want us to know. Some of those 17 people interviewed by Bloomberg may have heard something but had no first-hand knowledge, but they did hear about something like this happened. Some may have been in meetings where something like it was discussed. Others may have had direct knowledge. Maybe the company thought they might have discovered something and that turned out to be wrong. If so, that would be an easy thing to admit and the controversy would be over.
The other possibility is the consequences to the business reputation of Apple and Amazon Web Services may suffer extremely grave damage from exposure of any occurrence of a problem that is built-in at the manufacturer. Ask Intel what that does to your chip sales. The year after chip manufacturing started in China, flaws in designs started making their way into the public domain. It makes customers nervous, and for that reason alone, very few vendors will allow any government anywhere in the world to use their devices for these kinds of penetrations. Once discovered, and verified, businesses have to be crazy to buy these devices from anybody. They are not going to sell. That alone is a real incentive to kill this story.
I would like to see a followup from Bloomberg telling how the story was done and why they are so sure it is not going to get them sued. They seem to be confident, and so far, nobody has. Those are sure signs there is more to this than the current ink would suggest.
So, Tim Cook at Apple says Bloomberg needs to withdraw the story. Amazon Web Services said the same thing. Super Micro says they don't believe it but will look. No lawsuits have followed.
That doesn't happen very often. These things are questions of fact, not prediction of some future event, or analysis of a string of thoughts that might lead to a conclusion. Either it did happen, or it didn't. I think there is more to this than any of the vendors want us to know. Some of those 17 people interviewed by Bloomberg may have heard something but had no first-hand knowledge, but they did hear about something like this happened. Some may have been in meetings where something like it was discussed. Others may have had direct knowledge. Maybe the company thought they might have discovered something and that turned out to be wrong. If so, that would be an easy thing to admit and the controversy would be over.
The other possibility is the consequences to the business reputation of Apple and Amazon Web Services may suffer extremely grave damage from exposure of any occurrence of a problem that is built-in at the manufacturer. Ask Intel what that does to your chip sales. The year after chip manufacturing started in China, flaws in designs started making their way into the public domain. It makes customers nervous, and for that reason alone, very few vendors will allow any government anywhere in the world to use their devices for these kinds of penetrations. Once discovered, and verified, businesses have to be crazy to buy these devices from anybody. They are not going to sell. That alone is a real incentive to kill this story.
I would like to see a followup from Bloomberg telling how the story was done and why they are so sure it is not going to get them sued. They seem to be confident, and so far, nobody has. Those are sure signs there is more to this than the current ink would suggest.
Monday, October 22, 2018
Russia in the Midterm US Elections
In case anyone was thinking the Russians had stopped interfering with US internal politics, there is proof they have not. It is in the form of a previously sealed indictment (read at )against one Elena Alekseevna Khusyaynova, a resident of St. Petersburg where the Internet Research Association, for a time her employer, is located. You remember IRA from its interference in the US national election in 2016. Since 2014, known and unknown individuals participated in Project Lakhta, to influence politics in the US, the EU and the Ukraine. She was the chief accountant in the Finance Division of this project. She had a $12 million budget in 2016, but had requested $83 million in different transactions in 2017. The indictment lays these out in great detail.
The Russians have previously interfered in elections in all of these places, most particularly the Ukraine (see The New Cyberwar, McFarland Publishing). The indictment lists 10 companies, mostly news agencies in Russia, as participants in the Project. Concord Management and Consulting LLC. and Concord Catering are the funding companies behind this campaign. Remember those names from the 2016 election? You should; they were had the same function in the campaign going on in the US then.
Yevgeniy Prigozhin, a close Friend of Putin, operates these companies and has had a hand in most of the US operations. His conspiracy sought to operate "fictitious social media personas, pages, and groups designed to attract US audiences and address divisive US political and social issues or advocate for the election or electoral defeat of particular candidates."
Facebook is going to be the target of more investigations since it was the beneficiary of a lot of this work. Project Lakhta hired persons to pretend to be US citizens at work on various kinds of social and political projects. They hired bloggers, made artwork, and did the usual kinds of things that we expect from social media groups. They got guidance on messaging from internal sources and that is quite enlightening since it shows the Russian perceptions of US minorities.
I said many times that the Russians would change the names of their companies and funding apparatus as a result of being called out in the 2016 election interference. They obviously did not.
The Russians have previously interfered in elections in all of these places, most particularly the Ukraine (see The New Cyberwar, McFarland Publishing). The indictment lists 10 companies, mostly news agencies in Russia, as participants in the Project. Concord Management and Consulting LLC. and Concord Catering are the funding companies behind this campaign. Remember those names from the 2016 election? You should; they were had the same function in the campaign going on in the US then.
Yevgeniy Prigozhin, a close Friend of Putin, operates these companies and has had a hand in most of the US operations. His conspiracy sought to operate "fictitious social media personas, pages, and groups designed to attract US audiences and address divisive US political and social issues or advocate for the election or electoral defeat of particular candidates."
Facebook is going to be the target of more investigations since it was the beneficiary of a lot of this work. Project Lakhta hired persons to pretend to be US citizens at work on various kinds of social and political projects. They hired bloggers, made artwork, and did the usual kinds of things that we expect from social media groups. They got guidance on messaging from internal sources and that is quite enlightening since it shows the Russian perceptions of US minorities.
I said many times that the Russians would change the names of their companies and funding apparatus as a result of being called out in the 2016 election interference. They obviously did not.
Friday, October 19, 2018
Huawei Steals Tech from Silicon Valley
An article in the Wall Street Journal today gets to the basics of how China tries to use international laws on patents to steal technology from, claim it as its own, then sue over the claim. This has happened over and over with various companies stealing trade secrets or patented material, then filing patents on the stolen material. If those patents can't be enforced outside China, they certainly will be inside China.
The Journal sites the case of CNEX Labs Inc., based in San Jose, Calif., that Huawei and its Futurewei unit have engaged in a multiyear plan to steal CNEX’s technology. That technology is described this way on their website:
"CNEX is chartered to deliver innovative system solutions in the form of semiconductors and software. For its first product, CNEX teamed with NAND Flash manufacturers and customers to develop a revolutionary new NVMe PCIe SSD controller ASIC that supports LightNVM/Open-Channel operation, and includes native NVMoE I/O connectivity. CNEX SSD controllers deliver high-performance with low and predictable latency, and provide flexibility for software-defined-storage with host-based FTL, and Ethernet I/O for storage fabric scalability."
The Journal describes the technology in less technical terms: "The intellectual property in dispute—solid-state drive (SSD) storage technology—allows massive data centers to manage the ever-growing volume of information generated by artificial intelligence and other advanced applications."
The Chinese will steal anything that looks like chip technology, but this case has a twist. The patent holder of this technology worked for both Futurewei and CNEX. The Chinese company tried to get him to sign over the patents as part of an employee agreement but that was a little far fetched and he refused. In its filing, "As part of the discovery process, Huawei asked the court in a filing earlier this month to force CNEX to turn over all of its technical documents, including “detailed engineering specifications, testing plans, source code design documents, source code flow charts, hardware design documents and schematics, hardware and software bug status reports, engineering personnel responsibility designations, client product delivery details, and production schedules.” A protective order entered by the judge places heavy restrictions on access to the technical documents in the case." How is that for brazenness? Give us the designs and technical data so we can evaluate your claim!
The kicker in all of this is the way China has managed to steal and patent so much technical information, then use patents filed in both China and other countries to leverage the theft. They used this method in solar panels, the aircraft industry, and control software for many years. They got caught trying to steal GE engine technology last month.
China operates commerce more like a criminal enterprise than a duly constituted government.
The Journal sites the case of CNEX Labs Inc., based in San Jose, Calif., that Huawei and its Futurewei unit have engaged in a multiyear plan to steal CNEX’s technology. That technology is described this way on their website:
"CNEX is chartered to deliver innovative system solutions in the form of semiconductors and software. For its first product, CNEX teamed with NAND Flash manufacturers and customers to develop a revolutionary new NVMe PCIe SSD controller ASIC that supports LightNVM/Open-Channel operation, and includes native NVMoE I/O connectivity. CNEX SSD controllers deliver high-performance with low and predictable latency, and provide flexibility for software-defined-storage with host-based FTL, and Ethernet I/O for storage fabric scalability."
The Journal describes the technology in less technical terms: "The intellectual property in dispute—solid-state drive (SSD) storage technology—allows massive data centers to manage the ever-growing volume of information generated by artificial intelligence and other advanced applications."
The Chinese will steal anything that looks like chip technology, but this case has a twist. The patent holder of this technology worked for both Futurewei and CNEX. The Chinese company tried to get him to sign over the patents as part of an employee agreement but that was a little far fetched and he refused. In its filing, "As part of the discovery process, Huawei asked the court in a filing earlier this month to force CNEX to turn over all of its technical documents, including “detailed engineering specifications, testing plans, source code design documents, source code flow charts, hardware design documents and schematics, hardware and software bug status reports, engineering personnel responsibility designations, client product delivery details, and production schedules.” A protective order entered by the judge places heavy restrictions on access to the technical documents in the case." How is that for brazenness? Give us the designs and technical data so we can evaluate your claim!
The kicker in all of this is the way China has managed to steal and patent so much technical information, then use patents filed in both China and other countries to leverage the theft. They used this method in solar panels, the aircraft industry, and control software for many years. They got caught trying to steal GE engine technology last month.
China operates commerce more like a criminal enterprise than a duly constituted government.
Thursday, October 18, 2018
China Postal Rates Get the Ax
Well, the President of the United States has finally withdrawn from a old treaty that allows China to get better postal rates designed to help poor countries do better in the world. How did the second largest economy get to be a "poor country"? It goes back to an ancient idea that postal rates should be set by the United Nations: the Universal Postal Union (UPU) sets the rates. I can't remember a time when China was a poor country, so it's a good time to stop this nonsense.
The WTO still treats China like a poor, disadvantaged country, when its members know better. The UN knows better. Why does it take a US President to change a process that is blatantly wrong? It kind of makes us wonder how many more of these stupid agreements are out there giving advantage to countries that no longer need or deserve it.
The WTO still treats China like a poor, disadvantaged country, when its members know better. The UN knows better. Why does it take a US President to change a process that is blatantly wrong? It kind of makes us wonder how many more of these stupid agreements are out there giving advantage to countries that no longer need or deserve it.
Wednesday, October 17, 2018
China to Hack US Businesses in China
Larry Kudlow was on Fox Business this morning and said that China has just passed new legislation which - in the name of cybersecurity- will allow the government to hack US businesses in China. He added, "This is outrageous." Of course it is.
What we are rooting for here is reciprocity, something the last Congressional Executive Report said was needed in every aspect of trade with China. In the name of cybersecurity, our government should hack every company owned by a Chinese entity and operated in the US. That is reciprocity.
What we are rooting for here is reciprocity, something the last Congressional Executive Report said was needed in every aspect of trade with China. In the name of cybersecurity, our government should hack every company owned by a Chinese entity and operated in the US. That is reciprocity.
Tuesday, October 16, 2018
If You Don't Agree, Die
Rand Paul had the ultimate in threats made against him and his family. The Capital Police arrested the guy and it seems that part is over. Since the shooting over a year ago of the House Majority Whip Steve Scalise in Washington, these kinds of threats are far more credible.
The latest in this growing list of people who receive credible threats is Susan Collins, who got an envelope containing ricin. This is not one of those "white powder" episodes which drive police crazy but do no real harm to anyone. Ricin has no antidote and could kill someone. This is not a political joke or someone with a sense of humor. Ricin is deadly and it could have killed Ms Collins or a relative. The person who sent it had no sense of humor and a slanted political view.
We should expect a denouncement of this kind of activity just as we should have expected a rising expectation of political behavior that comes with being in a responsible position of an elected official who speaks for a constituency. There are no constituencies that favor this kind of behavior, yet there is not an outcry from very many of their Congressional representatives.
These are the kinds of things the Russians do by encouraging the most extreme behaviors in a population. They used to use what they called "mental patients" for this kind of thing. It is tough to trace a mental patient back to the people who started them on this path. Political opponents often disappear or are murdered on the street. Press people who investigate these happenings end up dead. They carry out some of these activities with government employees, as we saw in the UK.
We don't want to live like the Russians do, and should not tolerate this kind of behavior. The press should be on it and denounce it quickly. Denounce it; call it out; discourage it; complain about what has been done. Stand up for the principles we hold as self-evident. You remember the Constitution and the Bill of Rights, don't you?
The latest in this growing list of people who receive credible threats is Susan Collins, who got an envelope containing ricin. This is not one of those "white powder" episodes which drive police crazy but do no real harm to anyone. Ricin has no antidote and could kill someone. This is not a political joke or someone with a sense of humor. Ricin is deadly and it could have killed Ms Collins or a relative. The person who sent it had no sense of humor and a slanted political view.
We should expect a denouncement of this kind of activity just as we should have expected a rising expectation of political behavior that comes with being in a responsible position of an elected official who speaks for a constituency. There are no constituencies that favor this kind of behavior, yet there is not an outcry from very many of their Congressional representatives.
These are the kinds of things the Russians do by encouraging the most extreme behaviors in a population. They used to use what they called "mental patients" for this kind of thing. It is tough to trace a mental patient back to the people who started them on this path. Political opponents often disappear or are murdered on the street. Press people who investigate these happenings end up dead. They carry out some of these activities with government employees, as we saw in the UK.
We don't want to live like the Russians do, and should not tolerate this kind of behavior. The press should be on it and denounce it quickly. Denounce it; call it out; discourage it; complain about what has been done. Stand up for the principles we hold as self-evident. You remember the Constitution and the Bill of Rights, don't you?
China Wants to Pick Next Dalai Lama
Well, the Chinese beat the Vatican and now wants to take on the Dalai Lama. The CONGRESSIONAL-EXECUTIVE COMMISSION ON CHINA, ANNUAL REPORT 2018 says the Chinese have already made public statements that they must be allowed to name the next Dalai Lama, an unlikely prospect that will equal the coup against the Catholic Church if it were to succeed. It requires the Chinese government to understand the wishes of the current Dalai Lama who chooses the body where he will be reincarnated. That is a tough act to follow. The Dalai Lama is already saying he may not choose a body inside Tibet.
Jamal Khashoggi's Watch
Of all the stories told about Jamal Khashoggi, the one that sounded the least plausible was the one about the cries of pain coming though his Apple Watch to the outside world. I give credit to the Cult of Mac for a story on the technical case against such a recording being made. There are enough simple facts here to make the conclusion: "Instead, speculation is running rampant that the Turkish government has bugged the Saudi Arabian consulate. Rather than admit this, the investigators are using Khashoggi’s Apple Watch as a cover story." Not very profound, but well written.
https://dennispoindexter.blogspot.com/
https://dennispoindexter.blogspot.com/
Monday, October 15, 2018
China Doubling Camps for Uighurs
I'm reading a report called CONGRESSIONAL-EXECUTIVE COMMISSION ON CHINA
ANNUAL REPORT 2018 and came across this passage about the expansion of camps in China for the largely Muslim population of Uighurs in the Northwest:
Since Chen Quanguo’s appointment as XUAR Party Secretary in August 2016, reports have documented the escalation of rights abuses against local ethnic minority populations. Chen previously served in the same position in the Tibet Autonomous Region (TAR), where he imposed similarly onerous restrictions. This past year the mass surveillance and securitization of the XUAR was starkly illustrated by the extrajudicial detention of 1 million or more individuals in ‘‘political reeducation’’ centers or camps—making it the largest mass internment of an ethnic minority population in the world today. Individuals may be detained for a number of reasons, including frequency of prayer, expression of ‘‘politically incorrect’’ views, history of travel abroad, and connections with people outside of China. Detentions appear to be indefinite in most cases. Regional government authorities reportedly ordered officials in some XUAR jurisdictions to meet detention quotas, and local orphanages were reportedly overcrowded due to the number of children requiring care while both parents are held in the camps. A May 2018 Associated Press report documented propagandistic slogans that detainees were required to chant—‘‘Thank the Party! Thank the Motherland! Thank President Xi!’’—before being permitted to eat.4 The ‘‘political reeducation’’ centers are reportedly fortified with barbed wire, reinforced doors, and bombproof surfaces. Security
personnel have subjected detainees to torture (including the use of interrogation chairs called ‘‘tiger chairs’’), medical neglect and maltreatment, solitary confinement, sleep deprivation, lack of adequate clothing in cold temperatures, and other forms of abuse. Reports have also emerged of a number of deaths in the camps. Reports in May 2018 indicated that Chinese authorities were soliciting public bids for the construction of more camps and additional security features for existing ones. In addition to those detained in ‘‘political reeducation’’ centers, rights groups reported that as of June 2018, authorities may have forced an additional 2.2 million XUAR residents to attend day or evening ‘‘education sessions.’’
ANNUAL REPORT 2018 and came across this passage about the expansion of camps in China for the largely Muslim population of Uighurs in the Northwest:
Since Chen Quanguo’s appointment as XUAR Party Secretary in August 2016, reports have documented the escalation of rights abuses against local ethnic minority populations. Chen previously served in the same position in the Tibet Autonomous Region (TAR), where he imposed similarly onerous restrictions. This past year the mass surveillance and securitization of the XUAR was starkly illustrated by the extrajudicial detention of 1 million or more individuals in ‘‘political reeducation’’ centers or camps—making it the largest mass internment of an ethnic minority population in the world today. Individuals may be detained for a number of reasons, including frequency of prayer, expression of ‘‘politically incorrect’’ views, history of travel abroad, and connections with people outside of China. Detentions appear to be indefinite in most cases. Regional government authorities reportedly ordered officials in some XUAR jurisdictions to meet detention quotas, and local orphanages were reportedly overcrowded due to the number of children requiring care while both parents are held in the camps. A May 2018 Associated Press report documented propagandistic slogans that detainees were required to chant—‘‘Thank the Party! Thank the Motherland! Thank President Xi!’’—before being permitted to eat.4 The ‘‘political reeducation’’ centers are reportedly fortified with barbed wire, reinforced doors, and bombproof surfaces. Security
personnel have subjected detainees to torture (including the use of interrogation chairs called ‘‘tiger chairs’’), medical neglect and maltreatment, solitary confinement, sleep deprivation, lack of adequate clothing in cold temperatures, and other forms of abuse. Reports have also emerged of a number of deaths in the camps. Reports in May 2018 indicated that Chinese authorities were soliciting public bids for the construction of more camps and additional security features for existing ones. In addition to those detained in ‘‘political reeducation’’ centers, rights groups reported that as of June 2018, authorities may have forced an additional 2.2 million XUAR residents to attend day or evening ‘‘education sessions.’’
Friday, October 12, 2018
Feeling Good About Your Cybersecurity Program?
If you are feeling good about your cybersecurity program, don't read the latest report by FireEye on what their assessments found in industrial programs of their clients. It is depressing.
What they found was what our assessment teams used to find between 1998 and 2008. Nothing much has changed. I used to teach that problems that go on over many years, in spite of efforts to change behavior, are missing something very important. The root cause cannot be addressed by the changes that are being made. This is worth noting:
"FireEye iSIGHT Intelligence organized the critical and high security risks identified during Mandiant ICS Healthchecks into nine unique categories (Table 1). The three most common were:
Vulnerabilities, Patches, and Updates (32 percent)
Identity and Access Management (25 percent)
Architecture and Network Segmentation (11 percent)
When I taught in college, I used to say that problems that continue after long-term attempts to correct them, are typically being addressed with the wrong solution. If patches and updates are still the number one problem and they have been for 25 years, there is a good bet that the solution is not training of people who do patches and updates. The problem is with the vendors who sell us stuff that needs to be patched and updated at such frequent intervals that it is impossible to keep up with. It is sloppy code development, and no incentive to change to testing in environments where the software has to run. There is no liability for vendors no matter what they do. We need to change that.
Until we have legislation that holds vendors accountable to a reasonable standard of care, they will never correct the kinds of things that go out on the Internet every day, knowing they can be patched later. If you think about that model, it is ridiculous. The Internet is not a safe place. All the software vendors know it. Still, they behave as if there is no big concern about what they might do to compromise my data while they fiddle around with new patches for a couple of months. Why can't we concentrate on that problem for awhile and see if it helps?
What they found was what our assessment teams used to find between 1998 and 2008. Nothing much has changed. I used to teach that problems that go on over many years, in spite of efforts to change behavior, are missing something very important. The root cause cannot be addressed by the changes that are being made. This is worth noting:
"FireEye iSIGHT Intelligence organized the critical and high security risks identified during Mandiant ICS Healthchecks into nine unique categories (Table 1). The three most common were:
Vulnerabilities, Patches, and Updates (32 percent)
Identity and Access Management (25 percent)
Architecture and Network Segmentation (11 percent)
When I taught in college, I used to say that problems that continue after long-term attempts to correct them, are typically being addressed with the wrong solution. If patches and updates are still the number one problem and they have been for 25 years, there is a good bet that the solution is not training of people who do patches and updates. The problem is with the vendors who sell us stuff that needs to be patched and updated at such frequent intervals that it is impossible to keep up with. It is sloppy code development, and no incentive to change to testing in environments where the software has to run. There is no liability for vendors no matter what they do. We need to change that.
Until we have legislation that holds vendors accountable to a reasonable standard of care, they will never correct the kinds of things that go out on the Internet every day, knowing they can be patched later. If you think about that model, it is ridiculous. The Internet is not a safe place. All the software vendors know it. Still, they behave as if there is no big concern about what they might do to compromise my data while they fiddle around with new patches for a couple of months. Why can't we concentrate on that problem for awhile and see if it helps?
Transformation Through Education
A story in the Wall Street Journal yesterday says the Chinese have finally acknowledged the use of "education centers" for the wayward Uighur population that needs to be trained out of their beliefs. There are countries that believe training and education substitute for prison time, but China is not one of them. They expect us to believe they have finally owned up to these camps so we can think of how enlightened China is. We should remember they denied having the camps to begin with, so that enlightenment is not well established.
The stories coming out of these places do not lend themselves to the belief that the education is in the form of job training, the Transformation Through Education the Chinese would say they are doing. Torture and isolation do not train many people to do better at their job. They are usually counterproductive. The latest report from the Congressional-Executive Commission on China says this about the number of people imprisoned for their beliefs:
"The Chinese government’s disregard for human rights and the rule of law most directly affects the Chinese people—as evidenced by the more than 1,300 active cases of political and religious prisoners
contained in the Commission’s far from exhaustive Political Prisoner Database. The Commission’s Annual Report painstakingly documents rights violations in ethnic minority regions, religious
freedom violations, harassment of rights defenders and lawyers,suppression of free speech, large-scale forced evictions, onerous restrictions on civil society and more—all of which are the markings
of a repressive, one-party state. " ".... tumors’’ and ‘‘spray[ing] chemicals’’ on crops to kill the ‘‘weeds.’’ In response to these developments, an international expert described the XUAR as ‘‘a police state to rival North Korea, with a formalized racism on the order of South African apartheid.’’
So let's not believe that the Chinese are being benevolent when they establish camps for the Uighurs. They are doing nothing of the sort.
The stories coming out of these places do not lend themselves to the belief that the education is in the form of job training, the Transformation Through Education the Chinese would say they are doing. Torture and isolation do not train many people to do better at their job. They are usually counterproductive. The latest report from the Congressional-Executive Commission on China says this about the number of people imprisoned for their beliefs:
"The Chinese government’s disregard for human rights and the rule of law most directly affects the Chinese people—as evidenced by the more than 1,300 active cases of political and religious prisoners
contained in the Commission’s far from exhaustive Political Prisoner Database. The Commission’s Annual Report painstakingly documents rights violations in ethnic minority regions, religious
freedom violations, harassment of rights defenders and lawyers,suppression of free speech, large-scale forced evictions, onerous restrictions on civil society and more—all of which are the markings
of a repressive, one-party state. " ".... tumors’’ and ‘‘spray[ing] chemicals’’ on crops to kill the ‘‘weeds.’’ In response to these developments, an international expert described the XUAR as ‘‘a police state to rival North Korea, with a formalized racism on the order of South African apartheid.’’
So let's not believe that the Chinese are being benevolent when they establish camps for the Uighurs. They are doing nothing of the sort.
Thursday, October 11, 2018
Chinese Spy is High Ranking Official
There were numerous stories today about the arrest of a Chinese spy who was stealing information about GE engines. We have heard stories like this over and over these past few years, but this one is different. The Chinese spy is not just a well-trained operative in the field. He is a deputy division director in a department of China’s Ministry of State Security. This is a little like having the Deputy Director of Operations at the CIA arrested for being a spy. People at that level of government rarely need to be operational. They are administrators. There must have been something really, really important about those engines that would get someone at that level involved in spying.
Those who read this blog on Google + can find it at this address when Google + is ended:
https://dennispoindexter.blogspot.com/
Those who read this blog on Google + can find it at this address when Google + is ended:
https://dennispoindexter.blogspot.com/
Wednesday, October 10, 2018
Building Hackable Weapons
There is a new GAO report that shocked me. It says the Feds have been looking at security of weapons systems and finding them susceptible to hacking.
I was up at Hanscom Air Force Base 20 years ago watching some tests of one our weapon systems and feeling pretty good about the outcome, but they told us some stories about some that did not do so well. Hanscom was testing for cyber vulnerabilities and interoperability at the same time. It was prudent that they be tested. We were concerned about hacking of our weapons and tried to build in the kinds of safeguards that would make them operate in some hacker intensive areas of the world, or against the best of Russian attacks by their military. These days, there is no excuse for not considering security for weapons that will operate against the Russians and Chinese who have already hacked about everything, including the designs of some of these platforms.
We have to blame this on defense contractors and government agencies that develop requirements for these systems. Defense contractors cannot be that stupid, even if the government officers are. They know the environment these platforms have to operate in. They are the ones touting their defenses against a range of threats that are common in those kind of environments. They have customers who are not US and they must know these countries care about their cyber security more than the US does, especially those near Russia and China. Building a weapons system for use in a Baltic state and not considering the security of its electronic components is pure malpractice. There is no excuse for it.
The government for its part has not done well at establishing requirements for systems like the ones the Air Force had in those days. That too is malpractice. Make them test and evaluate those weapons before they can be fielded.
Both defense contractors and government reps for these expensive systems get the usual award for their behavior ; STUPID. The Secretary should be kicking some ass over this.
You can access this blog directly after Google + goes away:
https://dennispoindexter.blogspot.com/
I was up at Hanscom Air Force Base 20 years ago watching some tests of one our weapon systems and feeling pretty good about the outcome, but they told us some stories about some that did not do so well. Hanscom was testing for cyber vulnerabilities and interoperability at the same time. It was prudent that they be tested. We were concerned about hacking of our weapons and tried to build in the kinds of safeguards that would make them operate in some hacker intensive areas of the world, or against the best of Russian attacks by their military. These days, there is no excuse for not considering security for weapons that will operate against the Russians and Chinese who have already hacked about everything, including the designs of some of these platforms.
We have to blame this on defense contractors and government agencies that develop requirements for these systems. Defense contractors cannot be that stupid, even if the government officers are. They know the environment these platforms have to operate in. They are the ones touting their defenses against a range of threats that are common in those kind of environments. They have customers who are not US and they must know these countries care about their cyber security more than the US does, especially those near Russia and China. Building a weapons system for use in a Baltic state and not considering the security of its electronic components is pure malpractice. There is no excuse for it.
The government for its part has not done well at establishing requirements for systems like the ones the Air Force had in those days. That too is malpractice. Make them test and evaluate those weapons before they can be fielded.
Both defense contractors and government reps for these expensive systems get the usual award for their behavior ; STUPID. The Secretary should be kicking some ass over this.
You can access this blog directly after Google + goes away:
https://dennispoindexter.blogspot.com/
Tuesday, October 9, 2018
Pssst... Want Some Tariff-free Lumber ?
There is a clever story in the Journal today about how China is avoiding tariffs in the US. Transshipping was always the preferred way to avoid tariffs, which is how Mexico ended up with stockpiles of aluminum sitting in large storage areas. We were not buying Mexican aluminum when they shipped it across the border.
This new approach by China is to change the classification of the goods - in other words, call it something other than what it is. Aluminum becomes auto parts by merely changing the code. This simple method must appeal to a lot of people since it requires little modification of more than paper associated with the shipment. Freight forwarders have been famous for this for a long time when trying to avoid sanctions. Vietnam, Malaysia and Singapore seem to have the lead on this form of trade manipulation, but it is so easy that others will gladly do it for a price.
You can access this blog directly after Google + goes away:
https://dennispoindexter.blogspot.com/
This new approach by China is to change the classification of the goods - in other words, call it something other than what it is. Aluminum becomes auto parts by merely changing the code. This simple method must appeal to a lot of people since it requires little modification of more than paper associated with the shipment. Freight forwarders have been famous for this for a long time when trying to avoid sanctions. Vietnam, Malaysia and Singapore seem to have the lead on this form of trade manipulation, but it is so easy that others will gladly do it for a price.
You can access this blog directly after Google + goes away:
https://dennispoindexter.blogspot.com/
US-China Cold War
In the Wall Street Journal today there is an opinion piece that says Vice President Pence just announced a cold war with China. That is a very short-sighted opinion and more than a little late in coming. We have been at war, in this context, for at least five years.
The Vice President laid out in his speech at the Hudson Institute the situation we found ourselves in when China started to combine its government resources, commercial companies, and quasi-government businesses into a strike force that championed world dominance by China. I should add, dominance by any means, ethical or unethical, by theft or good business practices, or by pressure or force when needed. When I started to speak publicly about this many years ago, and wrote my first book, The Chinese Information War (McFarland Publishing), the reaction was hardly agreement. Most people were skeptical. A few agreed with parts of the Chinese approach and not others. Very few agreed completely. The Vice President put it this way:
"But I come before you today because the American people deserve to know… as we speak, Beijing is employing a whole-of-government approach, using political, economic, and military tools, as well as propaganda, to advance its influence and benefit its interests in the United States."
But the real kick in his speech was the statement that China was interfering in the domestic politics of the United States. That too has been going on for many years. Several analysts have said there is very little the US can do about the way China has chosen to do this part of its campaign because it is perfectly legal. That should come as no surprise, since that is the chosen behavior of China - not to violate the laws of the country they are in. This chosen way is not applied to economics and trade where a criminal enterprise has replaced the government and made it similar to Russia in that one respect. The Chinese steal everything, patent their own inventions that come from that theft, and express surprise that anyone would accuse them of such behavior.
What they have done in the South China Sea is war - capturing territory claimed by others, using force to do it. The rest of the world called it "annexation" for reasons nobody can understand, but avoids making things worse between China and its neighbors. Why we owe China that is beyond me. Just as Russia stole Crimea, China is trying to steal the South China Sea. The two of them are at war with a lot of their neighbors while routinely denying it all. It is about time someone called them out - much more forcefully than did the Vice President.
Those who read this blog on Google + can find it at this address when Google + is ended:
https://dennispoindexter.blogspot.com/
The Vice President laid out in his speech at the Hudson Institute the situation we found ourselves in when China started to combine its government resources, commercial companies, and quasi-government businesses into a strike force that championed world dominance by China. I should add, dominance by any means, ethical or unethical, by theft or good business practices, or by pressure or force when needed. When I started to speak publicly about this many years ago, and wrote my first book, The Chinese Information War (McFarland Publishing), the reaction was hardly agreement. Most people were skeptical. A few agreed with parts of the Chinese approach and not others. Very few agreed completely. The Vice President put it this way:
"But I come before you today because the American people deserve to know… as we speak, Beijing is employing a whole-of-government approach, using political, economic, and military tools, as well as propaganda, to advance its influence and benefit its interests in the United States."
But the real kick in his speech was the statement that China was interfering in the domestic politics of the United States. That too has been going on for many years. Several analysts have said there is very little the US can do about the way China has chosen to do this part of its campaign because it is perfectly legal. That should come as no surprise, since that is the chosen behavior of China - not to violate the laws of the country they are in. This chosen way is not applied to economics and trade where a criminal enterprise has replaced the government and made it similar to Russia in that one respect. The Chinese steal everything, patent their own inventions that come from that theft, and express surprise that anyone would accuse them of such behavior.
What they have done in the South China Sea is war - capturing territory claimed by others, using force to do it. The rest of the world called it "annexation" for reasons nobody can understand, but avoids making things worse between China and its neighbors. Why we owe China that is beyond me. Just as Russia stole Crimea, China is trying to steal the South China Sea. The two of them are at war with a lot of their neighbors while routinely denying it all. It is about time someone called them out - much more forcefully than did the Vice President.
Those who read this blog on Google + can find it at this address when Google + is ended:
https://dennispoindexter.blogspot.com/
Monday, October 8, 2018
UK Practicing Against Russia
Quartz has a story today on the UK practicing their cyber attacks to turn the lights out in Moscow. This is a very effective way to demonstrate to the Russians that their kind of interference is not without consequence. Of course the UK is still more than miffed at the Russians for trying to assassinate a spy on their soil with Russian nerve agent. They thought that was cute, and that the UK would do nothing. They may think twice before trying something like that again. The Russians were meddling in Brexit before that, so the escalation has been rapid and worse with each step. The UK is not waiting for the next round.
The best way to show some capability is to use it against a unit or geographical region that the Russians are in, like Moldova. There little "peacekeeping" force can have its lights turned out for a day or two and nobody will notice - except Russia. The UK capability then becomes credible, and the Russians start thinking about their adventures before doing them again. Give the Brits some credit for their spunk.
The best way to show some capability is to use it against a unit or geographical region that the Russians are in, like Moldova. There little "peacekeeping" force can have its lights turned out for a day or two and nobody will notice - except Russia. The UK capability then becomes credible, and the Russians start thinking about their adventures before doing them again. Give the Brits some credit for their spunk.
Friday, October 5, 2018
Russia Spying on Organization for the Prohibition of Chemical Weapons (OPCW)
The Netherlands has caught some Russian spies setting up surveillance equipment in the parking lot across the street from the Organization for the Prohibition of Chemical Weapons (OPCW). This watchdog group has been helping people figure out what Novichok is and where this batch in Salisbury UK came from. The Russians spy on the groups that prepare negative reports so they can prepare stories to deny them when they come out. That part is not uncommon.
What was a little unusual is the surveillance party was sent home that day. They went back to Russia, so it is a little harder for the Russians to say this was bunch of tourists listening to bird calls and recording them.
What was a little unusual is the surveillance party was sent home that day. They went back to Russia, so it is a little harder for the Russians to say this was bunch of tourists listening to bird calls and recording them.
Fake News Triumph - in Russia
Axios has a story today that is incredible. According to a survey done in Russia, only 15% of Russians think their country interfered with the 2016 elections in the US, though 45% believe Russia does try to interfere with the affairs of other countries. The article says "Domestically, rising prices (69%), corrupt political leaders (59%), the wealth gap (57%) and a lack of jobs (57%) are viewed as Russia's biggest problems." We could sympathize with those views.
Thursday, October 4, 2018
North Korea Hackers
FireEye has a new report out on a group it calls APT 38. This group is based in North Korea and has all the elements of a criminal gang, without being one. FireEye spends some time on separating this group from others operating in North Korea, and they appear to be different. For one thing, these guys are patient: "The group is careful, calculated, and has demonstrated a desire to maintain access to a victim environment for as long as necessary to understand the network layout, required permissions, and system technologies to achieve its goals. On average, we have observed APT38 remain within a victim network for approximately 155 days, with the longest time within a compromised environment believed to be almost two years."
This is about the surveillance of international banking environments, specifically looking for SWIFT transactions which are then used to make fraudulent transactions, then destroying the evidence of the transactions. This is a group that has to be state-sponsored. No group could operate on this scale without government approval. A criminal state with nuclear weapons. Not something any of us would like to see.
This is about the surveillance of international banking environments, specifically looking for SWIFT transactions which are then used to make fraudulent transactions, then destroying the evidence of the transactions. This is a group that has to be state-sponsored. No group could operate on this scale without government approval. A criminal state with nuclear weapons. Not something any of us would like to see.
Hardware Penetration Announced
In what will be a ground-breaking disclosure, Bloomberg is saying today that China managed to get a hardware chip that gave access to servers into servers made in the US. Hardware is very difficult to detect, even when you know where it is, so this case is one of a few that are known. Bloomberg says it has been classified for the past 3 years and not disclosed by our government.
The story, which sounds like a spy drama, says Amazon found a company, Super Micro Computer Inc, which makes server motherboards for others. A third-party firm found trouble: "Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community." This is a typical story that does not identify how the device was found or what prompted them to look for it to begin with. This isn't a routine due-diligence activity that is described in this article.
But, I talked about hardware penetrations in The Chinese Information War, because China has managed to monopolize several Internet components and those components carry a potential for putting devices in at their manufacturing origin. China has done it before. However, this indicates they can not only get hardware devices into their own products, but into components of US manufactured products as well. This is not good for anyone because it is virtually undetectable. Controlling the manufacturing and distribution supply chain is the only way to prevent this kind of thing, and the US can do neither of those things in the short run. It will be a long time before we can do anything about this, but somebody better start now.
Apple and Amazon have both published statements today denying that this penetration affects their services. Apple maintains it identified the problem in 2016 and "severed ties with the company". Bloomberg says they are standing by the story they published, which indicates the threat still exists.
The story, which sounds like a spy drama, says Amazon found a company, Super Micro Computer Inc, which makes server motherboards for others. A third-party firm found trouble: "Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community." This is a typical story that does not identify how the device was found or what prompted them to look for it to begin with. This isn't a routine due-diligence activity that is described in this article.
But, I talked about hardware penetrations in The Chinese Information War, because China has managed to monopolize several Internet components and those components carry a potential for putting devices in at their manufacturing origin. China has done it before. However, this indicates they can not only get hardware devices into their own products, but into components of US manufactured products as well. This is not good for anyone because it is virtually undetectable. Controlling the manufacturing and distribution supply chain is the only way to prevent this kind of thing, and the US can do neither of those things in the short run. It will be a long time before we can do anything about this, but somebody better start now.
Apple and Amazon have both published statements today denying that this penetration affects their services. Apple maintains it identified the problem in 2016 and "severed ties with the company". Bloomberg says they are standing by the story they published, which indicates the threat still exists.
Wednesday, October 3, 2018
Chinese Intelligence Operative Arrested
I have a previous post on the details of this case, but there was new information in the arrest report published by Justice, that seems important enough to mention:
" Ji worked at the direction of a high-level intelligence officer in the Jiangsu Province Ministry of State Security, a provincial department of the Ministry of State Security for the People’s Republic of China, according to a criminal complaint and affidavit filed in U.S. District Court in Chicago. Ji was tasked with providing the intelligence officer with biographical information on eight individuals for possible recruitment by the JSSD, the complaint states. The individuals included Chinese nationals who were working as engineers and scientists in the United States, some of whom were U.S. defense contractors, according to the complaint."
Maybe we have too many Chinese nationals working in the United States. Why would a defense contractor employ one?
" Ji worked at the direction of a high-level intelligence officer in the Jiangsu Province Ministry of State Security, a provincial department of the Ministry of State Security for the People’s Republic of China, according to a criminal complaint and affidavit filed in U.S. District Court in Chicago. Ji was tasked with providing the intelligence officer with biographical information on eight individuals for possible recruitment by the JSSD, the complaint states. The individuals included Chinese nationals who were working as engineers and scientists in the United States, some of whom were U.S. defense contractors, according to the complaint."
Maybe we have too many Chinese nationals working in the United States. Why would a defense contractor employ one?
China's Military Hackers Outed
Somebody, according to today's Wall Street Journal, is finding out who these hackers are and exposing them in public. Whoever is doing it is anonymous, though not necessarily Anonymous the group that was around a few years ago doing mischief. The group goes by the name Intrusion Truth. It is an interesting development since most of these targets are in the Chinese military and supposed to be good at what they do. Even so, the exposure produced Uber records of named individuals going between "...websites used by APT 10 to two other Chinese companies, Tianjin Huaying Haitai Science and Technology Development Co. and Laoying Baichaun Instruments Equipment Co." and a Chinese intelligence service building. How cool is that? I love these guys.
China is supposed to be the most data conscious country in the world, having collected so much information on individuals so it can make scores of social behavior for everyone. They control travel to regions of China, take DNA and biometrics on their people, and record purchases by any means - even retinal scanning some people on those. I would have thought their Uber records would have been well protected, as I imagine they are today.
Whoever Intrusion Truth is, we owe you one. This is an amazingly simple way to slow down hacking by Chinese in some of these industries. It will get harder as time goes on, since the Chinese will change their names and get on with new equipment in different places. But, in the meantime, The cleverness of Intrusion Truth is really top notch, and, by the way, they have pictures of these hackers in case they show up again. Facial recognition software is just so much better than it used to be.
China is supposed to be the most data conscious country in the world, having collected so much information on individuals so it can make scores of social behavior for everyone. They control travel to regions of China, take DNA and biometrics on their people, and record purchases by any means - even retinal scanning some people on those. I would have thought their Uber records would have been well protected, as I imagine they are today.
Whoever Intrusion Truth is, we owe you one. This is an amazingly simple way to slow down hacking by Chinese in some of these industries. It will get harder as time goes on, since the Chinese will change their names and get on with new equipment in different places. But, in the meantime, The cleverness of Intrusion Truth is really top notch, and, by the way, they have pictures of these hackers in case they show up again. Facial recognition software is just so much better than it used to be.
Tuesday, October 2, 2018
China Infiltrates US Universities
In a speech he did at the Citadel, Director of National Intelligence Dan Coats mentioned a couple of areas that focused on the way China has a campaign to shape the view of China in the US. [ skip the first 10 minutes if you watch the video] That effort includes helping political candidates who are favorable to Chinese policy issues, and influencing US Universities. In my second edition of the Chinese Information War, I mentioned some of the local political issues favored by Chinese businesses, and the Chinese use of granted citizenship in the EB-5 program and other visa agreements. The Chinese believe in building their relationships with local politicians who will eventually grow up and be national politicians.
But I had not heard much about Universities, other than the occasional complaint from some of my friends that say there are too many Chinese faculty members at some Universities and they tend to favor other Chinese a little too much. But Politico has a nice piece on what the real complaint is with China - Confucius Institutes, the Chinese government-funded educational institutions that teach Chinese language, culture and history. Over 100 campuses in the US have these places which teach Chinese and some courses on Chinese history, all for free, in effect. Make them an offer they can't refuse. These Institutes are taught by Chinese instructors who know what they are supposed to say by government direction. They obviously know who is enrolled in learning Chinese, and interested in Chinese history and culture. These are perfect vehicles for all kinds of espionage, and an open invitation for trouble with graduate students in sensitive programs and technologies.
When I went to college in the 60's there were Chinese students on our campus, working in places where sensitive work was being performed. I was able to limit some of that when I got into Industrial Security at some of those same universities. The approach is more sophisticated now, and long term relationships that come from Confucius Institutes are just the thing to increase China's influence in our own academic institutions.
But I had not heard much about Universities, other than the occasional complaint from some of my friends that say there are too many Chinese faculty members at some Universities and they tend to favor other Chinese a little too much. But Politico has a nice piece on what the real complaint is with China - Confucius Institutes, the Chinese government-funded educational institutions that teach Chinese language, culture and history. Over 100 campuses in the US have these places which teach Chinese and some courses on Chinese history, all for free, in effect. Make them an offer they can't refuse. These Institutes are taught by Chinese instructors who know what they are supposed to say by government direction. They obviously know who is enrolled in learning Chinese, and interested in Chinese history and culture. These are perfect vehicles for all kinds of espionage, and an open invitation for trouble with graduate students in sensitive programs and technologies.
When I went to college in the 60's there were Chinese students on our campus, working in places where sensitive work was being performed. I was able to limit some of that when I got into Industrial Security at some of those same universities. The approach is more sophisticated now, and long term relationships that come from Confucius Institutes are just the thing to increase China's influence in our own academic institutions.
Monday, October 1, 2018
Iran Hits Syria
Blame Syria has become the biggest thing in the Middle East. Iran, according to the BBC et al has launched missiles while "Iranian state television suggested that the missiles hit an area close to the border town of Albu Kamal where Islamic State militants are known to operate. I don't think this is the same as blaming Syria for the attack on Iran's military parade in Ahvaz.
It reminds me of an incident in 1998 when President Clinton decided to launch 80 cruise missiles at targets in Afghanistan because terrorists tried to blow up two US embassies. It was a gesture with little more than symbolic effect. The Iranians say terrible damage was done to people living in that area, when it is likely they had no way to determine that. Those areas are not controlled by Syria or Iran.
It is good to see someone taking direct action against Iran. I thought it should be done when the Yemenis launched missiles into Saudi Arabia. That was a step too far, using Iranian manufactured missiles to attack the Saudis in a proxy war. The Saudis should have gotten someone to fire missiles back at the Iranians. One thing the Iranians really do not like is reciprocity.
It reminds me of an incident in 1998 when President Clinton decided to launch 80 cruise missiles at targets in Afghanistan because terrorists tried to blow up two US embassies. It was a gesture with little more than symbolic effect. The Iranians say terrible damage was done to people living in that area, when it is likely they had no way to determine that. Those areas are not controlled by Syria or Iran.
It is good to see someone taking direct action against Iran. I thought it should be done when the Yemenis launched missiles into Saudi Arabia. That was a step too far, using Iranian manufactured missiles to attack the Saudis in a proxy war. The Saudis should have gotten someone to fire missiles back at the Iranians. One thing the Iranians really do not like is reciprocity.
Subscribe to:
Posts (Atom)