Huawei, HSBC and Meng Wanzhou

Last week, the Wall Street Journal ran a short story on the financing angle of Huawei, and it sheds some light on how it came to be that Ms Meng was charged in Canada.  According to this article, she made a presentation, later used in court, to HSBC to explain a relationship with SkyCom Tech and Iranian businesses.  Ms Meng had been a board member on SkyCom and said she resigned.  Reuters exposed SkyCom's relationship with Iranian companies in 2013, so HSBC was slow to ask about it.  The article closes with this:  "U.S. authorities now allege Ms. Meng misrepresented the ties to Skycom so that Huawei could keep moving money out of countries subject to U.S. or European sanctions and into the international banking system. They say HSBC and other banks cleared hundreds of millions of dollars of transactions for Huawei that may have violated sanctions, exposing the firms to 'serious harm.'”

Banks are in a bind on this kind of thing because it involves unknown risks.  They are starting to back away from Huawei as a result. 

Russia and UK Nasty War

The Russians and UK have been fighting a good bit after the Russians decided to assassinate a former spy on UK territory.  This latest round had 44 reporters in Russia listed with their pictures on various public websites a week after the Russians claimed they were opening an investigation of BBC for violating "fairness standards".  If the Russians have fairness standards that would be news to a lot of people. 

The current tit-for-tat was started after the UK cited RT, that scrupulously unbiased Russian news agency, was cited for biased reporting on the link between Russia and the Novichok poisoning.  Terresa May had already made it clear that the Russians were behind that attempt and she did not like it very much.  But, with their usual tact, the Russians are going to escalate this already bad situation by making it worse.  You have to love these guys. 

Huawei Says Its Equipment is Safe

In the UK, there is a nagging doubt about whether the software  being lab tested is the same as the software Huawei runs in production.  Huawei says it's stuff is safe to use, which is kind of like the witch telling Snow White the apple was OK to eat.  Even children know there is something wrong, but they may not see the consequences. 

Software is hard enough to comb through without knowing what you might be looking for.  Hardware or firmware are even worse.  Huawei can say it is safe and it is just like Super Micro saying their hardware is OK to use.  They had a third party vendor test it after claims by Bloomberg that they were working on a problem with their supply chain.  "No problems here" does not work very well with this kind of penetration. 

China is willing to modify hardware and software for its domestic production, but confuses its domestic products with foreign goods shipped out.  They have stolen so much software that it is very difficult to tell one modified product from a legitimate vendor's wares.  Once stolen it can be modified and resold (or given away to the right people) and it will be next to impossible to tell the difference.  If that was all they did, we could live with the piracy, but those modifications are doing more than that. 

Falling Out of Favor in China

Falling out of favor in China is not like falling out of favor in some other countries.  The Deputy Chief of the Ministry for State Security, Ma Jian,  is now out of favor and in jail.  He is supposed to have done insider trading and bribery which are easy charges to bring in a country that still thrives on "facilitation payments" that are just bribes by a different name.  Anyone can be convicted, just about any time the mood strikes. 

It seems like the Deputy did not insulate himself from this kind of treatment by storing away some intelligence of his own on the business dealings of his friends at the top.  There was certainly enough to be had on all of them.  It is like insurance.  You will be sorry you had none if the tsunami hits, but that usually happens to somebody else. 

Press Reciprocity with China

There was a good piece in the Wall Street Journal before Christmas that told an interesting, and well documented, story about how China controls the press in China but the US does not control theirs.  We know it, of course, but this story is well told.  Foreign journalists are harassed, manipulated, restricted, and boxed in over the most trivial of subjects, while the US allows Chinese journalists to operate almost as if they were US journalists.  The point was there is no reciprocity with treatment of journalists by China. 

China is not exactly a beat I would want.  They only want good news coming out and they will take all accounts into their country.  They use elaborate technical means to harass media outlets, filter their results in search engines, sabotage the content of websites, misdirect readers to other servers.  This is the Great Cannon turned loose on the press of the world.  But the one thing this article has missed is the ability and willingness of China to influence the content of media that is not directed at China. 

The Chinese are influencing press reports, media stories, and independent publications that are contrary to their own opinions.  That is what concerned me about Google's foray into the browser filtering business in China.  They are not content to limit access to their own country's citizens;  they want to limit access to the world.  That was their first disagreement with Google, when the Chinese wanted Google to limit access to everyone, not just Chinese citizens.  That was the old Google and the results were predictable.  We might wonder how that same argument might turn out today. 

We get a lot of news via social media.  Outside of China, there is not much filtering of news.  But inside China there is one additional step that helps their censorship - China stole the social media platforms and used that software to filter content.  The engine becomes the vehicle for censorship, much like the project Google said it was working on for China.  So, we can pretend that it is just an issue of reciprocity for the press, but there is much more to it than that.  Even with the same treatment of journalists, China would still be far ahead in the dissemination of news because they control the medium. 

Who Colluded with China and Iran?

Russia, China and Iran tried to influence the US election in 2016.  The comment was made by the Director of National Intelligence last week, and was hardly news to anyone that follows this kind of thing.  However, the whole thrust of the investigation into the goings-on during the election center around Russian involvement, with the Mueller probe being tasked to investigate collusion between Russia and the Trump campaign.  You can see why the President sees this as a "witch hunt" when it is not a very broad or deep investigation of anything related to collusion with Russia, and Russia was not the only country involved. 

So, we might ask ourselves who was colluding with China and Iran?  Maybe there was no more collusion there than with the Russians, or maybe there was.  Either way, we don't seem to be investigating that at all.  The Chinese were involved with several local campaigns for office contributing money and getting caught at it.  Terry McAulliffe, Virginia's own governor at the time was up to his neck in Chinese money, and he wasn't the only one.

Charging Chinese is Curious

Well, the Justice Department a couple of weeks ago said it would name Chinese spying on US industries and government offices.  They finally did.  They named two - out of the thousands that are hacking - so I hope the Justice Department doesn't feel good about what it did. The Chinese response was  “With Washington favoring a confrontational approach aimed at maintaining its hegemony rather than a cooperative one for the common good, Beijing will have to be prepared to stand its ground and respond as necessary to safeguard its core interests.” Reuters carries a story that describes a more detailed response by China. 

The Wall Street Journal, among other press outlets, says the Chinese were burrowing into the networks of service providers IBM and HP Enterprise, using those penetrations to get to their clients.  That part isn't new since hackers used maintenance accounts to get into businesses for many years.  That is what remote maintenance gets you.  The charges  brought comment from IBM that they had no evidence that any customer information was stolen.  You can bet the FBI does,and you can bet IBM knows it.  They couldn't name these individuals unless they had the grounds to go to court, so you can be sure there is a mountain of evidence of what they were doing.  The clients of both companies are probably asking how such a thing could happen when both promise security in their offerings.

What this points to is the depth of China's effort to steal and use technology to better themselves.  They believe that if we don't protect our information, we deserve to lose it.  They are partially right about that part.  Charging these two is a small drop in the bucket of hacking, and probably not the best way to disrupt the Chinese operations.  It is like the Chinese charging someone from the FBI for spying on their diplomats who are hacking.  The FBI could care less if they do.  The Chinese will not care much about this case either.  It causes them no pain.  For that reason alone, it is curious.

Retaliate Against China

I used to have a lot of dealings with the government of Canada and they don't deserve what they are getting from the Chinese.  Two stories today, one from NPR and one from the Wall Street Journal help to better understand why China is detaining Canadians as a way of retaliation against Canada for holding a Huawei official who probably deserved holding.  Canada honored a reciprocal agreement with the US on this and China, who rarely cooperates with anyone on warrants, cannot understand why.  That part is long over and China has gone beyond the original case.  When retaliation comes, there should be some response. 

If it were me, every time a Canadian national was detained during this little crisis, I would return one Chinese diplomat to China.  Give instructions that when the Canadian is released, the diplomat can return.  Pick the spies first - they know which ones are spies - so there is a real gaming outcome. 

The Chinese are outlaws when it comes to international justice standards of conduct.  They steal technology, take over territories that are not theirs, use their business entities to spy (which is what started all this) give intelligence collected by their services and military to their businesses to better compete,  thumb their noses at the WTO and trade agreements with anyone.  Yet, we continue to play by the rules when we respond.  The Canadians are cool and calm on the outside, but I have been in meetings with them when they told us what was going on on their insides.  Watch out China. 

Turkey Awash in Anti-Air

It seems that the Russians and Americans both want to sell Turkey anti-air weapons.  The Russians remain on target to deliver the S-400 which is a well-respected weapon that not just Turkey is buying.  The US has finally gotten around to authorizing the $3.5 billion sale of the Patriot to Turkey.  The argument for the Patriot is that it is more compatible with NATO weaponry, not that it is technically superior.  Turkey passed on the Patriot twice before though that may be as much because they couldn't be assured of getting the Patriot, or the version they wanted. 

So, we have to wonder why Turkey needs this amount of anti-air and missile capability.  They certainly don't need S-400s and Patriots too.  The amount of equipment they are buying with the Patriot could make Turkey safe from what?  Are they expecting an attack from Syria? Jordan? The Kurds have no aircraft and not much defense against air attack.  So, who is Turkey worried about? 

How Good is Propaganda?

In the previous post today, discussing the social media under-reporting of Russian involvement in the 2016 US election, there was a reference to a New York Times article on the images and messages the Russians used.  I had forgotten about it, but it is nice to look at it in context. 

Years ago, I had worked on some research in the use of computer images to influence users for advertising or persuasion, and this article reminded me of the outcome of some of that research.  The messages were interesting to a lot of users, but many of them did not motivate them to actually do what was intended.  They looked at them, but didn't take any action as a result.  Sometimes, we take the numbers of views as the amount of action taken by the viewers when that may not be a good caparison.  Sometimes, images and messages can get a person who was predisposed to doing something to actually do it, but many more times it does not work. 

I went back to an article I saw earlier this year on getting views on Google. and it made more sense in this context.  It is possible to drive views using various techniques but it is not as easy to get action from those views.  Back in college I wanted to be a Marketing person (for my undergraduate years) where messaging really matters.  You have to get people to buy your product, not just enjoy the commercial.  Yet, most people cannot even remember the name of the product when the commercial is over.  They really don't care if you drink that beer, but they do care that you buy it.  I think the Russians are doing the same thing with the idea that their campaign is successful if lots of people view their images and messages. 

A lot of that comes from thinking the American public are a bunch of ignorant yokels.  Hillary Clinton called a bunch of them "deplorables"  and suffered for it.  If you look at the images and messages in the New York Times article, you find very little action being proposed.  In only a few of these cases was there any demonstrations or money raising campaigns that came from anything the Russians did.  The Democrats in this country seem to believe the Russians helped throw the election to President Trump, but if you look at those messaging techniques, it seems unlikely that they produced any outcome like that. 

Russian Interference in US Election

There is quite a bit of coverage of a report given to the Senate Intelligence Committee by a company called New Knowledge.  Their report , which is really a white paper, does not highlight the data most often quoted i.e. this one small part:

"None of the platforms (Twitter, Facebook, and Alphabet) appears to have turned over complete sets of related data to SSCI. Some of what was turned over was in PDF form; other data sets contained extensive duplicates. Each lacked core components that would have provided a fuller and more actionable picture. For example:

-The platforms didn’t include methodology for identifying the accounts; we are assuming the provenance and attribution is sound for the purposes of this analysis.

-They didn’t include anonymized user comments, eliminating a key path to gauge impact.

-They didn’t include any conversion pathway data to elucidate how individuals came to follow the accounts, eliminating another key path to gauge impact.

-There was minimal metadata."

This is not exactly news, since it has been around for over a year, and may be the reason New Knowledge did not emphasize it more.  What is different is the breadth and depth of the new information.  New Knowledge had access to other relevant data from other than the main social media platforms (e.g. Tumblr and others) that showed the wide swath of areas the Russians were influencing and the numbers of messages and images they managed to disseminate.  It is a bigger story than what the social media may have withheld.

I have said all along that the social media giants were under reporting and misreporting the Russian effort by looking for accounts paid for in rubles or with IPs in Russia.  Anybody who knows this kind of work would know that was not going to disclose the scope of the effort.

Navy Admits Contractors were Hacked

Well, we have an admission by the Navy that says some of its contractors were hacked and whoever hacked them got classified information.  I would like to believe that was not true because I spent so many years doing Industrial Security in some of those same facilities. 

First, for a better understanding of what Industrial Security is see Protecting Classified Information in Industry. Getting classified information from these small contractors (I really doubt that they were small) should never be able to happen.  The systems have to be approved by the government and managed by rules that should be sufficient to keep classified information out of the hands of the Chinese. 

Years ago, the Chinese were said to be working on air gaps (I think it was Ars Technica that carried the article), and at the time most of the press that covered it had no idea why they were trying to develop ways to get past systems that were not connected to the Internet.  My guess is they have perfected those techniques and the Defense Security Service which does this kind of security, has not done much about it. They need to get their act together.  Encryption of classified systems is surely required if this has been happening. 

France Looks for Russians Influence in Yellow Vest

France is smart to look into the kinds of influence campaign the Russians are running all around them, because it most likely will be in France as well.  Let's face it, the Russians have not left very many stones unturned in Europe or the US.  They are spending relatively small amounts of money and getting a nice gain in disruption of other country's politics.  What they sow is instability and doubt about political institutions.  I hope the French find what they are looking for because it is undoubtedly there.  The Russians deny doing anything of the sort, but the difference is now that few countries believe them and will hold them responsible even if they didn't.  This is the kind of campaign that makes people suspicious their political leaders, when they should be suspicious of the Russians. 

Turkey Steps into Dark Territory

Turkey said it is about to go into the area east of the Euphrates river in Syria and try to run the Kurds out of that land.  Typical of the way the Turks have been doing press releases, it appears in almost any news outlet that will publish the story, so there is no end of interpretation about this move.  Russia is happy to have Turkey help them out there.

To see where this is and how it affects the local people, the New York Times ran a good piece in August that has maps and good photos.  Their slant was the Kurds are still there because they have US help in removing ISIS. 

In the past, countries have used the Kurds as fighters  and then abandoned them to their enemies.  They want their own territory and they have it now so they don't want to give it up.  They just don't have the firepower to stay there without help. 

Turkey went into the northern areas a few months ago and they made many families move after they got in.  The Kurds are not going to be able to fight Turkey alone, and the US is not going to start a war with Turkey over some fighters in Syria.  So, Turkey will end up taking some of that territory, and making many enemies of the Kurds.  That will become a self-fulfilling prophecy.  Turkey sees these groups as terrorists.  If they are driven out of their territory, they will have few options to make a homeland for themselves.  They will fight. 

Super Micro Claims No Hardware Modified

In a story carried by multiple news outlets Super Micro said it had some production versions of its servers examined by a third party vendor which proclaimed that there was no hardware added to the motherboard.  Of course, that is what everyone expected, so it would not come as a surprise.  You remember that Bloomberg reported twice some stories that suggested China's intelligence services had planted something in the servers, widely used by some big cloud companies.  None of them wanted to hear that their servers had been compromised, especially by the Chinese.

We will never know the truth of any of this, either Bloomberg's version or the vendors affected and Super Micro.  Neither have we seen a lawsuit against Bloomberg.  That should say a lot.  None of these vendors want to go into court with any possibility of "reasonable doubt" coming out at trial.  I think all of them are wrong. 

First of all, this should never have gotten to Bloomberg to make a story.  It would have been very sensitive information and known only to a hand-full of people anywhere.  Second, there are secrets that are made to be kept, something both business and government know.  The companies involved should have said nothing and the story would have gone away.  Instead, they went to the trouble of making public comments on it and suggesting Bloomberg withdraw the story.  Bloomberg stuck to its guns and published more.  That doesn't sound like an unfounded story. 

Let's assume instead that the story Bloomberg published was accurate and somebody really did think Super Micro's hardware was compromised by having additional chips inserted in it.  It isn't something a vendor could do much about.  It would be hard to detect.  All the truth would show is that we have something nobody wants in those computers and we can't really do anything about it until those servers are replaced.  This is a major supply chain problem that won't go away because so much network equipment is made in China and China is not shy about putting software and hardware monitors in equipment used in China.  They may have learned from that how effective that can be for other purposes. 

The solution is to make equipment somewhere other than China, seal the hardware and use US components for maintenance.  If the Chinese really did what they are accused of, we are not going to get out of it very soon.  In the meantime do something to stop them from exploiting the device they put into the motherboards - if they did that.  If not, sue Bloomberg.   

Are Those Tennis Shoes Made In Vietnam?

The answer is - sort of, but yes.

So, I was sitting in a business office today talking to a Vietnamese woman who asked me what I did. I told her I wrote books, some on China, and she went completely out of character for a few minutes about how the Chinese were “buying up her country” and taking jobs that rightly belonged to her family. There were “economic zones up and down the coast” made possible by the “greasing of palms” of a few high level officials in the capital. She said if you look at the map it is mostly red along the coastal areas and Vietnamese were not even allowed to go into those areas. She said the Chinese came and went as they wished and did not require a passports to get in. She was really hot about this.

A little Internet examination showed exactly what she was talking about, and made me think about those Vietnamese tennis shoes I bought. They might well have been made in a place where there were no Vietnamese at all, and the trade deficit might be worse than we think.

It seems that more than this woman are upset.  Over 100 protesters were arrested over this same thing in June of this year.  China registered a complaint with Vietnam, pointing no doubt at those palms that were greased.  We paid you, now take care of this.  People don't protest in Vietnam very often so they must have been equally upset by this.

The press has little to no coverage of the China methodology of starting economic zones in other countries, then populating them with Chinese who get to use them so they can call their steel and trade goods "Made in...."  where ever.  Very cute, but China is not the only ones doing it.  Mexico has managed to put together trade agreements for a substantial part of Latin America - where China is rapidly making inroads.  Mexico also held Chinese aluminum for transhipment as Mexican origin aluminum.  The US actually considered rewriting NAFTA way before this administration got around to doing it, mostly because Mexico was using these zones to work around it.  Is anyone playing by the rules in trade, or are there no rules?

Chinese Hackers About to be Named

The Justice Department is apparently not involved in the trade negotiations with China and has arrested the CFO of Huawei, a less than delicate move that seems to work to reverse progress.  This is not really related to trade per se, but there is going to be more if we can believe the Wall Street Journal yesterday.  This is part of a series of very serious break-ins by APT 10, FireEye says.  "They have historically targeted construction and engineering, aerospace, and telecom firms, and governments in the United States, Europe, and Japan. We believe that the targeting of these industries has been in support of Chinese national security goals, including acquiring valuable military and intelligence information as well as the theft of confidential business data to support Chinese corporations. PwC and BAE recently issued a joint blog detailing extensive APT10 activity."

The WSJ article says there is no relationship between Huawei and this case, but they are missing the whole concept of Chinese intelligence collection to say that.  There is no direct relationship.  The Chinese are using infrastructure equipment to collect and route that traffic back to China.  They won't have to hack directly to do that.  They can pull that traffic in and analyze it afterwords without the subject knowing they have been hacked.  They have lower exposure to getting caught. 

Over the past several months there has been quite a bit of reporting on various aspects of Chinese activities.  That finally has led to bringing actual charges against named individuals.  We shall see if the two cases are really not related when the evidence starts to be presented.  That is why you usually don't prosecute cases like this in court.  It exposes too much of the sources and methods involved in exposing the people being prosecuted.  It makes no sense.  It benefits the Chinese more than the US. 

Google + going away sooner

It seems Google + will be going away four months sooner than expected.  Any day now, the feed from Blogger will cease.  For this blog see https://dennispoindexter.blogspot.com/

Russian Fertile Ground

The Russians have been accused of messing with Brexit, undermining the regime of Angela Merkel, helping the trouble-makers (who we don't know) in France, and trying to influence various factions in the United States.  Their Information Warfare campaigns are popular and working better than we may be aware.  Look around.  Brexit is getting worse;  Merkel is losing out in her own country;  France is having another go around with the yellow vests;  the US is still working on impeaching a President and love talking about it whether there is anything to impeach him on or not. 

If we think the Russians have stopped, we are undoubtedly wrong.  Looking for signs of Russian involvement in these issues is well worth the time of our politicians - who seem to be concentrating on hacking each other to death than dealing the the Russian interference.  It is stupid.  The Intelligence Services of these respective countries need to concentrate more on getting the disinformation portion of these activities stopped. 

The New Huawei Story

Jay Greene in the Wall Street Journal has a story on the new Huawei story, only slightly different from the first one.  It seems to be related to the relationship between Huawei and a lone company Skycom Tech is at issue.  Did they own it or not?  Before you read the rest of this, read this analysis of how to set up a front company to sell to Iran published in 2016. 

SkyCom Tech operated in Iran (there are a lot of companies with SkyCom or some variation in their names) and Huawei claims Skycom Tech was not owned by them.  This is a question of fact which should be easy to prove one way or another.  Except as the diagram in the article from 2016 shows, the lineage of a front company is constructed to not identify the beneficial owner of the company.  Remember that the instructions ZTE used to avoid getting caught by US authorities was used by more than one Chinese company, and Huawei was widely reported as being one of them.  I suspect there will be many instances shown in court that can identify the owner of the company.  Juries are not as stupid as many attorneys think.

Also, the case with Iran is enough to charge a Huawei official but, the documents show there were sales by ZTE and another company to  Iran, Sudan, North Korea, Syria and Cuba all of which have some sanctions.  This will only be the beginning.  Tracing this kind of activity is slow, tedious work but it looks like it has finally found some things that will be good enough in court. 

Huawei's Sanction Violations with Iran

Well, it has certainly taken a long time for the Justice Department to catch up with Huawei.  You will remember that the Iran sanctions violations were first discovered in 2016.  In that case, ZTE directions for avoiding US sanctions were published along with the sanctions.   I had more information on this in my last book.

For reasons we will never know, the Trump Administration let ZTE off the hook because  "too many Chinese jobs would be lost", an interesting reason if I ever heard one. ZTE has long settled on that case, but there was more than one company involved and the Obama Administration never named the second one.  It was always thought to be Huawei. 

Now there is something going on.  As described in the Wall Street Journal, the CFO of Huawei has been arrested in Canada on a request from the USA.  It appears Iran had  business deals that used Iranian employees to cover some of the movements.  ZTE had similar business dealings that led to their sanctions.  It takes forever to get the Justice Department involved, but once they do there is enough there to get the case to court.  This will be high drama because of the front companies, slight of hand, and financial deals that cloud this whole thing.  But, it will be fun to watch.

Today, there seems to be a lot of concern over the effect of this arrest in the midst of trade negotiations.  I doubt that it will be any impact.  Law Enforcement has to arrest a person when they can reasonably believe that person will be available for extradition, generally true with Canada.  Had she been in Moscow, it probably wouldn't have happened.  It took weeks for the Administration to decide ZTE would be hurt (Xi would be hurt by this because he was tied closely to ZTE) and let them go.  This will work out the same. 

Boeing Needs FOCI Lessons

The story in the Wall Street Journal today describes how the Chinese are buying into space technology in ways that are supposed to be prohibited.  They are using financing of space programs like satellites to get into these most sensitive of activities going on in our national security. 

The whole area is called Foreign Ownership Control and Influence (FOCI) and Boeing knows what that is and how it applies to this kind of situation.  The Industrial Security people in government should be all over this and should have known about it before it got this far.  They are relying on self-reporting and they need to do research instead. 

Justice for EB-5 Program

The Wall Street Journal today has a story on the slow loss of interest by Chinese, who were the major beneficiaries of this program to grant legal immigration status to people who put money into US programs.  It had a good intent, but quickly became a boondoggle for a large group of people who were buying their residency at the expense of all the others who couldn't afford it.  They can then use their status to sponsor others to come to the US. 

Now Congress is about to limit this largess and crack down on some of the abusers, mostly in New York, California and Texas.  The Chinese are not very interested since it is taking a long time (up to 14 years) to get a US visa.  Applications went from 4000+ to 617 this year.  Good.  This is selling legal status to the rich and must have made people in other countries wonder what we were doing. 

Facial Recognition and Privacy

I always have trouble with the Privacy advocates when they start trying to protect something that is public.  More so than fingerprints, facial features are shown anytime we step outside the door.  Apple captures them to open a door to their iPhones.  How can it be that privacy applies to something that is part of our physical makeup?

You can, as the paparazzi do all the time, take pictures of the most intimate moments of a superstar's life because those images belong to the collector of them.  If someone comes along while I stand outside of a political meeting of my friends takes a picture of us, that picture does not belong to me.  It does make me uncomfortable, because it feels like I'm being spied upon.  Those people can buy facial recognition software and do their own identification, just like the Chinese do almost everywhere you walk there, when you buy something expensive, or when you go a train to someplace you aren't supposed to go. It isn't facial recognition that is the problem with privacy, it is the use of that technology to do things other than identify a person. 

No Evidence of Election Fraud in the US

In case you have heard that there is no evidence of election fraud in the US, you can read about this case in Philadelphia where some people were indicted for just that.  It sounds like a script from a TV series and not an actual case against the real world. 

The real crime here is in dragging this out for six years since the event actually occurred.  The Justice Department works slow, but this is even slower than its normal pace.  The payoffs occurred in 2012. 

UK Warns Russia on Interference

In what is a direct comment from the head of MI-6 in the UK, which itself is unusual, Director Alex Younger made some pointed remarks about the things Russia is doing in the UK, and says they will make Russia pay for its activities.  Of course, he focuses on the GRU which managed to stir up enough conflict for the next 50 years by botching, both operationally and politically, the relationship between the UK and Russia.  Younger calls this “perpetual confrontation”, which eventually will work against Russia. 

But, he also mentions cyber attacks and misinformation campaigns, saying very little about either one.  The UK formally said Russia was responsible for Petya/NotPetya attacks which caused considerable damage and only happened after the UK blamed Russia for the attack in Salisbury.  We already know about the Russian campaign to influence Brexit.  They believe they can act with impunity.  We shall see whether that approach is the correct one. 

Iran's Bad Behavior

Reuters has a well publicized report on Iran's disinformation campaign which was researched by the news agency.  It is interesting because it is not just a report by government agencies somewhere.  They actually did research and found sites distributing the material.  As the report says, "The sites found by Reuters are visited by more than half a million people a month, and have been promoted by social media accounts with more than a million followers."

The proof of Iran's involvement is a little thin, but summarized this way:  "But all the sites are linked to Iran in one of two ways. Some carry stories, video and cartoons supplied by an online agency called the International Union of Virtual Media (IUVM), which says on its website it is headquartered in Tehran. "  They couldn't find this place, which points to that being a front.  They have a chart that shows the destination for this propaganda and it tells us more than the rest of the article, and traced some of the information about the sites.

From their description, this is obviously well financed by somebody.  It sounds like the Russian interference in different countries of the world, but since a number of countries are doing this now, it is more difficult to find the originator.  It could be Iran.

Good for Reuters.  They tried to do this on their own and the story is good ink.

  https://dennispoindexter.blogspot.com/

To Tell or Not to Tell

ZDNet had a good article today on the GCHQ in England admitting they don't always tell the vendors of equipment what the flaws are in their IT.   This would be nothing much but GCHQ is an intelligence organization and it uses the term "equities" in describing the national interest involved in whether to tell or not. If the equities do not rank high enough for reporting, they won't report it.

When I first started in IT, I used to be outraged if the government failed to correct deficiencies in software that we discovered.  There were so many, we could hardly keep up.  It was rare that anyone said anything about the non-reporting of these flaws because we really had no reason to know unless someone told us.  That is the way it should be.  We reported them, so we  did our job.

When I worked for the U.S. Senate a person explained why the intelligence guys did not report everything and I felt stupid.  It wasn't really their job.  Intelligence agencies are supposed to collect and analyze intelligence collected by a number of different means.  We don't need to know those means and they have no obligation to tell us.  The more they report, the harder it is to do their job.  I didn't like that explanation, but grew to understand it as true.  It just took awhile.

I'm always suspicious of press people who do stories on things that hurt their own country.  The Russians seem to get a lot out of their relations with the press by working them around to questions that give answers to things they want to know about and want to publicize.  We should be smart enough to not answer those questions, no matter who asks them.  I'm a little disappointed in GCHQ on this one.  No comment would have worked better.

  https://dennispoindexter.blogspot.com/

Missile Defense for Saudi Territory

In a Reuters story yesterday we find out what one of the "military purchases" was that the President of the US was talking about in establishing his continued support for Saudi Arabia after the killing of a critic in Turkey.    One of those things was the same high altitude interceptor (THAAD) that China found objectionable in South Korea.  The Chinese object to THAAD because they know it works, not because of those radars they claim looked into their territory.  That was absurd.

Now we have something even better.  The Saudis will have a high altitude interceptor for any missiles coming their way from Iran, giving them a strategic long-range defense.  They already have short-range missiles that work pretty well against the missiles being fired at them from Yemen, and they are getting more experience with that as time goes on.  In the last couple of days, the Houthi's have managed to violate their cease fire by firing some more missile into Saudi territory.  We should not forget that those missiles are coming from Iran.

No Indictments in the Obama Administration?

I was kind of wondering how President Obama thought he had gone though all those years in the White House "without anyone being indicted" when he seems to have forgotten one of his National Security Advisers, General James Cartwright.  He was famous for being the one who described many of the cyber operations of the Obama Administration to the New York Times, including such famous ones at Stuxnet, the computer worm that attacked Iran's centrifuges.  He was not only charged, he was convicted.  But, because the President pardoned him, he never had to serve any time in jail.  The real crime may have been in letting him hang for something he didn't do.  It ruined his career when the real culprit got off. 

 His defense attorneys said just that in a written letter to the court.  They said he went to the New York Times to try to stop publication of the stories they were about to publish.  The New York Times isn't going to tell who really did it, and the White House covered that part up at the time it occurred.  Like others in the past who have taken responsibility for something they didn't do, the General took the blame for somebody higher up.  There were not too many people higher up than he was.

Synthetic You

Yes, I'm concerned about the ability of technology to recreate my voice and image described in my previous posts as possible ways to make it look like I said something I never said.  But, now comes something else - AI generated fingerprints.  So, somebody can now generate my voice, image my face onto someone else's face in a video, and generate fingerprints that "prove" I was there.  All those security devices use fingerprints to get in and mine was used to get into the place I never was.  We better be ready for this kind of thing and be able to find generated fakes on line.

  https://dennispoindexter.blogspot.com/

Iranians and SamSam Ransomware

Interesting the way two different outlets covered the story of the two Iranians indicted by the US Justice Department.  The Hill covered the story as a case of ransomware, focusing on the common element that the thieves used TOR to hide their communications both with their victims and their internal network being operated from Iran.  The Wall Street Journal covered the same story but with the emphasis on the use of Bitcoin to launder the money into hard currency. The Journal emphasizes these two points:

"Treasury’s action marks the first time the U.S. has used digital-currency addresses to identify sanctioned targets.

It also marks a new step by the U.S. to impose regulatory requirements on digital-currency exchanges that can be used to mask illicit activity." 

I think the Journal has the right points here.  Treasury reporting of transactions has not gone well with digital currencies, partly because enforcement is harder when the controls are not put on by the currency owners.  There is no doubt that blockchain gives them the ability to know to whom, and where the transactions were made, but they aren't using it in the way they are required.  It is still the wild west in digital currencies. 

Putin, Xi and the Testing of Trump

The leaders of Russia and China are testing the resolve of the US President in almost exactly the same way, one in Crimea and the other in the South China Sea.  Russia has become the "go to" country now that North Korea has stopped testing and launching missiles.  This is a dual test of the ability of other countries to seize territory that does not belong to them (by international law) and enforce their domain over that territory.  For the Russians this is the strategy of forcing confrontation with the Ukraine (see the Wall Street Journal editorial on this in today's paper) while the EU is weakened by the problems in France and Germany. 

At the same time, China continues its militarization of the South China Sea, which they said they would never do.  This strategy of denial-of-area has been working pretty well.  Slowly strangle the ability of military forces to get into an area that needs to be controlled.  They choke off Taiwan, manipulate the countries around the SCS, build up their islands and threaten any aircraft or ship that comes in.  Use a combination of economic, diplomatic and military power to deny the space. 

The Russians have discovered this strategy actually works, but given their less than subtle nature, have crudely implemented it in the Black Sea.  They took Crimea with more care than they show in the Kerch Straits.  You can see the video of this confrontation in several places like this one, https://www.wsj.com/video/russia-fires-on-ukrainian-military-vessels-near-crimea/583408DC-2048-4074-8571-6C86DE21BC93.html  It clearly shows which country is using the force and which one is not.  They are cutting the Black Sea off from the Sea of Azov which is north of the Kerch Straits. 

In my most current version of the Chinese Information War (McFarland), I said this is war by another name, "annexation".  It is armed confrontation, supplemented with economic and political warfare. 

Russia Picks Up the Pace in Ukraine

The Russians never give up, agreement or not, and have captured three little boats from the Ukraine.  The story appears in several news outlets.  They want to choke off the Ukraine and continue to support rebels in the south of the country. 

We can clearly see the progress on the bridge to Russia from the video.  That has to be one of the most expensive bridges ever built.   The Kerch Strait links the Black Sea and the Sea of Azov and the Russians wanted to be able to get supplies into Crimea which they liberated from the Ukraine.  The Ukrainians were not helping them out very much, of course.  Hitler thought this path was the way to Moscow, and it may turn out to be the path from Moscow to the Ukraine and west. 

The Russians are using the Chinese trick of claiming territorial waters they control but don't own.  This is why we have freedom of navigation agreements in the UN, which neither of the two countries follow.  The Russians now say these little ships were intentionally sent to upset them (which it did) and the Ukrainians say they were doing nothing wrong by sailing there (probably right).  They can claim innocent passage, but the Russians are trying to undo that claim with their approach.  Now the Ukraine wants more sanctions on Russia.  Good luck with that. 

Report on Pegasus

I like the work Citizen Lab does and this one is particularly good.  An Israeli company, NSO Group, selling software around the world that allows any country to monitor its citizens.  Forbes has good summary of what NSO does.

The Citizen Lab article tells how Pegasus works, and where they found evidence of it being used.  It wasn't the Russia, China, usual bad guys scenario.  For those unfamiliar with the range of capabilities of these spying tools, it is well worth the read.  They are very broad-based tools and monitor almost everything the target does.

The graphic in the Executive Summary comes from Wikileaks and was internal email of NSO.  I don't approve of using it, but it was a nice summary of the capabilities of the software.

Interest in Huawei Picks Up

The Wall Street Journal had an article yesterday about the damage done to Huawei by a recent push on encouraging allies to buy their infrastructure hardware from another company - probably not ZTE.

Apparently, this effort has had some success and people are starting to buy their products from Nokia or Ericsson.  This means more as more people are starting to understand the connections between Huawei and the Chinese Intelligence Services.  We can remember that David Sanger at the New York Times said in 2014 that the National Security Agency went further than just guessing whether Huawei was actually doing this kind of thing.  It is not a great leap to suggest that is still going on.

President Rodrigo Duterte Plays Dangerous Game

Trying to play off China and the United States by pretending to  cooperate with both is a game a lot of dictators played in the Cold War.  A few of them ended up dead, since major powers of the world have little tolerance for this game, but others are allowed to get away with it for long periods of time.  Duterte has been playing it a little too long for his own good. 

The Wall Street Journal has a piece today on what is happening between him and Xi Jinping currently.  It seems they have forgotten all that money that China put into Duterte's home town and have moved on to joint oil exploration which has not made as much money as outright bribery has so far.  Duterte may not be as stupid as China is making him out to be.  He is dragging his feet on the joint exploration, knowing that the "joint" may not outlast his lifetime.  The Chinese can claim anything in the South China Sea and nothing the Philippines does can stop it.  That makes joint exploration a little risky for him.  He seems to be aware of that.  Smart man. 

US Asks Allies to Avoid Huawei

An article in the Wall Street Journal today says the US has asked allies to avoid Huawei network equipment (see posts on Huawei, below)  We forget sometimes that the New York Times, during the Obama Era used to publish articles on Huawei that told how we know what we know about Huawei.  The most important is shown in my post. 

We are not guessing about Huawei, or suggesting it might be possible for them to be up to something.  Somebody knows. 


  https://www.blogger.com/blogger.g?blogID=9033304048882784982#editor/target=post;postID=4973487867146460885;onPublishedMenu=allposts;onClosedMenu=allposts;postNum=1;src=postname)--  https://www.blogger.com/blogger.g?

blogID=9033304048882784982#editor/target=post;postID=2946223615135807263;onPublishedMenu=allposts;onClosedMenu=allposts;postNum=2;src=postname

https://www.blogger.com/blogger.g?blogID=9033304048882784982#editor/target=post;postID=405764598116949510;onPublishedMenu=allposts;onClosedMenu=allposts;postNum=3;src=postname

INTERPOL, Da

For a little while today as the Wall Street Journal has added, we thought we were going to have a Russian nominated to head up Interpol.  This is after a Chinese person was the last person out and he is under arrest in China.  I have never liked Interpol much, though they do have some coordination benefits.  They do issue warrants against a lot of people and ignore many of them knowing where and why they were issued.  I can't imagine a Russian official being in charge, especially the way Russia is toward its internal and distant enemies.  In the Ukraine they criminalized every official that did not agree with them and tried to get him/her arrested.  That didn't work because Interpol didn't honor those warrants.  They were good in Russia and any cooperating country.  That's all. 

Well, it didn't happen after a 12 hour panic period.  No Russians or Chinese. 

China's Stand on Unfair Trade Practices

Most of the news outlets reported that China and the US did not agree on a a statement for Summit of the Asia-Pacific Economic Cooperation (APEC).  CNN say this about the line in question:  The official said the most "problematic" line for the Chinese was: "We agree to fight protectionism including all unfair trade practices."  That could point to some very difficult areas of trade because one would think every country would agree with that statement.  China, of course, thought it was directed towards them, which it was. 

CNN also aptly points out that "China's Global Times, a state-sanctioned tabloid that often promotes hawkish viewpoints, released an editorial Monday stating that it was "not a big deal" that the APEC summit ended without a joint communique for the first time in a quarter of a century."  Perhaps the Chinese view of history is less in tune with other countries, but this is a big deal.  They want to stand on principle even when the principle is difficult to define, and clearly a moving target.  They are playing a game of chicken and they want to play that game out and see if they win or lose. 

Good Read

Wired Magazine. November 2018
The Asset, Garrett M Graff
How the Chinese steal, then accuse others of doing the same thing - whether they did or not.

I recommend reading this article which is long but well done.  It is mostly about collecting intelligence and trade secrets used in military technologies, and some dual use commercial products.  It fits exactly the scenario we have seen so often in the past few years.

You will remember the military members charged by the Obama administration.  When they got caught China made promises to cut back on this kind of spying.  But, they moved it to the security services where it was harder to detect, and went on doing the same kind of stealing in the name of "national security".  That was a hoodwink of President Obama.

I wasn't there - I didn't do it.

BBC had a story this weekend that certainly shows the risk of facial recognition software being used with data that is becoming more common.  Now, look at this technology in the context of what the BBC is talking about - fake news using the technology to put someones face where someone else's had been- and what is being done with voice recognition and generation.  Someone has the capability to put your face and your voice somewhere saying something you never said.  This is a concern, of course, but what we really need is software that can detect the substitution of faces and voices in content.  We have done great things with detecting fake photos and altered stills, but video and voice are a step beyond what we can do today.  It seems like the movie business could use something like this to find alterations to its movies that could not be otherwise detected.  I would pay for something that would find my image in any form on the Internet.  Is there such a thing? 

China Increases Government Censorship

China is expanding its censorship programs and increasing emphasis on companies to do better in censoring their own platforms.  As if they needed to do more than they are doing today, they have the most oppressive government censorship program of any in the world.  Getting better just means getting even more intrusive.  The downside to that is they are exporting this technology to places like Venezuela.  The US could help by disrupting this technology since quite a bit of it originated here.

Reuters is carrying a story today on the sentencing of an author, identified only as Liu, to 10 years in prison for publishing in an area that shows “obscenely and in detail described gay male-male acts...”  I don't read this kind of book anyway, but I do stand with authors who have difficulty (certainly understated in this case)  because of something they write.  It's fiction for heavens sake.

Book burning is always something that will wind up running against the government that does it.  It draws more attention to a book than other types of actions, like undermining sales through the publisher, are much less conspicuous.  This is a "message" sentence to other authors that this is not allowed and will bring a harsh and unjustified sentence because we can.  That will be an underground book for as long as Liu is in prison, and then some.  Banned books are sold in China more than they are elsewhere in the world.  Banning something always helps sales - as to prison sentences- though they are a hell of a way to get an idea across to others.

Keeping Secrets in Congress

When it comes to secrecy, there are few places better at it than the CIA.  They protect their sources;  their reports are highly classified;  they are independent and don’t pretend otherwise, especially since Gina Haspel took over and things got back to normal. 

But, the culture of Washington is so corrupt these days that the CIA can brief Congress on Friday, and before close of business the Washington Post has the story and is running with it.  This was, of course, the killing of Jamal Khashoggi. 

These are Top Secret briefings (if not that should change) and the number of Congressmen is relatively small who have that level of clearance.  I know the public perception is that Congress gets access to anything that is in print because everyone over there has a security clearance, but that is absolutely wrong.  I spent the better part of two years trying to make sure the Defense Department understood that basic idea. 

Congress needs to have a review of their procedures to handle and safeguard classified information.  It is done often, but without much affect.  This time, the two parties must decide if their country’s security is on a par with the ability of some elected officials to grandstand their way to prominence with the press.  Congress knows who is doing this, and congress can stop it. 

China Trade - the Short Version

The Annual Report for 2018 was published yesterday for the US-China Economic and Security Review Commission.  It reminds me that the Congress actually considered doing away with this Commission but changed its mind at the last minute.  This is a group that has led a good bit of the discussion and factual reporting on what China is really up to.  We have to wonder why anyone would want to stop funding it when the published work is so good. 

"The United States has unilateral, bilateral, and multilateral tools to address the Chinese government’s unfair practices. While these tools have been successful at targeting some discrete aspects of China’s industrial policies (e.g., a particular subsidy program or tariff), they have been less effective in altering the overall direction of Chinese industrial policy, characterized by greater state influence and control, unfair treatment of foreign companies, and pursuit of technological leadership using legal and illicit means. China leverages the attraction of its large market to induce foreign companies to make concessions (including transferring technology) in exchange for promises of access, while protecting and supporting domestic companies both at home and abroad."

This is one paragraph from a 536 page report but it summarizes what the trade negotiations with China are really about.  There is one more paragraph I wanted to mention since it applies to trade and to the South China Sea which is related:  

"Within its region, China took new steps to advance its sovereignty claims over disputed territory as President Xi declared in unusually strong language in his 19th Party Congress address that other countries should not have “the fantasy of forcing China to swallow the bitter fruit of damaging its own interests.” At the Party Congress, President Xi proclaimed the success of China’s South China Sea island-building efforts, while China’s military increased patrols near the Senkaku Islands and continued fortifying its position near the site of a recent military standoff with India. China made new efforts to deepen partnerships with Russia, Iran, and Pakistan - leveraging the relationships to challenge U.S. security and economic interests— and continued taking steps to expand its overseas military presence."

Any wonder why China would want to reduce the influence of this Commission?  

Google ReRouted to China, et al

Wow, what an interesting development in the world of Internet traffic.  Several news outlets are reporting an AP story that Google network traffic (certainly not all of Google traffic just that related to businesses) was rerouted though a Nigerian ISP, then to Russia and then to China.  That kind of routing does not happen by accident and it is the second time in two months that traffic has been rerouted to the ultimate destination of China.  Google says "no worries" because most of the traffic was encrypted, but the companies still do worry because that is a service disruption and they pay for service not promises of service. 

We should worry about COMCAST too.  COMCAST has had a boatload of service outages this past year and they don't seem to have redundancy or backups for a lot of their services.  It may not be the same kind of thing, but this is indicative of an infrastructure that needs work. 

The Pentagon and Strike-back

The Hill has a piece today  that talks about the Department of Defense sending up smoke screens around strike-back telling businesses that they might be violating yet to be defined rules of engagement in cyberspace.  This is ill advised but not for the reasons the Defense Department talks about here.  Defense should be educating businesses and not warning them about the possible policy violations that don't exist. 

Striking back against hackers is dangerous, for sure, but the policies of the UN and treaties between countries are hardly the reasons.  First, Defense has not been striking back at hackers and that is why too many of them are still hacking businesses.  They do it with impunity.  Defense does not feel a need to stop activities against commercial businesses, and they are probably justified in feeling that way.  Our military is not tasked with protecting businesses very often, though they do have the "commerce" clause that justifies them defending trade routes and commerce.  Nobody in the Federal government is charged with offensive actions to reduce the impact of hackers on US businesses.  That could be corrected, but it has not been. 

So, when hackers hack businesses there is nobody to hack them back to discourage the action in the future.  Some businesses go to Congress over this and try to get legislation that will authorize that kind of activity, when that too is not a very good approach.  Congress hates getting involved in this kind of thing, and has yet to pass legislation that would authorize strike-back. Congress does not want to authorize anything with potential liability attached to it.  If a business does strike back, they are on their own and suffer the consequences of retaliation alone.  This is ridiculous on both sides. 

If someone is going to stop hackers by disrupting their operations, we should designate an agency to do it, task them to do it, and prioritize the groups that we are going to hack-back on.  The activity does not have to be as overt as strike-back.  It can be covertly done so that hackers do not know what is happening to them, or who is doing it.  We disrupt and deny hackers the ability to continue unrestrained.  The Dutch have an interesting way of doing this by disrupting the websites that distribute tools that hackers use.  We need to do a lot more of the same kinds of things which businesses that have been hacked can help with. 

Second, businesses need to get their act together so they don't need so much defending.  Some of the companies that complain about government support don't do enough for their own protection - and I could name some big companies that habitually lose their designs and personal data.  Before you get help, do something for yourselves. 

US and China in AI Competition

The Wall Street Journal has a good article today on the race for AI dominance and it has some surprising observations from Oren Etzioni, chief executive of the Allen Institute for Artificial Intelligence in Seattle, and Tsuhan Chen, and a deputy president at the National University of Singapore.  The interviews were done separately and put together. 

Surprisingly, it looks like the experts agree that the US is in the lead in AI, though both have that academic qualifier "for now".  Things change. 

Part of the rise of China in AI is ready sources of data, especially in medical data, privacy data and biometrics on a large scale.  The US could not do what the Chinese have been able to do by ignoring privacy and collecting all kinds of data on people, their patters of life, and how they interact.  That data would be less available in the US. 

I have often commented on the foreign businesses that operate in China and cooperate in the gathering of data and the censorship of products and services that are connected to those people.  They allow themselves to believe that this is "just business" and that they can cooperate with China on the overwatch of their people, no matter how intrusive it might be.  In some cases it is more than just China, but China stands out because of the number of people who are potential customers.  It has some of the elements of the cooperation of industries with Nazi Germany or Japan prior to World War II.  Where is the line between "just business" and the cooperation with tyrants who don't have compliance with international norms?  Perhaps AI will sort that out, but somehow that doesn't seem possible. 

The Ugly Chinaman

In 1963, there was a movie called the Ugly American about a class of people of people who go abroad and run over the poorer countries of the world.  BBC has a reminder of that class of people in a story about Africa having substantial amounts of its debt held by China.  As far as debt goes, it doesn't sound like much when one says China owns 20% of the African debt.  But Djibouti, Republic of Congo and Zambia have concentrations of debt that are higher.  Djibouti owes China 77% of its debt load. 

These are infrastructure projects like roads, dams and the like, which the Chinese link to other commerce.  Buy Chinese trucks to do the transport, Chinese firms to build the dam, use Chinese ports for shipments and use Chinese workers where possible.  That escalates the amounts China makes in return for this debt, and creates leverage on countries which depend on China for their continued support. 

If they can't, or don't pay up on that debt, China is perfectly willing to refinance for a longer term or accept something of value in return - a port or a transport hub or a percentage of the marketplace.  Both the Chinese and the African countries know where this is going. 

Uighur Children Separated from Parents

The Atlantic has an article that is a real zinger to Muslims in China.  It is good reading.

It says the Chinese treat Muslims like their religion was a mental illness.  They have separated children from their parents and send them to schools where they learn how bad their parents have been.  This kind of forced separation is an interesting way to get to the end result they desire, but it sends a message to all Muslims that China does not have a good view of Islam.  I wonder how they can go to the Arab states or Pakistan for that matter, and say what good friends they are.  They talk out of both sides of their mouths. 

Ant Financial and Moneygram International, Part II

The Justice Department had an announcement today on Moneygram International that company that Ant Financial was trying to buy last year.  It seems that Moneygram had a consent decree to avoid prosecution for money laundering over a 5-year period beginning in 2012.  Had they complied, they would be off the hook by now.  Justice extended the agreement for another 30 months. 

It is hard to believe that a criminal complaint like this would not have been known to Ant Financial which would have been doing due diligence on Moneygram before they bought them.  It involved schemes to get older people to believe they were getting money under different pretexts and defrauding them.  That doesn't sound like money laundering to me, but I'm not sure how it was charged or if those are separate crimes. 

At any rate, we have to believe that Ant Financial is either really bad at doing due diligence, or that they knew Moneygram was into these schemes and didn't mind.  Certainly not good on either count. 

Hardware Counterfeiting

A small story in PC Magazine got my attention today because there is probably more to it than just the story being printed.  The story goes that Seagate is going to verify that its hard drives are "authentic" using a variation of block chain.  I'm sure the main audience of this user oriented mag thought this was a good thing for Seagate to do - and it is - but not for the reasons being stated. 

Why did Seagate think it was important to verify the authenticity of its hard drives?  Are there getting to be so many counterfeits that they are being hit by the loss of sales?  I went to see what was out there on this issue and found similar guidance by Western Digital as follows:

There are key areas where you can ensure you are getting a genuine external WD drive:

Manufacturing Date: When purchasing your WD hard drive, make sure it has a manufacturing date no more than one year from purchase.

Package Integrity: WD packages should have no marks, scratches or other signs of tampering. Original WD products come in WD packaging with a tamper proof sticker.

Serial Number: If there is any concern, verify your warranty below and enter your serial number of your product to check the warranty.

New WD hard drive nomenclatures: Check our website for the latest brands available and images of what the drive logo looks like. It should not have the word “Recertified”.

How to identify a counterfeit WD product

Incorrect packaging

Low quality printing on label

Improperly sized hard drive labels

Made up or incorrect product names. Visit wd.com for a complete list of WD products.

Low quality packaging/plastic or low quality printing on packaging/labels.

“Made in China”. WD only manufactures internal and external hard drives in Malaysia and Thailand.

Has a lower actual capacity than the capacity printed on the packaging or label.

If the price is too good to be true, it probably is.

Just how big is the counterfeiting market for hard drives?  It seems - so far in my Internet searches-  that most of the problem seems to be selling used drives as new.  Refurbished is not a term that is used on these drives but that is what it may be.  These small drives are not very expensive and it seems like they would not be worth reselling under any circumstances, but the vendors are pointing out how to recognize one.  My concern would be drives made in China that were not the brand they are sold under - a Shenzhen drive made as a Western Digital drive, when they don't make drives in China.  How do we know which drives those might be?  Maybe we can find out pretty soon because the vendors are getting better at making sure we can recognize a fraud when we see one. 

China Makes Do with Stolen Designs

If we ever wondered about the extent of China's theft of modern technology, we needn't look further than an article today in Business Insider where pictures show the current version of China's drone looks a lot like a couple of US versions of the same thing.  We should remember the first drone the Chinese used in this same air show, several years ago.  It looked exactly like the Predator.

The defense industry is very callous about protecting its designs, some of which include the ability to build that design on commercial machines driven by those stolen instructions.  China is not just stealing designs;  they are stealing the ability to build that same aircraft in exactly the same way the US does.  I used to think the industry was careless in how it protected that material in their IT systems, but I doubt that any company would be that careless out of ignorance.  They do not protect their own designs because that is how the industries are surviving on new upgrades and future designs which are then compromised to the Chinese. There seems to be no penalty for that kind of negligence.

Long ago a defector to this country taught me how this works.  The Russians were flying their missiles and aircraft in the open while US satellites came over, even though they knew they were there.  They continued to do it on purpose, knowing the US could see them.  We would then start new models based on what we saw the Russians doing.  We did the same thing, keeping the industries going.  How corrupt is that?

Note:  There was a short piece out today that says the Defense Department wants to put new clauses in contacts that will require better security, but my sources say that is being fought hard by Defense contractors.  DoD decided to use NIST requirements for systems processing government information and that is not what contractors want.  They haven't said what they do want.  This is going to be a fight that DoD will have a hard time winning.  Contractors will say the costs are prohibitive, but the government will say they are tired of paying for contractors' lack of security in new equipment.  It is compromised before it gets to the field. 

The $529 Cup of Coffee

There was a number in a BBC article today that staggered me for a bit.  Inflation there is astronomical, at a daily rate of 2300%.

2300% a day means a cup of coffee that costs $1 today will cost $23 tomorrow and $529 the next day.  Starbucks would not be a popular place by the end of the work week.  It sounds ridiculous but that is Venezuela’s inflation rate at 833,000 %.  That is an impossible number, being one that no country can survive for long.

In 1923, Germany was suffering from hyperinflation and costs doubled every two days. Nobody can live with that kind of inflation and Venezuelan people are leaving in droves.  Hitler rose out of that confusion in Germany and it would be nice to avoid that following form by the leaders of the current Venezuela.

More Detail on MSS Commercial Cyber Thefts

For reasons unknown, the Justice Department has decided to expand on their information provided about the theft of aircraft information by the Jiangsu Province Ministry of State Security.  Most of the elaboration focuses on how and where the Chinese hacked French industries to get what they wanted.  The previous announcement focused on the use of Chinese nationals who worked for the companies to steal the information, so that part may have been overstated in the original.  The article quotes  John C. Demers, Assistant Attorney General for National Security saying this was the third time since September that representatives from the  Jiangsu Province Ministry of State Security were caught stealing and about the only difference was the method used.  This one focuses on the hacking aspects, while the two others focused on the use of insider Chinese nationals who cooperated with the thefts.  This is not out of the ordinary for intelligence services, though getting caught that often is.  These guys are not very professional and are embarrassing China to no end.  They don't need this kind of publicity for their espionage at a time when it is the stated cause of the reluctance of the US to forge an arrangement with China to settle their differences over trade. 

China steals everything, but specifically those things that they do not have a technological lead.  Apparently, one of those things is aircraft engines where they are stealing from the US and EU at the same time.  They don't want to buy engines from us or the EU, but are willing to steal the technology so they can build them themselves.   This is precisely the point of the trade disputes with the US and should be the point of the same kind of dissatisfaction with the EU and China.  Why don't we see that? 

Micron and DRAM Technology Theft by China

There is a good deal of current information on the way China steals technology in the indictment of UNITED MICROELECTONICS
CORPORATION and FUJIAN JINHUA INTEGRATED CIRCUIT, CO., LTD.;
CHEN ZHENGKUN, a.k.a. STEPHEN CHEN;
HEJIANTING, a.k.a. J.T. HO;
WANG YUNGMING, a.k.a. KENNY WANG.

The indictment carries a long and extensive study in how the relationships, both business and personal are involved in an elaborate scheme to steal dram technology and use it for the profit of Chinese companies. 

China Says it Will Lower Tariffs

BBC covered President Xi Jinping at the Shanghai trade expo where he said China would be open to reducing tariffs and making it easier for foreign firms to get access to Chinese markets. 

I know we have heard this story before, but each time it repeats the news media makes it into a glorifying moment.  As the BBC points out, he did not say he was going to stop, or curb, stealing technology.  that will make it easier for companies to get into China but won't change the consequence of being there.  It goes to the rationale given by Steve Balmer, formerly of Microsoft, of selling software in a country where over 90% of the people who use it don't pay for it.  The 10% who do are a big number and, in spite of losing $10B a year in license revenue, the money that does come in helps the bottom line.  If they are going to steal it, we might as well benefit.  They will steal it whether we do or not.  Every businessman has some sympathy for that view, but it is one that keeps China ahead by stealing its way to success.  Businesses cooperate. 

China Feels the Backlash

In an opinion piece in the Wall Street Journal, which thankfully still separates its opinions from its news stories, Michael Auslin, summarizes the forces moving against China in what appeared to be a smooth progression to world economic domination.  It now looks like some of those initiatives have been shown to be less than good economics to those dealing with the Central government.  Malaysia and Pakistan have finally decided the One Belt One Road initiative was a financial trap that lured countries in but wouldn't let them out of bad deals. 

He mentions the "heavy handed" approach by the government in labeling Taiwan as part of China, and failed to mention the number of countries talked into disparaging Taiwan's independence, often using economic incentives as the price of political beliefs. 

Questions are being raised about China's real economic growth.  "Doubts about the country’s official 6.7% economic growth are widespread, while its massive debt burden, estimated at 300% of gross domestic product, raises alarms, especially within the private and state-owned-enterprise sector." 

In the meantime, the camps grow for the largely Muslim population in the Northwest, surveillance dominates the state view of its citizens, and it seems unwilling to change any of its approaches to accommodate its own people. While those are signs of the stamping grounds of revolution, Auslin sees that as unlikely.  Still, short of revolution, there is quite a bit of dissent that can manifest itself all over the world.  That makes domination so much harder. 

Ant Financial Nosedives

You have heard of Ant Financial but may not remember where from.  In December last year Ant was prohibited by CFIUS from buying MoneyGram, a US money transfer company.  I wrote about this extensively because it was reciprocity for Alibaba divesting itself of AliPay without telling its shareholders (read Yahoo!) what it was doing.  Alibaba owns Ant Financial too.  Things have not gone well for Ant Financial since. 

Ant had its worst quarter in its short life, ending last week.  It lost $353 million in three months. 

Russian Jamming Affects Commercial Aircraft

It seems the Russians are trying to interfere with the NATO exercises going on in east Norwegian Arctic airspaces, but true to form for them, they are jamming commercial aircraft at the same time.  They jam everything and let the civilians work things out for themselves. 

This is a good lesson to pilots that all that training they got on navigation included navigating without a GPS, just in case the equipment on the aircraft failed (This happened to my nephew once and he was the only one on the crew who remembered how to do it).  Without practice, you lose the skill.  The Norwegians who live close to Russia every day, still know how to avoid this kind of jamming. 

China Lowers Yuan

The Wall Street Journal has an article on the lowering of the Yuan to its lowest rate since 2008.  The Yuan is down against a basket of currencies by 2.4% but against the dollar by 6.7%, making Chinese goods cheaper in the US.  They speculate the trend downward will continue. 

Bolton Talks NSP Memorandum 13

John Bolton has edged towards more public comment on National Security Presidential Memorandum 13 which he says minimizes the “procedural restrictions on undertaking offensive cyber operations".  Ellen Nakashima, who has good sources in Cyber operations, wrote the piece for the Washington Post.  Quoting Bolton she said,"“The objective here is not to have unrestricted cyberwarfare. The objective is to create structures of deterrence by making our adversaries understand that when they engage in offensive cyberactivity themselves, they will bear a disproportionate cost.”

There are two aspects to this that I really do not like.  First, putting this kind of activity in the hands of Cyber Command is putting it in the military arm of government, something that is not wise since the telecommunications infrastructure is not military.  Second, making it less difficult to launch operations makes deconfliction with other intelligence related cyber operations more difficult.  One day we will look back on this and wonder why we ever put these kind of operations in the hands of military planners instead of the intelligence community. 

Steve Ballmer on China Theft of Software

Steve Ballmer, former Microsoft Chairman, was on Fox Business this morning talking about software being stolen in China.  His views on this were reflected in the decision to allow Microsoft to sell software in a country that stole all of it.  He was clear that all of it was stolen and would be stolen, even if Microsoft did not sell any software in China.  I always thought that was Bill Gates' idea - to sell software when they know that 90% of people who use it in China were not paying for it.   He thought the same might still be true.  So, sell what you can, knowing that the use of 90% of it would not be paid for.  It makes business sense, but as he mentioned, it also breaks the model of business operations around the world.  That part needs to be addressed.

China is a model of how a criminal enterprise works.  You can't bargain with a criminal enterprise, and you can't set agreements with one to stop some of its successful business practices and settle for less profit.  So, what to do?

The current administration has tried tariffs which is not likely to work, but makes a trade-off that is worth doing in the interim.  If China continues to steal everything, we might as well profit from their theft.  That is kind of how Microsoft was thinking in selling in a place they knew would steal everything.   Tax, though tariffs, works because the US gets revenue from everything that was stolen and manufactured in China, even though the consumers of those products are the ones that pay for it.  It makes manufacturing anything in China more expensive.

Ballmer said he did not know what would work.  I think there is something that would work, but it might be something we don't want to do.  Look at what it takes to disrupt a criminal enterprise. We can't destroy it, but we can disrupt it, and we do know how to do that.  Only history tells us that it takes a concerted effort, requires disruption in ways that use redefined laws to address the criminal enterprise way of operating, and infuse law enforcement with people who understand organized crime and how it works.  The enterprise will fight back, attacking the proponents of the strategies needed to combat this kind of crime.  It takes perseverance and political conviction.  Do we think we have that in the places where it is needed? Unlikely.

More Chinese Hackers Charged

I don't think it is very effective deterrent strategy to name names and issue indictments for intelligence officers who hack for a living.  Most of them have several false identifies that they use on-line and they are not going to stop just because we identify them by name.  They get another name and move on.

This time, there are 10 named individuals from China’s Ministry of State Security who were hacking aviation related companies in Arizona, Massachusetts, Oregon and anywhere else they can get into.  There is not a chance any of these people will ever be charged in a crime and arrested in the US.  Well, I suppose they might come over to the US and get caught at the border, but somehow that does not seem very likely.

There is a twist in this indictment - one of these guys told a Chinese national working for a French aviation company to install malware.  When law enforcement started an investigation, another Chinese national deleted a link to the group of Chinese agents.  This is another indication of why we should be examining the use of Chinese nationals in critical technology areas like aviation.