Losing the Cyber War: How to Get Out of the Box and Win

by Stephen Bryen

The United States is losing the cyber war.  Despite hugely increased expenditures on cyber security, every day the situation worsens and we continue to fall behind.  As I write there is no government or military website that has not been hacked and vital information stolen. It is not just the government –banks, health care systems, financial transactions, credit card data, identity theft, social security numbers, legal briefs, strategy documents, corporate secrets, intellectual property –the list is nearly endless.

When you are in a war you look for metrics to understand just how well you are doing and what the conflict outcome will be. An Army general surveys the battlefield, estimates his resources, evaluates his technology, and decides on his strategy.  If the general believes he will lose the war, he tells his political leaders and waits for guidance.

There are four possible outcomes in a war: fight to win; fight to a stalemate of some kind; negotiate with the enemy; surrender.

Looking at the current state of affairs in the ongoing cyber war, we can reach some conclusions.

Firstly, right now we cannot fight to win because we do not have either the troops or the technology to win.  No one has figured out a satisfactory offensive strategy other than to convert cyber war into a traditional war.  This is impractical and no one is really willing to go down this path (other than to threaten some sort of offensive cyber warfare).

Secondly, there is no stalemate in cyber warfare available to the United States.  One of the most serious potential threats, China, is too important economically and politically to be seriously challenged. Beyond China there are plenty of other cyber war makers, as in Russia, Iran, Syria and even hackers embedded in countries around the world.   While the US and some of our friends have tried to prosecute some hackers, the triumphs are few and far between.  None of the threats are under sufficient pressure to stop hacking; in fact they are more emboldened than ever.

Thirdly, there is no one to negotiate with today.  Attempts have been made to talk to the Chinese; they deny everything and blame the US for spying on them.

This leaves the surrender option, but unlike territorial war, there is no one to surrender to so we face the prospect of going on losing.  Our critical infrastructure is exposed, our government is losing control of its systems, and our military is watching as its command and control and its vital technology spills out through the back end of its networked systems or through its industrial partners.

Throwing more money at “the problem” is not a panacea.  Our government, military, and critical infrastructure cannot continue running around like chickens with their heads cut off.  That is the sum of what is happening today.

The entire infrastructure of information technology is based on mostly an open architecture approach to computer systems and network infrastructure.  That is conducive to a fairly rapid spiral development of new commercial technology. Unfortunately, the commercial approach downside is that security plays second or third fiddle to the push for bagging commercial dollars from investors and customers alike.

It is very well known that spending money on security does not “produce” anything, so putting money and resources into security systems is resented by investors and corporations, even by individual users who often chafe under security restrictions and operational limitations.

The commercial computer space is heavily tilted toward entertainment and not to business or industry, No where has the entertainment element enjoyed more success than in mobile devices such as smartphones and tablets; for the most part there is not even a pretense of security in these systems.

We have to recognize that the entertainment function of computer systems and networks, mobile and fixed, is a fact of life. Where we go wrong is to use the same operating systems and network support for entertainment as we do for government, business, and the military.  Adding to that, the same underbelly developmental system, a global collection of non-vetted persons and risky manufacturing locations, adds to the conundrum.

A great indicator of the collective mindset today is shifting everything over to so-called cloud systems, even where we don’t have the slightest idea of how these clouds are managed or how easily they can be compromised.  The Pentagon, which obviously knows better, is today endorsing cloud systems that are big risk, just as they are supporting mobile platforms that have been hacked to death.

It is time to break free from the open source globalized approach when it comes to government, military and critical infrastructure mobile and fixed computers and networks.  Instead of wasting billions on hopeless security “solutions” while we continue to fall behind in the cyber war battle, is senseless, wasteful, frustrating and demonstrates bad leadership and hopeless management.  Let’s stop.

What we need a an American secure operating system and an American secure network environment built in a trusted environment by reliable people in safe manufacturing locations.  Not in China.  Not offshore.  Here.

The talent to do this surely exists, it is just being wasted today on “other” projects.

A Strategic Plan would look like this:

1. Replace all critical infrastructure operating systems and networks with a US developed secure operating system in three to five years.

2. Assure that connectivity outside of the secure environment is carried out separately from vital secure computing.

3. Impose the massive use of encryption and truly protected authentication on the new secure operating system.

4. Make sure all OS and Secure Network users are properly cleared and vetted.

5. Put in place a compartmentalization system based on need to know and create a series of decentralized and regulated security centers to make sure the thresholds on need to know and a permission based environment are carefully maintained.

6. Do not use any equipment made outside the United States in the critical infrastructure.

7. Create a T&E center to check all hardware, firmware, software with independent auditors and engineers.

8. Create a Red Team to constantly try and break the system, point out vulnerabilities, and fix them immediately.  The Red Team should be large and heavily incentivized to find problems.

9. Never, ever, share the US system with anyone outside the US.  Make sure that the technology is controlled fully by the US government.  And design the system so that if a piece is lost, it can be deactivated remotely and never be useful to an adversary or enemy.

10. Make sure the intellectual property, the technology developers, the Red Teams, and the system of compartmentalization are secret.

Clearly we cannot continue to run our country when there is global knowledge parity of computer systems, hardware and software we use and where most of our critical products are produced outside the US, especially in China.  Nor can we sit around and wait for the inevitable collapse of our military command and control, electrical grid, transportation network, banking services or our health care system.

The above proposal sets a direction for a solution.  We can win the cyber war.

Tagged , , , , ,

Give Me $46 Billion and I will Build a Safe Computer System

ABI Research estimates that cyber security spending on the critical infrastructure was $46 billion last year. The largest part of these dollars was spent in the United States.

2014-09-05-pptLower.PNG

Meanwhile, in the United States, Federal government agencies have stepped up their efforts to improve cyber security protection. The Pentagon is tripling its staffing of cyber security professionals even while critical defense programs are being cancelled or curtailed. By 2016, the Pentagon should have 6,000 cyber professionals at work. In a boastful speech describing the Defense Department’s investment in cyber, Defense Secretary Hagel says they are on the way to building “a modern cyberforce.” To back up his words, the Pentagon announced last June that by 2018 the Pentagon planned to spend $23 billion on cyber security.

The Defense Department also created a United States Cyber Command (originated in 2009) which is located at Ft. Meade, Maryland, the home of the National Security Agency. The Cyber Command (officially USCYBERCOM) is headed by a Navy Admiral, Michael S. Rogers, and is subordinate to the US Strategic Command. Strategic Command involves space operations (such as military satellites), information operations (such as information warfare), missile defense, global command and control, intelligence, surveillance, and reconnaissance , global strike and strategic deterrence (the United States nuclear arsenal), and combating weapons of mass destruction. Thus USCYBERCOM is part of the Defense Department’s most sensitive organization that includes control over America’s strategic nuclear missiles.

But despite this massive spending and the hiring of thousands of security professionals, the United States has thus far failed to protect government agencies, the rest of the critical infrastructure of the United States, regular businesses, and personal security. Despite the billions sunk into the effort each year, none of the investment has stopped the Russians, the Chinese, the Iranians, the Syrians, or the tens of thousands of hackers from pounding America’s computer networks. To date there have been massive hits against government computer systems, health care systems, banking and finance, power companies including nuclear facilities and energy companies, and defense companies. Vast amounts of information have been either stolen, overwritten or mutilated by hackers. Today no one can be sure whether our communications are safe, whether the lights will stay on, whether our early warning systems will function. Instead of curtailing the threat, every evidence points to its escalating out of control.

Has anyone bothered to ask why this is so? Now, our leaders, bureaucrats and their academic and industry advisers keep telling us they need to spend more, and like Pavlov’s dogs, when the bell rings, they appropriate more money to fight the threat.

If you have a spare $46 billion laying around there is an answer to computer security. But the answer will not be found in any Federal government plan. All of them are, like Hans Brinker, trying to stick their finger in the leaking dyke.

The reason is easy to discern. All computers, including all mobile devices, operate on open systems that were developed by countless software engineers worldwide. The computer industry and its allied software development is a global industry that is totally insecure. You don’t know who writes the code, the level of competency, the degree of security training, the level of auditing and internal testing for vulnerabilities, or whether some of the engineers are owned by foreign intelligence services or are promoting various ideological causes. Even in the United States, major companies such as Microsoft, Apple, or Google are run by nameless developers who come from a plethora of places (including lots of foreigners). These companies have no ability to properly vet their employees, nor do they have any real incentive to do so.

What makes matters even worse is that we have grown a security industry, already embedded in government and in corporate America, that feeds off the vast amounts of money being thrown at the computer hacking problem. To be frank, these folks have a vested interest in insecurity, because insecurity fuels their budgets. And even if the majority of them are sincere and want to help, their efforts will always fail.

The brilliant Pentagon, which is supposed to know what it is doing in cyber matters, has hired Amazon to provide “cloud” services for Pentagon information and data. The Pentagon has also cleared Samsung (a Korean company), Apple (an American company) and Blackberry (a Canadian company) to provide mobile phones for top Pentagon employees. These Pentagon decisions are intellectually defective and demonstrate that throwing billions of dollars at a problem may only compound the issue. Who clears the people at Samsung, or Blackberry, Apple or Amazon? A lot of folks in Hollywood right now, who stupidly “trusted” Apple’s cloud service, now find their naked bodies (and more) posted on the Internet.

The truth of the matter is that public systems and “open source” software are the real danger. Give us $46 billion and we can fix the problem, at least for the Pentagon and the critical infrastructure by building a truly secure, totally encrypted system that is self contained and invulnerable to hacking. To be safe you must eliminate all open source, public systems for government and critical business enterprises.

Right now you cannot buy a safe operating system because no one has invested in one. That investment is absolutely necessary for our survival and our security, not to mention the protection of our freedom and democracy. Open source public systems will always trample on human rights. They are sources of constant abuse by our enemies.

Let’s face it. The US government made a huge mistake when it decided to rely on public systems for critical communications and data storage. When you think that almost all the hardware is made in China and the folks producing these systems are everywhere around the world, you can see the enormity of the security disaster before us..

Given the destabilizing events around the world, the risks to American vital defense systems and critical infrastructure are reaching the tipping point. It is urgent for our leaders to recognize the nature of the threat and implement a radical change in our computer networks and systems. The Pentagon, DARPA, CYBERCOM, NSA and everyone else involved have a responsibility to figure it out and not just play dumb

PLEASE NOTE: This article, written by Stephen Bryen and Rebecca Abrahams was published on September 5, 2014 in the Huffington Post.  

http://www.huffingtonpost.com/rebecca-abrahams/give-me-46-billion-and-i_b_5773316.html 

 

 

Tagged , , , , , , , , ,

Is China’s New Computer Operating System a Threat?

by Stephen Bryen and Rebecca Abrahams

Originally appeared in the Huffington Post at http://www.huffingtonpost.com/rebecca-abrahams/is-chinas-new-computer-op_b_5738068.html

China has announced it will introduce a new computer operating system in October to replace Windows. Already deeply embarrassed and unhappy over alleged spying on its computers by the US Government, China has vowed to take action.

2014-08-29-_77158751_7e1c290b038944588753fb1fda1d8075.jpg
Its first step was to stop government agencies from using Microsoft’s most recent Windows 8 on their machines. But its latest project, to replace Windows altogether puts China into a new category as challenging US dominance in the ultra-sensitive computer operating system league. Controlling computers today is part and parcel of political power, and China understands this. That’s why China is not only replacing Windows, but it wants to get rid of Apple’s iOS and Google’s Android too.

China has three related opportunities and can be expected to exploit all of them.
The first involves better controlling China’s domestic computers and mobile devices by regulating through the operating system what users can, or cannot, do. China is likely to achieve this through a strongly controlled computer software registration system managed not by Microsoft, Google or Apple but by the Chinese government.

China will gain many benefits. It will have tens of millions of users virtually on launch, and it will control all access by being able to directly regulate software and applications that run on its approved operating system. Likewise, China will likely build in some sort of encryption system linking computers to the Internet, which will create problems for any outside organization to penetrate. And China will stimulate development of domestic software alternatives to Western software products. China will also gain vast experience in how to manage an operating system evolution, how to fix vulnerabilities, how to add features, and how to support software in the field. This will grow a domestic industry that will rapidly mature and will benefit the Chinese state.

Beyond its domestic market, China will be able to look to introducing its software in the global market. China can find a number of opportunities to spread its operating system in many parts of the world. For example, it could potentially challenge both Microsoft and Android computer laptop platforms by offering a cheaper and stronger operating system to users. Price is a big factor in low end laptops and netbooks. China controls most computer manufacturing today. Put an operating system on top, especially one that is open enough to support popular software and social networking products and China could well have a winner. Of course, China’s commercial OS will be different from the one it promotes internally, but this can easily be handled especially if registration and OS downloads are managed by a location-sensitive server.

A third an even bigger opportunity for China is to team with a non-American foreign company to offer an “independent” operating system to customers. This may prove to be attractive to a European partner because the Europeans are quite unhappy with American spying, and they have far less concern, if any, about China than America has. There are plenty of large European companies who are, in the IT world, always playing second fiddle to the U.S. Here is a great chance for them to get ahead. And they can do it on the cheap, since the software investment will be heavily China’s operational and financial responsibility.

Where does this leave US companies? Certainly China will emerge as a heavy weight challenger to the likes of Microsoft, Google and Apple. But it is not just US companies that matter here. The loss of control over where operating systems come from could pose a security challenge for America’s intelligence agencies that will be formidable and hard to overcome. While that is still in the future, it would be foolish not to prepare ourselves for the problems on the road ahead.

Tagged , , , , , ,

Deep Panda: Chinese Leaders Want to Reap the Benefits of Cyber Spying But They Will End Up Depressed

by Stephen Bryen

China shifted its focus from spying on the countries around China to spying on Iraq according to cyber experts who follow Chinese hacking. Called “Deep Panda” it appears China’s leaders were trying to figure out what the United States was going to do about the Iraqi situation after ISIS seized over a third of Iraqi territory. To get answers, the Chinese Deep Panda folks targeted the top strategic think tanks in Washington to try and get answers.

It has long been the case that China’s “official” hackers targeted U.S. government organizations and institutions. But focusing on Think Tanks is something that is, apparently, new.

One presumes that the Chinese wanted to read the emails, texts and opinion pieces of the experts to try and estimate America’s strategic posture to Iraq. While we don’t know the Think Tanks the Chinese targeted, it is likely they chose the ones they feel are most closely aligned with the current administration because their experts would have close ties to Obama’s National Security Council, Pentagon, CIA, State Department and, possibly, to other “insiders” who use the Think Tanks as sounding boards.

Foreign governments with representation in Washington generally devote a lot of effort to gleaning policy information, and it is easier for them to talk to outsiders in Think Tanks then to get appointments with actual decision makers. China, like Russia, and all the friendlier countries (UK, Japan, Israel and many others) collect information and send it home.

But China opted for collecting information by hacking, than by meeting Think Tank specialists. Why?

By relying on a secret operation to steal information China’s leaders probably thought they might find out much more than Think Tank specialists were willing to tell them. China is not in good odor today, even with the liberal Think Tanks that support Obama. That’s is because China is a growing power and increasingly a threat to American interests, of course. But the bigger reason is that China’s increasingly poor track record on human rights and freedom is offensive both to liberal and conservative thinkers in Washington. If a Chinese official, even one who approaches a Think Tank as an ostensibly independent academic, seeking information is likely to find himself or herself accosted about complaints of China’s behavior against dissidents and minorities. From China’s perspective, this means low productivity in garnering needed information. Thus there is good reason to believe that China needs to steal information because it cannot get it through “normal” channels.

China almost certainly has been following the contacts of Think Tank experts with administration officials for years. China maintains a sophisticated cyber-hacking capability with all the latest technology. The incorrigible sloppiness of Americans toward their own security is certainly well known to the Chinese, and it goes without saying they exploit it. The blabbermouths on cellphones, Twitter, Facebook, LinkedIn and everywhere else not only provides timely information on specific policy subjects to the Chinese, but they can very easily connect the dots and figure out who is connected to whom and which relationships are the most productive ones to follow. A Think Tank leader, therefore, will be known by much more than what he or she says; the Chinese will know his best connections, his reliability as a source, and his influence in decision making circles. The rapid shift of operational hacking resources to find out about Iraq, therefore, was quite easy for the Chinese, because they already previously mapped the network and only needed to probe more deeply and urgently to get answers to specific questions they had.

China is a relatively big industrial player in Iraq. Iraq is China’s fifth-largest overseas oil supplier, behind top producer Saudi Arabia, and China as an imported oil consumer is larger than the United States. Unlike the United States, however, China has no military capability of any significance in the Middle East and cannot assure either the stability of oil-supplying regimes nor can they protect the sea lines of communication (SLOC) that bring the oil to China’s refineries. Ironically, while China is in the midst of a significant military build up challenging U.S. interests in Asia, China is depending entirely on the U.S. for its vital oil supplies. While Americans don’t recognize it, a big part of our defense budget directly benefits China in this way while, at the same time, China is assiduously stealing American defense secrets in an unparalleled, brazen manner.

While China could live without Iraq’s oil, and can afford even to lose the $3 billion or so it has invested in Iraqi oil projects, the main Chinese interest is the risk that an out of control Iraq will lead to a general political collapse even beyond Iraq’s borders. A blow up in Saudi Arabia, for example, would create chaos in China and might well spell the end of China’s neo-Communist government.

This is the same threat that, naturally, concerns the U.S. and its European allies. But, if the Chinese have been listening carefully, as they have, they won’t be very happy with what they are hearing through their hacking channels. Right now any effective military response by the United States seems rather unlikely, and it is complicated even further by the foolish moves by the administration to try and use the Iranians and Syrians as proxies (along with Hezbollah) to bail them out of the ISIS onslaught. All this moronic move will achieve is to further frighten Saudi Arabia and push them into ISIS’s outstretched but wicked arms.

In short, China’s leaders have good reason to be depressed. America is not coming to their rescue on a white horse. And China has made almost all the wrong bets in the Middle East.

Tagged , , ,

Is the Supreme Court Cellphone Decision A Bad Decision?

By Stephen Bryen
 
The Supreme Court decision on cellphones, Riley versus California, may seem like an open and shut case because the Court unanimously found that when a person is arrested a cellphone may not be searched without a warrant.   But the seemingly unanimous decision may have more fissures and cracks than most people think, and it is far from certain that in the long run that the much touted “victory” for privacy will, in fact, be sustained either by the Court itself or by Congress and State legislatures.
 
The essence of Riley versus California, and a companion case, U.S. versus Brima Wurie, is that an arresting officer or officers cannot search a person’s cellular phone without obtaining a warrant.  Riley was stopped by a police officer driving with expired number tags.  When stopped the officer found that Riley also had a suspended driver’s license. The car was impounded and searched and guns were found hidden under the car’s hood.  A search of the cell phone turned up a connection between Riley and a street gang and photographs of Riley standing in front of a car that was involved in a shooting a few weeks earlier. Riley was charged, among other things with attempted murder and was convicted with a 15 years to life sentence.  His appeal was based on the fact that the search of his cell phone violated his Fourth Amendment rights.
 
Wurie was picked up in a routine surveillance where the arresting officer thought that a drug sale was taking place.  Wurie had two cell phones that were searched and this led to a location and photos.  The search of the location, an apartment, yielded crack cocaine, weapons and drug paraphernalia.   Wurie was convicted of distributing drugs.  The search of the apartment was covered by an appropriate warrant.  Wurie got 262 months in prison but appealed that the information improperly taken from his cell phones should have been suppressed.
 
The Court needed to consider whether, in fact, the Constitutional rights of the two litigants were violated.  In the Riley case, the decision by the Supreme Court probably frees Riley from a 15 year to life sentence.  In the case of Wurie, he could not be convicted of selling drugs because of lack of proof and would need to be released.
 
It follows, therefore, that the Supreme Court decision in these two cases has a profound impact on law enforcement, and even though the Court reached a unanimous decision, there are a host of problems embedded in the decision, including the danger to society of releasing criminals from jail.
 
The Court did not say that cellphones cannot be searched.  What the Court said is that you need a warrant, in most (but not all) cases before a phone can be searched.
 
Warrants are issued based on probable cause.  The arresting officer or his superiors needs to convince a judge to issue a warrant.  Warrant requests are rarely denied, although a judge may try and narrow the scope of the warrant in certain ways or ask questions before a warrant is issued.  In a Texas case last year Federal Magistrate Judge Stephen Smith in Houston denied a request by the FBI to remotely hack a computer by planting spy software on it.  His action did not completely block the FBI, but it created legal a problem because the Judge wanted to know how to supervise the collecting of information obtained in this way to make sure it was pertinent to a case said to involve alleged bank fraud and identity theft.  Among other things the FBI wanted to remotely control the computer’s webcam. 
 
The Supreme Court, in its unanimous decision, also recognized that there were circumstances when a warrant might not be needed at all when a phone was seized.  For example, the Court noted that if there could be information on a phone that would warn officers of impending danger from associates of the person arrested, the phone could be searched.  This “concession” is a mess for law enforcement.  If they search a phone without a warrant feeling there is an impending danger and find nothing, are they guilty of an illegal search? What is to be done with evidence they may find of criminal activity, but not anything threatening of law enforcement officers?  What if the threat was to the public –e.g., a terrorist attack or other plot against either individuals or groups or sensitive locations? Must the officers abandon this information?  And finally, if they find evidence of criminal activity but not of impending threat to the officers, have they conducted an illegal search and must they abandon any prosecution based on such evidence?
 
In respect to certain categories of crime, murder, terrorism, kidnapping, rape –the Court needs to revisit its decision.  When serious threats are involved, law enforcement should not have to wait for a warrant.  This, it seems, is what Justice Samuel Alito was trying to get at in partially concurring with the other Supreme Court Justices in deciding these cases.  There is little doubt that Justice Alito was uncomfortable and he urged (State) legislatures to enact legislation that draws reasonable distinctions “based on categories of information or perhaps other variables” because, as he says, cell phones pose “new and difficult enforcement problems.”  Justice Alito warns against “using the blunt instrument of the Fourth Amendment” in deciding these matters and points out that the Supreme Court “is poorly positioned to understand and evaluate” these matters.
 
Justice Alito, unfortunately, did not follow through his logic and reach suitable conclusions that properly protect our society.  In fact, one can argue that the unanimous decision of the Supreme Court may create immense risks by creating confusion within law enforcement and in the courts which undermines civil protection and homeland security.
 
The truth is that the Supreme Court’s decision in these cases leads to less safety for citizens, even though its intent was to protect privacy.  The Courts need to recognize that there is a difference between privacy and criminality, and the level and type of threat needs to be part of any Court decision.  At the end of the day, these Supreme Court decisions, universally hailed as a good thing, are probably the reverse.
Tagged , , , , , , , ,

Iraq– A National Security Disaster

Iraq is in crisis, and the crisis is fatal.  The administration, without any support at all from the American people, is privately asking the Iranians to help the Iraqi regime.  The Iranians will extract a huge price, but in fact Iran cannot do anything much to help the rapidly collapsing situation.  Iraq is no longer a single country –what it will actually become is still in doubt.

All of this has been brought about largely through the deliberate ignorance of  the current administration.  Thinking they somehow could defeat Saddam and, following that, al-Qaeda in Iraq, Obama pulled U.S. troops out of the country and declared victory.

From the start the post Saddam reconstituted Iraq state did not have a chance.  To begin with there are massive sectarian hatreds that are still sorting out.   U.S. training and equipment supply to Iraq’s army and police made it look like we were accomplishing something.  But no one asked the obvious questions: are the Iraqi military and police coherent organizations and will they fight for the new government?  The answer is now crystal clear.  The military and police did not fight.  The only fighting force willing to fight, outside of the Sunni al-Qaeda like insurgents,  are the Kurdish forces.  The Kurds, who have always been despised by Washington because their cause was not “convenient”, have a real territorial claim, a genuine sense of identity, and deep historical ties to the land.  They are not, unlike all the other players, the pawn of some foreign regime (whether American, Saudi, Turkish, Syrian or Iranian).

The goal of the al-Qaeda-like insurgency is to create a Caliphate that will stretch across Syria, Iraq and Jordan for starters.  If they are successful they will form a powerful and dangerous force.  They are determined, very well equipped (and now helping themselves to stores of equipment and ammunition generously provided by the American taxpayer),  rich, absolutely ruthless and inflexible in the extreme.

These are Islamic Jihadis.  They are the same people the Obama administration has been playing footsie with for far too long, destabilizing the Middle East, alienating virtually all the allies we have in the region. Single handedly the Obama administration has destroyed America’s relationship with Egypt, made a total mess of their constant pounding on Israel, and showed themselves as both toothless and worthless at every turn.  The constant hectoring by both former Secretary of State Clinton and her successor, the none-too-adept, John Kerry have just poured napalm onto the fire.  The President, who has a strange romantic notion about Islam and Muslims, has made it far worse.  By now he has lost the respect of the foreign leaders he needs to work with, such as Merkel in Germany and Putin in Russia.   So too has his “team” been discredited.  Senator John McCain has gone so far as to call for the resignation of the entire National Security Council.  He should extend his argument to large parts of the State Department and CIA, who have proven themselves unsuitable to run U.S. national security policy.

Should the Jihadists get control of Baghdad, their next task will be to try and consolidate territorial gains.  This may take some time and it will mean that the lower third of Iraq, which is Shi’ia, probably will form an independent breakaway state.  The Kurds too will have virtual independence.

So what should the U.S. do.  By all means there is no chance at this late moment to defend a failed government in Baghdad which is currently under practical Shi’ia control.  The remnants of the Baghdad government will probably retreat to the south and try and reestablish itself in Basra (itself a key oil port).  Whether it can do so, and get the backing of the various Shi’ia factions, some pro-Iranians, others not, is far from certain.

The Pentagon must vigorously resist any proposed suicide-type military missions to save and unsaveable Baghdad government.

The Kurds will probably, under these circumstances, declare their independence.  If the U.S. was smart, which is in serious doubt, it would recognize a Kurdish state provided agreement can be reached on boundaries, especially the sensitive boundary with Turkey, which has a large, restless, Kurdish population.

Jordan and Israel also need to be more strongly supported.  If Jordan comes under Jihadi attack, as seems highly probable, Jordan may need help.  Israel has bailed out Jordan before, most notably in 1970 when the Syrians threatened King Hussein.  They may need to help again by providing tactical support and real time intelligence.

It bears mentioning that Israel also has to be prepared for a Palestinian threat, from Hamas and from the now clearly compromised West Bank government.

The U.S. also has to significantly improve its tattered relationship with Egypt.  Like it or not, Egypt is a big power.  If it is cast adrift, as now seems the case, it will inevitably be another tinder box for the Jihadis.

America’s relationship to Saudi Arabia also is in a mess.  The Saudis feel they were not really supported in the fight in Syria, which is true.  But even worse has been the U.S. policy to Iran, which has left the Saudis totally exposed to nuclear extortion.  Anyone who believes the nuclear deal in Iran is real probably also likes smoking dope.   We need to realize that thanks to our machinations with the Iranians, Saudi Arabia’s stability and its future is now deeply in doubt.

Finally we have to realize that this is a massive defeat for the United States which put all its support into the Baghdad government.  The U.S. defeat is well understood in the region, and will trigger trouble far and wide.

 

 

 

 

Tagged , , , , , , , , , ,

Bergdahl and Alan Gross, the One Who Did Not Walk Away

I have been trying to stay away from the story of Army Sgt. Bowe Bergdahl, the chap who we traded Taliban murderers for, and who knows what else.

The spin doctors tried to put out a story that the Sargent’s health was rapidly declining and that freeing him was an urgent matter for the administration.  They also characterized, and continue to say, that Bergdahl fell into the hands of the enemy while he was on patrol, leaving open the suggestion that either he was in the front or at the rear of a line of soldiers on patrol in the wilderness of Afghanistan.

But it seems that story was false.  The truth is that Bergdahl was not on patrol.  He had been on guard duty around a FOB, or Forward Operating Base. and seems to have disappeared shortly after completing his guard assignment.   According to what his comrades at the outpost say, Bergdahl left behind his weapon and his body armor, all arranged in a neat stack, and walked off, taking with him only his compass.   Where would he have been going in the middle of the night?

It would seem likely that either Bergdahl knew more or less where the “enemy” was, or he had some prior contact perhaps through a third party to give him instructions on what to do and where to go and who to meet. We don’t know that any of this is the case, but it seems bizarre to just wander off and take your chances, since the perimeter of this FOB was far from secure and all the soldiers on the base knew that they were in harm’s way.

So too does the story seem false that the trade was made for Bergdahl because he was ill.  The administration has suggested that he lost a lot of weight, or that he was suffering some incurable illness.

The Associated Press reports as follows on the health issue: ” ‘Had we waited and lost him,’ said national security adviser Susan Rice, ‘I don’t think anybody would have forgiven the United States government.’ She said he had lost considerable weight and faced an “acute” situation. Yet she also said he appeared to be ‘in good physical condition.’ “

If he was in good physical condition, then we are to suppose he had a mental problem?  How could that be diagnosed in conversations with a kid who in talking to his father only spoke in Pashto, claiming he had “forgotten” English, his native language?

The AP also reports that  two administration officials said that the Taliban may have been concerned about his health, as well, since the U.S. had sent the message that it would respond harshly if any harm befell him in captivity.

There is a serious problem with what the unidentified administration officials are saying.  Bergdahl was not a prisoner of the Taliban.  He was a “prisoner” of the Haqqani Network.  While the Taliban and the Haqqani Network sometimes work together, the Haqqani is also closely linked to al-Qaeda and is probably the organization that facilitated Osama bin Laden’s transfer from Afghanistan to Pakistan.   So it is fair to ask, what did the Haqqani network get out of the deal with Washington?  Certainly not the release of five Taliban terrorists.  Was it money?  Or something else?

Finally, the AP reports that in 2010 the Defense Department concluded that Bergdahl walked away from his post, and this led to a decision to call off the active hunt for him.  Instead of rescuing him, says the AP, the Defense Department would use only diplomatic means to get him released if at all possible.

The release of terrorists in exchange for a U.S. soldier paints a target on the back of every American soldier.  The Taliban, well aware of their great victory over the United States and the American military, are making their success loud and clear.  Every tin horn terrorist now knows that he (or she) can benefit by snagging an American soldier.

Today there are Americans who are incarcerated where, it seems, the administration has done nothing.  The case of Alan Gross, who worked for the State Department, is a case in point.  He was “convicted” and thrown into a Cuban prison in 2009.  It would be easy to get him back if we traded some jailed Cuban spies in the U.S. for him.  But the administration, despite the pleas of the Gross family and many in the Jewish community who worked with Alan trying to aid Jews in Cuba,  has not brought Alan home.  He was working for them and he did not walk away.

 

Addendum: I want to call reader’s attention to a devastating story carried in the London Daily Mail newspaper.  The story tells of an Army officer who died trying to “rescue” Bergdahl from his captors in 2009. http://www.dailymail.co.uk/news/article-2646345/EXCLUSIVE-Outraged-parents-officer-died-searching-deserter-Bergdahl-hit-Obama-cover-just-like-Benghazi-claiming-told-LIES-hero-son-died.html

Also please visit http://www.bringalanhome.org –this is the website to help free Alan Gross.  He deserves to be free.

There is one further point that needs to be made.  The “freeing” of Bergdahl is obviously a cover for something else.  Bergdahl is a little fish in a much bigger pond.  What the administration is actually doing is negotiating a deal with the Taliban to take over Afghanistan.  I feel really certain this is the case.   The Bergdahl father had a channel to the Taliban, and I think the administration wanted to use this “innocent” seeming channel to negotiate something far bigger.  All the rest is simply noise, but the noise is unfortunately terribly harmful to the families who have suffered over the Bergdahl matter, and the prisoners who remain prisoners, because the administration has no interest in them, the most obvious case, Alan Gross.

The State Department has rejected any exchange for Alan Gross.  See http://www.timesofisrael.com/us-state-dept-no-bergdahl-like-swap-for-alan-gross/

 

 

 

 

Tagged , , , ,

YOUR CAMERA IS ON, BEWARE!

Facebook says that it will be turning on your microphone on your smartphone –for what reason, we have no idea but can guess. Turning on cameras and microphones is becoming a huge problem.

YOUR CAMERA IS ON, BEWARE!

Szymon Sidor is a Polish-born software engineering genius currently working for Dropbox as an intern –before that he served two internships with Google working on Google Chrome ®  and Google Analytics ® . Now he is working on his PhD at MIT and he writes a blog called “Snacks for Your Mind.” Sidor’s latest “snack” is a demonstration of how the cameras on your Android ®  smartphone can be turned on without you knowing it, and sequential photos sent to a third party over the Internet. Along with the photos, data on your location is displayed in the intercept so you can be easily tracked. All this happens without any awareness by the phone user –the screen can either be turned off or on, it does not matter. Szymon  has gotten around the Android requirement to display any photo preview on the screen by reducing the preview to only one pixel, which you won’t notice even when your screen is on. On top of this, his solution has gone around Android’s notification that an APP is running, so you cannot even check to see if this brilliant piece of software “mal-engineering” is running.

Spying through cameras on smartphones and webcams on computers and laptops, as well as tablets, today is widespread. GCHQ,  Britain’s NSA, ran a program called “Optic Nerve.” Optic Nerve scanned live on line webcam chats on Yahoo and probably other chat services between 2008 and 2012. Many of these images were very personal ones, and could be used to either embarrass or blackmail users. Reports in the UK say that NSA engineers helped GCHQ develop the Optic Nerve program. Many have either claimed or speculated that one way the NSA and other U.S. spy agencies got around the prohibition of spying on Americans was to let a third party do it for them. A recent case involving a U.S. law firm representing Indonesian interests was bugged by the Australia Australian Signals Directorate. Special intelligence cooperation occurs under the “Five Eyes” program. The cooperating countries are the U.S., U.K., Australia, New Zealand and Canada.

News reports, based on the leaks of NSA information by Edward Snowden, says that GCHQ  stored millions of images gleaned from its webcam surveillance. These images can be retrieved in various ways, including the use of advanced face recognition systems, so seemingly unrelated video chats from different computers and with different names or web addresses, can be linked together. Obviously, when used correctly and legally, this is an important counter-terrorism tool. But when it is used as a political tool to harass to blackmail people, the consequences are different and corrosive. A problem the U.S. government still has, new legislation notwithstanding, is how to assure the proper use of information that can be very personal and completely unrelated to any counter terrorism or criminal activity.

It is not only the NSA or GCHQ that can spy on webcams. Marcus Thomas, a former assistant director of the FBI’s Operational Technology Division in Quantico,Virginia, told the Washington Post that the FBI could spy on anyone’s webcam without turning on the camera’s indicator light. While not all webcams have indicator lights, and many laptops do not have them at all, the indicator light is a nice security feature that tells you when the camera is active. Webcam spying is part of a suite of so-called Remote Access Tools or RATS. Thomas told the Post that the FBI has had these tools for years but uses “Rattingly” (the webcam spying tool) sparingly.

But camera spying is not at all limited to governments or official spy agencies and organizations. It is so widespread today that it has even spread to schools. Just this year Lower Merion Township, a classy suburb of Philadelphia, settled a lawsuit, brought by two students, paying them $610,000 in compensation. The crime? The school provided 2,300 MacBooks® to their students and installed spy software on them that snapped pictures of the students. Photos of the students included snaps of them at home, in bed, sometimes partially clothed. In one case the school claimed a student was “popping” pills: in fact he was eating candy.

“Sextortion” is a growing problem. What is Sextortion? Sextortion is the secret control of webcams or smartphone cameras to run extortion rackets against people. A major case gained notoriety in California where a now-20 year old Jared Abrahams ” illegally hacked into the laptops of several young women in the U.S. and abroad, then took control of their webcams in order to film and photograph them while they undressed” according to the FBI. The scam included web cam pictures of Miss Teen USA Cassidy Wolf, who was a classmate of Abrahams. “Abrahams threatened to post the images to the victim’s social media accounts unless the women provided additional nude photos/videos or obeyed his commands during a five-minute Skype session” Abrahams was convicted and got an 18 month jail sentence. In another case, a Glendale California man was sentenced to five years in federal prison Monday after pleading guilty in a sextortion case that targeted hundreds of women. Interpol announced the arrest of 58 persons in the Philippines for sextortion, including one case where a17-year-old victim committed suicide in July last year following blackmailing by the group. In fact, “The scale of these sextortion networks is massive, and run with just one goal in mind: to make money regardless of the terrible emotional damage they inflict on their victims,” says Sanjay Virmani, director of the Interpol Digital Crime Center.

Webcams and phone cams are also an important source for corporate spying. This works in two ways: companies and organizations spying on their own employees, and competitors and thieves spying on corporations. By being able to activate either a webcam or microphone on a PC, laptop or smartphone, intruders can listen in on sensitive meetings and conversations and even know where the meetings are held, who attended, and everything about what was discussed.

There are plenty of vendors selling spy software, some designed for “professional” business use and marketed as a way to track employees, such as a product for employee monitoring made by InterGuard. Such spying falls into a gray legal area, but once it goes onto a mobile device such as a smartphone or tablet it clearly intrudes on privacy outside of the work space. Even so, this is an unsettled area in U.S. law.  It is of course illegal to record a conversation without getting the permission of the person or persons being recorded, but keep in mind even web conferencing software allows for proceedings to be recorded and no permission is asked. These days there are hundreds of spying products to choose from, and the best of them facilitate surreptitious webcam and mobile cam spying.

Corporate spying can facilitate “insider” trading, where the “insider” is sitting outside but has privileged access to your webcam or mobile camera and microphone. No one knows the extent of financial manipulation and computer and smartphone spying going on that facilitates insider trading, stock exchange manipulation, and trading of sensitive investment and competitive information.

It is legal to sell spy software, just illegal to use it without permission outside the workplace, unless it is used to spy by parents on their minor children. Even this “permission” is fraught with difficulty, since other kids who are not related to the parents may well be captured while the parents spy on their children.

In short, there is an epidemic of webcam and smartphone camera monitoring and spying and such spying affects everyone. Our laws have a long way to go to catch up to the reality of this powerful attack on personal privacy.

What can you do? One “solution” often proposed is to cover up the webcam on your PC or laptop. This does stop the camera, but does nothing about the microphone, but it is a partial answer providing you remember to do it religiously. But with the number of devices in homes and offices, it is not simple to manage. And tablets and smartphones often have two cameras, one in front and one on the back. Covering both is awkward and probably unrealistic.

A second solution is to get positive control over cameras and microphones so malware and intruders can’t switch them on. One product for Android is Office Anti-Spy. It makes sure the cameras and microphones are turned off and nothing can be recorded. This solution trumps Szymon Sidor’s brilliant Android hack, and other RAT tools that try to control your device.

Most important of all is to realize that the world is seething with snoops, provocateurs and criminals. No one, neither school children, teenagers, adults, corporate tycoons or government officials can escape them or live in this world unnoticed.

Tagged , , , , ,

School Lunches and Healthy Food –Feeding Kids or Ideology

by Stephen Bryen

I love the taste of home or locally grown vegetables and I go out of my way to buy them.  But if you ask me to eat whole grain spaghetti, I will spit it out because it does not taste like good pasta.  It tastes like grit.  Because I am an adult (it is illegal to know my real age), I can decide for myself what I want to eat.  That is not the case for kids in school.

Kids in school who buy or take school lunches are being victimized by our nation’s First Lady, who is trying to shove so-called healthy food down their pretty throats.  Of course, kids know what to do when they are confronted with something they don’t want –they trash it.  And school trashcans, already pretty full from the poor tasting grub served in our nation’s lunchrooms, are now full to overflowing as kids throw out what they don’t want or like.

So why should I have an opinion on this?  My kids are already grown up and don’t eat school lunches –in fact they almost never did, because we packed lunches for them which they liked a whole lot better.

For a little less than a decade one of my jobs working for a U.S. Senator was to look after the school lunch program and to help my senator pioneer the school breakfast program.  I worked with the Senate Nutrition Committee, and the Committee on Agriculture, and wrote many of the amendments that were passed into law some years back.

Generally I was proud of my work.  The idea behind the school lunch program was to make sure children got a solid meal to eat and a glass of milk (or carton of milk) to drink.  And we promoted the school breakfast program because a lot of kids were coming to school hungry, and when you are hungry or just had a donut or bowel of fruit loops for breakfast at home, if that, then you could not concentrate on anything except your appetite.  School breakfast was designed to make sure that all the kids at school started the day off properly nourished, with a meal that included protein and carbohydrates and had good vitamin and mineral content.

In short, government support for the school lunch program was to make sure kids got the proper nutrition.

And even back then, the controversy started.  One of the first targets was Hostess Twinkies, a sugar-laden cake that was put out along with the other breakfast items.  We held a special hearing on Twinkies, and how Twinkies was about to destroy all that is good and decent in America, including breakfast.  During that hearing there was a large bowel of Twinkies on display, and Senator Hubert Humprey, was co-chaired the Senate Nutrition Committee, reached in and started munching on the Twinkies.  This while the under-attack Twinkie people were defending their product.  The audience, watching Humphrey chewing away, got the point that the Committee was not going to try and stop the sale of Twinkies.

Around the same time, a Rutgers University professor came to see me and he brought me a rather good sized jelly donut.  Jelly donuts are my weakness, and maybe he knew that, maybe not, but he offered it and I happily ate it.  Then he asked me what I thought –and I told him I liked it.  And he asked, suppose I told you it has almost 40% of all the nutrients you need in any day, including protein, vitamins, minerals, amino acids –everything.  Naturally, I was excited.  We could feed the kids milk, some scrambled eggs and a donut and they would be well nourished, their bodies would grow, their bones would be stronger, and they would have (unfortunately perhaps) unbounded energy.

So I took the donut idea to the Department of Agriculture (which is responsible for the lunch and breakfast programs) and they took it to some of the advocacy groups supporting those programs. Quelle Horreur! Giving sugar to kids?  Are you crazy?  But said I, the kids will eat the donuts and get stronger, healthier, even wiser.  But I had crossed the Rubicon, because clearly they were trying to foist so-called healthy food on kids, they did not care it would end up in the trash.

And we are now, as Yogi Berra would say, in a Deja vu all over again situation.   Michelle Obama, the Department of Agriculture and the “healthy food” advocates have learned nothing.  They opt for stuffing healthy foods into the mouths of babes who don’t want it.

I don’t think we should let ideology trump purpose.  The purpose of these government subsidized programs is not to “teach” anyone anything.  It is to get good  food into the mouths of children when they need it most. Which means it has to be food they will eat and enjoy even if there is some refined carbohydrates or white sugar in it.  In my opinion the high octane jelly donut is better than a child not eating, in fact a lot better.

 

To have a look at what these “healthy” lunches actually look like, see what the kids are tweeting 

 

Tagged , , , , ,

Ukraine –You Don’t Need to See the End of the Movie

by Stephen Bryen

You don’t need to see the end of the movie to know that the Ukrainian government, faced with an imminent loss of the Eastern Ukraine with the valuable Donetsk region of the country, will soon collapse. Neither all the king’s horses, nor all the kings men, can put the Ukraine back together again. In fact there are no king’s horses or men. The Ukrainian Army is a hollow shell, disorganized, with virtually no logistical support, and with decrepit and inferior equipment. Russian forces, or proxy forces, will run right over them.

Today Putin has all the options, the Ukraine government has almost none.

For all the hot air blasted around by our failed Secretary of State John Kerry, and his boss, President Obama, there is no allied or NATO interest in assisting or stabilizing Ukraine. In fact, the preponderance of view among our allies is simply to tolerate Putin’s moves. Europe, on the whole, does not support sanctions, partly because they are inconvenient and potentially dangerous (Putin could cut off natural gas deliveries to Europe), but mostly because sanctions are irrelevant.

The United States did not propose any form of military action, even minimal action, to protect Ukraine. So Kerry and Obama are seen as vacuous pundits who want to sound tough but don’t want to do anything. Why should Europe risk anything for an empty policy like that?

Indeed, U.S. policy in the Middle East, Persian Gulf, South America, and Asia is a disaster. Ask the King of Saudi Arabia, the Prime Minister of Israel, the interim President of Egypt, the Japanese Prime Minister. All of them understand that being a friend of the United States is dangerous and costly these days.

If the U.S. had been serious about Ukraine it could have (1) shipped armaments to the Ukrainians; (2) provided military and logistical support; (3) mobilized NATO by demanding action by NATO; (4) demanded action by the UN Security Council, (5) threatened Russian assets like Cuba. None of these things have been done largely because this is an administration of crocodile tears, not one with anything resembling a security outlook. While Ukraine is boiling, Iraq and Afghanistan are crumbling, and the President is off in Asia assuring our current-day partners there we are on their side. They should be running for cover.

(Obviously Russia has veto power in the UN Security Council. The point is demanding a session and making clear the violations of sovereignty perpetrated by the Russians would clearly cause grave discomfort to Putin. Don’t worry, has not happened and if it does not it is probably too late.)

Is Ukraine in the national security interest of the United States. For sure we have no treaty relationships that require the U.S. to protect Ukraine. If Russia conquerors and digests all of Ukraine, from the perspective of any obligations on Ukraine, we are not obliged to help them.

We are obliged, however, to be concerned, very concerned, about NATO and our responsibilities in that context. Right now we are faced with a test by the Russians who are expanding once again. Letting it happen without a response is like inviting Hitler to have another cup of tea. There is too much risk, even for the Russians, who will get caught up in the kind of euphoria that propelled the Nazis to trample on all of Europe, murdering millions. A Russia gone berserk is very much not in anyone’s interest. Thus it follows that Russia must be challenged now, because the future consequences in the nuclear age are too high risk.

The Obama administration has had more than enough time to figure out what to do. By now the administration could have laid before the President a host of options that could have presented the Russians with real consequences. No such steps have been taken.

So we will soon see the collapse of the Ukrainian government. It will be replaced by a pro-Russian leader. Eastern Ukraine will be made autonomous, and its control will be 100% in the hands of the Russians. All of this is an interim step. In a short while the Ukraine will “vote” to re-federate with Russia. It will cease to exist as an independent country. That is the end of the movie.

Tagged , , , , , ,
Follow

Get every new post delivered to your Inbox.

Join 1,785 other followers