Deep Panda: Chinese Leaders Want to Reap the Benefits of Cyber Spying But They Will End Up Depressed

by Stephen Bryen

China shifted its focus from spying on the countries around China to spying on Iraq according to cyber experts who follow Chinese hacking. Called “Deep Panda” it appears China’s leaders were trying to figure out what the United States was going to do about the Iraqi situation after ISIS seized over a third of Iraqi territory. To get answers, the Chinese Deep Panda folks targeted the top strategic think tanks in Washington to try and get answers.

It has long been the case that China’s “official” hackers targeted U.S. government organizations and institutions. But focusing on Think Tanks is something that is, apparently, new.

One presumes that the Chinese wanted to read the emails, texts and opinion pieces of the experts to try and estimate America’s strategic posture to Iraq. While we don’t know the Think Tanks the Chinese targeted, it is likely they chose the ones they feel are most closely aligned with the current administration because their experts would have close ties to Obama’s National Security Council, Pentagon, CIA, State Department and, possibly, to other “insiders” who use the Think Tanks as sounding boards.

Foreign governments with representation in Washington generally devote a lot of effort to gleaning policy information, and it is easier for them to talk to outsiders in Think Tanks then to get appointments with actual decision makers. China, like Russia, and all the friendlier countries (UK, Japan, Israel and many others) collect information and send it home.

But China opted for collecting information by hacking, than by meeting Think Tank specialists. Why?

By relying on a secret operation to steal information China’s leaders probably thought they might find out much more than Think Tank specialists were willing to tell them. China is not in good odor today, even with the liberal Think Tanks that support Obama. That’s is because China is a growing power and increasingly a threat to American interests, of course. But the bigger reason is that China’s increasingly poor track record on human rights and freedom is offensive both to liberal and conservative thinkers in Washington. If a Chinese official, even one who approaches a Think Tank as an ostensibly independent academic, seeking information is likely to find himself or herself accosted about complaints of China’s behavior against dissidents and minorities. From China’s perspective, this means low productivity in garnering needed information. Thus there is good reason to believe that China needs to steal information because it cannot get it through “normal” channels.

China almost certainly has been following the contacts of Think Tank experts with administration officials for years. China maintains a sophisticated cyber-hacking capability with all the latest technology. The incorrigible sloppiness of Americans toward their own security is certainly well known to the Chinese, and it goes without saying they exploit it. The blabbermouths on cellphones, Twitter, Facebook, LinkedIn and everywhere else not only provides timely information on specific policy subjects to the Chinese, but they can very easily connect the dots and figure out who is connected to whom and which relationships are the most productive ones to follow. A Think Tank leader, therefore, will be known by much more than what he or she says; the Chinese will know his best connections, his reliability as a source, and his influence in decision making circles. The rapid shift of operational hacking resources to find out about Iraq, therefore, was quite easy for the Chinese, because they already previously mapped the network and only needed to probe more deeply and urgently to get answers to specific questions they had.

China is a relatively big industrial player in Iraq. Iraq is China’s fifth-largest overseas oil supplier, behind top producer Saudi Arabia, and China as an imported oil consumer is larger than the United States. Unlike the United States, however, China has no military capability of any significance in the Middle East and cannot assure either the stability of oil-supplying regimes nor can they protect the sea lines of communication (SLOC) that bring the oil to China’s refineries. Ironically, while China is in the midst of a significant military build up challenging U.S. interests in Asia, China is depending entirely on the U.S. for its vital oil supplies. While Americans don’t recognize it, a big part of our defense budget directly benefits China in this way while, at the same time, China is assiduously stealing American defense secrets in an unparalleled, brazen manner.

While China could live without Iraq’s oil, and can afford even to lose the $3 billion or so it has invested in Iraqi oil projects, the main Chinese interest is the risk that an out of control Iraq will lead to a general political collapse even beyond Iraq’s borders. A blow up in Saudi Arabia, for example, would create chaos in China and might well spell the end of China’s neo-Communist government.

This is the same threat that, naturally, concerns the U.S. and its European allies. But, if the Chinese have been listening carefully, as they have, they won’t be very happy with what they are hearing through their hacking channels. Right now any effective military response by the United States seems rather unlikely, and it is complicated even further by the foolish moves by the administration to try and use the Iranians and Syrians as proxies (along with Hezbollah) to bail them out of the ISIS onslaught. All this moronic move will achieve is to further frighten Saudi Arabia and push them into ISIS’s outstretched but wicked arms.

In short, China’s leaders have good reason to be depressed. America is not coming to their rescue on a white horse. And China has made almost all the wrong bets in the Middle East.

Tagged , , ,

Is the Supreme Court Cellphone Decision A Bad Decision?

By Stephen Bryen
 
The Supreme Court decision on cellphones, Riley versus California, may seem like an open and shut case because the Court unanimously found that when a person is arrested a cellphone may not be searched without a warrant.   But the seemingly unanimous decision may have more fissures and cracks than most people think, and it is far from certain that in the long run that the much touted “victory” for privacy will, in fact, be sustained either by the Court itself or by Congress and State legislatures.
 
The essence of Riley versus California, and a companion case, U.S. versus Brima Wurie, is that an arresting officer or officers cannot search a person’s cellular phone without obtaining a warrant.  Riley was stopped by a police officer driving with expired number tags.  When stopped the officer found that Riley also had a suspended driver’s license. The car was impounded and searched and guns were found hidden under the car’s hood.  A search of the cell phone turned up a connection between Riley and a street gang and photographs of Riley standing in front of a car that was involved in a shooting a few weeks earlier. Riley was charged, among other things with attempted murder and was convicted with a 15 years to life sentence.  His appeal was based on the fact that the search of his cell phone violated his Fourth Amendment rights.
 
Wurie was picked up in a routine surveillance where the arresting officer thought that a drug sale was taking place.  Wurie had two cell phones that were searched and this led to a location and photos.  The search of the location, an apartment, yielded crack cocaine, weapons and drug paraphernalia.   Wurie was convicted of distributing drugs.  The search of the apartment was covered by an appropriate warrant.  Wurie got 262 months in prison but appealed that the information improperly taken from his cell phones should have been suppressed.
 
The Court needed to consider whether, in fact, the Constitutional rights of the two litigants were violated.  In the Riley case, the decision by the Supreme Court probably frees Riley from a 15 year to life sentence.  In the case of Wurie, he could not be convicted of selling drugs because of lack of proof and would need to be released.
 
It follows, therefore, that the Supreme Court decision in these two cases has a profound impact on law enforcement, and even though the Court reached a unanimous decision, there are a host of problems embedded in the decision, including the danger to society of releasing criminals from jail.
 
The Court did not say that cellphones cannot be searched.  What the Court said is that you need a warrant, in most (but not all) cases before a phone can be searched.
 
Warrants are issued based on probable cause.  The arresting officer or his superiors needs to convince a judge to issue a warrant.  Warrant requests are rarely denied, although a judge may try and narrow the scope of the warrant in certain ways or ask questions before a warrant is issued.  In a Texas case last year Federal Magistrate Judge Stephen Smith in Houston denied a request by the FBI to remotely hack a computer by planting spy software on it.  His action did not completely block the FBI, but it created legal a problem because the Judge wanted to know how to supervise the collecting of information obtained in this way to make sure it was pertinent to a case said to involve alleged bank fraud and identity theft.  Among other things the FBI wanted to remotely control the computer’s webcam. 
 
The Supreme Court, in its unanimous decision, also recognized that there were circumstances when a warrant might not be needed at all when a phone was seized.  For example, the Court noted that if there could be information on a phone that would warn officers of impending danger from associates of the person arrested, the phone could be searched.  This “concession” is a mess for law enforcement.  If they search a phone without a warrant feeling there is an impending danger and find nothing, are they guilty of an illegal search? What is to be done with evidence they may find of criminal activity, but not anything threatening of law enforcement officers?  What if the threat was to the public –e.g., a terrorist attack or other plot against either individuals or groups or sensitive locations? Must the officers abandon this information?  And finally, if they find evidence of criminal activity but not of impending threat to the officers, have they conducted an illegal search and must they abandon any prosecution based on such evidence?
 
In respect to certain categories of crime, murder, terrorism, kidnapping, rape –the Court needs to revisit its decision.  When serious threats are involved, law enforcement should not have to wait for a warrant.  This, it seems, is what Justice Samuel Alito was trying to get at in partially concurring with the other Supreme Court Justices in deciding these cases.  There is little doubt that Justice Alito was uncomfortable and he urged (State) legislatures to enact legislation that draws reasonable distinctions “based on categories of information or perhaps other variables” because, as he says, cell phones pose “new and difficult enforcement problems.”  Justice Alito warns against “using the blunt instrument of the Fourth Amendment” in deciding these matters and points out that the Supreme Court “is poorly positioned to understand and evaluate” these matters.
 
Justice Alito, unfortunately, did not follow through his logic and reach suitable conclusions that properly protect our society.  In fact, one can argue that the unanimous decision of the Supreme Court may create immense risks by creating confusion within law enforcement and in the courts which undermines civil protection and homeland security.
 
The truth is that the Supreme Court’s decision in these cases leads to less safety for citizens, even though its intent was to protect privacy.  The Courts need to recognize that there is a difference between privacy and criminality, and the level and type of threat needs to be part of any Court decision.  At the end of the day, these Supreme Court decisions, universally hailed as a good thing, are probably the reverse.
Tagged , , , , , , , ,

Iraq– A National Security Disaster

Iraq is in crisis, and the crisis is fatal.  The administration, without any support at all from the American people, is privately asking the Iranians to help the Iraqi regime.  The Iranians will extract a huge price, but in fact Iran cannot do anything much to help the rapidly collapsing situation.  Iraq is no longer a single country –what it will actually become is still in doubt.

All of this has been brought about largely through the deliberate ignorance of  the current administration.  Thinking they somehow could defeat Saddam and, following that, al-Qaeda in Iraq, Obama pulled U.S. troops out of the country and declared victory.

From the start the post Saddam reconstituted Iraq state did not have a chance.  To begin with there are massive sectarian hatreds that are still sorting out.   U.S. training and equipment supply to Iraq’s army and police made it look like we were accomplishing something.  But no one asked the obvious questions: are the Iraqi military and police coherent organizations and will they fight for the new government?  The answer is now crystal clear.  The military and police did not fight.  The only fighting force willing to fight, outside of the Sunni al-Qaeda like insurgents,  are the Kurdish forces.  The Kurds, who have always been despised by Washington because their cause was not “convenient”, have a real territorial claim, a genuine sense of identity, and deep historical ties to the land.  They are not, unlike all the other players, the pawn of some foreign regime (whether American, Saudi, Turkish, Syrian or Iranian).

The goal of the al-Qaeda-like insurgency is to create a Caliphate that will stretch across Syria, Iraq and Jordan for starters.  If they are successful they will form a powerful and dangerous force.  They are determined, very well equipped (and now helping themselves to stores of equipment and ammunition generously provided by the American taxpayer),  rich, absolutely ruthless and inflexible in the extreme.

These are Islamic Jihadis.  They are the same people the Obama administration has been playing footsie with for far too long, destabilizing the Middle East, alienating virtually all the allies we have in the region. Single handedly the Obama administration has destroyed America’s relationship with Egypt, made a total mess of their constant pounding on Israel, and showed themselves as both toothless and worthless at every turn.  The constant hectoring by both former Secretary of State Clinton and her successor, the none-too-adept, John Kerry have just poured napalm onto the fire.  The President, who has a strange romantic notion about Islam and Muslims, has made it far worse.  By now he has lost the respect of the foreign leaders he needs to work with, such as Merkel in Germany and Putin in Russia.   So too has his “team” been discredited.  Senator John McCain has gone so far as to call for the resignation of the entire National Security Council.  He should extend his argument to large parts of the State Department and CIA, who have proven themselves unsuitable to run U.S. national security policy.

Should the Jihadists get control of Baghdad, their next task will be to try and consolidate territorial gains.  This may take some time and it will mean that the lower third of Iraq, which is Shi’ia, probably will form an independent breakaway state.  The Kurds too will have virtual independence.

So what should the U.S. do.  By all means there is no chance at this late moment to defend a failed government in Baghdad which is currently under practical Shi’ia control.  The remnants of the Baghdad government will probably retreat to the south and try and reestablish itself in Basra (itself a key oil port).  Whether it can do so, and get the backing of the various Shi’ia factions, some pro-Iranians, others not, is far from certain.

The Pentagon must vigorously resist any proposed suicide-type military missions to save and unsaveable Baghdad government.

The Kurds will probably, under these circumstances, declare their independence.  If the U.S. was smart, which is in serious doubt, it would recognize a Kurdish state provided agreement can be reached on boundaries, especially the sensitive boundary with Turkey, which has a large, restless, Kurdish population.

Jordan and Israel also need to be more strongly supported.  If Jordan comes under Jihadi attack, as seems highly probable, Jordan may need help.  Israel has bailed out Jordan before, most notably in 1970 when the Syrians threatened King Hussein.  They may need to help again by providing tactical support and real time intelligence.

It bears mentioning that Israel also has to be prepared for a Palestinian threat, from Hamas and from the now clearly compromised West Bank government.

The U.S. also has to significantly improve its tattered relationship with Egypt.  Like it or not, Egypt is a big power.  If it is cast adrift, as now seems the case, it will inevitably be another tinder box for the Jihadis.

America’s relationship to Saudi Arabia also is in a mess.  The Saudis feel they were not really supported in the fight in Syria, which is true.  But even worse has been the U.S. policy to Iran, which has left the Saudis totally exposed to nuclear extortion.  Anyone who believes the nuclear deal in Iran is real probably also likes smoking dope.   We need to realize that thanks to our machinations with the Iranians, Saudi Arabia’s stability and its future is now deeply in doubt.

Finally we have to realize that this is a massive defeat for the United States which put all its support into the Baghdad government.  The U.S. defeat is well understood in the region, and will trigger trouble far and wide.

 

 

 

 

Tagged , , , , , , , , , ,

Bergdahl and Alan Gross, the One Who Did Not Walk Away

I have been trying to stay away from the story of Army Sgt. Bowe Bergdahl, the chap who we traded Taliban murderers for, and who knows what else.

The spin doctors tried to put out a story that the Sargent’s health was rapidly declining and that freeing him was an urgent matter for the administration.  They also characterized, and continue to say, that Bergdahl fell into the hands of the enemy while he was on patrol, leaving open the suggestion that either he was in the front or at the rear of a line of soldiers on patrol in the wilderness of Afghanistan.

But it seems that story was false.  The truth is that Bergdahl was not on patrol.  He had been on guard duty around a FOB, or Forward Operating Base. and seems to have disappeared shortly after completing his guard assignment.   According to what his comrades at the outpost say, Bergdahl left behind his weapon and his body armor, all arranged in a neat stack, and walked off, taking with him only his compass.   Where would he have been going in the middle of the night?

It would seem likely that either Bergdahl knew more or less where the “enemy” was, or he had some prior contact perhaps through a third party to give him instructions on what to do and where to go and who to meet. We don’t know that any of this is the case, but it seems bizarre to just wander off and take your chances, since the perimeter of this FOB was far from secure and all the soldiers on the base knew that they were in harm’s way.

So too does the story seem false that the trade was made for Bergdahl because he was ill.  The administration has suggested that he lost a lot of weight, or that he was suffering some incurable illness.

The Associated Press reports as follows on the health issue: ” ‘Had we waited and lost him,’ said national security adviser Susan Rice, ‘I don’t think anybody would have forgiven the United States government.’ She said he had lost considerable weight and faced an “acute” situation. Yet she also said he appeared to be ‘in good physical condition.’ “

If he was in good physical condition, then we are to suppose he had a mental problem?  How could that be diagnosed in conversations with a kid who in talking to his father only spoke in Pashto, claiming he had “forgotten” English, his native language?

The AP also reports that  two administration officials said that the Taliban may have been concerned about his health, as well, since the U.S. had sent the message that it would respond harshly if any harm befell him in captivity.

There is a serious problem with what the unidentified administration officials are saying.  Bergdahl was not a prisoner of the Taliban.  He was a “prisoner” of the Haqqani Network.  While the Taliban and the Haqqani Network sometimes work together, the Haqqani is also closely linked to al-Qaeda and is probably the organization that facilitated Osama bin Laden’s transfer from Afghanistan to Pakistan.   So it is fair to ask, what did the Haqqani network get out of the deal with Washington?  Certainly not the release of five Taliban terrorists.  Was it money?  Or something else?

Finally, the AP reports that in 2010 the Defense Department concluded that Bergdahl walked away from his post, and this led to a decision to call off the active hunt for him.  Instead of rescuing him, says the AP, the Defense Department would use only diplomatic means to get him released if at all possible.

The release of terrorists in exchange for a U.S. soldier paints a target on the back of every American soldier.  The Taliban, well aware of their great victory over the United States and the American military, are making their success loud and clear.  Every tin horn terrorist now knows that he (or she) can benefit by snagging an American soldier.

Today there are Americans who are incarcerated where, it seems, the administration has done nothing.  The case of Alan Gross, who worked for the State Department, is a case in point.  He was “convicted” and thrown into a Cuban prison in 2009.  It would be easy to get him back if we traded some jailed Cuban spies in the U.S. for him.  But the administration, despite the pleas of the Gross family and many in the Jewish community who worked with Alan trying to aid Jews in Cuba,  has not brought Alan home.  He was working for them and he did not walk away.

 

Addendum: I want to call reader’s attention to a devastating story carried in the London Daily Mail newspaper.  The story tells of an Army officer who died trying to “rescue” Bergdahl from his captors in 2009. http://www.dailymail.co.uk/news/article-2646345/EXCLUSIVE-Outraged-parents-officer-died-searching-deserter-Bergdahl-hit-Obama-cover-just-like-Benghazi-claiming-told-LIES-hero-son-died.html

Also please visit http://www.bringalanhome.org –this is the website to help free Alan Gross.  He deserves to be free.

There is one further point that needs to be made.  The “freeing” of Bergdahl is obviously a cover for something else.  Bergdahl is a little fish in a much bigger pond.  What the administration is actually doing is negotiating a deal with the Taliban to take over Afghanistan.  I feel really certain this is the case.   The Bergdahl father had a channel to the Taliban, and I think the administration wanted to use this “innocent” seeming channel to negotiate something far bigger.  All the rest is simply noise, but the noise is unfortunately terribly harmful to the families who have suffered over the Bergdahl matter, and the prisoners who remain prisoners, because the administration has no interest in them, the most obvious case, Alan Gross.

The State Department has rejected any exchange for Alan Gross.  See http://www.timesofisrael.com/us-state-dept-no-bergdahl-like-swap-for-alan-gross/

 

 

 

 

Tagged , , , ,

YOUR CAMERA IS ON, BEWARE!

Facebook says that it will be turning on your microphone on your smartphone –for what reason, we have no idea but can guess. Turning on cameras and microphones is becoming a huge problem.

YOUR CAMERA IS ON, BEWARE!

Szymon Sidor is a Polish-born software engineering genius currently working for Dropbox as an intern –before that he served two internships with Google working on Google Chrome ®  and Google Analytics ® . Now he is working on his PhD at MIT and he writes a blog called “Snacks for Your Mind.” Sidor’s latest “snack” is a demonstration of how the cameras on your Android ®  smartphone can be turned on without you knowing it, and sequential photos sent to a third party over the Internet. Along with the photos, data on your location is displayed in the intercept so you can be easily tracked. All this happens without any awareness by the phone user –the screen can either be turned off or on, it does not matter. Szymon  has gotten around the Android requirement to display any photo preview on the screen by reducing the preview to only one pixel, which you won’t notice even when your screen is on. On top of this, his solution has gone around Android’s notification that an APP is running, so you cannot even check to see if this brilliant piece of software “mal-engineering” is running.

Spying through cameras on smartphones and webcams on computers and laptops, as well as tablets, today is widespread. GCHQ,  Britain’s NSA, ran a program called “Optic Nerve.” Optic Nerve scanned live on line webcam chats on Yahoo and probably other chat services between 2008 and 2012. Many of these images were very personal ones, and could be used to either embarrass or blackmail users. Reports in the UK say that NSA engineers helped GCHQ develop the Optic Nerve program. Many have either claimed or speculated that one way the NSA and other U.S. spy agencies got around the prohibition of spying on Americans was to let a third party do it for them. A recent case involving a U.S. law firm representing Indonesian interests was bugged by the Australia Australian Signals Directorate. Special intelligence cooperation occurs under the “Five Eyes” program. The cooperating countries are the U.S., U.K., Australia, New Zealand and Canada.

News reports, based on the leaks of NSA information by Edward Snowden, says that GCHQ  stored millions of images gleaned from its webcam surveillance. These images can be retrieved in various ways, including the use of advanced face recognition systems, so seemingly unrelated video chats from different computers and with different names or web addresses, can be linked together. Obviously, when used correctly and legally, this is an important counter-terrorism tool. But when it is used as a political tool to harass to blackmail people, the consequences are different and corrosive. A problem the U.S. government still has, new legislation notwithstanding, is how to assure the proper use of information that can be very personal and completely unrelated to any counter terrorism or criminal activity.

It is not only the NSA or GCHQ that can spy on webcams. Marcus Thomas, a former assistant director of the FBI’s Operational Technology Division in Quantico,Virginia, told the Washington Post that the FBI could spy on anyone’s webcam without turning on the camera’s indicator light. While not all webcams have indicator lights, and many laptops do not have them at all, the indicator light is a nice security feature that tells you when the camera is active. Webcam spying is part of a suite of so-called Remote Access Tools or RATS. Thomas told the Post that the FBI has had these tools for years but uses “Rattingly” (the webcam spying tool) sparingly.

But camera spying is not at all limited to governments or official spy agencies and organizations. It is so widespread today that it has even spread to schools. Just this year Lower Merion Township, a classy suburb of Philadelphia, settled a lawsuit, brought by two students, paying them $610,000 in compensation. The crime? The school provided 2,300 MacBooks® to their students and installed spy software on them that snapped pictures of the students. Photos of the students included snaps of them at home, in bed, sometimes partially clothed. In one case the school claimed a student was “popping” pills: in fact he was eating candy.

“Sextortion” is a growing problem. What is Sextortion? Sextortion is the secret control of webcams or smartphone cameras to run extortion rackets against people. A major case gained notoriety in California where a now-20 year old Jared Abrahams ” illegally hacked into the laptops of several young women in the U.S. and abroad, then took control of their webcams in order to film and photograph them while they undressed” according to the FBI. The scam included web cam pictures of Miss Teen USA Cassidy Wolf, who was a classmate of Abrahams. “Abrahams threatened to post the images to the victim’s social media accounts unless the women provided additional nude photos/videos or obeyed his commands during a five-minute Skype session” Abrahams was convicted and got an 18 month jail sentence. In another case, a Glendale California man was sentenced to five years in federal prison Monday after pleading guilty in a sextortion case that targeted hundreds of women. Interpol announced the arrest of 58 persons in the Philippines for sextortion, including one case where a17-year-old victim committed suicide in July last year following blackmailing by the group. In fact, “The scale of these sextortion networks is massive, and run with just one goal in mind: to make money regardless of the terrible emotional damage they inflict on their victims,” says Sanjay Virmani, director of the Interpol Digital Crime Center.

Webcams and phone cams are also an important source for corporate spying. This works in two ways: companies and organizations spying on their own employees, and competitors and thieves spying on corporations. By being able to activate either a webcam or microphone on a PC, laptop or smartphone, intruders can listen in on sensitive meetings and conversations and even know where the meetings are held, who attended, and everything about what was discussed.

There are plenty of vendors selling spy software, some designed for “professional” business use and marketed as a way to track employees, such as a product for employee monitoring made by InterGuard. Such spying falls into a gray legal area, but once it goes onto a mobile device such as a smartphone or tablet it clearly intrudes on privacy outside of the work space. Even so, this is an unsettled area in U.S. law.  It is of course illegal to record a conversation without getting the permission of the person or persons being recorded, but keep in mind even web conferencing software allows for proceedings to be recorded and no permission is asked. These days there are hundreds of spying products to choose from, and the best of them facilitate surreptitious webcam and mobile cam spying.

Corporate spying can facilitate “insider” trading, where the “insider” is sitting outside but has privileged access to your webcam or mobile camera and microphone. No one knows the extent of financial manipulation and computer and smartphone spying going on that facilitates insider trading, stock exchange manipulation, and trading of sensitive investment and competitive information.

It is legal to sell spy software, just illegal to use it without permission outside the workplace, unless it is used to spy by parents on their minor children. Even this “permission” is fraught with difficulty, since other kids who are not related to the parents may well be captured while the parents spy on their children.

In short, there is an epidemic of webcam and smartphone camera monitoring and spying and such spying affects everyone. Our laws have a long way to go to catch up to the reality of this powerful attack on personal privacy.

What can you do? One “solution” often proposed is to cover up the webcam on your PC or laptop. This does stop the camera, but does nothing about the microphone, but it is a partial answer providing you remember to do it religiously. But with the number of devices in homes and offices, it is not simple to manage. And tablets and smartphones often have two cameras, one in front and one on the back. Covering both is awkward and probably unrealistic.

A second solution is to get positive control over cameras and microphones so malware and intruders can’t switch them on. One product for Android is Office Anti-Spy. It makes sure the cameras and microphones are turned off and nothing can be recorded. This solution trumps Szymon Sidor’s brilliant Android hack, and other RAT tools that try to control your device.

Most important of all is to realize that the world is seething with snoops, provocateurs and criminals. No one, neither school children, teenagers, adults, corporate tycoons or government officials can escape them or live in this world unnoticed.

Tagged , , , , ,

School Lunches and Healthy Food –Feeding Kids or Ideology

by Stephen Bryen

I love the taste of home or locally grown vegetables and I go out of my way to buy them.  But if you ask me to eat whole grain spaghetti, I will spit it out because it does not taste like good pasta.  It tastes like grit.  Because I am an adult (it is illegal to know my real age), I can decide for myself what I want to eat.  That is not the case for kids in school.

Kids in school who buy or take school lunches are being victimized by our nation’s First Lady, who is trying to shove so-called healthy food down their pretty throats.  Of course, kids know what to do when they are confronted with something they don’t want –they trash it.  And school trashcans, already pretty full from the poor tasting grub served in our nation’s lunchrooms, are now full to overflowing as kids throw out what they don’t want or like.

So why should I have an opinion on this?  My kids are already grown up and don’t eat school lunches –in fact they almost never did, because we packed lunches for them which they liked a whole lot better.

For a little less than a decade one of my jobs working for a U.S. Senator was to look after the school lunch program and to help my senator pioneer the school breakfast program.  I worked with the Senate Nutrition Committee, and the Committee on Agriculture, and wrote many of the amendments that were passed into law some years back.

Generally I was proud of my work.  The idea behind the school lunch program was to make sure children got a solid meal to eat and a glass of milk (or carton of milk) to drink.  And we promoted the school breakfast program because a lot of kids were coming to school hungry, and when you are hungry or just had a donut or bowel of fruit loops for breakfast at home, if that, then you could not concentrate on anything except your appetite.  School breakfast was designed to make sure that all the kids at school started the day off properly nourished, with a meal that included protein and carbohydrates and had good vitamin and mineral content.

In short, government support for the school lunch program was to make sure kids got the proper nutrition.

And even back then, the controversy started.  One of the first targets was Hostess Twinkies, a sugar-laden cake that was put out along with the other breakfast items.  We held a special hearing on Twinkies, and how Twinkies was about to destroy all that is good and decent in America, including breakfast.  During that hearing there was a large bowel of Twinkies on display, and Senator Hubert Humprey, was co-chaired the Senate Nutrition Committee, reached in and started munching on the Twinkies.  This while the under-attack Twinkie people were defending their product.  The audience, watching Humphrey chewing away, got the point that the Committee was not going to try and stop the sale of Twinkies.

Around the same time, a Rutgers University professor came to see me and he brought me a rather good sized jelly donut.  Jelly donuts are my weakness, and maybe he knew that, maybe not, but he offered it and I happily ate it.  Then he asked me what I thought –and I told him I liked it.  And he asked, suppose I told you it has almost 40% of all the nutrients you need in any day, including protein, vitamins, minerals, amino acids –everything.  Naturally, I was excited.  We could feed the kids milk, some scrambled eggs and a donut and they would be well nourished, their bodies would grow, their bones would be stronger, and they would have (unfortunately perhaps) unbounded energy.

So I took the donut idea to the Department of Agriculture (which is responsible for the lunch and breakfast programs) and they took it to some of the advocacy groups supporting those programs. Quelle Horreur! Giving sugar to kids?  Are you crazy?  But said I, the kids will eat the donuts and get stronger, healthier, even wiser.  But I had crossed the Rubicon, because clearly they were trying to foist so-called healthy food on kids, they did not care it would end up in the trash.

And we are now, as Yogi Berra would say, in a Deja vu all over again situation.   Michelle Obama, the Department of Agriculture and the “healthy food” advocates have learned nothing.  They opt for stuffing healthy foods into the mouths of babes who don’t want it.

I don’t think we should let ideology trump purpose.  The purpose of these government subsidized programs is not to “teach” anyone anything.  It is to get good  food into the mouths of children when they need it most. Which means it has to be food they will eat and enjoy even if there is some refined carbohydrates or white sugar in it.  In my opinion the high octane jelly donut is better than a child not eating, in fact a lot better.

 

To have a look at what these “healthy” lunches actually look like, see what the kids are tweeting 

 

Tagged , , , , ,

Ukraine –You Don’t Need to See the End of the Movie

by Stephen Bryen

You don’t need to see the end of the movie to know that the Ukrainian government, faced with an imminent loss of the Eastern Ukraine with the valuable Donetsk region of the country, will soon collapse. Neither all the king’s horses, nor all the kings men, can put the Ukraine back together again. In fact there are no king’s horses or men. The Ukrainian Army is a hollow shell, disorganized, with virtually no logistical support, and with decrepit and inferior equipment. Russian forces, or proxy forces, will run right over them.

Today Putin has all the options, the Ukraine government has almost none.

For all the hot air blasted around by our failed Secretary of State John Kerry, and his boss, President Obama, there is no allied or NATO interest in assisting or stabilizing Ukraine. In fact, the preponderance of view among our allies is simply to tolerate Putin’s moves. Europe, on the whole, does not support sanctions, partly because they are inconvenient and potentially dangerous (Putin could cut off natural gas deliveries to Europe), but mostly because sanctions are irrelevant.

The United States did not propose any form of military action, even minimal action, to protect Ukraine. So Kerry and Obama are seen as vacuous pundits who want to sound tough but don’t want to do anything. Why should Europe risk anything for an empty policy like that?

Indeed, U.S. policy in the Middle East, Persian Gulf, South America, and Asia is a disaster. Ask the King of Saudi Arabia, the Prime Minister of Israel, the interim President of Egypt, the Japanese Prime Minister. All of them understand that being a friend of the United States is dangerous and costly these days.

If the U.S. had been serious about Ukraine it could have (1) shipped armaments to the Ukrainians; (2) provided military and logistical support; (3) mobilized NATO by demanding action by NATO; (4) demanded action by the UN Security Council, (5) threatened Russian assets like Cuba. None of these things have been done largely because this is an administration of crocodile tears, not one with anything resembling a security outlook. While Ukraine is boiling, Iraq and Afghanistan are crumbling, and the President is off in Asia assuring our current-day partners there we are on their side. They should be running for cover.

(Obviously Russia has veto power in the UN Security Council. The point is demanding a session and making clear the violations of sovereignty perpetrated by the Russians would clearly cause grave discomfort to Putin. Don’t worry, has not happened and if it does not it is probably too late.)

Is Ukraine in the national security interest of the United States. For sure we have no treaty relationships that require the U.S. to protect Ukraine. If Russia conquerors and digests all of Ukraine, from the perspective of any obligations on Ukraine, we are not obliged to help them.

We are obliged, however, to be concerned, very concerned, about NATO and our responsibilities in that context. Right now we are faced with a test by the Russians who are expanding once again. Letting it happen without a response is like inviting Hitler to have another cup of tea. There is too much risk, even for the Russians, who will get caught up in the kind of euphoria that propelled the Nazis to trample on all of Europe, murdering millions. A Russia gone berserk is very much not in anyone’s interest. Thus it follows that Russia must be challenged now, because the future consequences in the nuclear age are too high risk.

The Obama administration has had more than enough time to figure out what to do. By now the administration could have laid before the President a host of options that could have presented the Russians with real consequences. No such steps have been taken.

So we will soon see the collapse of the Ukrainian government. It will be replaced by a pro-Russian leader. Eastern Ukraine will be made autonomous, and its control will be 100% in the hands of the Russians. All of this is an interim step. In a short while the Ukraine will “vote” to re-federate with Russia. It will cease to exist as an independent country. That is the end of the movie.

Tagged , , , , , ,

Verizon Blockbuster Data Breach Report Is Bad News for Organizations

co-authored by Dr. Stephen Bryen, CTO, Ziklag Systems and Rebecca Abrahams

2014-04-24-photo29.JPG

Verizon has published a blockbuster report on Internet “data breaches” which has garnered major headlines because it fingers Eastern Europe (primarily Russia) as a greater source of attacks than those from East Asia, primarily China. Prepared with the cooperation of 50 companies in different parts of the world, the Verizon study classifies “data breaches” into different categories –but the two most important stand out visibly from all the others. These are “point of sale” attacks and “cyber espionage” attacks.

A point of sale attack is one of the ways, but not the only way, to steal money. Point of sales attacks are most common in the retail industry (think Target), with the largest number in hotels, motels and the food service industry.

A cyber espionage attack is an attempt to steal valuable proprietary information, defense and government secrets, or significant information on individuals connected with these organizations and industries. The data is rather interesting in that the biggest victims of cyber espionage are manufacturing companies, professional groups and companies (including law firms, accounting and tax related organizations, computer systems design companies and services, and scientific research organizations), and mining companies (most importantly oil and gas industries).

One of the unfortunate problems with the Verizon Report, is that it has aggregated important categories using broad North American Industry Classification System (NAICS) codes. Trying to understand who was targeted and why is, at best, guesswork.

A second major difficulty is that the Verizon Report can only provide data on actual reports made by the targets or victims of data breaches. Actually, we do not know how many organizations, both government and private sector, actually report an incident; in fact there is good reason to believe that wherever possible the tendency in both sectors either is not to report an incident, or to minimize the impact on its business or operations. If, for example, a company were to reveal that a critical technology it owns was stolen, its share price would collapse. If a bank reported its central computers have been hit by thieves, people will move their money to a safer locale. If the Defense Department reported that its secret stealth technology was stolen (in fact, it has been, as can seen in Chinese versions of the F-35 Joint Strike Fighter), it might face Congressional hearings or even budget reductions. For all these reasons we can be certain that the Verizon Data is missing big chunks of important information. We can also be sure that Congress has been asleep at the wheel.

A related problem is the linkage between government spying and criminals. There is no spy agency in the world that works in a vacuum. Spy agencies, in and of themselves, are not centers of technology excellence. They are centers for spying, and they buy the technology, know how, and help they need from outside companies and individuals in order to get the job done.

In some countries it has been often alleged that there is a close tie between criminals and spy organizations. For example, Russian intelligence has been accused of working with the Russian Mafia (for example, see William Jasper’s article, “Organized Crime is Big Business for the KGB” ) and intelligence services in other countries are often linked in some manner to criminals or criminal organizations. Added to this is the problem that once trained as a spy, there is the potential for the same individual to freelance, often to steal money or engage in forms of extortion.

Spy agencies around the world, including the U.S., also use private companies, organizations and individuals to do things they would rather not be caught doing themselves. This means anything and everything from stealing personal information, leaking to newspapers, to crashing companies, disrupting banking or commerce –even to waging war. So long as spy agencies operate this way, criminality will increase even more. Of course this subject is well outside of the Verizon Report on Data Breaches, but it is more than worth pondering the consequences.

One highlight of the Verizon Report is how quickly cyber attacks are recognized and dealt with. Here the news is generally bad. For the cases which the Verizon team reviewed, 47% of the intrusions were not discovered “for months” and 68% of them were discovered by outsiders, not by the organization or company. While in most cases the intrusion could be fixed in hours or days, it almost doesn’t matter if everything has already gone out the door.

Thus, thanks to the Verizon Report we know that that it takes far too long to recognize that a business or organization has suffered a cyber attack. In today’s world, where it is getting easier and easier to exploit organizations through the web, often originating in mobile devices (phone and tablets), the problem of detecting a breach and fixing it is growing worse, instead of improving.

Unfortunately rather than seeing an improvement in cyber security, the threat continues to increase and, with it, the risk to our economy and to national security.

Tagged , , , , , ,

Intelligence Agencies Are Happy As Clams Thanks to Heartbleed “Bug”

The Heartbleed “bug” which has affected millions of computer systems and countless hardware devices ranging from telephones, to video conferencing systems, to routers and firewalls –was the result of work done by a German software developer named Robin Seggelmann. Seggelman says it was a coding error that caused Heartbleed, and the error was not “caught” by an auditor inside the Open SSL Project. Open SSL is the security code that is widely used by industry to support encrypted connections on the Web, and to manage encryption on everything from wireless telephones to Cisco routers.

At the time of this writing, we do not know the full “team” who produces the Open SSL software.

The Open SSL Project works on a voluntary basis. Its headquarters is in Maryland but, according to their own description, the participants are on three continents and cover 15 time zones. If there are “rules” regarding membership in the Open SSL project, they are not transparent to the outsider.

The theory behind Open SSL is that if you gather together the “best” community of programmers to tackle a hard problem, you will get the best result that benefits everyone. Underlying is a sort of philosophical notion thatpeople in the “community” join together out of good will, and everything they contribute will be based on pure altruism. The Open SSL project is, by far, not the only community based programming project.

In his interview with the London-based Telegraph newspaper, Seggelmann admits “it was possible that the US National Security Agency (NSA) and other intelligence agencies had used the flaw over the past two years to spy on citizens.”

There is no reason to suppose that intelligence organizations would not have discovered the bug in their routine scanning of the Internet.*** Today the Internet carries much more than data traffic; it is increasingly how telecommunications are managed. The fact that we now know that some of the top VOIP (Voice Over Internet Protocol) telephone systems made by Cisco are infected with the “Bug” makes this crystal clear. You can add to this a large number of Cisco routers (the world’s most popular router system), video conferencing systems, multiple servers used to manage communications traffic, and even firewalls that protect internal networks.

While a good deal of focus has been put on the NSA, thanks mainly to the leaks and revelations coming from Edward Snowden, the truth is that intelligence agencies around the world try to spy on just about everything they can. The British, French, Germans, Italians, Russians, Chinese, Israelis, Iranians and many others have built massive capabilities. It would be foolish to think they are not taking advantage of damaged encryption systems such as Open SSL.

In short, there is big possibility that, aside from causing untold computer damage, people may have lost their lives because of the Open SSL “Bug.” Say you were an Iranian dissident and you send what you thought was a secret message to your compatriots. The knock on the door comes, and the Iranian government arrests you and accuses you of being an Israeli spy. You know the rest.

There is also clearly a link between some foreign intelligence organizations and general criminal activity. Anytime money is involved in spying, as is the case with the Open SSL breach (which affects credit card transactions, banking and other forms of trading information), some intelligence agencies and their criminal colleagues exploit the opening to make money, lots of money. For years we have been watching the Russian mafia carry out these exploits and attack banks in the U.S. and elsewhere in the world. How much they have stolen is anyone’s guess, because banks don’t like to let on about their security failures.

A critical question is why anyone would rely on a misty group of international volunteers for security? Keep in mind that one of the sponsors of the Open SSL is the U.S. Department of Homeland Security! (Whoever in DHS supported this endeavor ought to find work elsewhere.)

An additional problem today is that the agencies we rely on domestically for security, NSA and NIST (the National Institute for Standards and Technology) have, themselves, been caught bugging security codes so they could exploit computers and communications globally, including the PC’s, tablets and phones of Americans. NSA’s and NIST’s bugging activity has compromised them fatally.

Today in the United States we lack an independent security agency that can provide guidance on security for Americans, public and private. Thanks to NSA and NIST the U.S. government has thoroughly bugged itself, as well as everyone else. A critical task for Congress, aside from investigating the various NSA escapades, is to come up with a new, independent government organization that supports security for Americans.  The Agency should have nothing to do with spying and should be prevented by law from cooperating with spy agencies.

 

***Bloomberg is now reporting that NSA exploited the Open SSL bug for two years.

Tagged , , , ,
Follow

Get every new post delivered to your Inbox.

Join 1,776 other followers