Archive for the ‘China’ Category
SARS-CoV-2 Lab Leak Intelligence Assessments
This article is part of an ongoing experiment with the use of ChatGPT for developing primers on cyber security topics.
As this is in the news this week, and Director Wray came out and spoke about it last night, I thought a little intelligence report generated by ChatGPT and a threat assessment might be fun. Personally, I have always held that the potential of the origin of SARS-CoV-2 was higher in this scenario than the wet market scenario due to several things.
Firstly, the virus seems to have been, for a zoonitc event, all too readily infectious for humans right from the start. While SARS virus’ are already seen in humans and of course SARS had an outbreak in China back in 2002, the impacts of that particular strain were not as massive as SARS-CoV-2. One of the primary reasons for that from my reading, has been the difference in the virus in Cov-2-19 is it’s ability to bond to the ACE2 within our systems and run rampant. It is also to be noted that the genetic structure of the virus does not rule out genetic manipulation, specifically, that of gain of fucntion research, which is what WIV had been working on.
Secondly, there were at least three emplyees of the WIV who got sick in November, just before the pandemic started in Wuhan, who may have in fact had Covid-19. Not much is known about these three people as the Chinese governmnet is not being transparent about them, but, it is quite the coincidence that these three lab workers got sick with an unknown disease, in November, and then the full outbreak of SARS-CoV-2 began in December, in Wuhan of all places.
Thirdly, the Chinese government has been very obtuse in cooperating with anyone about getting to patient zero in this pandemic and has actively blocked investigations. Of course, this is a tricky situation for any country, the epicenter of a pandemic, but China has really blocked so much of the potential truth that it cannot be dismissed. I am not saying in any way, that this was a deliberate release, or that this virus was being “weaponized” in a military program though. It is my contention, that they were doing gain of function work in efforts to understand how to counter such shifts in the SARS genome should it happen and create vaccines against it. It is just a matter of it walked out on someone’s shoe before they even had a chance to come up with a counter to the bug they had just souped up.
Added to this last set of facts, I also can easily see how the virus could have escaped from WIV due to reporting before the pandemic where the lab had been cited for poor security practices. This is also a known quantity that is not a slam dunk, but, if you take all of the known known’s and assess the situation before and after the initial beginnings of the pandemic, well, I can easily see my way to a low to a medium confidence theory on a lab leak being the possible caue of the pandemic writ large.
Anyway, here’s an assessment written by ChatGPT on this…
ChatGPT: Create an intelligence estimate of the lab leak theory for sars-cov-2 and cite data that backs up this theory
Executive Summary:
The theory that SAR-CoV-2 originated from the Wuhan Institute of Virology (WIV) through a laboratory accident remains inconclusive. While there is some circumstantial evidence to support this hypothesis, there is also evidence against it, and alternative explanations remain plausible. Further investigation is necessary to determine the virus’s origins and the role of the WIV, including tracing the early spread of the virus and studying its genetic makeup. The possibility of a laboratory accident cannot be completely ruled out, and the scientific community and policymakers must continue to take steps to ensure the safety of biosecurity labs and prevent future accidents.
Background:
The emergence of the novel coronavirus SAR-CoV-2 in late 2019 has led to intense speculation about its origins. One hypothesis is that it may have accidentally leaked from the WIV, a high-level biosecurity laboratory located in Wuhan, China. The lab is known for its research on bat coronaviruses and is part of China’s effort to become a world leader in virology research.
Intelligence Assessment:
- Evidence supporting the lab leak theory:
There is some circumstantial evidence to support the theory that SAR-CoV-2 originated from the WIV through a laboratory accident. For example, the lab was conducting research on bat coronaviruses at the time of the outbreak, and there have been reports of lax safety protocols at the facility. In addition, some scientists have suggested that the virus’s genetic makeup is more consistent with laboratory manipulation than natural evolution. However, none of this evidence is conclusive, and alternative explanations remain plausible.
- Evidence against the lab leak theory:
There is also evidence that contradicts the lab leak theory. For example, the virus’s genetic makeup closely resembles that of other bat coronaviruses found in the wild, suggesting a natural origin. In addition, many experts believe that the virus likely originated in a wet market in Wuhan, where the sale of live animals provided an opportunity for the virus to jump from animals to humans. Furthermore, some early cases of COVID-19 were traced back to individuals who had no connection to the WIV, further casting doubt on the lab leak theory.
- Unanswered questions:
There are still many unanswered questions about the origins of SAR-CoV-2, and the possibility of a laboratory accident cannot be completely ruled out. Further investigation is necessary to determine the virus’s exact origins, including tracing its early spread in Wuhan and studying the genetic makeup of the virus. In addition, more information is needed about the safety protocols at the WIV and other biosecurity labs around the world.
- Confidence in the intelligence assessment:
The level of confidence in the intelligence assessment varies depending on the specific evidence and alternative explanations. Overall, there is a medium level of confidence in the assessment due to the inconclusive nature of the evidence and the need for further investigation.
Conclusion:
The theory that SAR-CoV-2 originated from the WIV through a laboratory accident remains inconclusive. While there is some circumstantial evidence to support this hypothesis, there is also evidence against it, and alternative explanations remain plausible. Further investigation is necessary to determine the virus’s origins and the role of the WIV. The possibility of a laboratory accident cannot be completely ruled out, and the scientific community and policymakers must continue to take steps to ensure the safety of biosecurity labs and prevent future accidents. This includes increasing funding for biosafety research, strengthening regulations and oversight, and improving international cooperation to address global public health threats.
ChatGPT: Write a threat assessment remote on the hypothesis that the Wuhan virological lab was the source of an accidental leak of SAR-CoV-2
Threat Assessment Remote: Hypothesis of an Accidental Leak of SAR-CoV-2 from the Wuhan Virological Lab
Introduction:
Since the emergence of the novel coronavirus SAR-CoV-2 in late 2019, speculation has circulated around the origins of the virus. One hypothesis is that it accidentally leaked from the Wuhan Institute of Virology (WIV) in China. This assessment will consider the potential threats associated with this hypothesis.
Background:
The Wuhan Institute of Virology is a high-level biosecurity laboratory located in Wuhan, China. The lab is known for its research on bat coronaviruses and is part of China’s effort to become a world leader in virology research. According to some reports, the lab may have been conducting research on bat coronaviruses at the time of the outbreak.
Threat Assessment:
- Public health threat:
If SAR-CoV-2 did originate from the Wuhan Virological Lab, the consequences of this accidental leak could have been catastrophic. The virus has caused a global pandemic, resulting in millions of deaths and widespread economic and social disruption. The risk of future pandemics originating from labs is a serious concern and could result in even more devastating outcomes.
- Economic and geopolitical threat:
The potential for damage to global economies and international relations is significant. If it is found that the virus originated from the Wuhan lab, there may be calls for reparations or punitive measures against China, leading to economic and geopolitical tensions.
- Threat to the credibility of biosafety protocols:
The safety of biosecurity labs is critical to preventing the accidental release of dangerous pathogens. If the hypothesis of an accidental leak from the Wuhan Virological Lab is proven to be true, it could damage the credibility of biosafety protocols and undermine public trust in the safety of such facilities.
- Risk of future accidents:
The risk of future accidents is a concern. If it is found that the virus did indeed originate from the Wuhan lab, it may indicate that the current safety protocols are insufficient. This could lead to increased scrutiny and stricter regulations for biosecurity labs, potentially hampering their ability to conduct critical research.
Conclusion:
The hypothesis that SAR-CoV-2 originated from the Wuhan Virological Lab presents a number of potential threats, including public health, economic, geopolitical, and credibility risks. While investigations into the origins of the virus are ongoing, it is crucial that biosecurity labs adhere to the highest safety standards to prevent future accidents and ensure the safety of researchers and the public.
Krypt3ia generated this text with ChatGPT, OpenAI’s large-scale language-generation model. This author reviewed, edited, and revised the language to my own liking and takes ultimate responsibility for the content of this publication
The Widening Gyre: Putin’s Asset Sets Multinational Norms On Fire and Begets Global Negative Actions
We are beginning to reap the whirlwind in the news cycle from the election of Trump and his breaking of norms that this country and the world have come to rely on. This is exactly what Putin wanted, a country in the midst of a political and social rift that takes our eye off the global ball and allows for negative actions to be carried out without sanction. We have seen Trump set the constitution on fire, the Judicial body of the United States, the Economic norms, and generally break up the balance of power in the world. This has allowed Putin to have greater freedom to act and in turn now others feel empowered. China, North Korea, Syria, and most recently Saudi Arabia have taken actions that would in normal times, possibly not been acted on were the nations not at odds generally due to America’s abdication of its role.
Let’s cover some of the things going on…
RUSSIA:
Putin is still working the levers of power and in so doing he is still making moves on Ukraine all the while leveraging the problems in Syria as well. His actions are two fold, first to annex Ukraine altogether if he can. If he can’t then he will continue to fight with disinformation and active measures campaigns until he has more control over the area even if he cannot all out annex them back into Russia proper. Meanwhile, in Syria, Putin is leveraging Erdrogan and the battle there with da’esh to gain a foothold in the region and have a friendly dictator he can someday use as a proxy against others in the world.
Meanwhile, Putin keeps having his enemies killed off in interesting ways. The list has been topped off as of yesterday with an oligarch who ran afoul of him being found in a park choked to death by a dog leash.
…. A dog leash….
Now that is a metaphor huh? Putin will continue on liquidating his problems with impunity because the norms have all been broken because of Trump. The U.N. NATO, all of the normative bodies have been rebuffed by Trump and weakened. All that is lacking now is an assassination of a Putin enemy on American soil for his win to be complete. Putin pulled a master stroke in helping Trump win. Even so, don’t believe for a second that Putin isn’t also waiting to not only use Trump more, but if Trump begins to fail him he will continue to perform flyovers in our air space like he has been with the BEAR FOXTROTS over Alaska and likely will become more aggressive. I have yet to hear anything about SSN activity but be assured they are there… Waiting.
CHINA:
China has upped it’s espionage games since Trump started his little trade war with them. Recent events have shown a rise in hacking and phishing campaigns that had slowed down since the Xi and Obama agreement. That’s over now though and with the trade war heating things up, and rankles the core ideal of China to be an economic superpower, we are going to see not only more hacking and phishing with a side of theft of IP but also now classical espionage tradecraft to carry out the same goals. All of this will only escalate against the US as we move forward and likely set more things on fire by Trumps economic disaster plan.
MEANWHILE…. China feels empowered too because of all the fractiousness in the world’s governing bodies and has made the ex INTERPOL chief disappear while in China. Gee, China is now feeling like they can just disappear the head of an international investigative body.
Nice.
As all of this is going on we also have coincidentally, the arrest of an MSS asset in Belgium for economic espionage against the US aerospace community. Hmmmm gee, what a coincidence that this happens as the INTERPOL chief is disappeared. As you can see, and perhaps make the connections yourselves, it may be that the MSS is reacting to the impending arrest and or extradition of their asset by grabbing another as a warning?
Hmmm….
Yes, expect more to come out of China with the worsening of the trade wars as well as the eroding of the worlds norms on illegality.
Thanks Putin and Trump!
Oh yeah, and I forgot to mention the whole South China sea thing too…
SAUDI ARABIA:
Next up, Saudi Arabia seems to have lured a Washington Post reporter to Saudi only to kill and perhaps dismember him in an embassy there. Saudi has never before been as bold and I directly point toward the breaking of all the norms and groups for this action too. It’s been pretty blatant and I suspect there will be no sanction over this. I mean, look, it’s Saudi right? OPEC, oil? Not to mention that Trump was basically setting himself up to be their stooge since the beginning. Nope, nothing will come of this and now the Saudi’s have killed an Saudi journalist working for an American news org.
I also want to mention the whole glossy magazine that was put out by Trump’s friend David Pecker back last summer. What was this all about? Well, it seems that that was a PR move to make the house of Saud more accessible to the US consumer? Put another way, the new crown prince wanted to look progressive and hip and with the help of Pecker they tried real hard. It’s just that this mark was missed with this publication. In fact it only made an already wary populace start asking questions as to why this happened and what kind of conspiracy was afoot. Expect more to come out of this Saudi reporters death and it will likely not be pretty. If they get away with this, and I think they will, then expect Saudi to pull some more stunts in the future as the crown prince get’s more bold.
TRUMP REPUBLICANS:
Finally, the TRUMP party, I really don’t consider them Republicans anymore, will continue to push the limits of the nations norms and laws until they are just removed from power. The events around the recent SCOTUS nomination and confirmation of Kavanaugh are a clear example of how the Trump party is abusing their control over the house and senate to get whatever they want over what the governed wants. The Kavanaugh thing is just the most naked misuse of their power though to date and I am sure more will be coming once Trump replaces Sessions with a minion under his control. This will set the trifecta into play; DOJ under his control, SCOTUS under his control, and Mueller with a new target painted on his back.
I fully expect that when this happens the Russia investigation will be liquidated and the Trump party will lock arms and say that this is not a constitutional crisis. Of course then the DOJ will agree and SCOTUS will concur. It will all disappear at least legally right? This is Trump’s greatest desire and it seems more and more likely that this can happen because of the Kavanaugh ascension. An alternate timeline to this would be that Trump allows the investigation to finish but then has Kavanaugh in his pocket to be the deciding vote on whether or not a sitting president can be indicted.
Either way, it seems that if Trump can replace Sessions with a partisan minion, we are all doomed.
Even more worrying is the upcoming mid term elections. If the Trump party continues to be in contol, expect to look fondly at the times of outrage over Trump’s mild bad actions because he will feel empowered to do even more bad things if he has total control.
Once again, thanks Putin.
We are at a tipping point here and not just with regard to climate change kids.
K.
Did China Just Bill Clinton Us on OPM?
In an article posted today from the Chinese State News service Xinhua the official ruling on the OPM hack has been determined to have been carried out by a group of “criminal hackers” not at the behest of the Chinese government. As such they say, the hack was not an official act of cyber war but instead a criminal act according to current laws on cyber warfare.
Dude, we just got Bill Clinton’d on one of the largest hacks to date on governmental databases! Let’s parse this out a bit and then move on to another story that was also posted today. That story; “Congress wants to know how OPM hack could hurt U.S. spies” asks one of the most idiotic questions I for one can think of as someone who’s data was stolen by a foreign power who is now saying in effect; “We have your data, but hey, it was a criminal act. We didn’t ask them to do it but thanks for the files!”
Thanks China! Don’t mind you holding that data for me since I think that the OPM and the DHS aren’t really capable even with their neato NCATS cyber hygiene service! Say… Did I mention I found all your FOUO documents on your super neato hacker hygiene program being leaked by your own servers? YAY!
Asshats.
But I digress… Ok so back to the first story. I believe that in the past I have written about the coming cyber wars in context of how incredibly hard it will be to prosecute not only the war, but also the defense as well as the, well, prosecution, of anyone we think carried out actions against us. Here we have a classic example of how this will all work with the, well lets call it from hereon the “Clinton Defense” for lack of a better moniker.
China was pretty smart to play it this way because not only does it sort of absolve them but it also gives them a chance to now leak that data to the darknet let’s say and lend credence to the idea that criminal gangs stole the data and are now trying to profit from it. Once the cat is out of the bag the cat pretty much is useless right? Well no, in fact they have their copy of the data and I am sure the MSS and more so the PLA have farmed all that data out to their intelligence customers for further exploitation.
China wins.
This is probably a scenario that certain analysts already thought might come to play since we kind of already pointed the finger at China anyway. It also may have been a foregone conclusion given the futile naming of names and placing them on wanted lists that the DOJ put out this year. If you think we will ever get hold of those Chinese PLA assets you are just deluding yourself. From now on I can see how China and now other nations will just blame non state actors for the hacks against any assets just like some mother scolding a bad child for thievery out of the cookie jar. All the while the players will not be charged with anything and perhaps never even be known because the government will cover their identities.
Do you see where this is all going? What a slippery slope this is? All the while we keep focusing on attack and not on defense. Yeah, that will win the day for us for sure. I am so tired of all the bullshit. Even if you can DFIR and OSINT the shit out of things all one has to do is “officially” blame another actor and the game is over. There won’t be any trials and the data is still in the hands of the adversary, once again, because WE FAILED TO HAVE THAT CYBER HYGIENE!!
Fuckery.
Meanwhile the congress seems to be overtaxing their small minds trying to understand how the data that was stolen (SF86’s and the kitchen sink at OPM) could affect those in the clandestine service. Seriously? Are you fucking kidding me? You don’t understand how China having not only access to where someone worked and works, but also all their personal histories, clearance levels, friends information, psych status, fucking everything to create a super dossier on them could affect a clandestine agent? Tell me something congressman… Are you an idiot?
I would like the congress to understand even more deeply about the hack on OPM. It is more than just the data that they stole. It is also about how long they had access to the internals at OPM and then the networks that the OPM network touch. For instance, did you know that the server the data was being held in partially sat in the DOI?
NO I AM NOT KIDDING
The Department of the Interior is a place I know rather well because I worked for the DOJ on a case against them back in the day. I had to look at their networks and boy oh boy, what a fucking mess. Would it also surprise you to know congressman that the DOI network has classified network connections as well? Did you know for example that when I was poking about I saw NRO shit as well? Think about that and let it rattle around your empty heads a bit. Ask yourself and then ask OPM and DHS what other networks the Chinese may have had access to for about a year?
HEAD. SPLODE.
I dunno, it seems like every day I just want to crawl into the woods and build my 6×6 shack and wait for the apocalypse to come far away from the asshattery that will undoubtedly occur. Fuck the whole iot bullshit with fridges and toasters exploding from grid hacks by Ted Koppel. I just want out because we as a species are just incapable of handling this shit appropriately. I eagerly await the end where the AI finally takes over and decides to liquefy us all to feed to one another to be used as batteries for the Matrix.
Let’s get this over with already.
K.
OPM: WHO? WHY? WHAT? ERMEGERD CHINA!
OPM: Voted Most Likely To Be Hacked
Have any of you ever read an OIG report out there in cyber land? Well you should if you are interested in the security of your data and that data is held by any government entity. In the case of the OPM (Office of Personnel Management) it seems that numerous times the OPM was told by the OIG (Office of the Inspector General) that their security measures (FISMA) were lacking, to be nice about it. Others might use harsher words and frankly, after reading sections of the 2012 report on their security I want to have a full out Trourettes attack. Suffice to say that the OPM was not doing what they should have been. Have a read through on this document from 2012 and look at the big FOUO statement at the bottom of the pages from the FISMA assessment. This was easily downloaded from the OPM’s site through Google.. If this was meant to still be FOUO, well, there’s another fail for you.
Screen-shots courtesy of @SynAckPwn
You could also just take a gander at the recent hearing in the Senate on this debacle at C-SPAN where the IG basically drubs the OPM for not following recommendations made on security for quite some time. You also get to see the management of the OPM flounder as they try to look like they are at all intelligent about security, it’s actually painful to watch. Clearly though watching these turkeys flap on how security is hard and takes ‘decades’ (Archuleta) gives you a sense of how new the idea of security measures that are common today are to them. This hack was just a matter of time and I had to laugh when they also said that they had detected the attack and that the New York Times and others were wrong about it actually being a vendor on site doing a presentation that sparked this IR for OPM. Oh well, the IG was right and and now an indeterminate amount of personnel now have their data somewhere ostensibly in China in the hands of what we are being told is the PLA.
Sweeeeet.
So today I decided to take a looksee at OPM online and this is where I got that Google dorked file I liked to from the IG. Anyway, their systems give up quite a bit of info when you query them with FOCA:
Now if you really want to make a concerted effort you could use all that intel to Google dork more and likely come up with plenty of data to target them further but it’s my guess that the adversary already did this. Or, they just sent them a phish campaign based on some of the data they got from Anthem and got their toehold.. No.. Wait.. Sorry, I forgot that OPM had been compromised over a year!! Oh well there goes that little theory.. Nope nope.. It’s just because they suck at security. There was much more out of FOCA but ya know, I don’t want to add too much more fuel to the conflagration now do I?
*wink wink nudge nudge SAY NO MORE!*
NO REALLY, CHINA
I know what you are thinking, you are saying to yourself; “They always blame China!” and yeah, we kinda do but that is not wholly unwarranted really. China has it’s hack on and there are many reasons why they do. Most of it has to do with their perceptions of war that have been guided by Sun Tzu since he wrote his treatise on warfare. Others out in the security community might scoff at the overuse of Sun Tzu (I know Brian) but when you are talking about the adversary actually being China, well you kinda have to take this into account. I mean, they aren’t that much for Von Clausewitz as they are for Sun Tzu in their doctrinal leanings. I have written about this before so I will not overburden you here with it all. I do want you to understand though the reasons for these things though and to that end I want to refer you to the video at the top of the page. Please go watch that now and then come back here… I’ll wait.
Ok after watching that video let’s talk about why OPM and what use the data is to the Chinese. It is more complex than just using possible SF86 form responses for targeting people to become spies. It does seem at this point that the SF86’s also were taken but let’s just go with the notion for now the they only got the databases of employee records such as names, addresses, social security numbers, and the like. What would the PLA want with this? Well, for that let’s step back and look at the Anthem hack for instance. Anthem held a lot of records for those federal employees as well and if I were a Chinese spook org looking to target people for more exploitation this would be a good dump to have right? For that matter any spy worth their salt would want that data to help them target names, addresses, emails, etc to use in further phishing attacks right? Think about it this way, in INFOSEC and pentesting what is the first thing you do? You do a footprint and you gather OSINT. Well in this case they got more than OSINT, they just took the whole catalog internally by hacking specific targets that were data rich.
Of course not only China would like this stuff but from what we are being told (as well as data being passed to others in the world of secret ioc and ttp squirrels) this was China. I am of a couple of camps here on the China thing. I have seen the Chinese actors and I have seen them used as a scare tactic by political movers. Whether or not it was in fact China really matters to the larger geopolitical sphere of things and that this was a hack of a government system with data that is rather important, I have to say that understanding who did it as well as we can is kind of important. Other hacks, meh, I don’t care. You have to either decide that China has done everything or they have been a convenient excuse for hacks that have happened. I am in the middle and will reside there until I have some data to prove things either way.
That the data has not turned up for sale so far is kind of a clue though that this is not going to be your average Ukrainian hacker team looking to abuse credit. Just as the data in the Anthem hack has not turned up either show’s you that this data is being used for other, more geopolitical purposes. Who is stealing the data really and who has it in their hot little server somewhere is the question that has yet to be answered though. Sadly, until such time as some LE or spook agency lets loose that they found it in the hands of some foreign national we will never know the truth of it. Gee, maybe we can just get a PLA hacker to defect huh?
Riiiight.
What you can expect more though is that we will be seeing a rise in hacks on the military, the defense base, the government and anyone and everyone in private companies that got a clearance for their outsourced government work. This is what the data will be used for and the fruit of this won’t be seen for some time I suspect. This is today’s espionage made easy because people and organizations fail to understand nor care about the security measures that they should be implementing. This is a constant cry among the INFOSEC community but hey we never seem to really learn and I would blame that more on our physiological makeup than anything else really. We just aren’t wired for this stuff as a whole. So when we get together as societies or organizations we spectacularly fail because as they say; “None of us is as bad as all of us”
Right, so back to the China thing. If you take the time to understand their doctrine for information war (战争) you get a good idea of how this kind of espionage is exactly what they would be doing to further their goals. Goals mind you, that may not be all about kinetic warfare but instead winning the battle without firing a shot. I would suggest if you have the time and the inclination read the book I linked by Hagestadt and then get your hands on everything you can about this subject. You see, we won’t be seeing this go away any time soon and as Sun Tzu said “If you know the enemy and know yourself, you need not fear the result of a hundred battles”
Don’t just read the words.
Understand them.
“There is great disorder under heaven, and the situation is excellent”
K.
ASSESSMENT: Stephen Su aka Stephen SuBin aka Su Bin
The Arrest:
Recent news shows that an arrest has been made in a Chinese industrial espionage campaign that started around 2009 and resulted in larger dumps of data being taken from Boeing as well as other defense base aligned companies. Stephen Su aka Stephen Subin aka Su Bin was arrested in Canada after an affidavit was put in by the FBI giving evidence that SuBin and two others had broken into Boeing and other companies stealing data on the C-17 as well as F22 Raptor and JSF projects.
While the affidavit says a lot in a roundabout way on what the FBI considered evidence for the arrest there is a gap in just how the FBI came upon this guy and his co-conspirators in the first place. There is no mention of what tip may have led the FBI to obtain the email records of SuBin at Gmail and Hotmail as well as it seems the emails of the UC1 and UC2 at Gmail as well. Perhaps the data came from something like Xkeyscore or PRISM? I don’t think that that is likely but one has to ask the question anyway.
Aside from that lack of genesis for the FBI investigation the affidavit is quite detailed as to the back and forth with the UC’s and SuBin. There are file names and screen shots of data that was passed back and forth as well as email addresses and snippets of the emails themselves. Of more note though is a timeline and a operational details that SuBin and his team were using in order to carry off the espionage and this is very interesting. SuBin and the team were taking a more hybrid approach to the industrial espionage that we commonly don’t get to see or hear about in the current throes of APT madness.
Modus Operandi:
This case of espionage is different from the usual APT stories you hear today on the news. The reason for this is that the players here may or may not have ties back to those directorates and groups that APT come from. Or, they may not. The affidavit is unclear (perhaps deliberately so) on the two UC’s connections to any of the APT activities we have all heard about but they do use the same techniques that we have heard being used by APT actors.
What is different though is the use of human assets (i.e. SuBin) as a targeter for the hackers to hone in on specific files and architectures/companies/people. This is where this becomes more of a classic MSS (Ministry of State Security) operation than the ongoing attacks we have been seeing in the news since APT became a household term. Now, whether or not SuBin is actually a trained agent or just an asset is the sixty four thousand dollar question in my book. There are allegations in the affidavit that to me, looks like he could be either. Su talks about making money on the data he has been helping to steal which makes him look like a freelancer. Meanwhile there are other aspects that make it seem more like he is a true asset for MSS. I am still not quite sure myself and perhaps someday we will hear more on this from the FBI.
A common thread in much of the MSS’ (中华人民共和国国家安全部) playbook for industrial espionage is the use of human sources that are either naturalized citizens of another country. (i.e. Americans or in this case one who was about to be Canadian) In the case of SuBin, he had his own company in China that worked with wiring in airframes. This is a perfect cutout for the MSS to get an asset with access to Western companies that may be doing business with them. In the case of Lode-Tech (Su’s company) there was evidence from the 2009 documents (emails) that showed that his company was sharing space with Boeing at an expo which likely began this whole espionage exploit.
Now another fact that seems to emerge from the affidavit is that these guys were just using Gmail and other systems that are not the most secure. I do know that in some cases the APT also use these email systems but these guys seem to be pretty open with their exchanges back and forth. This to me means that they were not professional’s for the most part. I can come down on both sides here as well after having seen some of the flagrant OPSEC failures on the part of APT in the past. Generally though my feeling is that these guys were a little too loose with their OPSEC to be professional MSS operators and may in fact all have been contractors.
On the other hand though these guys had some tradecraft that they were following and these likely worked pretty well. In the image below you can see how they were hand carrying some data to Macao and Hong Kong in order to bypass certain “diplomatic issues” as they say. Additionally, the surveillance portion (which is the first time this has come up with the APT type of activity) has ever been mentioned. In the case of SuBin, he had access to Boeing itself (an assumption as none is directly mentioned in the affidavit) via his company ostensibly and thus had a presence that a hacker is lacking in remote APT activities.
So you can see how this is a hybrid operation and something we don’t often get to see. Could this be the new paradigm in industrial espionage? Frankly this is something I would have thought was going on all along given what I know of Chinese espionage as well as having done assessments in the past that included a physical attack portion. By synergizing the APT hacking with MSS old school tradecraft these guys were pretty successful (65 gig of targeted data from Boeing alone) and maximized insider knowledge of what to look for with technical hacking exploits. If you think about it how many companies do business with China? Now ponder how much access those companies may have to networks and people in those companies… Yeah.
These are tried and true practices on the part of the MSS as well as other intelligence agencies the world over so we have to pay attention to this stuff as well as worry about the common phishing emails that come in waves as well. Overall I think that the US needs to be a bit more self aware of all of these types of activities and methods to protect their environments but to do so I imagine will be a tough sell to most corporations.
Advanced Persistent Espionage:
What this all means is the following; “Industrial espionage doesn’t just mean APT phishing emails blindly coming at you. It also means that there may be actual people and companies that you are working with that are actively gathering your data for sale as well” Another recent incident involves Pratt & Whitney with a naturalized American Iranian who stole a lot of physical documents as well as seemingly had emailed data out of their environment to Iran as part of a sale. You have to remember it’s not just all electrons boys and girls.
However, the hybridization of the methods of APT and traditional tradecraft is just beginning. I think that the Chinese have seen the light so to speak and will start to leverage these things more as the US continues to put pressure on them concerning APT attacks. The MSS will get more and more cautious and work smarter as they continue to be persistent in their espionage activities. The Russians are already pretty good at this and they leverage both now. It’s time I guess that the Chinese have decided to look to their Russian friends and steal a bit from their playbook as well.
K.
ASSESSMENT: DPRK Networks and CNO Capacities
DPRK INTERNET AND INTRANET:
As the DPRK under Kim Jung Un has been poking the global bear lately with threatening faxes I thought it was time to re-approach the CNE/CNO/CNA capabilities that they have and gut check against the hype in the news cycle. As there has been talk of cyber attacks allegedly carried out by the DPRK against at least the South, one has to wonder just what kind of connection the North actually has to the global internet. As it turns out the DPRK has a class B (175.45.176.0 – 175.45.179.255) address space that is ostensibly outwardly facing to the global internet. Inside the country though the fiber intranet is closed off to the external internet for the most part save for those eleets deemed important enough to have it. The gateways for this internet connection are sourced out to the Chinese mainland (China Unicom/ Star JV/ Loxley Pac) and are most likely located in southern China. This however has not stopped certain people actually downloading from Bittorrent this last year so we know that a certain amount of people actually do have access that goes to the internet directly from Pyonyang which was a bit of a surprise for me at first but then you look at the small area from which they are coming from and you see it is a very small subset of people accessing the net to pirate movies. The masses though who have access to a computer are relegated to the Kwangmyong network that they can only access through the “Red Star OS” that the DPRK has special made for them to use. This intranet is from all reports, more like a BBS than the internet and consists of very little content and certainly not anything revolutionary (both technically and literally) I have downloaded a copy of Red Star and will be putting it in a sandbox to play with and report on at a later date.
Pirating:
WHOIS for DPRK
- The official North Korean governmental portal Naenara at: http://www.naenara.com.kp
- Committee for Cultural Relations with Foreign Countries at: http://www.friend.com.kp
- Korea Education Fund at: http://www.koredufund.org.kp
- Korean Central News Agency at: http://www.kcna.kp
- Korea Elderly Care Fund at: http://www.korelcfund.org.kp
- Rodong Sinmun newspaper at: http://www.rodong.rep.kp
- Voice of Korea at: http://www.vok.rep.kp
- : http://www.ksf.com.kp
- Air Koryo, a North Korean flying service, at: http://www.airkoryo.com.kp
- Pyongyang Film Festival at: http://www.korfilm.com.kp
- Pyongyang Broadcasting Station at: http://www.gnu.rep.kp
DPRK Internet Accessible sites:
Uriminzokkiri a facebook like service located outside of the DPRK zone
uriminzokkiri.com WHOIS
DPRK CNO, CNA & CNE:
There seems to be some cognitive dissonance concerning the capabilities of the DPRK where network warfare is concerned. As seen below in the two snippets of articles either they have nothing much in place because they are focusing more on nuclear technologies or they are creating a master group of hackers to attack the US and South Korea. I for one think that the truth lies somewhere in the middle in that I know that fiber has been laid and that the eleet and the military both have access to the internet for their own purposes. That the connection is routed through a satellite ostensibly (mostly) shows just how disconnected the regime wants to be to insure their power consolidation. Though there is a single “internet cafe” in Pyongyang, it must be noted that it only serves network traffic to the intranet that they have created. I have to wonder though if perhaps somewhere within that infrastructure lies unknown dark spots where the government may not have as much control as they would like.
On the topic of cyber capabilities, the report said North Korea probably has a military computer network operations capability. North Korea may view computer network operations as an appealing platform from which to collect intelligence, the report added, and the nation has been implicated since 2009 in cyberattacks ranging from computer network exploitation to distributed denial of service attacks.
In assessing North Korea’s security situation, the report said, “North Korea continues to fall behind the rising power of its regional neighbors, creating a widening military disparity and fueling its commitment to improving asymmetric and strategic deterrent capabilities as the primary guarantor of regime survival.”
Tensions on the Korean Peninsula have grown as relations between North and South Korea worsen, the report noted. North Korea has portrayed South Korea and the United States as constant threats to North Korea’s sovereignty in a probable attempt to legitimize the Kim family rule, its draconian internal control mechanisms and existing strategies, the report said.
“The regime’s greatest security concern is opposition from within,” the report added, “and outside forces taking advantage of internal instability to topple the regime and achieve unification of the Korean Peninsula.”
North Korea seeks recognition as an equal and legitimate international player and recognized nuclear power and seeks to normalize its diplomatic relations with the Western world and pursue economic recovery and prosperity, the report said.
“[North Korea’s] rhetoric suggests the regime at this time is unlikely to pursue this second goal at the expense of the primary goal of pursuing its nuclear and missile capabilities,” the report added.
North Korea has the highest percentage of military personnel in relation to population than any other nation in the world, with approximately 40 enlisted soldiers per 1000 people with a considerable impact on the budge of the country. Don’t forget also that North Korea has capabilities that also include chemical and biological weapons. A defector has declared that North Korea has increased its cyber warfare unit to staff 3,000 people and it is massive training its young prodigies to become professional hackers.
The large cyber force responds directly to the command of the country’s top intelligence agency, the General Reconnaissance Bureau. Last year in internet have been published satellite photos of the area that is suspected to host North Korea’s ‘No. 91 Office’, a unit based in the Mangkyungdae-district of Pyongyang dedicated to computer hacking, its existence was revealed in a seminar on cyber terror in Seoul.
According the revelation of Army General James Thurman, the commander of US Forces Korea, the government of Pyongyang is massive investing in cyber warfare capabilities, recruiting and forming high skilled team of hackers to be engaged in offensive cyber operations against hostile government and in cyber espionage activities.
In more than one occasion the North Korea has threatened the South promising waves of attacks, and the cyber offensive option is the most plausible considering the advantage in terms of efficiency, noise and political impact.
North Korea’s electronic warfare capabilities are second only to Russia and the United States…
Increasing concerns on cyber warfare capabilities of the North Korea
So when the question of CNO/CNA/CNE comes up with many here in the rest of the world it is all pretty much a guess as to what the answer truly is. Of course I would love to know what the NSA knows about that internal infrastructure. I suppose that the NSA, with all of the revelations of late, probably has(d) entre into the intranet from hardware that had been spiked with surveillance tech. Overall the picture from using nmap and other technologies shows that the infrastructure outside looking in, without backdoor access to China Netcom systems, is pretty blank from an information warfare perspective. The sites that are sitting out there that are live are flat but if one were to r00t one what would the acl’s be like one wonders. DPRK has spent a lot of time hardening and walling themselves off but nothing ever is 100% secure. With all the talk about their DD0S attacks against S. Korea though and the bank hack (2013) there have been some leaks that lead us to believe that they do use that .kp IP space for access to their malware C&C’s. In the case of the bank hack this last year the malware was beaconing to an IP within their internet facing space surprisingly. For the most part though the attacks that have been perpetrated by the DPRK have been through proxy addresses (S. China etc) so as to have some plausible deniability.So short of some leaking of intelligence on DPRK and their internal fiber networks it’s pretty much still a black hole or maybe more apropos a giant darknet of their own and we cannot see inside.
中国黑马:
Speaking of Darknets I just wanted to touch on this idea for a bit. One wonders just what CNA/CNO the DPRK might be carrying on with regard to TOR nodes and the use of the darknet. I should think an interesting study might be tracking IP’s from Southern China to see where much of that traffic is being routed through TOR nodes. I think that this could be a real untapped subject for study to date. If the eleets have access to not only the internet through INTELSAT/Chinacom and MAC OSX boxes then perhaps some of them are actually routing traffic through proxies like TOR to cover their own censorship arcology? Can you imagine that Un doesn’t have high speed SAT connection through INTELSAT so he can surf unencumbered? What about certain high ranking intelligence and military people as well? It surprises me that I am not seeing more in the darknet from the DPRK itself as well. Of course this would, even with it being on TOR or in a proxied hosted system, a dangerous game to have any kind of truth telling coming directly out of Pyongyang. Still though, I would love to see this happen as well as perhaps some incursion into the intranet by someone adding a rogue SAT feed and a router. Presently I have seen reports about how former DPRK escapee’s have been smuggling in DVD’s, Net-Top PC’s and Netbooks over the Chinese border and giving them to people. The thrust of this idea is to bring Western movies and media to the DPRK as a subtle form of mental malware. I would push that further and create a new darknet within their dark fiber network.
ANALYSIS:
When one sIn the final analysis, the DPRK has connectivity that is very limited in scope and in actual use. The eleet few have access to the outside world while the rest have a very controlled intranet that is full of propaganda and surveillance. When one starts talking about their capabilities for cyber warfare you have to take what is usually said with a grain of salt or a whole shaker. The fact of the matter is that much is still not known about their capabilities outside of perhaps the NSA and certain people in the IC. From the attacks seen to date we have seen much activity out of China that could also be dual purpose attacks for DPRK as well. Since much of their CNA/CNE capabilities and training has come out of (literally) China one has to assume that not every China hack is just for China or originating from them. For that matter, it is entirely possible that traffic we have all seen coming from S. Korea could in fact be proxy attacks from the DPRK as well for plausible deniability. My feeling though is that the DPRK is still getting it’s unit’s together and building capacities and is not a clear and present danger to the world from any kind of cyber warfare scenarios. DPRK uses the aggrieved and angry squeaky wheel approach to diplomacy cum bullying on the world stage and is not suited for sneaky cyber war just yet. Also cite the fact that if you poll the likes of Crowdstrike or Mandiant you will not see too many (if any at all) attacks or campaigns being designated to DPRK actions. Now why would that be?
K.
The Emperor Is NAKED
gedh gedh gedh gedh gedh gedh
OMG THE DAM DATA!
Last week a report came out on Wired about how the ACE (Army Corps of Engineers) database was hacked by China and “sensitive” dam data was taken.. By China, let that sink in for a bit as there was no real attribution data in the story. Anyway, aside from the BOOGA BOOGA BOOGA headlines I had to wonder just how hard it was for these “Chinese” hackers to get in and steal the all important super secret DAM data. Given the nature of this type of site and the groups involved in generating, managing, and *cough* protecting it, I had a feeling that it would be rather easy to get the information without having to be uberleet. Sure enough a quick Google Fu session showed me how easy it was to just bypass the login and password scheme as a proof of concept. You can see from the picture at the top of the page that you can just download what you like there (16 meg on dams alone) just by clicking a link on Google and then the link on the page that is not supposed to be served out without authentication.
*I feel so secure now*
So yeah, there you have it and I still cannot understand how the media types paid no attention to my attempts to make them aware of this little factoid. See, here’s the thing kids, I didn’t go any further. Nor did I download the 16 meg file because, well, no one else wants to be Aaron Swartz right? I am sure they could even try to squash my nuts over this post alone but hey, I am sick of the bullshit stories of China hacking our shit when in reality all one need do is GOOGLE the information. This is not to say that this information here is the SAME information that was allegedly stolen by China, but it is a PROOF OF CONCEPT that the site, EVEN TODAY is still insecure and leaking information without authentication!! (yes above pic was taken today via a tor node) So, when I stopped there one has to continue to wonder if you looked further and enumerated more of the site by directory walk could you in fact get even more access?
Feel the derp burn…
OMG CHINA!
Meanwhile back in the hallowed halls of Congress and the Pentagon we have reports coming out in pdf that China is hacking our shit to gain a better “war footing” by taking such data as what this story is all about. DAMS COULD BE BLOWN! WATER COULD LEAK! LIVES LOST! yadda yadda yadda. If you were to take it seriously then one would think that SECOPS demands that this data would be classified and protected per classification. Obviously it wasn’t given the access that you see above as well as the alleged password issue that the hack was allegedly predicated on in the Wired article. But I digress.. I am meaning to talk about China… Yes, so the DOD puts out a report that is subtly saying that no longer are the Chinese only looking to steal IP but now they are looking for ways to stalemate us in war.
*blink*
NO WAY! Like we aren’t doing the same thing everywhere else as well? Derp! Look, it’s only natural that they would be doing so and their doctrine says as much. Just go take a read of their doctrine on all things cybery and you will see that the domination of the infoscape is really important to them. We have only been paying attention for a little while now and we have catching up to do! Alas though, not all roads lead to China so really, I would love to see some attribution on this alleged hack on the dam data when one, once again, could just GOOGLE that shit up. As they say on the internets.. “Pictures or it didn’t happen!”
OMG FAIL!
So here we are again. Our cybers are FAIL and the news media perpetuates more FAIL with their non depth articles on the problem. Maybe China stole some dam data. BIG WHOOP. The real story is that the site that it came from and the people watching it are not paying attention to the cyberz. Their clue phone is broken! They do not know how to “Internet” and it is just another derpy hype cycle in the media that allows China to be blamed for our own stupidity. I swear somewhere there is a Chinese guy laughing like Chumley rolling on the ground over this.
Smell our own fail kids… And weep.
K.
Huawei and Cyber Espionage, A Question of Trust but Verify
X
Huawei, Cisco, Nokia, Alcatel, ZTE… Commonality? Everything Is Made in China:
There are a couple of stories going around that are claiming that Huawei, the maker of many telco products has pre-pwn’ed their hardware with architecture flaws in the chips themselves or, alternatively, created deliberate software/firmware flaws that could allow takeover. The spawn of this seems (at least this go round) is due to a Defcon presentation this July that showed how easy it was to overtake certain lower end routers made by the company. Now, this would just be chalked up usually to lackadaisical programming on the part of any other company, but, since this is a Chinese company, then of course, it’s a nefarious plot to overtake the world!
*puts on neru jacket and puts cigarette in mouth, holds white cat* MWAHAHAHAHAHA
The realities though, are somewhat different in the real world, outside of the one where the media goes off half cocked on an idea that will generate copy for them and drive traffic to their sites. The real story here lies between the xenophobic lines and I think that actually The Economist does the best job of level headed reporting about this story, what there is of it that is. No, the real story is that EVERYTHING is made in China now, and to say that just one company, a Chinese owned company is the arbiter of our digital doom for merely being “Chinese” is akin to “Driving while black”
This is not to say though, that some espionage hasn’t come out of our pals at Huawei, nor for that matter ZTE, as wholly owned Chinese companies with ties to individuals in the PRC and PLA. No my friends, this too can be called into question and I for one would take a close look at the players and their motives to understand who they are and what they may be doing now and then in the way of digital espionage. Clearly in the case of Huawei there are accounts of outright theft of IP being used to generate their hardware/software to gain a foothold to start (see article in the Economist, link provided above) No friends, I would put it to you now, at this very moment, that there is no grand plan to backdoor every phone or telco device by either of these companies that I am privy to, in fact, the people I know, have said (from the MIL side that is) that they do indeed check all of the chip sets and systems that go into secure areas or missile systems and there, to date, has been no large effort to subvert those systems en masse. There have been instances where systems had bad chips and there have been instances where some have been, shall we say circumspect, but overall, no “Chinese invasion plan” has been detected.
… And after all.. If there were… Would we not have a moratorium on buying from them per the government if it were the case?
Who’s on the Board at Huawei and ZTE? *cough* PRC Ties Anyone?
So, Ren Zhengfei was a member (is) of the PLA (Peoples Liberation Army) and the stellar rise of Huawei can be somewhat tracked to those ties. This though does not mean that the PLA runs the show right? One wonders though who else in the echelon is/was also PLA right? As for ZTE, at the time of this posts being written, I could not locate solid backgrounds on all the members however, the bio of the company plainly shows their connection with the PLA So, there you have it, both have ties to the People’s Liberation Army, but when you think about it, it’s China! If you did not have affiliation with the PLA, it usually meant you were in some gulag or other, so, your mileage may vary.
Suffice to say, that every company in China (born of it) will likely have connections to the PLA because that is their base. Does this mean that they all are bent on overtaking the US with bogus chips or pre-pwned hardware? Not necessarily.. Though, I for one would be checking that shit.. Wouldn’t you? Meanwhile, the US government has seen fit (ok, congress critters really) to look into both companies over allegations of spying. Which I think is prudent, and not just from this knuckle headed idea that everything is pre-pwned but instead, by proxy of their affiliations, their buy outs, and their cutout companies that do business to steal others IP.
Aye, there’s the rub…
Does this mean I think the Congress Critters will get to the bottom of things?
Fuck no!
But they will have a good time trying while endeavoring not to be too xenophobic.
Supply Chains and Their Subversion:
Meanwhile, back to the pre-pwned chips, routers, phones, and everything else that Dr. Cyberlove is pimping as the latest in cyber-warfare-douchery. Look, frankly, if you were going to be China or a company thereof owned by or beholden to, then you would want to futz with the supply chain now and again. I mean, who wouldn’t right? If you were one of the pre-eminent purveyors of prodcts of this ilk, then you would have ample opportunity to mess with the supply chain! There would be no need to just go all in and backdoor everything right? I mean, where’s the sense people? Lull your targets into complacency and then hit them with some bad hardware where it counts ok?
So, if you were to ask me, and really, no one has, and frankly *small tear in corner of eye* I’m hurt you all haven’t, I’d say that perhaps there are more than one way to skin this digital cat. First off, look at the notion that everything is made in China now. Why? Because its CHEAP! Cheap labor, cheap facilities, and no taxes etc. You get all the benefits that help your bottom line as say CISCO, and no down side financially! No pesky unions and more black in your balance sheet no? Ok, so there are issues of potentially having software or hardware embedded in your stuff because you were paying attention to every piece, but sure, you get more MONEY!
“mo money mo money mo money”
Ok lets back up a bit there.. So, no, not everything made on site necessarily has been tampered with. In fact, there is a HUGE grey market as well for this tech and of course since this shit is all now made IN China, and the plans are in their hands, they can reverse R&D things as well. Say they get a piece off the line at the end, paid for through a front company, and then pwn it and re-sell it to the US government?
Ooooh, now there’s a notion huh? Just Google for stories of grey market chip sets for missiles and you will see where bad grade stuff has been put into actual systems meant for use and failed. Yeah.. it’s happening and has been for some time. Some of these companies are just in it for the money and the con, others are fronts for the MSS. So,as I said, there are many ways this can play out. Frankly, I have more respect for the Chinese than to believe these half baked ideas of a full on frontal assault on us by products made by ZTE or Huawei for public consumption.
Trust But Verify:
So, where does that leave us? It leaves us at the point where we should be. Any systems we buy for anything important, be they telco/infrastructure/gov/mil should be lot checked and assured that they are what they claim to be. This does go on today in any areas where sensitive data resides (mil and gov at least) Public side though, well, many do not have the wherewithal to do that. However, once again, I say that no one can be sure of any hardware they buy right? I mean, even if it is made in the US, it could also be parted out from other sources, or tampered with right?
Trust but verify… If it’s important then test your stuff. Insure that it not only works, but that it also is not blatantly hiding extra chip sets on the board right? The same goes for any company that you are going to do deals with. Do your homework and see what they are all about before you do it. This is just common sense to me, but then again it seems that the general populace is clueless I guess. Do the leg work and if you feel hinky about anything, don’t buy from them. The same goes for hardware you might buy from an intermediary or “grey market”
After all, as they say in the con game biz.. “If it’s too good to be true, then it probably isn’t” We, the US, have unfortunately set ourselves up in a “pay less” mindset that has ha the military buying cheap hardware for missile systems that in the end, failed to launch. Do you want to have the same happen to your router or other hardware that your company relies on? Never mind the whole espionage thing…
Trust but verify.
Xenophobia Will Not Help:
In the end, I just have to say that the xenophobia going on over the Chinese is getting out of hand. Yes, they spy on us and they steal A LOT of our IP, but, so do other countries. They are not the Fu Manchu character out of the old movies nor are they Charlie Chan either. This is a country that surely wants to be a superpower, if not THE superpower. They do have agenda’s but, they are not omniscient…
We just have to work smarter and be better players at the game of ‘Go’
So far, well, we are not so good and its time to learn..
K.
Hard Power, Soft Power, Economic Power, and The Power of Economic Digital Espionage
Hard power is a term used in international relations. Hard power is a theory that describes using military and economic means to influence the behavior or interests of other political bodies. It is used in contrast to soft power, which refers to power that comes from diplomacy, culture and history. While the existence of hard power has a long history, the term arose when Joseph Nye coined ‘soft power’ as a new, and different form of power in asovereign state’s foreign policy.[3] Hard power lies at the command Hegemon end of the spectrum of behaviors and describes a nation’s ability to coerce or induce another nation to perform a course of action. This can be done through military power which consists of coercive diplomacy, war, and alliance using threats and force with the aim of coercion, deterrence, and protection. Alternatively economic power which relies on aid, bribes and economic sanctions can be used in order to induce and coerce.
While the term ‘hard power’ generally refers to diplomacy, it can also be used to describe forms of negotiation which involve pressure or threats as leverage.
A Conversation
Over the weekend I had a twitter conversation (140 char’s at a time, rough) about the meaning of “Soft Power” in the current parlance propounded by Joseph Nye. I have a different opinion of the nomenclature concerning the terms “Soft Power” and “Hard Power” in today’s political and economic environment. While the other party I was speaking to had a more strict version of thinking per Mr. Nye’s (he coined the term soft power) definition. I myself feel that today things are a little more complex for the terms to be so tight given that now economic “hard power” seems to have morphed into a vast array of economic digital espionage that softly, along with other soft power style moves, create a hard power outcome of directing or tricking other countries into actions that the others desire.
The primary mover and shaker of this for me is of course China and one only has to look at the news cycle to see both these types of “power” being wielded by the RPC. I think it is time to take a look at the means and the philosophies that China has been using to effect the changes that they need to become not only the predominant military force in the world, but more so an economic juggernaut that will outweigh and perhaps stealthily creep behind and slit the throats of other countries in subtle and not so subtle ways.
Hard vs. Soft Powers and Nomenclature
As seen above in the quoted text, hard power is seen as economic sanctions as well as military actions. This is all in response to the soft power of politics and the methods of carrot to the hard power stick. All of these allude to direct actions that are perceived as means to manipulate nations states and other actors into actions desired by the power that is employing them. I would put to you all that there is another form of “soft power” that the Chinese have really created over the last decade that employs a more stealthily nimble approach from the espionage arena (hard power by strict definition?) and economic strategies that, with nationalistic goals of grand scale, have wrought a new type of “power”
Perhaps this power should be called “Covert Soft Power” as it is being employed covertly both in the hacking of companies to steal their economic secrets (IP) as well as by the addition of espionage and common business tactics to buy into, and or subvert companies to facilitate access to economic secrets as well as out maneuver companies and close them out on deals etc. All of this seems logical to me (adding this meaning to the term) but perhaps I am outside the norms on this one. The way I see it though, there is a new vector here that the Chinese are leveraging and I think we could use a little thought on the matter and perhaps how to counteract it all.
China, The Hard and Soft Power via Economic Espionage and Investment
China in particular has been working at a multiply pronged and diligent attack on systems and corporations as well as governments to effect the long game strategies that they want. Instead of attacking things head on, the Chinese prefer the methods of “The Thousand Grains of Sand” where many operations and operators work to effect the larger outcomes from small pieces. The Chinese are patient, and because of the Eastern mind, seem to come at things in a more subtle way than most of us in the West tend to think about. In all, the subversion and outright theft of IP has a multipurpose goal of broadening their technical abilities, their economic abilities, and overall, their dominance in the world as a power.
What the Chinese have realized mostly though, is that the subtle knife is the best way to control the enemy, slowly, and subtly slitting the throat of the opponent without a struggle. Frankly, I admire the approach really. In terms of the argument of “soft power” I place these efforts squarely into it because in tandem with certain “political” maneuvers, they can have huge net effects. By combining the military, the economic, and the political aspects of soft and hard power, and the gray’s in between, China has become a force to be reckoned with. So, I put it to you all here, that there is room for a change within the nomenclature of Mr. Nye’s coinage and that I think, in order to better understand the mosaic that is happening, we need to re-tool some of the ideas we have pre-conceived for ourselves.
A New Battlespace, A New Set of Battles
Finally, I would also put it to you all that the battle space is much different today than it has been in the past. Not only do we have the digital landscape, but said same digital landscape, that makes it easier to steal, also makes everything more interconnected. By interconnected, I mean that it is far easier to effect large changes to companies by the automation that we all have in place today to speed up our transactions. Today it is far easier to quickly make instant trades, and effect the bottom line of a company for the better or worse as well as steal data in minutes that in the past, would have taken days, weeks, or months to ex-filtrate from a company via conventional HUMINT means.
In the scenarios run on trades on the markets, you can see how one alleged “fat finger” incident can have a large scale and rippling effect on the whole economies of states, never mind businesses individually. So, once again, the battle space has changed greatly because of the interconnected-ness of things. It seems that the matters of state now more than before, can be changed through the soft power of the digital attack or manipulation. This is what I mean by “soft power” or perhaps the term I mentioned above “Covert Soft Power”, attacks that we are seeing now, and are having trouble truly attributing to nation-state, corporate, or individual actors are having larger and larger effects on our economy, our policies, and our long term viability as nations, companies, or groups.
At the end of the day though, I suggest that we are being manipulated by masters at the game of “Go” and we need to pay attention to every subtlety and not be so rigidly minded. It is the water that flows around and over the rock, eventually wearing it down to nothing.
K.
Krypt3ia 
Commentary: OPM Is Just Another Link In The CyberFail Chain
with 2 comments
OPM is the exemplar of how our government deals with information security, or should I say doesn’t deal with it. Some will say that there are many mitigating circumstances like old systems that cannot be updated that caused much of the failures that lead to the OPM being compromised for over a year. However, the subsequent pivoting by the adversaries into many other networks we have not begun to even discuss as a nation yet because we are now media and governmentally fixated on the fact that the adversary had access to SF86 forms. Forms mind you that should be one of the better protected things out of all the possible things the government holds in it’s systems. So far the discourse in the media has been more sensationally oriented on the magic secret code names that the likes of Crowdstrike and Mandiant have come up with respectively for actors. Actors that they claim with varying vociferousness are in fact China whether it be the PLA (People’s Liberation Army) or the MSS (Ministry of State Security) though neither is accepting the pure hubris of all their press releases and anonymous or semi anonymous back-channel chats with the media in hopes of more attention.
Whether or not these attacks were from China and their varying and vying espionage organs is rather irrelevant now and everyone needs to understand this. The cat is proverbially out of the bag here and by the cat slipping the bag, we now notice that the emperor who was holding that burlap sack of cat is in fact naked. Or at least that should be the story here but as you can see from the stories filed above by the New York Times alone, the real attention seems to be on the fact that China is in fact hacking us. Well, I am sorry but I have news for you all, they have been hacking us for a long time now and doing very well at it. The primary reason for their being so able to steal us blind though is not as the media and the government and the Mandiant or Crowdstrike’s of the world would like you think. The APT (Advanced Persistent Threat) it seems, does not have to be advanced. They just need to be persistent and might I add patient.
So when you read the headlines and the stories like those in the Times about the advanced malware called “Sakula” and how the tricksy Chinese have gotten administrator on OPM systems I cannot blame the uninitiated thinking that this is hard and that the Chinese actors are the equivalent of super villains hacking from beneath islands with skull faced volcano’s on them. After all, the media is teaching the people not in the know by these lede’s that computer security is unfathomable and hard. You know, like the comment by Archuleta in the Congressional hearing that “Security takes decades” No ma’am it doesn’t and as the congressman who yelled at you that day said, we don’t have decades. In fact, I would say that this game of Go is almost done and we aren’t winning. We have lost and the reasons we have lost are manifold but I would say that the root of it all is that we, America, have abdicated the notion of securing the things that we should have long ago. The excuses are many; because it would be costly, or hard, or perhaps more so due to government stagnation, self interest, and indolence.
I know that the majority of the readers of my blog are in the security community but I wanted this post to reach across the void to the everyman on this matter. I exhort you to read the stories in the news and to take a step back. Consider the following statements and really understand where we are today.
Brass tacks, we deserved to be hacked.
Sad but true.
So gentle reader, consider what I have told you here. The government is not protecting OUR data commensurate with the security requirements we would demand of a company that holds it like say Target. It’s time to hold the government to the standards that they would like to enforce on companies. Let’s not listen to the marketing leaks by Mandiant and Crowdstrike about the actors and who they may be. What matters is that the data was taken and the reason it was taken was because of poor security and bad management on the part of the federal government. You know, those guys rattling the cyber war sabre lately.
Physician heal thyself.
K.
Rate this:
Written by Krypt3ia
2015/06/22 at 14:09
Posted in .gov, China, Commentary, CyberFAIL