Category Archives: China aggression

Presidential Daily Briefing for Trump on Russia

Posted on by

There are rumors flying that the intelligence agencies are holding back on key items that would otherwise be included in the PDB’s, especially items regarding Russia. Okay, we cannot know for sure that is true or not. In fact there are denials this is accurate. While countless media outlets are reporting that some ‘higher-ups’ in some intel agencies are in a war with President Trump, it is all because he is in a war with them. Sheesh….while all this is going on, other allied world leaders are watching all this and are feeling quite uneasy over intelligence collaboration and most especially where all this leads.

Image result for russian spy ship norfolk, virginia

Some one needs to restore order and confidence here and do it fast. At issue is Russia and Iran.

  1. The Russian spy ship doing an ‘in-your-face’ Atlantic coast water adventure and is presently just outside of Norfolk, Virginia and headed back to the Cuba region.
  2. Meanwhile, the new Secretary of State, Rex Tillerson is in Germany meeting with his Russian counterpart Sergey Lavrov.
  3. Another item is General Dunford is in Azerbaijan, meeting with Russian Chief of General Staff of the Armed Forces, Gerasimov.
  4. Qassem Soleimani, head of the Iranian Qods Force is in Moscow. Soleimani has a U.S. and U.N. travel ban and sanctions on him such that he is not allowed to travel. Hah…
  5. Ciaran Martin, head of GCHQ’s new National Cyber Security Centre states that Russia is escalating the rate of hacks against the UK. The United States, Canada, Australia and the UK are the four countries of record that make up GCHQ.
  6. Deputy Defense Secretary Bob Work met with Ukrainian Foreign Affairs Minister Pavlo Klimkin at the Pentagon regarding discussion over the recent escalation of violence by combined Russian separatist forces in eastern Ukraine.
  7. Because of Russian aggression and the lasting threat to the Baltic States, General Mattis has ordered U.S. troops deploy in Bulgaria.
  8. Russian troops attacked Ukrainian positions 139 times using heavy armor in all sectors in Donbas in the past 48 hours.

    Situation in Donbas February 13, 2017 Ukraine conflict map

    9.  Russia tells White House it will not return Crimea to Ukraine.
    10. Russia has secretly deployed a new cruise missile that American officials say violates a landmark arms control treaty, posing a major test for President Trump as his administration is facing a crisis over its ties to Moscow. The missile (Kalibr) is a SSC-8. It is a nuclear capable missile first tested in 2008. While this launch was ground based, it can also be launched from a submarine and is capable of holding 1000 lbs of conventional explosives or a nuclear warhead. There are variants to this weapon, there is also the Iskander and the 9M728. Nonetheless, it is a violation of the INF Treaty.
    Lastly and a very good thing, while Vladimir Putin is calling for full intelligence cooperation with the United States, General Mattis has not, no….not ready. Further, Mattis said that Russia needs to prove itself….tic tic tic…

    11. Soldiers, tanks and M88 recovery vehicles from the 1st Battalion, 8th Infantry Regiment’s “Fighting Eagles” recently arrived at the airbase in Romania in support of Operation Atlantic Resolve. So far, more than 350 U.S. soldiers have arrived this month with another 150 set to arrive before the end of February.

So, should there be some normalizing of relations between the White House and the Kremlin? Nah….has not worked out so well when it comes to Iran or Cuba…

Tech Companies Filed Amicus Brief, Supports Foreign Workers

Posted on by

Amicus Brief Tech companies This is an employment epidemic across the nation where companies sponsor foreign national for domestic jobs, leaving thousands to train their replacements. We have not addresses how many could be purposely placed for industrial espionage.

Related reading: China’s Best Method of Industrial Espionage

***

Apple, Google, Microsoft pile in: 97 US tech firms file brief against Trump’s travel ban

In part from ZDNet: Immigrants or their children founded 200 US companies that generate $4.2 trillion in annual revenues, the brief highlights, among them Apple, AT&T, and Google, as well as Ford, General Electric, McDonald’s, Boeing, and Disney.

“Businesses and employees have little incentive to go through the laborious process of sponsoring or obtaining a visa, and relocating to the United States, if an employee may be unexpectedly halted at the border.

“Skilled individuals will not wish to immigrate to the country if they may be cut off without warning from their spouses, grandparents, relatives, and friends. They will not pull up roots, incur significant economic risk, and subject their family to considerable uncertainty to immigrate to the United States in the face of this instability.” Full article here.

***

The H1-B visa program has a cap to the number allowed to be issued. It is a visa program that needs more scrutiny by Congress for the sake of American employees. There have been abuses to the program and further companies like Disney hire foreign nationals to replaced domestic employees driving down the salary costs.

Janet Napolitano, the former Secretary of the Department of Homeland security and now the president of the University of California system knows it all so well and how to work the system.

In part from the LATimes: Using a visa loophole to fire well-paid U.S. information technology workers and replace them with low-paid immigrants from India is despicable enough when it’s done by profit-making companies such as Southern California Edison and Walt Disney Co.

But the latest employer to try this stunt sets a new mark in what might be termed “job laundering.” It’s the University of California. Experts in the abuse of so-called H-1B visas say UC is the first public university to send the jobs of American IT staff offshore. That’s not a distinction UC should wear proudly. Full op-ed here.

*** One of 5 huge examples beyond California is:

Pfizer Connecticut R&D

In 2008, workers at pharmaceutical giant Pfizer’s New London and Groton (Connecticut) research and development campus raised the alarm: They were being replaced by Indian workers on H-1B visas and forced to train their replacements. Those outsourced workers were scheduled to return to India, where they will run the same systems as their U.S. counterparts, albeit at a cheaper rate and with diminished benefits. The move was part of an outsourcing agreement signed in 2005 between Pfizer, Infosys Technologies and Satyam Computer Services. More here.

***

A 100 page Joint Venture report for tech companies includes the following text:

Foreign-Born Residents

Silicon Valley has an extraordinarily large share of residents who are foreign born (37.4%, compared to California, 27.1%, or the United States, 13.3%). This population share increases to 50% for the employed, core working age population (ages 25-44), and even higher for certain occupational groups. For instance, nearly 74% of all Silicon Valley employed Computer and Mathematical workers ages 25-44 in 2014 were foreign-born. Correspondingly, the region also has an incredibly large share of foreign-language speakers, with 51% of Silicon Valley’s population over age five speaking a language other than exclusively English at home (compared to 43% in San Francisco, 44% in California, and 21% in the United States as a whole). This majority share in 2014 was up from 49% in 2011.

*** The Senate held a hearing in 2015 with a few former employees that were forced to train their foreign replacements. Many of these employees are paid a severance package but it also includes a major stipulation to remain mute on the topic as noted below:

My former company, a large utility company, replaced 220 American IT workers with H-1Bs…we would have to train them in order to receive our severance packages. This was one of the most humiliating situations that I have ever been in as an IT professional.

The whole IT department was going through the same fate as myself. Those were the longest and hardest five months of my life. Not only did I lose a work family, but I lost my job and my self-esteem. We had constant emails sent by HR that we could not talk about this situation to anyone or make posts to social media. If we did, we would be fired immediately and not get our severance. Read the full article here.

 

Cruz and Poe Introduce Legislation for States to Reject Refugees

Posted on by

There is some additional help coming from the Trump administration as President Trump is likely to issue and sign executive order on immigration that will impact visa holders from Iraq, Iran, Libya, Somalia, Sudan, Syria and Yemen. These are worn torn countries where hostilities continue with terror organizations. An issue that still remains however that Trump has not addressed is the asylum seekers.

S. 2363 (114th): State Refugee Security Act of 2015

A bill to amend the Immigration and Nationality Act to permit the Governor of a State to reject the resettlement of a refugee in that State unless there is adequate assurance that the alien does not present a security risk and for other purposes. The 2 page text is here.

New bill from Cruz, Poe would let states reject refugees

WT: Republicans in the House and Senate have introduced legislation that would give governors the power to reject federal efforts to resettle refugees in their states.

The bill from Sen. Ted Cruz and Rep. Ted Poe, both of Texas, is a reaction to years of growing GOP frustration with the Obama administration’s aggressive effort to take in refugees and resettle them across the country. Republicans continue to have doubts that refugees can be vetted to ensure they aren’t Islamic State terrorists.

The State Refugee Security Act would require the federal government to notify states at least 21 days before they seek to settle a refugee. Under the bill, if a state governor certifies that the federal government hasn’t offered enough assurances that the refugee does not pose a security risk, the state can block the resettlement effort.

Poe said the Obama administration’s “open door policy” has forced states to take on refugees without these guarantees, and said states need a way to opt out.

“Until the federal government can conduct thorough security screenings and confirm that there are no security risks, Congress should empower states to be able to protect their citizens by refusing to participate in this program,” he said.

Cruz said the first obligation of the president is to keep Americans safe, and said the bill would be a step in that direction.

“I am encouraged that, unlike the previous administration, one of President Trump‘s top priorities is to defeat radical Islamic terrorism,” he said. “To augment the efforts of the new administration, this legislation I have introduced will reinforce the authority of the states and governors to keep their citizens safe.”

****

The Trump White House also has not addressed the issue of criminal deportation of foreign nationals. Each foreign inmate is known to cost the taxpayer an estimated $21,000 per year. Enforcement and removal operations of those illegal foreign nationals now falls to the newly confirmed DHS Secretary Kelly.

FY 2015 ICE Immigration Removals

In addition to its criminal investigative responsibilities, ICE shares responsibility for enforcing the nation’s civil immigration laws with U.S. Customs and Border Protection (CBP) and U.S. Citizenship and Immigration Services (USCIS). ICE’s role in the immigration enforcement system is focused on two primary missions: (1) the identification and apprehension of criminal aliens and other removable individuals located in the United States; and (2) the detention and removal of those individuals apprehended in the interior of the U.S., as well as those apprehended by CBP officers and agents patrolling our nation’s borders.

In executing these responsibilities, ICE has prioritized its limited resources on the identification and removal of criminal aliens and those apprehended at the border while attempting to unlawfully enter the United States. This report provides an overview of ICE Fiscal Year (FY) 2015 civil immigration enforcement and removal operations. See FY 2015 ICE Immigration Removals Statistics

Expectations of a quick solution and immediate movement to address the immigration matter are misplaced as this will be a long slog of an operation and will take the coordination of several agencies including the U.S. State Department which is presently operating without a Secretary until Rex Tillerson is confirmed and sworn in. The fallout will include a diplomatic challenge which is many cases does need to occur, however other nations such as China and Russia will step in to intrude on the process including those at the United Nations level, falling into the lap of the newly confirmed U.S. Ambassador to the United Nations, Nikki Haley.

Cruz: Obama ‘rolled over’ on hacking and Trump gets Advice

Posted on by

He is right and the proof most recently was in February of 2016, with the posted Executive Orders.

WASHINGTON — Through two executive orders signed Tuesday, President Obama put in place a structure to fortify the government’s defenses against cyber attacks and protect the personal information the government keeps about its citizens.

The orders came the same day as Obama sent to Congress a proposed 2017 budget that includes $19 billion for information technology upgrades and other cyber initiatives.

In September of 2015, Obama held a meeting on cyber with China’s Xi. Perhaps there was no formal sanction or punishment of China due in part to the U.S. debt they hold. Obama also held meetings with key Congressional leaders in 2015 on the issue of cyber. Going back to 2013, Obama held sessions with corporate CEO’s to discuss efforts to improve cybersecurity amid growing concerns within the administration over attacks from China targeting American businesses.

The president will discuss efforts to address the cyber threat facing the country and get the executives’ feedback on how the government and private sector can forge a relationship to improve cybersecurity in the United States, according to The White House. The meeting will be held in the Situation Room and attendees include AT&T CEO Randall Stephenson and Northrup Grumman CEO Wesley Bush.

Not until February of 2016, did Obama launch the Cybersecurity National Action Plan which was headed by Tom Donilon, his National Security Advisor and Sam Palmisano, former CEO of IBM. There was no traction and given the recent cyber intrusions, there is likely a LOT of ‘ooops’ coming from the White House and should. No corporation, bank, government agency or other private entity ever wants to publically announced they have been hacked or their vulnerability, as it only invites more cyber chaos but the United States including top government agencies and the White House along with the State Department have all been victim of both Russian and Chinese cyber attacks of various forms.

***

Sen. Ted Cruz says he hopes the incoming Trump administration is tougher on dealing with cyberattacks than the “weakness” he saw from President Obama on hacking by Russia and other foreign adversaries.

“One of the reasons these cyberattacks are so prevalent is that Barack Obama and his administration have rolled over for eight years,” Cruz said Thursday on “The Mike Gallagher Show.”

“They have shown nothing but weakness and appeasement in the face of those attacks. This is something I hope and believe will change with the new administration,” he said.

Cruz insisted neither Russian hacking nor WikiLeaks revelations last year about the Democratic Party significantly influenced Donald Trump’s victory in the presidential election.

“I think that there’s no evidence whatsoever that Russia’s efforts against us, which have been longstanding, did anything to affect the campaign,” said Cruz, who competed against Trump in last year’s GOP primaries.

“It’s, frankly, patently absurd,” Cruz added of claims Russia or WikiLeaks helped Trump win. “You can’t credibly argue that [WikiLeaks’] disclosures impacted the election because most voters never heard it.” More here from TheHill.

****

Task Force Issues Cybersecurity Advice to Donald Trump

‘From Awareness to Action: A Cybersecurity Agenda for the 45th President’

A task force co-chaired by two U.S. lawmakers and a former federal CIO is issuing a 34-page report recommending a cybersecurity agenda for the incoming Trump administration. The report recommends the new administration jettison outdated ways the federal government tackles cybersecurity, noting: “Once-powerful ideas have been transformed into clichés.”

The report from the CSIS Cyber Policy Task Force – From Awareness to Action: A Cybersecurity Agenda for the 45th President – will be formally unveiled on Jan. 5. It comes from the think tank Center for Strategic and International Studies, which sponsored the Commission on Cybersecurity for the 44th Presidency that made recommendations to then-President-elect Barack Obama in 2008.

“In the eight years since that report was published, there has been much activity, but despite an exponential increase in attention to cybersecurity, we are still at risk and there is much for the next administration to do,” the new report’s introduction states.

Cybersecurity Goals for Trump Administration

The task force outlined five major issues President-elect Donald Trump and his administration should address, including:

  1. Deciding on a new international strategy to account for a very different and dangerous global security environment.
  2. Making a greater effort to reduce and control cybercrime.
  3. Accelerating efforts to secure critical infrastructures and services and improving cyber hygiene across economic sectors. As part of this, the Trump administration must develop a new approach to securing government agencies and services and improve authentication of identity.
  4. Identifying where federal involvement in resource issues, such as research or workforce development, is necessary, and where such efforts are best left to the private sector.
  5. Considering how to organize the U.S. effort to defend cyberspace. Clarifying the role of the Department of Homeland Security is crucial, and the new administration must either strengthen DHS or create a new cybersecurity agency.

Ditching Outmoded Security Practices

Task force members recommend the new administration should get rid of outdated ways the federal government tackles cybersecurity. The report notes: “Statements about strengthening public-private partnerships, information sharing or innovation lead to policy dead ends. … Once-powerful ideas have been transformed into clichés. Others have become excuses for inaction.”

As an example, the task force cites the National Strategy for Trusted Identities in Cyberspace, a government initiative unveiled in 2011, which envisioned a cyber-ecosystem that promotes trust and security while performing sensitive transactions online. The task force contends NSTIC “achieved little,” asserting that such initiatives fail because they aren’t attuned to market forces. “There are few takers for a product or service for which there is no demand or for which there are commercial alternatives.”

The task force makes recommendations on dozens of policies and technologies.

On encryption, for instance, it suggests that the president develop a policy that supports the use of strong encryption for privacy and security while specifying the conditions and processes under which assistance from the private sector for lawful access to data can be required. It also states that the president should direct the National Institute of Standards and Technology to work with encryption experts, technology providers and internet service providers to develop standards and ways to protect applications and data in the cloud and provide secure methods for data resiliency and recovery.

“Ultimately,” the report says, “encryption policy requires a political decision on risk. Untrammeled use of encryption increases the risk from crime and terrorism, but societies may find this risk acceptable given the difficulty of imposing restrictions. No one in our groups believed that risk currently justifies restrictions.”

Battling Cybercrime

In battling cybercrime, the task force sees “active defense,” a term it says has become associated with vigilantism, hack back and cyber privateers, as only a stopgap measure to address the private sector’s frustration over the apparent impunity of trans-border criminals. The Trump administration should seek ways to help companies move beyond their traditional perimeter defenses and focus on identifying federal actions that could disrupt cybercriminals’ business model or expand the work of federal agencies and service providers against botnets, according to the report.

To make cybercrime less profitable, the task force recommends the new administration identify actions that would impede the monetization of stolen data and credentials. Other recommendations include accelerating the move to multifactor authentication and identifying better ways to counter and disrupt botnets, a growing risk as more devices become connected to the internet. The task force says this could be done by expanding the ability to obtain civil injunctions for use against botnets and raising the penalties for using botnets against critical infrastructure.

The role of the military to protect civilian critical infrastructure turned out to be among the most contentious issues the group debated. A few task force members said that the Defense Department should play an expanded and perhaps leading role in critical infrastructure protection, according to the report. Most members, though, believed that this mission must be assigned to a civilian agency, not to DoD or a law enforcement agency such as the FBI.

“While recognizing that the National Security Agency, an element of DoD, has unrivaled skills, we believe that the best approach is to strengthen DHS, not to make it a ‘mini-NSA,’ and to focus its mission on mitigation of threats and attacks, not on retaliation, intelligence collection or law enforcement,” the report states.

Organizing Government Cybersecurity

DHS is the focal point in cybersecurity protection among civilian agencies as well as civilian-led critical infrastructure. The task force recommends that an independent agency be established within DHS focused exclusively on cybersecurity.

The task force says Trump should quickly name a new cybersecurity coordinator and elevate the White House position two notches to assistant to the president from special assistant to the president. Also, the group says Trump should back away from his pledge to conduct a cybersecurity review, as was done at the beginning of the Obama administration.

The task force co-chairs are:

  • Rep. Michael McCaul, R-Texas, chairman of the House Homeland Security Committee and co-founder of the Congressional Cybersecurity Caucus;
  • Sen. Sheldon Whitehouse, D-R.I., sponsor of legislation to require federal law enforcement and national security agencies to account for cyberattacks;
  • Karen Evans, a cybersecurity adviser to the Trump transition team who’s national director of the U.S. Cyber Challenge and formerly served as White House administrator for e-government and information technology, a position now known as U.S. CIO; and
  • Sameer Bhalotra, co-founder and CEO of the cybersecurity startup Stackrox and a senior associate at CSIS.

CSIS Senior Vice President James Lewis, the think tank’s cybersecurity expert, served as the task force project director.

How bad is it?

USAToday:

Exhibit A: The Social Security Administration system still runs on a platform written in the 1960s in the COBOL programming language, and takes 400 people just to maintain, Obama said.

“If we’re going to really secure those in a serious way, then we need to upgrade them,” Obama told reporters Tuesday after meeting with advisers on the issue. “And that is something that we should all be able to agree on. This is not an ideological issue. It doesn’t matter whether there’s a Democratic President or a Republican President. If you’ve got broken, old systems — computers, mainframes, software that doesn’t work anymore — then you can keep on putting a bunch of patches on it, but it’s not going to make it safe.”

To implement those upgrades, Obama created two new entities Tuesday: The first, a Commission on Enhancing National Cybersecurity, will be made up of business, technology, national security and law enforcement leaders who will make recommendations to strengthen online security in the public and private sectors. It will deliver a report to the president by Dec. 1.

The second, a Federal Privacy Council, will bring together chief privacy officers from 25 federal agencies to coordinate efforts to protect the vast amounts of data the federal government collects and maintains about taxpayers and citizens.

Obama’s cybersecurity adviser, Michael Daniel, said the structure allows the administration to move forward even without additional authority from Congress by “driving our executive authority to the limit.”

The administration’s plan will look at cybersecurity both inside and outside the government. There will be more training and shared resources among government agencies, 48 dedicated teams to respond to attacks, and student loan forgiveness to help recruit top technical talent.

But the will plan also promote better security practices throughout the economy, by encouraging through multi-factor authentication that uses additional information in addition to a password. The government is also looking to reduce its use of Social Security numbers the unique identifier for all Americans.

Across the government, the Obama administration wants to spend $19 billion on cybersecurity in 2017, a 35% increase over 2016. But the plan does not rely on an increase in funding. “We can do quite a bit of it even without the additional resources,” Daniel said.

The White House said it also plans to create the new position of Chief Information Security Officer to coordinate modernization efforts across the government, including a a $3.1 billion Information Technology Modernization Fund. “That’s a key role that many private-sector companies have long implemented, and it’s a good practice for the federal government,” said Tony Scott, the U.S. Chief Information Officer.

The president is expected to meet with national security advisers Tuesday morning to launch the new effort.

Cyber Hacking Tools for Sale on Underground Network

Posted on by

Executive Editor Fionnuala Sweeney sits down with Steve Grobman, Chief Security Officer with the Intel Security Group. When it comes to America’s security in the cyberspace, the U.S. government and the private sector haven’t always seen eye to eye.

****

Stop the denial about Russian intrusion…..how about taking the United States out of the debate and examine other countries… you must also remember that all payments and or salaries are often paid for using Bitcoin….un-traceable. Have you thought about Islamic State migrating to hacking operations using ransomware?

****

Brit cyber warriors fight off two hacking attempts against the state every day

The National Cyber Security Centre has foiled 86 attacks in its first month – most of which are suspected to have come from China, North Korea, Russia, Iran and criminal gangs

Cyber warriors are fighting off more than two major hacking attempts against the British state every day.

Top targets include the Bank of England , the Ministry of Defence , nuclear bases, security services and infrastructure such as transport, the NHS and power systems.

Chief suspects are China, North Korea, Russia, Iran and major criminal gangs.

The National Cyber Security Centre foiled 68 major attacks in the first month after it was launched in October.

China is suspected of trying to steal technology or probing our security and finance systems while Russian is feared to be testing security and military networks.

It is believed North Korea may be doing all the above and Iran is suspected of acting for other countries, including Syria .

Retail, technology and security firms have also been hit. Senior security sources say a major theft of aerospace technology cost hundreds of millions of pounds.

It is thought cyber experts have responded to many of the attacks by hacking into systems used by the attackers. A source said: “This is the new front line.”

The NCSC was formed as part of a £1.9billion government crackdown.

At its launch Chancellor Philip Hammond said we had to hit back against “foreign actors” or face having planes grounded or being left in darkness.

Going back to 2012, was this fella part of a Kremlin authorized hack operation? If not, is he a proxy? Note what corporations and operations had cyber intrusions…

A Russian man was arrested in Cyprus last week for allegedly launching two distributed denial-of-service attacks on Amazon.com in June 2008.

Dmitry Olegovick Zubakha, a 25-year-old man from Moscow, was indicted last year by a Seattle grand jury for conspiracy to intentionally cause damage without authorization to a protected computer and possession of more than 15 unauthorized access devices.

In addition to the attack on Amazon, Zubakha was linked to similar attacks on Priceline.com and eBay.

Along with fellow hacker Sergey Logashov, Zubakha is alleged to have launched the attack using a botnet of computers under the control of multiple users. The duo brazenly took credit for the attacks on hacker forums, according to the indictment.

In addition to their denial-of-service attacks, law enforcement also traced 28,000 stolen credit-card numbers back to both men, which helped lead to the arrest.

“Amazon is willing to expend dollars and energy beyond even what can be economically justified in order to bring cybercriminals to justice,” said company spokesperson Mary Osako in a statement.

If found guilty on all charges, Zubakha could face up to 37 years in prison and $750,000 in fines. Intentionally causing damage to a protected computer with a resulting loss of more than $5,000 is punishable by up to 10 years in prison. Logashov was also charged with the same count.

The arrest in Cyprus was a complex undertaking, with the U.S. Secret Service, the U.S. Attorney’s Office for the Western District of Washington and the Seattle Police Department all working together with global officials.

“The [three agencies] talking to each other is a direct result of the birth of the Department of Homeland Security,” security consultant Robert Siciliano told the E-Commerce Times.

American authorities are seeking Zubakha’s extradition.

According to the indictment, the first of two attacks lasted four and a half hours on June 6, 2008, before Amazon was able to intervene. Amazon’s servers were working overtime, on a magnitude of between 600 and 1,000 percent of normal traffic. The second attack began on June 9 of the same year and lasted until June 12.

Zubakha was also charged with aggravated identity theft for using the credit card of a Lake Stevens, Wash.,  resident illegally.

“This defendant could not hide in cyberspace,” said U.S. Attorney Jenny A. Durkan, head of the Justice Department’s Cybercrime and IP Enforcement Committee. “I congratulate the international law enforcement agencies who tracked him down and made this arrest.”

Logashov is still at large.