Category Archives: China aggression
How we get to World War III
(Videos courtesy of Popular Mechanics)
by Danielle Pletka, AEI: NATO’s SecGen Jens Stoltenberg today warned the Russians about their violation of Turkish airspace in ongoing Russian air operations over Syria. It was only the latest warning from NATO about Russian violations of various NATO nations’ airspace and assorted other antics. But today’s incursion — which prompted a nasty threat from Turkey about what would happen if the Russians make the same mistake again — only underscores what a dangerous place the world has become since Barack Obama became president.
History teaches us that large wars begin for many complex reasons, and that notwithstanding our obsession with poor old Archduke Ferdinand, it was probably not simply his shooting that spawned World War I. But… there are now so many global flashpoints that we cannot rule out the notion that a conflict between major powers could break out simply based on circumstance. Consider:
- NATO aircraft scrambled more than 500 times in 2014, with only a few exceptions, in reaction to Russian incursions into NATO member airspace. Russians planes reportedly often switch off transponders and fail to file flight plans, which has resulted in several near misses, including with a passenger plane. (Not to speak of the Russian shoot down of the Malaysia Airlines passenger jet.)
- In 2014, Japan scrambled aircraft almost 1000 times, with all but a few of these incidents attributed to either Russian or Chinese warplanes.
- Russian bombers entered US airspace 10 times in 2014, double the previous average.
- On July 4th, as Americans celebrated Independence Day, the US Air Force scrambled fighter jets to intercept two pairs of Russian bombers skirting US airspace off the coast of California and Alaska.
- The United States is preparing, reportedly, a show of force with “freedom of navigation operations” in the South China Sea, a reaction to increasingly aggressive land reclamation/military construction in disputed territory.
- On the eve of Chinese leader Xi Jinping’s recent visit to Washington, two Chinese fighters intercepted a US Air Force surveillance plane over the Yellow Sea.
- The US is planning on stepping up air operations over Syria at the same time that Russia advances its own war on Assad’s opponents. Washington and Moscow aim to “deconflict” (whatever that means).
- Russia is consistently violating its obligations under the Minsk Accords and continues to make claims on Ukrainian territory. Facing few consequences for his actions in Ukraine, there are fears that Putin may choose to move on NATO members Lithuania, Latvia or Estonia.
The world has always been a dangerous place, and the proliferation of nuclear weapons has only made it more so. But not since the Cold War have there been so many potential triggers for major power conflicts. Will we get into a shooting war? Perhaps not, and almost not certainly with the current Commander in Chief. But each time there is a near miss without consequence, as most are, bad actors are encouraged to believe there will never be any consequence. Still, notwithstanding Barack Obama, the United States does have red lines, treaty obligations (to the Philippines, to Japan, to NATO allies) that could force us into conflict where none was planned.
A Quick Preview of the Start of World War III
What Russia’s newest ICBM looks like when it takes off.
Popular Mechanics: The RS-24 was developed in secret by Russia, but public tests of the fifth-generation ICBM began in 2007 in response to a possible missile shield being built in Europe, and the Yars became operational in 2010. The RS-24 has been “MIRVed,” meaning it has multiple independently targetable reentry vehicles—in other words, each missile has multiple warheads that can hit multiple targets. Each of the RS-24’s four nuclear warheads has a yield of about 150 to 250 kilotons (the bombs dropped on Hiroshima and Nagasaki had yields of 15 and 21 kilotons, respectively).
The RS-24 is powered by solid-state fuel, meaning that it can be ready to be launched within minutes, and is built to accelerate extremely quickly, giving opposition forces little time to react to a launch. It also can deploy a series of anti-missile-defense measures to evade attempts to shoot it down. The Russian government reports it to have an effective range of 6,800 miles, traveling at top speeds of 15,220 miles per hour, or just a shade under Mach 20. It can be launched from a silo, as seen above, or from a mobile launch vehicle, meaning the Russian government can essentially tuck one of these away anywhere in the vast wilderness that makes up so much of its territory.
What makes the Yars perhaps even more unsettling is that it’s an upgrade to the Topol-M ICBM, a weapon that Tyler Rogorsky over at Foxtrot Alpha called “scary as hell.” The Topol-M was the first ICBM to be developed by Russia after the fall of the Soviet Union, and is now being phased out in favor of the RS-24.
The Yars and Topol-M, along with America’s own state-of-the-art ICBMs, the LGM-30G Minuteman-III and UGM-133 Trident II, are stark reminders that mutually assured destruction continues to define nuclear warfare, despite various nuclear arms treaties. It’s easier to add more warheads to an ICBM than to build a missile defense system that can effectively shoot down those additional warheads, meaning there isn’t much either side can hope to do once a nuclear power decides to launch—except fling off their own set of ICBMs and irradiate the other side of the globe as well.
Obama did not Invite FBI Director to Seminar
Place this story and decision into the WTH file.
F.B.I. Chief Not Invited to Meeting on Countering Violent Extremism
NYT > WASHINGTON — The White House did not invite the most senior American official charged with preventing terrorist attacks — the F.B.I. director, James B. Comey — to the three-day conference this week on countering violent extremism in the United States and abroad because the administration did not want the event too focused on law enforcement issues, according to senior American officials.
But Mr. Comey’s Russian counterpart — Aleksandr V. Bortnikov, the director of the Russian Federal Security Service, the post-Soviet K.G.B. — was at the meeting, even though international human rights groups have repeatedly accused the Russian security service of unjustly detaining and spying on Russians and others.
The service also declined to provide American counterterrorism and intelligence officials with information before the 2013 Boston Marathon bombings that would probably have led to more scrutiny of one of the suspects.
Several other foreign law enforcement officials attended the conference, which was held in Washington. The meeting has been criticized as ineffectual and irrelevant, and not focused on immediate and tangible solutions to stop terrorists. And some Republicans said that President Obama’s speech to the assembled leaders on Wednesday did not lay out a strategy for defeating groups like the Islamic State.
The omission of Mr. Comey adds further uncertainty over who in the government is in charge of the anti-extremist effort. Just a few months ago, the F.B.I. put out a lengthy bulletin on its website about how it was leading “a new approach to countering violent extremism.” Many of the strategies listed by the F.B.I. appear similar to ones mentioned at the meeting.
An Obama administration official defended the decision not to invite Mr. Comey, saying that “while the F.B.I. works tirelessly to keep the country safe, this conference was not centered on federal law enforcement.”
The official said that the administration’s efforts to counter violent extremists “are premised on the notion that local officials and communities can be an effective bulwark against violent extremism, and most of the participants — spanning community leaders, local, law enforcement, private sector innovators, and others — reflected this bottom-up approach.” A spokesman for the F.B.I. declined to comment.
Mr. Comey’s boss, Attorney General Eric H. Holder Jr., attended the conference, and several F.B.I. officials participated in its panels, the official said.
The administration did not specifically invite Mr. Bortnikov, the official said. Instead, it had sent a general invitation to the Russian government, which chose Mr. Bortnikov, along with others, to come to Washington.
The administration did not try to prevent Mr. Bortnikov, who rarely visits the United States, from attending, said the official, who did not want to be identified discussing internal White House deliberations. Mr. Bortnikov is on the European Union sanctions list in response to the crisis in Ukraine, but he is not subject to American sanctions.
The programs intended to prevent Americans from becoming extremists are led by the Department of Justice and the Department of Homeland Security.
The Obama administration said in a news release on Wednesday that the effort to counter violent extremism “encompasses the preventive aspects of counterterrorism as well as interventions to undermine the attraction of extremist movements and ideologies that seek to promote violence.”
Stopping terrorist attacks has been the F.B.I.’s highest priority since the Sept. 11, 2001, attacks. The bureau oversees joint terrorism task forces in every major American city that bring together federal, state and local authorities to investigate terrorism.
This is not the first little confab concocted by Barack Obama. Back in February of 2015, Obama had the same session calling on 60 nations. Progress? Not so much.
WASHINGTON — President Obama called on Americans and more than 60 nations on Wednesday to join the fight against violent extremism, saying they had to counter the ideology of the Islamic State and other groups making increasingly sophisticated appeals to young people around the world.
On the second day of a three-day meeting that comes after a wave of terrorist attacks in Paris, Sydney, Copenhagen and Ottawa, Mr. Obama said undercutting the Sunni militant group’s message and blunting its dark appeal was a “generational challenge” that would require cooperation from mainstream Muslims as well as governments, communities, religious leaders and educators. “We have to confront squarely and honestly the twisted ideologies that these terrorist groups use to incite people to violence,” Mr. Obama told an auditorium full of community activists, religious leaders and law enforcement officials — some of them skeptical about his message — gathered at the Eisenhower Executive Office Building next door to the White House. “We need to find new ways to amplify the voices of peace and tolerance and inclusion, and we especially need to do it online.”
Obama vs. China President Xi, Hacking
A new unit of the People’s Liberation Army was identified last week by cyber security researchers as Unit 78020 based in Kunming, in Yunnan Province.
The unit’s operations have been tracked for five years and have included targeted attacks on states in the region that are challenging Beijing’s strategic program of seeking to control the sea through building up small islands and reefs and then deploying military forces on them.
“Unit 78020 conducts cyber espionage against Southeast Asian military, diplomatic, and economic targets,” according to a security report on the unit that included a satellite photo of the unit’s Kunming compound.
“The targets include government entities in Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nepal, the Philippines, Singapore, Thailand, and Vietnam as well as international bodies such as United Nations Development Program (UNDP) and the Association of Southeast Asian Nations (ASEAN).” More details here.
Chinese president Xi Jinping is supposed to have dinner this evening with U.S. president Barack Obama. Wonder if the name Ge Xing will come up?Ge Xing is the subject of a joint report published this morning by ThreatConnect and Defense Group Inc., computer and national security service providers respectively. Ge is alleged to be a member of the People’s Liberation Army unit 78020, a state-sponsored hacking team whose mission is to collect intelligence from political and military sources to advance China’s interests in the South China Sea, a key strategic and economic region in Asia with plenty of ties to the U.S.
The report connects PLA 78020 to the Naikon advanced persistent threat group, a state-sponsored outfit that has followed the APT playbook to the letter to infiltrate and steal sensitive data and intellectual property from military, diplomatic and enterprise targets in a number of Asian countries, as well as the United Nations Development Programme and the Association of Southeast Asian Nations (ASEAN).
Control over the South China Sea is a focal point for China; through this region flows trillions of dollars of commerce and China has not been shy about claiming its share of the territory. The report states that China uses its offensive hacking capabilities to gather intelligence on adversaries’ military and diplomatic intentions in the regions, and has leveraged the information to strengthen its position.“The South China Sea is seen as a key geopolitical area for China,” said Dan Alderman, deputy director of DGI. “With Naikon, we see their activity as a big element of a larger emphasis on the region and the Technical Reconnaissance Bureau fitting into a multisector effort to influence that region.”The report is just the latest chess piece hovering over Jinping’s U.S. visit this week, which began in earnest yesterday with a visit to Seattle and meetings with giant technology firms such as Microsoft, Apple and Google, among others.
Those companies want to tap into the growing Chinese technology market and the government there is using its leverage to get them to support stringent Internet controls imposed by the Chinese government. A letter sent to American technology companies this summer, a New York Times report last week, said that China would ask American firms to store Chinese user data in China. China also reportedly asked U.S.-built software and devices sold in China to be “secure and controllable,” which likely means the Chinese would want backdoor access to these products, or access to private encryption keys.Jinping, meanwhile, tried to distance himself from the fray when he said in a Wall Street Journal interview: “Cyber theft of commercial secrets and hacking attacks against government networks are both illegal; such acts are criminal offences and should be punished according to law and relevant international conventions.”Journal reporter Josh Chin connected with Ge Xing over the phone and Ge confirmed a number of the dots connected in the report before hanging up on the reporter and threatening to report him to the police.
While that never happened, the infrastructure connected to Ge and this slice of the Naikon APT group, was quickly shut down and taken offline. In May, researchers at Kaspersky Lab published a report on Naikon and documented five years of activity attributed to the APT group. It describes a high volume of geo-politically motivated attacks with a high rate of success infiltrating influential organizations in the region. The group uses advanced hacking tools, most of which were developed externally and include a full-featured backdoor and exploit builder.Like most APT groups, they craft tailored spear phishing messages to infiltrate organizations, in this case a Word or Office document carrying an exploit for CVE-2012-0158, a favorite target for APT groups. The vulnerability is a buffer overflow in the ActiveX controls of a Windows library, MSCOMCTL.OCX. The exploit installs a remote administration tool, or RAT, on the compromised machine that opens a backdoor through which stolen data is moved out and additional malware and instructions can be moved in.Chin’s article describes a similar attack initiated by Ge, who is portrayed not only as a soldier, but as an academic.
The researchers determined through a variety of avenues that Ge is an active member of the military, having published research as a member of the military, in addition to numerous postings to social media as an officer and via his access to secure locations believed to be headquarters to the PLA unit’s technical reconnaissance bureau.“Doing this kind of biopsy, if you will, of this threat through direct analysis of the technical and non-technical evidence allows us to paint a picture of the rest of this group’s activity,” said Rich Barger, CIO and cofounder of ThreatConnect. “We’ve had hundreds of hashes, hundreds of domains, and thousands of IPs [related to PLA unit 78020].
Only looking at this from a technical lens only gives you so much. When you bring in a regional, cultural and even language aspect to it, you can derive more context that gets folded over and over into the technical findings and continues to refine additional meaning that we can apply to the broader group itself.”The report also highlights a number of operational security mistakes Ge made to inadvertently give himself away, such as using the same handle within the group’s infrastructure, even embedding certain names in families of malware attributed to them. All of this combined with similar mistakes made across the command and control infrastructure and evidence pulled from posts on social media proved to be enough to tie Ge to the Naikon group and elite PLA unit that is making gains in the region.“If you look at where China is and how assertive they are in region, it might be a reflection of some of the gains and wins this group has made,” Barger said. “You don’t influence what they’re influencing in the region if you don’t have the intel support capabilities fueling that operational machine.”
Hotel Chains Credit Cards Hacked
Not the first case for hotel chains not protecting guest records.
FromHotelManagement: A U.S. appeals court said the Federal Trade Commission has authority to regulate corporate cyber security, and may pursue a lawsuit accusing hotel operator Wyndham Worldwide Corp of failing to properly safeguard consumers’ information.
The 3-0 decision by the 3rd U.S. Circuit Court of Appeals in Philadelphia on Monday upheld an April 2014 lower court ruling allowing the case to go forward. The FTC wants to hold Wyndham accountable for three breaches in 2008 and 2009 in which hackers broke into its computer system and stole credit card and other details from more than 619,000 consumers, leading to over $10.6 million in fraudulent charges.
The FTC originally sued Wyndham in 2012 over the lack of security that led to its massive hack. But before the case proceeded, Wyndham appealed to a higher court to dismiss it, arguing that the FTC didn’t have the authority to punish the hotel chain for its breach. The third circuit court’s new decision spells out that Wyndham’s breach is exactly the sort of “unfair or deceptive business practice” the FTC is empowered to stop, reports Wired.
BusinessInsider: In August, Visa alerted numerous financial institutions of a breach. Five different banks determined the commonality between the cards included in that alert was that they were used at Hilton properties — including Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts, Krebs reports.
Hilton Hotels investigates customer credit card security hack
FNC: Hilton Hotels announced that it is looking into a possible security breach that occurred at gift shops, restaurants, bars, and other stores located on Hilton owned properties across the U.S.
According to cyber-security expert Brian Krebs, Visa sent confidential alerts to several financial institutions warning of a security breach at various retail locations earlier this year from April 21 to July 27. While the alerts named individual card numbers that had allegedly been compromised, per Visa’s policy, the notifications did not name the breached retail location. But sources at five different banks have now determined that the hacks all had one thing in common–they occurred at Hilton property point-of-sale registers.
Currently, the breach does not appear to have comprised the guest reservation systems at the associated properties. The company released the following statement regarding the incident:
“Hilton Worldwide is strongly committed to protecting our customers’ credit card information. We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace. We take any potential issue very seriously, and we are looking into this matter.”
The breach includes other Hilton brand name properties including Embassy Suites, Doubletree, Hampton Inn and Suites, and Waldorf Astoria Hotels & Resorts. The hotel group is advising customers who may have made purchases at Hilton properties during the time indicated to carefully scan bank records for any unusual activity and contact their bank immediately.
According to USA Today, evidence from the investigation indicates that the hack may have affected credit card transactions as far back as Nov. 2014 and security breaches could possibly be ongoing.