Category Archives: Citizens Duty

When Will the US Begin to Sanction China?

Posted on by

Last week, Defense Secretary Mattis said:

Defense Secretary Jim Mattis this week voiced new U.S. opposition to China’s continued militarization of islands in the South China Sea.

“We remain highly concerned with continued militarization of features in the South China Sea,” Mattis told reporters on Monday as he traveled to Vietnam.

Mattis also said China is using predatory economics to seek control over other nations.

The Chinese are engaged in a global infrastructure development plan called the Belt and Road Initiative that U.S. officials have said is being used by Beijing to expand influence and control abroad, and expand Chinese military bases around the world.

Mattis said the predatory economic policies include loans “where massive debt is piled on countries that fiscal analysis would say they are going to have difficulty, at best, repaying in the smaller countries.”

The defense secretary, echoing the new U.S. hardline policy toward China, said the United States is not seeking to “contain” China but wants more reciprocal relations.

USA: China's militarisation of the South China Sea ... In part from Newsweek:

“Beijing can now deploy military assets, including combat aircraft and mobile missile launchers to the Spratly Islands at any time,” said the Asia Maritime Transparency Initiative (AMTI) on Monday in a report that included images of the three man-made islands—Fiery Cross reef, Subi, and Mischief. Its director Greg Poling told Voice of America that new antennas had been spotted on Subi and Fiery Cross, so he expected deployments there soon.

The Spratly Islands are around 500 miles from the coast of China, and Fiery Cross Reef about 740 miles from mainland China. It is approximately 170 miles off the coast of Vietnam. Why did China build these islands and how did they manage to make land out of sea?

***

But media is not paying attention.

It gets worse.

Researchers have mapped out a series of internet traffic hijacks and redirections that they say are part of large espionage and intellectual property theft effort by China.

China systematically hijacks internet traffic: researchers

The researchers, Chris Demchak of the United States Naval War College and Yuval Shavitt of the Tel Aviv University in Israel, say in their paper that state-owned China Telecom hijacked and diverted internet traffic going to or passing through the US and Canada to China on a regular basis.

Tel Aviv University researchers built a route tracing system that monitors BGP announcements  and which picks up on patterns suggesting accidental or deliberate hijacks and discovered multiple attacks by China Telecom over the past few years.

In 2016, China Telecom diverted traffic between Canada and Korean government networks to its PoP in Toronto. From there, traffic was forwarded to the China Telecom PoP on the US West Coast and sent to China, and finally delivered to Korea.

Normally, the traffic would take a shorter route, going between Canada, the US and directly to Korea. The traffic hijack lasted for six months, suggesting it was a deliberate attack, Demchak and Shavitt said.

Demchak and Shavitt detailed other traffic hijacks, including one that saw traffic from US locations to a large Anglo-American bank’s Milan headquarters being terminated in China, and never delivered to Italy, in 2016.

During 2017, traffic between Scandinavia and Japan, transiting the United States, was also captured by China Telecom, ditto data headed to a mail server operated by a large Thai financial company.

China Telecom is able to divert the traffic by announcing bogus routes via the Border Gateway Protocol (BGP) that governs data flows between Autonomous Systems, the large networks operated by telcos, internet providers and corporations.

After the traffic was copied by China Telecom for encyption breaking and analysis, it was delivered to the intended networks with only small delays. Demchak and Shavitt said.

Such hijacking is difficult to detect as China Telecom has multiple points of presence (PoPs) in North America and Europe that are physically close to the attacked networks, causing almost unnoticeable traffic delivery delays despite the lengthened routes.

China in comparison does not allow overseas telcos to establish PoPs in the country, and has only three gateways into the country, in Beijing, Shanghai and Hong Kong. This isolation protects the country’s domestic and transit traffic from foreign hijacking.

BGP hijacking of internet traffic is a common phenomenon, one which requires the support of large network operators to exploit at scale.

While the US and China agreed in 2015 to not hack one another’s computer networks, the deal did not cover hijacking of internet backbones, Demchak and Shavitt pointed out.

The researchers suggest the allied democratic nations establish an “access reciprocity” policy for internet PoPs located in their countries, to address the traffic hijacking.

Under the access reciprocity policy US telcos and providers should be allowed to set up PoPs in China, Demchak and Shavitt said.

If access reciprocity is refused, “then an appropriate defence policy in response could state that no traffic to or from the US or ally is allowed to enter a China Telecom PoP in the US or in the ally’s networks,” the researchers suggested.

Such a policy could be inserted into BGP routing tables as required for automatic implementation.

U.S. Treasury Employee Arrested Charged with Leaking to Media

Posted on by

The official 18 page indictment is here.

US Treasury employee arrested, accused of leaking media secret information about suspicious financial transactions related to Paul Manafort, Russians

  • A U.S. Treasury employee has been arrested and charged with leaking to a BuzzFeed News reporter multiple secret reports about suspicious financial transactions.
  • The documents relate to former Trump campaign chief Paul Manafort, Trump campaign official Richard Gates, accused Russian agent Maria Butina, the Russian Embassy and suspected Russian money launderer Prevezon Alexander.
  • The accused employee, Natalie Mayflower Sours Edwards will face criminal charges in New York.

A U.S. Treasury employee has been arrested on charges that she leaked to BuzzFeed News multiple reports about suspicious financial transactions involving ex-Trump campaign chief Paul Manafort, law-enforcement officials said.

The highly confidential documents allegedly leaked by the employee also were related to former Trump campaign official Richard Gates, accused Russian agent Maria Butina, a suspected Russian money launderering entity and the Russian Embassy in Washington, according to a criminal complaint.

Natalie Mayflower Sours Edwards

Natalie Mayflower Sours Edwards, a 40-year-old senior advisor in Treasury’s financial crimes enforcement network who was arrested Tuesday, will face federal criminal charges in New York, officials said.

She is charged with unlawfully disclosing so-called suspicious activity reports, or SARS, and conspiracy to do the same. Both felony counts carry a maxmium potential sentence of five years in prison.

A Quinton, Virginia, resident, Edwards was released on a $100,000 personal recognizance bond after her presentment Wednesday afternoon in U.S. District Court for the Eastern District of Virginia. Under the conditions of her release, Edwards is barred from contacting reporters or handling documents belonging to her Treasury division without approval.

A lawyer for Edwards did not immediately respond to a request for comment.

SARS are used to alert Treasury officials and other authorities about financial transactions that may be related to criminal conduct, such as money laundering. Treasury’s FinCEN division, for which Edwards works, manages the collection of SARS. It is illegal for a government employee to disclose a SAR or its contents outside of the scope of their work.

The complaint against Edwards says that she started leaking “numerous SARS in October 2017” to an unidentified reporter, and continued doing so until this month.

She had “hundreds of electronic communications” with the reporter, “many via an encrypted application,” the complaint said.

After Edwards began leaking SARS, the journalist wrote about a dozen articles which mentioned the details of those reports, according to the complaint.

Articles cited in the complaint carry the bylines of Jason Leopold and Anthony Cormier, two BuzzFeed reporters, as well as other journalists at that media outlet.

The articles cited documents transactions pertaining to Manafort and Gates, both of whom have since pleaded guilty to financial crimes related to their consulting work for a pro-Russia political party in Ukraine.

They also related to Butina, who is currently being held without bond on charges of being a Russian agent, the accused money launderering real-estate entity Prevezon Alexander, and the Russian Embassy in Washington.

At the time of Edwards’ arrest, according to federal prosecutors in Manhattan, she “was in possession of a flash drive” that appeared to be the same device “on which she saved the unlawfully disclosed” SARS.

Also in her possession was “a cellphone containing numerous communications over an encrypted application in which she transmitted [SARS] and other sensitive government information” illegally, prosecutors said.

“When questioned by law enforcement officials [Tuesday], Edwards confessed she has provided [SARS] to [the reporter] via an encrypted application, through falsely denied knowing that [the reporter] intended to or did publish that information” through a news organization, the complaint said.

BuzzFeed News declined to comment. Leopold and Cormier did not immediately return requests for comment.

 

DHS Concerns on Election Related Incidents, Facebook Doesn’t Care

Posted on by

The Department of Homeland Security notices an increase of election-related incidents, but thinks midterm voting will go off relatively unproblematically. Anomali reports a surge in black-market trafficking of voter records.

Voting Records of Over 40 Million Americans for Sale on ...

But you wont find out from Facebook if there are any issues….Facebook is going to block all posts regarding voting issues.

What could be the issues?

Anomali Labs researchers in close partnership with Intel 471, a leading cybercrime intelligence provider, have uncovered a widespread unauthorized information disclosure of US voter registration databases. To be clear, this voter information is made generally available to the public for legitimate uses. Anomali and Intel 471 researchers discovered dark web communications offering a large quantity of voter databases for sale. The databases include valuable personally identifiable information and voting history. The disclosure reportedly affects 19 states and includes 23 million records for just three of the 19 states. No record counts were provided for the remaining 16 states, but do include prices for each state. We estimate that the entire contents of the disclosure could exceed 35 million records. Researchers have reviewed a sample of the database records and determined the data to be valid with a high degree of confidence.

Of note, the seller indicates they receive weekly updates of voter registration data across the states and that they receive information via contacts within the state governments. Certain states require the seller to personally travel to locations in-state to receive the updated voter information. This suggests the information disclosure is not necessarily a technical compromise but rather a likely targeted campaign by a threat actor redistributing possibly legitimately obtained voter data for malicious purposes on a cybercrime forum.

To our knowledge, this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data, including US voters’ personally identifiable information and voting history. With the November 2018 midterm elections only four weeks away, the availability and currency of the voter records, if combined with other breached data, could be used by malicious actors to disrupt the electoral process or pursue large-scale identity theft. More here.

Meanwhile, over to Facebook…. (who are they to determine what is false? See something, say something and Facebook will punish us all.)

MENLO PARK, Calif. (Reuters) – Facebook Inc will ban false information about voting requirements and fact-check fake reports of violence or long lines at polling stations ahead of next month’s U.S. midterm elections, company executives told Reuters, the latest effort to reduce voter manipulation on its service.

The world’s largest online social network, with 1.5 billion daily users, has stopped short of banning all false or misleading posts, something that Facebook has shied away from as it would likely increase its expenses and leave it open to charges of censorship.

The latest move addresses a sensitive area for the company, which has come under fire for its lax approach to fake news reports and disinformation campaigns, which many believe affected the outcome of the 2016 presidential election, won by Donald Trump.

The new policy was disclosed by Facebook’s cybersecurity policy chief, Nathaniel Gleicher, and other company executives.

The ban on false information about voting methods, set to be announced later on Monday, comes six weeks after Senator Ron Wyden asked Chief Operating Officer Sheryl Sandberg how Facebook would counter posts aimed at suppressing votes, such as by telling certain users they could vote by text, a hoax that has been used to reduce turnout in the past.

The information on voting methods becomes one of the few areas in which falsehoods are prohibited on Facebook, a policy enforced by what the company calls “community standards” moderators, although application of its standards has been uneven. It will not stop the vast majority of untruthful posts about candidates or other election issues.

“We don’t believe we should remove things from Facebook that are shared by authentic people if they don’t violate those community standards, even if they are false,” said Tessa Lyons, product manager for Facebook’s News Feed feature that shows users what friends are sharing.

Links to discouraging reports about polling places that may be inflated or misleading will be referred to fact-checkers under the new policy, Facebook said. If then marked as false, the reports will not be removed but will be seen by fewer of the poster’s friends.

Such partial measures leave Facebook more open to manipulation by users seeking to affect the election, critics say. Russia, and potentially other foreign parties, are already making “pervasive” efforts to interfere in upcoming U.S. elections, the leader of Trump’s national security team said in early August.

Just days before that, Facebook said it uncovered a coordinated political influence campaign to mislead its users and sow dissension among voters, removing 32 pages and accounts from Facebook and Instagram. Members of Congress briefed by Facebook said the methodology suggested Russian involvement.

Trump has disputed claims that Russia has attempted to interfere in U.S. elections. Russian President Vladimir Putin has denied it.

WEIGHING BAN ON HACKED MATERIAL

Facebook instituted a global ban on false information about when and where to vote in 2016, but Monday’s move goes further, including posts about exaggerated identification requirements.

Facebook executives are also debating whether to follow Twitter Inc’s recent policy change to ban posts linking to hacked material, Gleicher told Reuters in an interview.

The dissemination of hacked emails from Democratic party officials likely played a role in tipping the 2016 presidential election to Trump, and Director of National Intelligence Dan Coats has warned that Russia has recently been attempting to hack and steal information from U.S. candidates and government officials. More here.

Afghanistan Then and Now

Posted on by

Primer:In September of 1963, the King and Queen of Afghanistan visited Washington DC as guests of President Kennedy.

55 years later, this month, the United States and allies have entered the 17th year of military conflict in Afghanistan. The target is the Taliban. Under the Obama regime, several attempts were made to normalize relationship with the Taliban leadership including swapping one treasonous soldier for 5 senior Taliban leaders from Guantanamo. At the same time, the United States coordinated with Qatar to pay for a Taliban consulate operation in Qatar. It remains today.

Under the Trump administration, the same kind of talks are taking place with Zalmay Khalilzad leading the U.S. envoy.

Zalmay Khalilzad, the Afghan-born U.S. adviser and former U.S. ambassador to Afghanistan, briefed Ghani and Abdullah on October 13 about his meetings with senior ministers and top diplomats in four countries as part of a diplomatic mission aimed at bringing the Taliban to the negotiating table.

Since Khalilzad last visited Kabul on October 4, his tour has taken him to Pakistan, the United Arab Emirates, Saudi Arabia, and Qatar.

A statement sent to journalists on October 13 by Taliban spokesman Zabihullah Mujahid said Khalilzad met Taliban representatives on October 12 in Qatar’s capital, Doha, to discuss ending the Afghan conflict.

Mujahid said the Taliban representatives told Khalilzad that the presence of foreign forces in Afghanistan was a “big obstacle” to peace and that both sides “agreed to continue such meetings.”

Another senior Taliban member said the U.S. envoy had asked the Taliban leadership to declare a cease-fire in Afghanistan for six months, in time for the planned October 20 parliamentary elections.

“Both sides discussed prospects for peace and the U.S presence in Afghanistan,” another Taliban official said.

The Taliban in exchange are seeking the release of their fighters from Afghan jails and the removal of foreign troops currently aiding Afghan security forces.

“Neither side agreed to accept the other’s demands immediately, but they agreed to meet again and find a solution to the conflict,” said a Taliban official who asked not to be identified.

A statement about Khalilzad’s diplomatic tour released by the U.S. Embassy in Kabul did not confirm his meeting with the Taliban. More here.

After 17 years, there are still more Taliban fighters? How is that possible?

Let’s go back many years shall we?

BEFORE THE AMERICAN invasion, before the Russian war, and before the Marxist revolution, Afghanistan used to be a pretty nice place.

An astonishing collection of photos from the 1960s was recently featured by the Denver Post.

To see the full photo essay, go here.

5G Coming with Major Risks from China

Posted on by

Primer: Samsung Galaxy S10 Coming with 5G Data Speeds ...

Stuart Madnick, who’s been professor of information technology at the Massachusetts Institute of Technology since 1972, tells Inverse that the FCC and ISPs are casting a double-edged sword in their rush to implement 5G.

“It’s like going from fireworks to dynamite sticks,” Madnick says. “5G encourages further evolution and expansion of Internet of Things related networks. All of the good news and bad news that comes along with this technology gets magnified.”

He’s especially concerned about the risk of denial of service attacks — or DDoS for short — becoming more powerful than ever before. One of the advertised benefits of 5G is that it will allow even more IoT devices, like refrigerators or light bulbs, to come online. This would allow users to remotely check the contents of their fridge or dim their bedroom lights using their phones, but these devices can also be harnessed for nefarious purposes.

One of the most notorious DDoS incidents in history — the 2016 Dyn cyberattack — was facilitated by unsecured IoT devices, like security cameras, printers, and baby monitors. Hacker groups Anonymous and New World Hackers allegedly took control of thousand of electronics that still had their default passwords to amass an army of zombie devices, known as a botnet.

This network was used to overwhelm the servers of internet performance management company, Dyn. Websites like Twitter, SoundCloud, Spotify, and Shopify were inaccessible for a day. Madnick believes this could happen again, to a degree that hasn’t even been imagined yet. Perhaps the biggest sites on the web will go down for days, including online blanks, or worse, the internet that controls a public utility like electricity. Perhaps the biggest sites on the web will go down for days, including online blanks, or worse, the internet that controls a public utility like electricity.

*** Related reading: Lessons Learned from WannaCry attack

How 5G will Power the Future Internet of Things - iQ by Intel

Ex-security minister Admiral Lord West calls for urgent government action after Chinese firms are banned in Australia and the US.

Security threats from Chinese companies building 5G networks could end up “putting all of us at risk” if they are not tackled quickly, according to a former security minister.

Speaking to Sky News, Admiral Lord West, a former First Sea Lord who served under Gordon Brown as a security minister, urged the government to set up a unit reporting directly to the prime minister to monitor the risk posed by Chinese equipment in 5G.

5G has been hailed as the next great leap for mobile communications, enabling everything from smart cities to hologram calls.

However, the best 5G technology comes from Chinese companies, raising the fear that China’s government could have ground-level access to – even control of – the UK’s critical data infrastructure.

“We’ve got to see there’s a risk,” Lord West said. “Yes, we want 5G, but for goodness sake we need to do all of these things to make sure it’s not putting all of us at risk.”

In April, the United States banned Chinese multinationals Huawei and ZTE – both specialists in 5G – from selling equipment to the federal government.

In August, the Australian government banned the same two firms from supplying technology for its 5G network, a decision foreign minister Marise Payne described as necessary for “the protection of Australia’s national security”.

In a statement, Huawei called the decision “politically motivated, not the result of a fact-based, transparent, or equitable decision-making process,” adding that “there is no fundamental difference between 5G and 4G network architecture… 5G has stronger guarantees around privacy and security protection than 3G and 4G”.

Robert Hannigan, former director of GCHQ, told Sky News an outright ban in the UK would not make 5G safe.

“The best companies in 5G are probably the Chinese ones and there aren’t many alternatives,” he said, before warning that new measures were needed to test the security of the network.

“We do need to find a way of scrutinising what is being installed in our network, and how it is being overseen and how it is being controlled and how it’s being upgraded in the future. And we have to find a more effective way of doing that at scale.”

In April, GCHQ’s National Cyber Security Centre warned ZTE could pose a national security risk to the UK.

Two months later, the UK’s Huawei Cyber Security Evaluation Centre, a group set up by the government to monitor the Chinese firm, announced that it had “only limited assurance” that Huawei posed no threat to national security

“It was a bit of a warning to Huawei,” said Mr Hannigan. “They needed to get better at cooperating and take this more seriously.”

The difficulty for the Huawei Cyber Security Evaluation Centre is knowing for certain that the code it vets and approves is the same code that is going into networks.

“That’s been a persistent problem,” said Mr Hannigan. “That needs more work.”

The government has put £200m into the development of 5G. Last month, the first 5G pilot centre launched in the West Midlands, testing the technology before a national roll-out.

BT, which uses Huawei to supply parts for its network, told Sky News that it would “apply the same stringent security measures and controls to 5G when we start to roll it out, in line with continued guidance from government”.