When Will the US Begin to Sanction China?

Last week, Defense Secretary Mattis said:

Defense Secretary Jim Mattis this week voiced new U.S. opposition to China’s continued militarization of islands in the South China Sea.

“We remain highly concerned with continued militarization of features in the South China Sea,” Mattis told reporters on Monday as he traveled to Vietnam.

Mattis also said China is using predatory economics to seek control over other nations.

The Chinese are engaged in a global infrastructure development plan called the Belt and Road Initiative that U.S. officials have said is being used by Beijing to expand influence and control abroad, and expand Chinese military bases around the world.

Mattis said the predatory economic policies include loans “where massive debt is piled on countries that fiscal analysis would say they are going to have difficulty, at best, repaying in the smaller countries.”

The defense secretary, echoing the new U.S. hardline policy toward China, said the United States is not seeking to “contain” China but wants more reciprocal relations.

USA: China's militarisation of the South China Sea ... In part from Newsweek:

“Beijing can now deploy military assets, including combat aircraft and mobile missile launchers to the Spratly Islands at any time,” said the Asia Maritime Transparency Initiative (AMTI) on Monday in a report that included images of the three man-made islands—Fiery Cross reef, Subi, and Mischief. Its director Greg Poling told Voice of America that new antennas had been spotted on Subi and Fiery Cross, so he expected deployments there soon.

The Spratly Islands are around 500 miles from the coast of China, and Fiery Cross Reef about 740 miles from mainland China. It is approximately 170 miles off the coast of Vietnam. Why did China build these islands and how did they manage to make land out of sea?

***

But media is not paying attention.

It gets worse.

Researchers have mapped out a series of internet traffic hijacks and redirections that they say are part of large espionage and intellectual property theft effort by China.

China systematically hijacks internet traffic: researchers

The researchers, Chris Demchak of the United States Naval War College and Yuval Shavitt of the Tel Aviv University in Israel, say in their paper that state-owned China Telecom hijacked and diverted internet traffic going to or passing through the US and Canada to China on a regular basis.

Tel Aviv University researchers built a route tracing system that monitors BGP announcements  and which picks up on patterns suggesting accidental or deliberate hijacks and discovered multiple attacks by China Telecom over the past few years.

In 2016, China Telecom diverted traffic between Canada and Korean government networks to its PoP in Toronto. From there, traffic was forwarded to the China Telecom PoP on the US West Coast and sent to China, and finally delivered to Korea.

Normally, the traffic would take a shorter route, going between Canada, the US and directly to Korea. The traffic hijack lasted for six months, suggesting it was a deliberate attack, Demchak and Shavitt said.

Demchak and Shavitt detailed other traffic hijacks, including one that saw traffic from US locations to a large Anglo-American bank’s Milan headquarters being terminated in China, and never delivered to Italy, in 2016.

During 2017, traffic between Scandinavia and Japan, transiting the United States, was also captured by China Telecom, ditto data headed to a mail server operated by a large Thai financial company.

China Telecom is able to divert the traffic by announcing bogus routes via the Border Gateway Protocol (BGP) that governs data flows between Autonomous Systems, the large networks operated by telcos, internet providers and corporations.

After the traffic was copied by China Telecom for encyption breaking and analysis, it was delivered to the intended networks with only small delays. Demchak and Shavitt said.

Such hijacking is difficult to detect as China Telecom has multiple points of presence (PoPs) in North America and Europe that are physically close to the attacked networks, causing almost unnoticeable traffic delivery delays despite the lengthened routes.

China in comparison does not allow overseas telcos to establish PoPs in the country, and has only three gateways into the country, in Beijing, Shanghai and Hong Kong. This isolation protects the country’s domestic and transit traffic from foreign hijacking.

BGP hijacking of internet traffic is a common phenomenon, one which requires the support of large network operators to exploit at scale.

While the US and China agreed in 2015 to not hack one another’s computer networks, the deal did not cover hijacking of internet backbones, Demchak and Shavitt pointed out.

The researchers suggest the allied democratic nations establish an “access reciprocity” policy for internet PoPs located in their countries, to address the traffic hijacking.

Under the access reciprocity policy US telcos and providers should be allowed to set up PoPs in China, Demchak and Shavitt said.

If access reciprocity is refused, “then an appropriate defence policy in response could state that no traffic to or from the US or ally is allowed to enter a China Telecom PoP in the US or in the ally’s networks,” the researchers suggested.

Such a policy could be inserted into BGP routing tables as required for automatic implementation.

Afghanistan Then and Now

Primer:In September of 1963, the King and Queen of Afghanistan visited Washington DC as guests of President Kennedy.

55 years later, this month, the United States and allies have entered the 17th year of military conflict in Afghanistan. The target is the Taliban. Under the Obama regime, several attempts were made to normalize relationship with the Taliban leadership including swapping one treasonous soldier for 5 senior Taliban leaders from Guantanamo. At the same time, the United States coordinated with Qatar to pay for a Taliban consulate operation in Qatar. It remains today.

Under the Trump administration, the same kind of talks are taking place with Zalmay Khalilzad leading the U.S. envoy.

Zalmay Khalilzad, the Afghan-born U.S. adviser and former U.S. ambassador to Afghanistan, briefed Ghani and Abdullah on October 13 about his meetings with senior ministers and top diplomats in four countries as part of a diplomatic mission aimed at bringing the Taliban to the negotiating table.

Since Khalilzad last visited Kabul on October 4, his tour has taken him to Pakistan, the United Arab Emirates, Saudi Arabia, and Qatar.

A statement sent to journalists on October 13 by Taliban spokesman Zabihullah Mujahid said Khalilzad met Taliban representatives on October 12 in Qatar’s capital, Doha, to discuss ending the Afghan conflict.

Mujahid said the Taliban representatives told Khalilzad that the presence of foreign forces in Afghanistan was a “big obstacle” to peace and that both sides “agreed to continue such meetings.”

Another senior Taliban member said the U.S. envoy had asked the Taliban leadership to declare a cease-fire in Afghanistan for six months, in time for the planned October 20 parliamentary elections.

“Both sides discussed prospects for peace and the U.S presence in Afghanistan,” another Taliban official said.

The Taliban in exchange are seeking the release of their fighters from Afghan jails and the removal of foreign troops currently aiding Afghan security forces.

“Neither side agreed to accept the other’s demands immediately, but they agreed to meet again and find a solution to the conflict,” said a Taliban official who asked not to be identified.

A statement about Khalilzad’s diplomatic tour released by the U.S. Embassy in Kabul did not confirm his meeting with the Taliban. More here.

After 17 years, there are still more Taliban fighters? How is that possible?

Let’s go back many years shall we?

BEFORE THE AMERICAN invasion, before the Russian war, and before the Marxist revolution, Afghanistan used to be a pretty nice place.

An astonishing collection of photos from the 1960s was recently featured by the Denver Post.

To see the full photo essay, go here.

GAO Report on Weapons Systems Hacking Vulnerabilities

Cant make this up and further there is a huge element of deniability that such vulnerabilities exists.

GAO report reveals new Pentagon weapon systems vulnerable ...

GAO: In recent cybersecurity tests of major weapon systems DOD is developing, testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected.

DOD’s weapons are more computerized and networked than ever before, so it’s no surprise that there are more opportunities for attacks. Yet until relatively recently, DOD did not make weapon cybersecurity a priority. Over the past few years, DOD has taken steps towards improvement, like updating policies and increasing testing.

Federal information security—another term for cybersecurity—has been on our list of High Risk issues since 1997.

Today’s weapon systems are heavily computerized, which opens more attack opportunities for adversaries (represented below in a fictitious weapon system for classification reasons). The full report here.

APKWS on target | Jane's 360

*** From Wired in part:

In other cases, the report states that automated systems did detect the testers, but that the humans responsible for monitoring those systems didn’t understand what the intrusion technology was trying to tell them.

Like most unclassified reports about classified subjects, the GAO report is rich in scope but poor in specifics, mentioning various officials and systems without identifying them. The report also cautions that “cybersecurity assessment findings are as of a specific date so vulnerabilities identified during system development may no longer exist when the system is fielded.” Even so, it paints a picture of a Defense Department playing catch-up to the realities of cyberwarfare, even in 2018.

Edelman says the report reminded him of the opening scene of Battlestar Galactica, in which a cybernetic enemy called the Cylons wipes out humanity’s entire fleet of advanced fighter jets by infecting their computers. (The titular ship is spared, thanks to its outdated systems.) “A trillion dollars of hardware is worthless if you can’t get the first shot off,” Edelman says. That kind of asymmetrical cyberattack has long worried cybersecurity experts, and has been an operational doctrine of some of the United States’ biggest adversaries, including, Edelman says, China, Russia, and North Korea. Yet the report underscores a troubling disconnect between how vulnerable DOD weapons systems are, and how secure DOD officials believe them to be.

“In operational testing, DOD routinely found mission-critical cyber vulnerabilities in systems that were under development, yet program officials GAO met with believed their systems were secure and discounted some test results as unrealistic,” the report reads. DOD officials noted, for instance, that testers had access that real-world hackers might not. But the GAO also interviewed NSA officials who dismissed those concerns, saying in the report that “adversaries are not subject to the types of limitations imposed on test teams, such as time constraints and limited funding—and this information and access are granted to testers to more closely simulate moderate to advanced threats.”

It’s important to be clear that when the DOD dismisses these results, they are dismissing the testing from their own department. The GAO didn’t conduct any tests itself; rather, it audited the assessments of Defense Department testing teams. But arguments over what constitutes a realistic testing condition are a staple of the defense community, says Caolionn O’Connell, a military acquisition and technology expert at Rand Corporation, which has contracts with the DOD.

 

Items SecState Pompeo Manages in Dealing with N Korea

All is not so copacetic with North Korea. The United States has many channels of intelligence regarding North Korea and dealing with Kim Jung Un with many of the moving parts requires diplomatic artistry.
Below are but two examples and the prediction of a second summit between the United States and North Korea being noted, the logistics is a chess game.
Pompeo Meets North Korean Leader Kim Jong Un | One-News
FireEye has released a report stating the tools and techniques used by the group, “We believe APT38’s financial motivation, unique toolset, and tactics, techniques, and procedures (TTPs) observed during their carefully executed operations are distinct enough to be tracked separately from other North Korean cyber activity. There are many overlapping characteristics with other operations, known as “Lazarus” and the actor we call TEMP.Hermit; however, we believe separating this group will provide defenders with a more focused understanding of the adversary and allow them to prioritize resources and enable defense.
In their official blog, the company further explained the distinction of the group from any other hackers out there. Foremost, the malware tools used overlap or are similar indicating the similar developer behind the scenes.
The general pattern used by APT38 was observed to be this way –
  • First, the information is gathered by targeting third-party vendors to understand the mechanics of their transactions.
  • Then, initial compromise takes place followed by internal reconnaissance, pivot to victim servers used for swift transactions.
  • After this, finally, the funds are transferred or stolen.
  • This group does not stop just there but it removes all the evidence that might help the authorities trace them back or know the exact way or methodology of the fraud.
FireEye addressed the threat the group poses to its targeted sector by stating, “APT38 is unique in that it is not afraid to aggressively destroy evidence or victim networks as part of its operations. This attitude toward destruction is probably a result of the group trying to not only cover its tracks but also to provide cover for money laundering operations.The full 32 page report is here.
Meanwhile:

The U.S. Treasury Department last week sanctioned a Turkish company, two Turkish individuals, and a North Korean individual for violating UN sanctions on Pyongyang. These sanctions came just before Secretary of State Mike Pompeo’s fourth trip to North Korea in preparation for an anticipated second Trump-Kim summit.

Treasury targeted the Turkey-based company SIA Falcon International Group; the company’s chief executive officer, Huseyin Sahin; the company’s general manager, Erhan Culha; and North Korea’s economic and commercial counselor in Mongolia, Ri Song Un. The sanctions were issued pursuant to Executive Order 13551, which restricts trade in arms and luxury goods with North Korea. UN Security Council Resolution 1718 from 2006 also prohibits member states from conducting such trade.

In a press release, Treasury noted that SIA Falcon operates in Latvia. In February 2018, Treasury’s Financial Crimes Enforcement Network (FinCEN) named ABLV Bank of Latvia an institution of primary money laundering concern. FinCEN noted that ABLV “institutionalized money laundering as a pillar of the bank’s business practices” and conducted illicit financial transactions for North Korean procurement or export of ballistic missiles. Treasury did not confirm, however, that SIA Falcon’s Latvian branch office used ABLV’s bank services.

Treasury’s latest sanctions came the same day as The Rodong Sinmun, a North Korean state-run newspaper, published an article lambasting U.S. sanctions policy. Just days earlier, North Korea’s foreign minister, Ri Yong Ho, implored the UN Security Council to lift sanctions in response to Pyongyang’s moves to freeze missile and nuclear testing and to destroy the Punggye-ri test facility. However, until North Korea agrees to denuclearization and a full declaration of Pyongyang’s nuclear weapons program, facilities, and capabilities, Washington has confirmed it will not ease sanctions pressure

After Secretary Pompeo’s latest trip to North Korea, Pyongyang’s media outlets suggested U.S.-North Korea relations are improving. Of course, these latest designations, as well as ongoing U.S. diplomatic efforts to ensure international compliance with UN sanctions, could stir further tensions. Despite these risks, the sanctions send a useful message to Pyongyang that the Trump administration will not back down until the Kim regime meets its core demands. Hat tip FDD.

Trump Admin Trying to Get a Cyber Doctrine

October is national cyber awareness month, frankly every month and every day should be an awareness day.

octo | Office of the Chief Technology Officer

So, back in late 2017, the House passed by a voice vote H.R. 3559 – Cybersecurity and Infrastructure Security Agency Act of 2017. As you may guess, it is stalled in the Senate.

Meanwhile, in an effort to mobilize and consolidate cyber operations for the United States, there is no consensus within Congress. Should every government agency has a cyber division? Should the United States be able to perform counter cyber attacks? What kind of a cyber attack on the United States constitutes an act of war?

Just last month, Politico published a piece stating in part:

Recent reports that Russia has been attempting to install malware in our electrical grid and that its hackers have infiltrated utility-control rooms across America should constitute a significant wakeup call. Our most critical infrastructure systems are vulnerable to malicious foreign cyberactivity and, despite considerable effort, the collective response has been inadequate. As Director of National Intelligence Dan Coats ominously warned, “The warning lights are blinking red.”

A successful attack on our critical infrastructure — power grids, water supplies, communications systems, transportation and financial networks — could be devastating. Each of these is vital to our economy, health and security. One recent study found that a single coordinated attack on the East Coast power grid could leave parts of the region without power for months, cause thousands of deaths due to the failure of health and safety systems, and cost the U.S. economy almost $250 billion. Cyberattacks could also undermine our elections, either by altering our voter registration rolls or by tampering with the voting systems or results themselves.

The op-ed was written by retired General and former CIA Director David Petraeus who is arguing: “Our grab-bag approach isn’t working. Gen. David Petraeus says it’s time to go big.”

Actually, I agree with General Petraeus on his position. Last month also, John Bolton on the White House National Security Council declared that the U.S. is going on the offensive. Yet in an interesting article, Forbes offers a point and counter-point to that argument.

Last week, President Trump spoke to world leaders about how China is interfering in U.S. elections via the cyber realm. While no evidence has been offered, that is not to say there is no evidence, it is a common tactic of China. Additionally, the United States is offering robust assistance to NATO allies.

Acting to counter Russia’s aggressive use of cyberattacks across Europe and around the world, the U.S. is expected to announce that, if asked, it will use its formidable cyberwarfare capabilities on NATO’s behalf, according to a senior U.S. official.

The announcement is expected in the coming days as U.S. Defense Secretary Jim Mattis attends a meeting of NATO defense ministers on Wednesday and Thursday.

Katie Wheelbarger, the principal deputy assistant defense secretary for international security affairs, said the U.S. is committing to use offensive and defensive cyber operations for NATO allies, but America will maintain control over its own personnel and capabilities.

The decision comes on the heels of the NATO summit in July, when members agreed to allow the alliance to use cyber capabilities that are provided voluntarily by allies to protect networks and respond to cyberattacks. It reflects growing concerns by the U.S. and its allies over Moscow’s use of cyber operations to influence elections in America and elsewhere.

“Russia is constantly pushing its cyber and information operations,” said Wheelbarger, adding that this is a way for the U.S. to show its continued commitment to NATO.

Wheelbarger told reporters traveling to NATO with Mattis that the move is a signal to other nations that NATO is prepared to counter cyberattacks waged against the alliance or its members.

Much like America’s nuclear capabilities, the formal declaration of cyber support can help serve as a military deterrent to other nations and adversaries.

The U.S. has, for some time, considered cyber as a warfighting domain, much like air, sea, space and ground operations. In recent weeks the Pentagon released a new cybersecurity strategy that maps out a more aggressive use of military cyber capabilities. And it specifically calls out Russia and China for their use of cyberattacks.

China, it said, has been “persistently” stealing data from the public and private sector to gain an economic advantage. And it said Russia has use cyber information operations to “influence our population and challenge our diplomatic processes.” U.S. officials have repeatedly accused Moscow of interfering in the 2016 elections, including through online social media.

“We will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of a crisis or conflict,” the new strategy states, adding that the U.S. is prepared to use cyberwarfare along with other military weapons against its enemies when needed, including to counter malicious cyber activities targeting the country. Read more here.

Not to be left out is North Korea.

The Department of Homeland Security, the Department of the Treasury, and the Federal Bureau of Investigation have identified malware and other indicators of compromise used by the North Korean government in an ATM cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

For more information, see:

Yup, in closing…..we agree with General Petraeus….it is long overdue to go big and go NOW.