CyberWar Vulnerabilities

A Hacker’s Hit List of American Infrastructure

In an 800-page document dump, the U.S. government revealed critical vulnerabilities.

On Friday, December 19, the FBI officially named North Korea as the party responsible for a cyber attack and email theft against Sony Pictures. The Sony hack saw many studio executives’s sensitive and embarrassing emails leaked online. The hackers threatened to attack theaters on the opening day of the offending film, The Interview, and Sony pulled the plug on the movie, effectively censoring a major Hollywood studio. (Sony partially reversed course, allowing the movie to show in 331 independent theaters on Christmas Day, and to be streamed online.)

Technology journalists were quick to point out that, even though the cyber attack could be attributable to a nation-state actor, it wasn’t particularly sophisticated. Ars Technica’s Sean Gallagher likened it to a “software pipe bomb.”

But according to cybersecurity professionals, the Sony hack may be a prelude to a cyber attack on United States infrastructure that could occur in 2015, as a result of a very different, self-inflicted document dump from the Department of Homeland Security in July.

Here’s the background: On July 3, DHS, which plays “key role” in responding to cyber attacks on the nation, replied to a Freedom of Information Act (FOIA) request on a malware attack on Google called “Operation Aurora.”

Unfortunately, as Threatpost writer Dennis Fisher reports, DHS officials made a grave error in their response. DHS released more than 800 pages of documents related not to Operation Aurora but rather the Aurora Project, a 2007 research effort led by Idaho National Laboratory demonstrating how easy it was to hack elements in power and water systems.

Oops.

The Aurora Project exposed a vulnerability common to many electrical generators, water pumps, and other pieces of infrastructure, wherein an attacker remotely opens and closes key circuit breakers, throwing the machine’s rotating parts out of synchronization causing parts of the system to break down.

In 2007, in an effort to cast light on the vulnerability that was common to many electrical components, researchers from Idaho National Lab staged an Aurora attack live on CNN. The video is below.

How widespread is the Aurora vulnerability? In this 2013 article for Power Magazine:

The Aurora vulnerability affects much more than rotating equipment inside power plants. It affects nearly every electricity system worldwide and potentially any rotating equipment—whether it generates power or is essential to an industrial or commercial facility.

The article was written by Michael Swearingen, then manager for regulatory policy for Tri-County Electric Cooperative (now retired), Steven Brunasso, a technology operations manager for a municipal electric utility, Booz Allen Hamilton critical infrastructure specialist Dennis Huber, and Joe Weiss, a managing partner for Applied Control Solutions.

Weiss today is a Defense Department subcontractor working with the Navy’s Mission Assurance Division. His specific focus is fixing Aurora vulnerabilities. He calls DHS’s error “breathtaking.”

The vast majority of the 800 or so pages are of no consequence, says Weiss, but a small number contain information that could be extremely useful to someone looking to perpetrate an attack. “Three of their slides constitute a hit list of critical infrastructure. They tell you by name which [Pacific Gas and Electric] substations you could use to destroy parts of grid. They give the name of all the large pumping stations in California.”

The publicly available documents that DHS released do indeed contain the names and physical locations of specific Pacific Gas and Electric Substations that may be vulnerable to attack.

Defense One shared the documents with Jeffrey Carr, CEO of the cybersecurity firm Taia Global and the author of Inside Cyber Warfare: Mapping the Cyber Underworld. “I’d agree…This release certainly didn’t help make our critical infrastructure any safer and for certain types of attackers, this information could save them some time in their pre-attack planning,” he said.

Perpetrating an Aurora attack is not easy, but it becomes much easier the more knowledge a would-be attacker has on the specific equipment they may want to target.

* * *

In a 2011 paper for the Protective Relay Engineers’ 64th Annual Conference, Mark Zeller, a service provider with Schweitzer Engineering Laborites lays out—broadly—the information an attacker would have to have to execute a successful Aurora attack. “The perpetrator must have knowledge of the local power system, know and understand the power system interconnections, initiate the attack under vulnerable system load and impedance conditions and select a breaker capable of opening and closing quickly enough to operate within the vulnerability window.”

“Assuming the attack is initiated via remote electronic access, the perpetrator needs to understand and violate the electronic media, find a communications link that is not encrypted or is unknown to the operator, ensure no access alarm is sent to the operators, know all passwords, or enter a system that has no authentication.”

That sounds like a lot of hurdles to jump over. But utilities commonly rely on publicly available equipment and common communication protocols (DNP, Modbus, IEC 60870-5-103,IEC 61850, Telnet, QUIC4/QUIN, and Cooper 2179) to handle links between different parts their systems. It makes equipment easier to run, maintain, repair and replace. But in that convenience lies vulnerability.

In their Power Magazine article, the authors point out that “compromising any of these protocols would allow the malicious party to control these systems outside utility operations.”

Defense One reached out to DHS to ask them if they saw any risk in the accidental document dump. A DHS official wrote back with this response: “As part of a recent Freedom of Information Act (FOIA) request related to Operation Aurora, the Department of Homeland Security (DHS) National Programs and Protection Directorate provided several previously released documents to the requestor. It appears that those documents may not have been specifically what the requestor was seeking; however, the documents were thoroughly reviewed for sensitive or classified information prior to their release to ensure that critical infrastructure security would not be compromised.”

Weiss calls the response “nonsense.”

The risk posed by DHS accidental document release may be large, as Weiss argues, or nonexistent, as DHS would have you believe. But even if it’s the latter, Aurora vulnerabilities remain a key concern.

Perry Pederson, who was the director of Control Systems Security Program at DHS in 2007 when the Aurora vulnerability was first exposed, said as much in a blog post in July after the vulnerability was discovered. He doesn’t lay blame at the feet of DHS. But his words echo those of Weiss in their urgency.

“Fast forward to 2014. What have we learned about the protection of critical cyber-physical assets? Based on various open source media reports in just the first half of 2014, we don’t seem to be learning how to defend at the same rate as others are learning to breach.”

* * *

In many ways the Aurora vulnerability is a much harder problem to defend against than the Sony hack, simply because there is no obvious incentive for any utility operator to take any of the relatively simple costs necessary to defend against it. And they are simple. Weiss says that a commonly available device installed on vulnerable equipment could effectively solve the problem, making it impossible to make the moving parts spin out of synchronization. There are two devices on the market iGR-933 rotating equipment isolation device (REID) and an SEL 751A, that purport to shield equipment from “out-of-phase” states.

To his knowledge, Weiss says, Pacific Gas and Electric has not installed any of them anywhere, even though the Defense Department will actually give them away to utility companies that want them, simply because DOD has an interest in making sure that bases don’t have to rely on backup power and water in the event of a blackout. “DOD bought several of the iGR-933, they bought them to give them away to utilities with critical substations,” Weiss said. “Even though DOD was trying to give them away, they couldn’t give them to any of the utilities because any facility they put them in would become a ‘critical facility’ and the facility would be open to NERCCIP audits.”

Aurora is not a zero-day vulnerability, an attack that exploits an entirely new vector giving the victim “zero days” to figure out a patch. The problem is that there is no way to know that they are being implemented until someone, North Korea or someone else, chooses to exploit them.

Can North Korea pull of an Aurora vulnerability? Weiss says yes. “North Korea and Iran and are capable of doing things like this.”

Would such an attack constitute an act of cyber war? The answer is maybe. Speaking to reporters at the Pentagon on Friday, Pentagon Press Secretary Rear Adm. John Kirby said “I’m also not able to lay out in any specificity for you what would be or wouldn’t be an act of war in the cyber domain. It’s not like there’s a demarcation line that exists in some sort of fixed space on what is or isn’t. The cyber domain remains challenging, it remains very fluid. Part of the reason why it’s such a challenging domain for us is because there aren’t internationally accepted norms and protocols. And that’s something that we here in the Defense Department have been arguing for.”

Peter Singer, in conversation with Jason Koebler at Motherboard, says that the bar for actual military engagement against North Korea is a lot higher than hacking a major Hollywood movie studio.

“We didn’t go to war with North Korea when they murdered American soldiers in the 1970s with axes. We didn’t go to war with North Korea when they fired missiles over our allies. We didn’t go to war with North Korea when one of their ships torpedoed an alliance partner and killed some of their sailors. You’re going to tell me we’re now going to go to war because a Sony exec described Angelina Jolie as a diva? It’s not happening.”

Obama said Friday that there would be some sort of response to the hack, but declined to say what. “We have been working up a range of options. They will be presented to me. I will make a decision on those based on what I believe is proportional and appropriate to the nature of this crime,” he said.

Would infrastructure vandalism causing blackouts and water shutdowns constitute an act of war? The question may be moot. Before the United States can consider what sort of response is appropriate to cyber attacks, it must first be able to attribute them.

The FBI was able to finger North Korea for the hack after looking at the malware in the same way a forensics team looks for signs of a perpetrator at the scene of the crime. “Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks,” according to the FBI statement. (Attribution has emerged as a point of contention in technology circles, with many experts suggesting that an inside hack job was more likely.)

An Aurora vulnerability attack, conversely, leaves no fingerprints except perhaps a single IP address. Unlike the Sony hack, it doesn’t require specially written malware to be uploaded into a system—malware that could indicate the identity of the attacker, or at least his or her affiliation. Exploiting an Aurora attack is simply a matter of gaining access, remotely, possibly because equipment is still running on factory-installed passwords, and then turning off and on a switch.

“You’re using the substations against whatever’s connected to them. Aurora uses the substations as the attack vector. This is the electric grid being the attack vector,” said Weiss, who calls it “a very, very insidious” attack.

The degree to which we are safe from that eventuality depends entirely on how well utility companies have put in place safeguards. We may know the answer to that question in 2015.

Meanwhile Back in Syria, Destruction

Extremists destroy 13th century Muslim tomb in Syria

Nusra Front Islamist militants linked to al-Qaeda have blown up the 13th century tomb of a revered Islamic scholar in southern Syria, Syrian state news agency SANA and monitoring group, the Syrian Observatory for Human Rights, reported.

The mausoleum of Imam Nawawi is in Nawa in Deraa province near the Jordanian border, a town captured by groups fighting the Syrian government in November.

The Nusra Front follows the same puritanical interpretation of Sunni Islam adopted by the Islamic State group that has also destroyed shrines in areas of eastern and northern Syria that it controls. They see tombs as sacrilegious.

Investigators confident that chlorine gas was used in 3 Syrian villages

UNITED NATIONS — Chemical weapons investigators concluded “with a high degree of confidence” that chlorine gas was used as a weapon against three opposition-controlled villages in Syria last year, affecting between 350 and 500 people and killing 13, according to a report obtained Tuesday by The Associated Press.

The third report by a fact-finding mission from the Organization for the Prohibition of Chemical Weapons didn’t apportion blame but said 32 of 37 people interviewed “saw or heard the sound of a helicopter over the village at the time of the attack with barrel bombs containing toxic chemicals.”

The investigators said 26 people heard the distinctive “whistling” sound of the falling barrel bombs containing toxic chemicals and 16 visited the impact sites and saw the bombs or their remnants. They said 29 people smelled “the distinctive odor of the gas cloud” released after the bombs hit the ground, mainly describing it “as intense, chlorine-like, similar to cleaning material used to clean toilets, but much stronger.”

The report includes a description of 142 videos and 189 pieces of material obtained by the investigators as well as photos of impact sites and the inner chlorine cylinder from a barrel bomb.

The mission was established by the OPCW on April 29 to establish the facts surrounding allegations of the use of chlorine “for hostile purposes” in Syria. Chlorine gas is readily available and is used in industry around the world, but it can also be used as a weapon.

The U.N. Security Council has been intensely involved in the issue of alleged chemical weapons use in Syria. After an August 2013 sarin gas attack near Damascus in which the U.S. says more than 1,400 people were killed, the Security Council unanimously adopted a resolution backed by the U.S. and Russia on Sept. 27, 2013, ordering Syria’s chemical weapons stockpile to be destroyed. U.N. investigators could not find enough evidence to assess blame for the sarin attack. Syria’s declared chemical weapons stockpiles have since been destroyed under international supervision, but questions remain about whether it may still be hiding deadly chemical agents.

Chlorine gas is not listed as a chemical weapon. But eight council members, including the United States, said in a Dec. 30 letter accompanying the OPCW report that the 2013 resolution also states that any use of chemical weapons threatens international peace and security and must be condemned.

The 15 council members discussed the fact-finding mission’s report behind closed doors Tuesday, and diplomats said the U.S. and other Western nations who signed the letter along with Jordan urged Security Council action in response to the findings. But Russia, Syria’s closest ally, insisted that the report on chlorine attacks was an issue for the OPCW, which polices the Chemical Weapons Convention, the diplomats said, speaking on condition of anonymity because consultations were private.

Syria’s Deputy Foreign Minister Faysal Mekdad told an OPCW meeting on Dec. 1 that his government has never used chemical weapons or chlorine gas during the country’s four-year civil war, which has claimed over 200,000 lives and displaced one third of the country’s population. He said terror groups “have used chlorine gas in several of the regions of Syria and Iraq.”

But U.S. Ambassador Samantha Power tweeted that “only Syrian regime uses (helicopters).” She also tweeted that the Syrian “Regime must be shown it is not enough to destroy declared CW (chemical weapons); must stop dropping chemical-laden explosives on civilians.”

The investigators interviewed 14 people from the village of Talmenes in Idlib governorate about barrel bomb attacks on April 21 and April 24. At two houses that were hit, a 7-year-old boy, a teenage girl, and the matriarch of a family died from exposure to chlorine gas, they said. Domestic animals including cows, goats and sheep also died at both houses.

Fourteen people from the village of Al Tamanah, also in Idlib, were interviewed by the mission’s investigators about five incidents in April and May – all but one at night. Eight members of two families who had sought refuge in the village died shortly after separate attacks involving the toxic chemical, the report said.

Investigators said they interviewed nine people from Kafr Zita in Hama Governorate in northern Syria and were told that the village had been the target of hundreds of attacks with conventional weapons and 17 attacks using toxic chemicals between April and August.

Obama Starts off New Year with Veto Pen

The State of the Union speech is right around the corner and Barack Obama flying Air Force 1 into overdrive pushing items he wants to take credit for including lower gas prices.

President Obama Chooses Vetoes Over Veterans

President Obama has enough time to threaten to veto three bipartisan bills from Congress. His Administration made room in the schedule to issue 300 new rules in the first week of the new year. The President is even taking the time to tell people what cars they should buy.

But he can’t seem to find a single spare minute to visit the Phoenix VA at the center of a nationwide scandal even though his motorcade drove right past it today.

The Veterans Affairs system is still broken. Though the House and Senate passed the start of good reform last year, the bureaucracy still needs major reforms so that veterans get the care they need in time. But the President still hasn’t taken the time to offer a long-term plan to fix the VA. President Obama needs to change his priorities.

It’s time for the White House to stop blocking bipartisan bills that the people want and get to work on real solutions and genuine reform. Don’t drive past the problems, Mr. President. Start helping us fix them.

In the first two days of the new Congress, President Obama has already issued three veto threats against bipartisan bills. Despite the bills having strong support on both sides of the aisle, President Obama has indicated that he will veto bills restoring the 40-hour workweek under Obamacare, approving the Keystone XL pipeline, and delaying a part of the flawed Dodd-Frank regulations.

Obama: Don’t buy that gas guzzler, fuel prices are gonna go up

President visits Ford’s Michigan Assembly Plant today

“I would strongly advise American consumers to continue to think about how you save money at the pump because it is good for the environment, it’s good for family pocketbooks and if you go back to old habits and suddenly gas is back at $3.50, you are going to not be real happy,” the President told The Detroit News in a phone interview, ahead of his visit to Ford’s Michigan Assembly Plant today.

“The American people should not believe that … demand for oil by China and India and all these emerging countries is going to stay flat,” Obama told The Detroit News. “Just demographics tell us demand is going to continue to grow, that over the long term it will grow faster than supply and we have to be smart about our energy policy,” he said.

Obama is using the stop at the Ford facility in Wayne, Michigan to tout his administration’s auto industry bailout. The facility, where Ford produces the Focus and C-Max, is currently idle due to slow sales.

Who is Funding the Leftists in Latin America?

It has been proven that the Soviet KGB funded terror and operations against the West.

Now we have China doing the same thing in the Western hemisphere.

China Boosts Support for Latin Leftists

China Pledged Billions of Dollars of Financing to Venezuela and Ecuador, Two South American Energy Exporters Battered by Falling Oil Prices

China pledged billions of dollars of financing to Venezuela and Ecuador, two South American energy exporters battered by falling oil prices, as Beijing moved to secure resources and allies in the region.

China has increased its diplomatic clout throughout Latin America by extending over $100 billion in credit to the region since 2005, according to figures from Boston University’s Global Economic Governance Initiative.

Beijing has become the biggest foreign financier of both Venezuela and Ecuador, two oil-rich, leftist allies eager to help counter U.S. sway in the region.

Following a meeting with Chinese President Xi Jinping , his Venezuelan counterpart Nicolás Maduro announced bilateral accords that would bring $20 billion in new investment to Venezuela. Ecuador said it secured $7.5 billion in financing.

Both Mr. Maduro and his Ecuadorian counterpart, Rafael Correa, were in Beijing along with officials from various Latin American nations to take part in a regional gathering.

Both Latin countries, highly dependent on oil exports to pay for heavy public spending, were in dire need of a helping hand as crude prices tumble to less than half of their level from several months ago. A barrel of oil sold for about $50 on Wednesday.

Last week, Venezuela’s central bank released long-delayed figures, revealing the country entered a recession in 2014.

Venezuela needs oil to average around $117.50 a barrel to balance its 2015 budget, according to Deutsche Bank estimates.

In Ecuador, officials have reported a slowing economy, with growth of 3.4% in the third quarter, down from 5.6% in the July-through-September period in 2013.

Mr. Maduro, who has seen his approval rating swoon along with oil prices, offered few details on the new accords with China, which he said involved projects in the energy, industrial and housing sectors.

The Venezuelan leader, who has struggled to keep supporters happy amid shortages of basic goods, praised China for coming to the rescue.

“The economic war against our people and the oil price war is an opportunity to grow closer to our allies,” said Mr. Maduro, who has blamed Venezuela’s spiraling economy on an alleged plot by enemies of his leftist government.

Venezuela is slated to hold hotly contested legislative elections in December that many analysts see as a referendum on Mr. Maduro’s performance.

At a daily press briefing on Wednesday, Chinese Foreign Ministry spokesman Hong Lei said “Relevant financing cooperation is going smoothly” with Venezuela. State-run China Central Television paraphrased Chinese President Xi Jinping as calling for “promoting oil development” in a meeting with Mr. Maduro.

Experts said it was unclear without further details what kind of impact the new financing would have on the Venezuelan and Ecuadorian economies.

China has extended to Caracas some $50 billion in credit since 2007 in exchange for guaranteed oil. It has committed more than $12 billion in financing to Ecuador between 2009 and 2014.

Wednesday’s agreement underscored China’s continuing support for Mr. Maduro despite his political woes, said Risa Grais Targow, senior Latin America analysts for Eurasia Group.

“This is because the Chinese are heavily exposed to Venezuela and are likely concerned about the prospect of regime change,” she said in a client note.

China-Latin America Finance Database

Since 2005, China has provided upwards of $87 billion in loan commitments to Latin American countries. China’s loan commitments of $37 billion in 2010 were more than those of the World Bank, Inter-American Development Bank, and U.S. Export-Import Bank combined. This interactive database provides up-to-date information on Chinese lending in Latin America by country, lender, sector and year.

This database stems from a collaborative project by Boston University’s Global Economic Governance Initiative and Tufts University’s Global Development and Environment Institute. The resulting Inter-American Dialogue publication, The New Banks in Town: Chinese Finance in Latin America, by Kevin Gallagher, Amos Irwin, and Katherine Koleski is the main source of featured data and conclusions. Loan data is updated on an annual basis.

Taxes Driving U.S. Corporations to Shutter

No wants to change the tax code and no one wants to allow U.S. currency offshore to be repatriated so…

U.S. Stands to Lose Billions From Corporate Tax Inversions

One Estimate Puts Lost Tax Revenue at Close to $20 Billion Over a Decade

How much revenue does the U.S. Treasury stand to lose from corporate tax inversions? It is difficult to say precisely, but one estimate puts the figure at close to $20 billion. Calculating how much the U.S. Treasury would lose is nearly impossible because of a dearth of reliable tax data from companies’ public filings and the variables in how companies can structure their businesses, tax experts say. One way companies seek to reduce their U.S. tax bills by reincorporating overseas is to transfer pretax income from their U.S. operations to their foreign parent companies through intercompany debt, says corporate tax consultant Robert Willens. But it is difficult to know how large of an impact that will have for a given company because of limits on how much interest companies can deduct from their taxable income. There is also a risk that companies act too aggressively attract scrutiny from the Internal Revenue Service. Another variable is the cash many companies keep overseas to avoid U.S. taxes. The cash only becomes taxable once it is brought back to the U.S. to pay dividends to shareholders or is used for other purposes. But companies don’t always disclose how much cash they bring back home or when.

Some companies say they were never going to repatriate the cash anyway, so they aren’t depriving the U.S. tax base of revenue by moving out of the country. Report: 1 million corporations closed, 60,000 a year; taxes blamed America has lost 1 million corporations since their height during the Reagan era, in part driven out of business by the industrialized world’s highest corporate tax rate, according to a new report from the nonpartisan Tax Foundation. The just-issued research revealed that the number of traditional “C” corporations has fall to a “historically low level” and wiped out the corporate tax base, resulting in the federal government relying much more on individual income taxes to fund its operation. “There is now more net business income taxed under the individual income tax system than the traditional corporate tax code, a trend that does not appear to be stopping any time soon,” said the report provided to Secrets. It said that corporate closings have recently picked up steam and now 60,000 a year are shut down. A driver in the loss of traditional corporations has been the ever-rising corporate tax rate, an issue Washington has been ducking for years. The Tax Foundation said that many corporate titans have taken matters into their own hands by restructuring as “pass through” operations which allows profits to be taxed at lower individual rates. “More than 60 percent of U.S. business profits are now taxed under the individual income tax code rather than the corporate tax code, which explains why the U.S. collects a relatively small amount of tax revenue from corporations despite having the developed world’s highest corporate tax rate,” said the foundation. “Although this kind of do-it-yourself tax reform is beneficial to the overall economy because it lowers the tax burden on business investment, something is nevertheless lost,” said Tax Foundation Chief Economist William McBride in a statement. “Pass-through businesses do not offer the same ability to invite investment from thousands of shareholders or easily transfer shares. That means the decline of the traditional corporate sector represents an economic distortion that is hobbling American industrial capacity and job growth. No other developed country has such a distorted business sector,” he added.

Report: 1 million corporations closed, 60,000 a year; taxes blamed

America has lost 1 million corporations since their height during the Reagan era, in part driven out of business by the industrialized world’s highest corporate tax rate, according to a new report from the nonpartisan Tax Foundation.

The just-issued research revealed that the number of traditional “C” corporations has fall to a “historically low level” and wiped out the corporate tax base, resulting in the federal government relying much more on individual income taxes to fund its operation.

“There is now more net business income taxed under the individual income tax system than the traditional corporate tax code, a trend that does not appear to be stopping any time soon,” said the report provided to Secrets.

It said that corporate closings have recently picked up steam and now 60,000 a year are shut down.

A driver in the loss of traditional corporations has been the ever-rising corporate tax rate, an issue Washington has been ducking for years.

The Tax Foundation said that many corporate titans have taken matters into their own hands by restructuring as “pass through” operations which allows profits to be taxed at lower individual rates.

“More than 60 percent of U.S. business profits are now taxed under the individual income tax code rather than the corporate tax code, which explains why the U.S. collects a relatively small amount of tax revenue from corporations despite having the developed world’s highest corporate tax rate,” said the foundation.

“Although this kind of do-it-yourself tax reform is beneficial to the overall economy because it lowers the tax burden on business investment, something is nevertheless lost,” said Tax Foundation Chief Economist William McBride in a statement.

“Pass-through businesses do not offer the same ability to invite investment from thousands of shareholders or easily transfer shares. That means the decline of the traditional corporate sector represents an economic distortion that is hobbling American industrial capacity and job growth. No other developed country has such a distorted business sector,” he added.

Then comes Congress with threats:

The Senate’s chief tax writer, Ron Wyden, wants U.S. companies looking to move abroad for a lower tax bill to understand one thing: “[T]hey won’t profit from abandoning the U.S.”

The Democrat’s comments, made in a Wall Street Journal op-ed last week, came amidst a spate of proposed mergers between major American companies and foreign rivals that would end up in their reducing their U.S. tax bill.

The proposed merger that’s gotten the most attention of late: The so far unsuccessful bid by Pfizer (PFE) for British pharmaceutical maker AstraZeneca (AZN).

Today, a U.S. company can move to a more tax-friendly country in a process known as “inversion” if the foreign partner owns more than 20% of the stock in the merged entity, among other requirements.

Wyden wants to raise that threshold to at least 50%, and he would like to make such a provision retroactive to May 8, 2014.