Oh, Another Incident of Chinese Industrial Espionage

There is no denying Russia is using cyber warfare against the West. Little is ever mentioned about China’s industrial espionage, something this site attempts to publish as often as possible. Further, the owner of this site participated in two key hearings today in Congress, one with former CIA Director John Brennan and the other included ODNI Dan Coats and DIA Director General Stewart.

Clearly both hearings revealed just how pervasive and common cyber warfare is at the hands of China and Russia. Here is just another example.

China’s theft of IBM’s intellectual property

A former employee of IBM pleaded guilty to theft of source code on behalf of China

Image result for Xu Jiaqiang ibm  And you think the FBI has easy work? Further, we are trusting China to deal with North Korea’s nuclear program and missile systems aimed against Western interests.

CSO: China continues to view the theft of intellectual property as a viable means of technology transfer. Global private sector entities are finding their insiders are being used by China to purloin the proprietary information for use by Chinese state-owned-enterprises or national entities with ever increasing regularity.

On 19 May 2017, Xu Jiaqiang, a PRC national, pleaded guilty to economic espionage and trade secret theft. Xu stole source code from his employer, IBM, and attempted to share it with the National Health and Family Planning Commission in the PRC.  According to the Department of Justice, Xu pleaded guilty to all six of the counts included in his indictment.

A review of Xu’s Linked-In profile shows only his employment with IBM from November 2010 through July 2014 (date is different from that which is contained in the indictment) as a “General Parallel File System Developer at IBM”

Xu was a trusted insider within IBM. According to the DOJ advisory, which contained content from both the criminal complaint and superseding indictment, Xu worked for IBM from 2010-14, with unencumbered access to the “proprietary source code.” DOJ advises, Xu voluntarily resigned from IBM in May 2014.

In late 2014, the Federal Bureau of Investigation (FBI) was informed (source unidentified) that Xu claimed to have access (unauthorized) to the source code and was using the source code in various business ventures. Undercover law enforcement officers subsequently contacted Xu to affirm Xu’s possession of the source code

The criminal complaint describes undercover officers posing as investors engaged in a multi-month email exchanges with Xu which culminated in his sharing portions of the source code as bonafides of his knowledge of “operating systems and parallel file systems.”  At that time, the victim company, IBM, identified the shared code as identical to their proprietary source code.

In late-2015, Xu had a face-to-face meeting with undercover law enforcement officers. At the meeting, Xu noted the code was his former employer’ s(IBM) code. Xu also confirmed to his interlocutors how he had purloined the code prior to his May 2014 employment separation and had made modification so as to obscure the point of origin, IBM.

In June 2016, Xu was indicted and charged with three counts of economic espionage, one count each of theft of trade secrets, possession of trade secrets, and distribution of trade secrets. He will be sentenced in October 2017.

Though IBM has declined comment to media regarding this theft of their intellectual property, reading between the lines, it would appear IBM had deduced (correctly) that Xu absconded with a copy of their GPFS proprietary source code, and was attempting to use it commercially. They then brought the theft to the attention of the FBI.

Illicit technology transfer

China has not slowed down in their acquisition of technology utilizing the access afforded to trusted insiders. The US Director of National Intelligence made it clear in his May 2017 presentation to the Senate Select Committee on Intelligence on the worldwide threat to the United States as to the threat posed by China.

In April 2017, we saw the arrest of a Dutch employee of Siemens, working within the energy arm of Siemens, charged with stealing the intellectual property of his employer and attempting to share it with China.

From the FBI perspective, this was the perfect economic espionage case. Theft of proprietary information for provision to a foreign government. The theft was from a company with an insider threat program in place and who was cooperative (providing technical expertise during the investigation), and of sufficient size to withstand any blow-back from China which may occur.

There is no need to be xenophobic. Multinational companies employee individuals from a great variety of nationalities. The reality is, few employees break trust with their employer.

That said, having your paper trail on agreements which safeguard intellectual property is mandatory. As is a review of all activities of all departing employees for break from pattern, be it a voluntary separation or for cause. If a deeper dive into the employees activities is warranted, make sure to look for any sudden increase in 403 errors – or similar (caused by attempts to access unauthorized data). Verify the complete inventory of all storage devices which the employee may have accessed, and have each returned and or data on the devices destroyed, and review email and uploads for any inappropriate usage.

Remember, though it is the FBI and DOJ success which brought Xu to our collective attention, it was not the FBI who initially discovered Xu’s intellectual property theft. The FBI pursued the lead brought to them by an unidentified third party (presumably IBM).

You are your company’s first line of defense in the protection of intellectual property, not the FBI.

2010: Remember When Obama Pulled U.S. Spies From China

Of course you don’t, one had to be quite the investigator of journalism to know it much less remember it.

So….why you ask? Hold on….there is a pattern and story here.

Image result for u.s. spies in china  Image result for trump with jinping

2010: The White House National Security Council recently directed U.S. spy agencies to lower the priority placed on intelligence collection for China, amid opposition to the policy change from senior intelligence leaders who feared it would hamper efforts to obtain secrets about Beijing’s military and its cyber-attacks.

The downgrading of intelligence gathering on China was challenged by Director of National Intelligence Dennis C. Blair and CIA Director Leon E. Panetta after it was first proposed in interagency memorandums in October, current and former intelligence officials said.

The decision downgrades China from “Priority 1” status, alongside Iran and North Korea, to “Priority 2,” which covers specific events such as the humanitarian crisis after the Haitian earthquake or tensions between India and Pakistan.

The National Security Council staff, in response, pressed ahead with the change and sought to assure Mr. Blair and other intelligence chiefs that the change would not affect the allocation of resources for spying on China or the urgency of focusing on Chinese spying targets, the officials told The Washington Times.

White House National Security Council officials declined to comment on the intelligence issue. Mike Birmingham, a spokesman for Mr. Blair, declined to comment. A CIA spokesman also declined to comment.

*** Image result for u.s. spies in china Cyberwarzone

Directors of CIA in that time frame:

Leon Panetta 2010

Mike Morrell (acting) 2011

David Petraeus 2011

Mike Morrell (acting) 2012

John Brennan 2013

Mike Pompeo, current director

***

Killing C.I.A. Informants, China Crippled U.S. Spying Operations

NYT/WASHINGTON — The Chinese government systematically dismantled C.I.A. spying operations in the country starting in 2010, killing or imprisoning more than a dozen sources over two years and crippling intelligence gathering there for years afterward.
Current and former American officials described the intelligence breach as one of the worst in decades. It set off a scramble in Washington’s intelligence and law enforcement agencies to contain the fallout, but investigators were bitterly divided over the cause. Some were convinced that a mole within the C.I.A. had betrayed the United States. Others believed that the Chinese had hacked the covert system the C.I.A. used to communicate with its foreign sources. Years later, that debate remains unresolved.
But there was no disagreement about the damage. From the final weeks of 2010 through the end of 2012, according to former American officials, the Chinese killed at least a dozen of the C.I.A.’s sources. According to three of the officials, one was shot in front of his colleagues in the courtyard of a government building — a message to others who might have been working for the C.I.A.
Still others were put in jail. All told, the Chinese killed or imprisoned 18 to 20 of the C.I.A.’s sources in China, according to two former senior American officials, effectively unraveling a network that had taken years to build.
Assessing the fallout from an exposed spy operation can be difficult, but the episode was considered particularly damaging. The number of American assets lost in China, officials said, rivaled those lost in the Soviet Union and Russia during the betrayals of both Aldrich Ames and Robert Hanssen, formerly of the C.I.A. and the F.B.I., who divulged intelligence operations to Moscow for years.
The previously unreported episode shows how successful the Chinese were in disrupting American spying efforts and stealing secrets years before a well-publicized breach in 2015 gave Beijing access to thousands of government personnel records, including intelligence contractors. The C.I.A. considers spying in China one of its top priorities, but the country’s extensive security apparatus makes it exceptionally hard for Western spy services to develop sources there.
At a time when the C.I.A. is trying to figure out how some of its most sensitive documents were leaked onto the internet two months ago by WikiLeaks, and the F.B.I. investigates possible ties between President Trump’s campaign and Russia, the unsettled nature of the China investigation demonstrates the difficulty of conducting counterespionage investigations into sophisticated spy services like those in Russia and China.
The C.I.A. and the F.B.I. both declined to comment.
Details about the investigation have been tightly held. Ten current and former American officials described the investigation on the condition of anonymity because they did not want to be identified discussing the information.
Investigators still disagree how it happened, but the unsettled nature of the China investigation demonstrates the difficulty of conducting counterespionage investigations into sophisticated spy services. Credit Carolyn Kaster/Associated Press..Photo by: Carolyn Kaster/Associated Press..
The first signs of trouble emerged in 2010. At the time, the quality of the C.I.A.’s information about the inner workings of the Chinese government was the best it had been for years, the result of recruiting sources deep inside the bureaucracy in Beijing, four former officials said. Some were Chinese nationals who the C.I.A. believed had become disillusioned with the Chinese government’s corruption.
But by the end of the year, the flow of information began to dry up. By early 2011, senior agency officers realized they had a problem: Assets in China, one of their most precious resources, were disappearing.
The F.B.I. and the C.I.A. opened a joint investigation run by top counterintelligence officials at both agencies. Working out of a secret office in Northern Virginia, they began analyzing every operation being run in Beijing. One former senior American official said the investigation had been code-named Honey Badger.
As more and more sources vanished, the operation took on increased urgency. Nearly every employee at the American Embassy was scrutinized, no matter how high ranking. Some investigators believed the Chinese had cracked the encrypted method that the C.I.A. used to communicate with its assets. Others suspected a traitor in the C.I.A., a theory that agency officials were at first reluctant to embrace — and that some in both agencies still do not believe.
Their debates were punctuated with macabre phone calls — “We lost another one” — and urgent questions from the Obama administration wondering why intelligence about the Chinese had slowed.
The mole hunt eventually zeroed in on a former agency operative who had worked in the C.I.A.’s division overseeing China, believing he was most likely responsible for the crippling disclosures. But efforts to gather enough evidence to arrest him failed, and he is now living in another Asian country, current and former officials said.
There was good reason to suspect an insider, some former officials say. Around that time, Chinese spies compromised National Security Agency surveillance in Taiwan — an island Beijing claims is part of China — by infiltrating Taiwanese intelligence, an American partner, according to two former officials. And the C.I.A. had discovered Chinese operatives in the agency’s hiring pipeline, according to officials and court documents.
But the C.I.A.’s top spy hunter, Mark Kelton, resisted the mole theory, at least initially, former officials say. Mr. Kelton had been close friends with Brian J. Kelley, a C.I.A. officer who in the 1990s was wrongly suspected by the F.B.I. of being a Russian spy. The real traitor, it turned out, was Mr. Hanssen. Mr. Kelton often mentioned Mr. Kelley’s mistreatment in meetings during the China episode, former colleagues say, and said he would not accuse someone without ironclad evidence.
Those who rejected the mole theory attributed the losses to sloppy American tradecraft at a time when the Chinese were becoming better at monitoring American espionage activities in the country. Some F.B.I. agents became convinced that C.I.A. handlers in Beijing too often traveled the same routes to the same meeting points, which would have helped China’s vast surveillance network identify the spies in its midst.
Some officers met their sources at a restaurant where Chinese agents had planted listening devices, former officials said, and even the waiters worked for Chinese intelligence.
This carelessness, coupled with the possibility that the Chinese had hacked the covert communications channel, would explain many, if not all, of the disappearances and deaths, some former officials said. Some in the agency, particularly those who had helped build the spy network, resisted this theory and believed they had been caught in the middle of a turf war within the C.I.A.
Still, the Chinese picked off more and more of the agency’s spies, continuing through 2011 and into 2012. As investigators narrowed the list of suspects with access to the information, they started focusing on a Chinese-American who had left the C.I.A. shortly before the intelligence losses began. Some investigators believed he had become disgruntled and had begun spying for China. One official said the man had access to the identities of C.I.A. informants and fit all the indicators on a matrix used to identify espionage threats.
After leaving the C.I.A., the man decided to remain in Asia with his family and pursue a business opportunity, which some officials suspect that Chinese intelligence agents had arranged.
Officials said the F.B.I. and the C.I.A. lured the man back to the United States around 2012 with a ruse about a possible contract with the agency, an arrangement common among former officers. Agents questioned the man, asking why he had decided to stay in Asia, concerned that he possessed a number of secrets that would be valuable to the Chinese. It’s not clear whether agents confronted the man about whether he had spied for China.
The man defended his reasons for living in Asia and did not admit any wrongdoing, an official said. He then returned to Asia.
By 2013, the F.B.I. and the C.I.A. concluded that China’s success in identifying C.I.A. agents had been blunted — it is not clear how — but the damage had been done.
The C.I.A. has tried to rebuild its network of spies in China, officials said, an expensive and time-consuming effort led at one time by the former chief of the East Asia Division. A former intelligence official said the former chief was particularly bitter because he had worked with the suspected mole and recruited some of the spies in China who were ultimately executed.
China has been particularly aggressive in its espionage in recent years, beyond the breach of the Office of Personnel Management records in 2015, American officials said. Last year, an F.B.I. employee pleaded guilty to acting as a Chinese agent for years, passing sensitive technology information to Beijing in exchange for cash, lavish hotel rooms during foreign travel and prostitutes.
In March, prosecutors announced the arrest of a longtime State Department employee, Candace Marie Claiborne, accused of lying to investigators about her contacts with Chinese officials. According to the criminal complaint against Ms. Claiborne, who pleaded not guilty, Chinese agents wired cash into her bank account and showered her with gifts that included an iPhone, a laptop and tuition at a Chinese fashion school. In addition, according to the complaint, she received a fully furnished apartment and a stipend.
*** Just to be sure China had a real handle on all CIA operatives in country, what came next? The OPM hack, remember that one?
Enter China’s Unit 61398
The program used by China:

In part from Wired: The US-CERT team moved into OPM’s sub-basement and among the first moves was to analyze the malware that Saulsbury had found attached to mcutil.dll. The program turned out to be one they knew well: a variant of PlugX, a remote-access tool commonly deployed by Chinese-­speaking hacking units. The tool has also shown up on computers used by foes of China’s government, including activists in Hong Kong and Tibet. The malware’s code is always slightly tweaked between attacks so firewalls can’t recognize it.

By Tuesday the 21st, having churned through a string of nearly sleepless days and nights, the investigators felt satisfied that they’d done their due diligence. Their scans had identified over 2,000 individual pieces of malware that were unrelated to the attack in question (everything from routine adware to dormant viruses). The PlugX variant they were seeking to annihilate was present on fewer than 10 OPM machines; unfortunately, some of those machines were pivotal to the entire network. “The big one was what we call the jumpbox,” Mejeur says. “That’s the administrative server that’s used to log in to all the other servers. And it’s got malware on it. That is an ‘Oh feces’ moment.”

By controlling the jumpbox, the attackers had gained access to every nook and cranny of OPM’s digital terrain. The investigators wondered whether the APT had pulled off that impressive feat with the aid of the system blueprints stolen in the breach discovered in March 2014. If that were the case, then the hackers had devoted months to laying the groundwork for this attack.

Leaping forward in details:

Once established on the agency’s network, they used trial and error to find the credentials necessary to seed the jumpbox with their PlugX variant. Then, during the long Fourth of July weekend in 2014, when staffing was sure to be light, the hackers began to run a series of commands meant to prepare data for exfiltration. Bundles of records were copied, moved onto drives from which they could be snatched, and chopped up into .zip or .rar files to avoid causing suspicious traffic spikes. The records that the attackers targeted were some of the most sensitive imaginable.

The hackers had first pillaged a massive trove of background-check data. As part of its human resources mission, OPM processes over 2 million background investigations per year, involving everyone from contractors to federal judges. OPM’s digital archives contain roughly 18 million copies of Standard Form 86, a 127-page questionnaire for federal security clearance that includes probing questions about an applicant’s personal finances, past substance abuse, and psychiatric care. The agency also warehouses the data that is gathered on applicants for some of the government’s most secretive jobs. That data can include everything from lie detector results to notes about whether an applicant engages in risky sexual behavior.

The hackers next delved into the complete personnel files of 4.2 million employees, past and present. Then, just weeks before OPM booted them out, they grabbed approximately 5.6 million digital images of government employee fingerprints.

Then comes, a little too late and thin on substance in February 2015:

President Obama Speaks at the White House Summit on Cybersecurity and Consumer Protection

Is all this fix yet? Hah…not even close. Then we need to ask why are we trusting China with North Korea’s nuclear weapons and missile program? Do we have spies in Iran? North Korea? Any new operatives in China?

Scary eh?

 

North Korea and Friends, Cyber War, Nerve Gas and WMD

Hey, look over there –>

WikiLeaks Reveals ‘AfterMidnight’ & ‘Assassin’ CIA Windows Malware Frameworks

When the world was dealing with the threat of the self-spreading WannaCry ransomware, WikiLeaks released a new batch of CIA Vault 7 leaks, detailing two apparent CIA malware frameworks for the Microsoft Windows platform. Dubbed “AfterMidnight” and “Assassin,” both malware programs are designed to monitor and report back actions on the infected remote host computer running the Windows operating system and execute malicious actions specified by the CIA. Since March, WikiLeaks has published hundreds of thousands of documents and secret hacking tools that the group claims came from the US Central Intelligence Agency (CIA). This latest batch is the 8th release in the whistleblowing organization’s ‘Vault 7’ series.

‘AfterMidnight’ Malware Framework

According to a statement from WikiLeaks, ‘AfterMidnight’ allows its operators to dynamically load and execute malicious payload on a target system. The main controller of the malicious payload, disguised as a self-persisting Windows Dynamic-Link Library (DLL) file and executes “Gremlins” – small payloads that remain hidden on the target machine by subverting the functionality of targeted software, surveying the target, or providing services for other gremlins. Once installed on a target machine, AfterMidnight uses an HTTPS-based Listening Post (LP) system called “Octopus” to check for any schedu led events. If found one, the malware framework downloads and stores all required components before loading all new gremlins in the memory. According to a user guide provided in the latest leak, local storage related to AfterMidnight is encrypted with a key which is not stored on the target machine. A special payload, called “AlphaGremlin,” contains a custom script language which even allows operators to schedule custom tasks to be executed on the targeted system. More detail here.

Meanwhile….

North Korean hacking group is thought to be behind cyber attack which wreaked havoc across the globe
  • Technical clues suggest North Korean hacking group is behind cyber attack
  • Ransomware left the NHS crippled with operations cancelled over the weekend
  • The virus is now thought to have been released by the Lazarus Group
  • It has already been blamed for a string of hacks dating back to at least 2009
  • It includes the 2014 attack on Sony that left its network offline for weeks

Okay maybe….while other IT cyber professionals point to Russian thug hackers….

Rex Tillerson last month spoke about a quasi red line with North Korea….when is enough, enough? Well his answer was, ‘we will know it when we see it’.

Nonetheless, what more needs to be known about North Korea that the media is not reporting? Plenty…..

‘Unrestricted Warfare’ (超限战, literally “warfare beyond bounds”) is a book on military strategy written in 1999 by two colonels in the People’s Liberation Army, Qiao Liang (乔良) and Wang Xiangsui (王湘穗). Its primary concern is how a nation such as China can defeat a technologically superior opponent (such as the United States) through a variety of means. Rather than focusing on direct military confrontation, this book instead examines a variety of other means. Such means include using International Law (see Lawfare) and a variety of economic means to place one’s opponent in a bad position and circumvent the need for direct military action.[1]  Go here for more information.

This already tells us and the Pentagon, to not trust China….right? So how can we place trust and the burden of dealing with North Korea on Beijing? We cant.

The RGB is the KGB….

The RGB is the North Korean Reconnaissance General Bureau….much like that of the KGB, now in Russia known as the FSB.

In 2015, North Korea spies infiltrated the United Nations agencies including the World Food Program which is a major supplier of food aid to North Korea. Somehow, the Obama White House and other government agencies neglected to take real action on that or even earnestly report it. Prior to that little event, in 2010, the U.S. Treasury via and Obama Executive Order targeted North Korea for proliferation and other illicit activities including arms trafficking, money laundering and smuggling narcotics.

Barack Obama, simply annexed a GW Bush Executive Order adding a few new items noted below:

President Obama also identified the following entities and individual for sanctions by listing them on the Annex to the Order:

·   The Reconnaissance General Bureau (RGB), North Korea’s premiere intelligence organization involved in North Korea’s conventional arms trade;

·       RGB commander Lieutenant General Kim Yong Chol;

·   Green Pine Associated Corporation, a North Korean conventional arms dealer subordinated to the control of the RGB; and

·   Office 39 of the Korean Workers’ Party, which provides critical support to North Korean leadership in part through engaging in illicit economic activities and managing the leadership’s slush funds.

The U.S. government has longstanding concerns regarding North Korea’s involvement in a range of illicit activities conducted through government agencies and associated front companies. North Korea’s nuclear and missile proliferation activity and other illicit conduct violate UN Security Council Resolutions 1718 and 1874, and these activities and their other illicit conduct violate international norms and destabilize the Korean Peninsula and the entire region. In signing this Order, President Obama has frozen the property and interests in property of the three entities and one individual listed on the Annex. This Order provides the United States with new tools to disrupt illicit economic activity conducted by North Korea.

As a matter of note, in recent days, Russia has stepped in to offer some diplomatic assistance dealing with North Korea as it appears China is dragging the diplomatic and political anchor dealing with the DPRK. Ah Russia again right? The in depth study is here on North Korea, It includes, history, terror attacks, cyber attacks, assassination attempts, raids and details on unrestricted warfare.

Just for some context, Russia and China have been aiding North Korea for decades…..but has the media done their work to expose this or the State Department? Nope…

Image result for north korea general o kuk ryol Courtesy

You see, General O Kuk ryol and Kim Jong Un both manage Unit 121. Unit 121, is part of the RGB and did the Sony hack, remember that? Well General O, is a graduate of the Mangyongdae Revolutionary School and the Kim Il sung University….but most importantly, he graduated also from Frunze Military Academy in 1962….where is that? Ah….Moscow, and at the time, it was the Soviet Union.

Frunze Military Academy in Devichie pole, Moscow

Strategy: Integrate their cyber forces into an overall battle strategy as part of a combined arms campaign. Additionally they wish to use cyber weapons as a limited non-war time method to project their power and influence.

Experience: Hacked into the South Korea and caused substantial damage; hacked into the U.S. Defense Department Systems. More here.

Meanwhile, we also have the Korea Computer Center…there are 9 production facilities and 11 regional centers. However, the KCC also has offices in China, Germany and Syria..further it should be noted that an estimated 10,000 North Korean IT developers operate in China, where it is common that $500.00 of their monthly salary goes back to the North Korean state.

So, we have Syria, Russia, China all colluding with North Korea….Iran is as well but the United Nations too? Yup…

FNC: For more than a year, a United Nations agency in Geneva has been helping North Korea prepare an international patent application for production of sodium cyanide — a chemical used to make the nerve gas Tabun — which has been on a list of materials banned from shipment to that country by the U.N. Security Council since 2006.

The World Intellectual Property Organization, or WIPO, has made no mention of the application to the Security Council committee monitoring North Korea sanctions, nor to the U.N. Panel of Experts that reports sanctions violations to the committee, even while concerns about North Korean weapons of mass destruction, and the willingness to use them,  have been on a steep upward spiral.

Fox News told both U.N. bodies of the patent application for the first time late last week, after examining the application file on a publicly available WIPO internal website.

Information on the website indicates that North Korea started the international patent process on Nov. 1, 2015 — about two months before its fourth illegal nuclear test. The most recent document on the website is a “status report,” dated May 14, 2017 (and replacing a previous status report of May 8), declaring the North Korean applicants’ fitness “to apply for and be granted a patent.”

CLICK HERE FOR THE STATUS REPORT

During all that time, however, the U.N.’s Panel  of Experts on North Korea “has no record of any communication from WIPO to the Committee or the Panel regarding such a serious patent application,” said Hugh Griffiths, coordinator of the international U.N. expert team, in response to a Fox News question.

The Panel of Experts has now officially “opened an investigation into this matter,” he said.

“This is a disturbing development that should be of great concern to the U.S. administration and to Congress, as well as the U.S. Representative to the U.N.,” William Newcomb, a member of the U.N. Panel of Experts for nearly three years ending in 2014, told Fox News.

Said an expert familiar with the sanctions regime:  “It undermines sanctions to have this going on. The U.N. agencies involved should have been much more alert to checking these programs out.”

Questions sent last week to the U.S. State Department about WIPO’s patent dealings with North Korea had not been answered before this story was published.

For its part, a WIPO spokesperson told Fox News by email, in response to the question of whether it had reported the patent application to the U.N. sanctions committee, only that the organization “has strict procedures in place to ensure that it fully complies with all requirements in relation to U.N. Security Council sanction regimes.”

The spokesperson added that “we communicate with the relevant U.N. oversight committees as necessary.”

But apparently, help with preparing international patent applications for a sanctioned nerve gas “chemical precursor” does not necessarily count as grounds for such communication, if the Panel of Experts records are correct.

This is by no means the first time that WIPO, led by its controversial director general, Francis Gurry, has flabbergasted other parts of the U.N. and most Western nations with its casual and undeclared assistance, with potential WMD implications, to the bellicose and unstable North Korean regime.

And, as before, how the action is judged may depend upon razor-thin, legalistic interpretations of U.N. sanctions law on the one side vs. staggering violations of, at a minimum, common sense in dealing with the unstable North Korean regime, which among other things has never signed the international convention banning the development, production, stockpiling and use of chemical weapons.

While the patent process went on at WIPO, that regime has conducted five illegal nuclear tests — two in the past year, while the patent process was under way — and at least ten illegal ballistic missile launches since 2016, while issuing countless threats of mass destruction against its neighbors and the U.S.

In 2012, Fox News reported that WIPO had shipped U.S.-made computers and sophisticated computer servers to North Korea, and also to Iran, without informing sanctions committee officials.

The shipments were ostensibly part of a routine technology upgrade. Neither country could obtain the equipment on the open market, and much of it would have required special export licenses if shipped from the U.S.

The report kicked off an uproar, but after a lengthy investigation, the U.N. sanctions committee decided that the world organization’s porous restrictions had not been violated, while also noting WIPO’s defense that as an international organization, it was not subject to the rules aimed at its own member states.

Nonetheless, the investigators declared that “we simply cannot fathom how WIPO could have convinced itself that most Member States would support the delivery of equipment to countries whose behavior was so egregious it forced the international community to impose embargoes.”

The investigators also declared that “WIPO, as a U.N. agency, shares the obligation to support the work of other U.N. bodies, including the Sanctions Committees,” and that in response to the furor, WIPO had “implemented new requirements to check on sanctions compliance in advance of program implementation.”

There is no doubt about the banned nature of sodium cyanide — which can also be used to produce deadly cyanide gas, another weapon of mass destruction.

The chemical appears on a Security Council list of “items, materials, equipment, goods and technology” related to North Korea’s “other weapons of mass destruction programs” beyond nuclear weapons, which first appeared after U.N. Security Council resolution 1718 was approved in 2006.

CLICK HERE FOR THE LIST

That resolution, voted after North Korea conducted its first nuclear test, ordained that  member states  “prevent the direct or indirect supply, sale or transfer” to the regime known as the Democratic People’s  Republic of Korea, or DPRK, of  the listed items “which could contribute to DPRK’s nuclear-related, ballistic missile-related or other weapons of mass destruction-related programs.”

It also declared that “all member states shall prevent any transfers to the DPRK by their nationals or from their territories, or from the DPRK by its nationals or from its territory, of technical training, advice, services or assistance related to the provision, manufacture, maintenance or use of the items” listed.

Additionally, it demanded a freeze by U.N. member states or all “funds, other financial assets and economic resources” that could be used in the mass destruction-related programs.

CLICK HERE FOR RESOLUTION 1718

A subsequent Security Council resolution, 2270, in 2016 broadened things by declaring that “economic resources” referred to in Resolution 1718 “includes assets of every kind, whether tangible or intangible, movable or immovable, accrual or potential, which potentially may be used to obtain funds, goods or services” by DPRK.

This may open up another controversial aspect of the cyanide patent application, since, along with its mass-destructive uses, the chemical is considered the most common agent in the extraction of gold from ores and concentrates.

Further, according to the North Korean application to WIPO, the new process it wants to make ready for international patenting is a lower-cost process that produces ultra-high-grade product.

CLICK HERE FOR THE PROCESS APPLICATION DESCRIPTION

In WIPO’s response to Fox News, the agency’s spokesperson emphasized that “WIPO is not a patent-granting authority. Its role in handling these applications is to ensure that they conform to the procedural requirements” of the 152-member Patent Cooperation Treaty, or PCT, “and to publish them in accordance with the provisions of the treaty.”  North Korea is a PCT signatory.

Translation:  WIPO is merely a neutral, technical pass-through mechanism. As the spokesperson put it: “The decisions concerning whether or not to ultimately grant the patent are the sole purview of each jurisdiction where protection is being sought, in accordance with national law.”

While that may be true, it is also true, according to the WIPO website, that the U.N. agency gives those who use its services a lot of financially meaningful help.

That starts with the fact that by filing an international filing application with the agency, you have to pay only one fee rather than more than 150 to get an application acceptable in all PCT countries (which include the U.S. as one of the treaty’s biggest users).

WIPO also provides one-stop research on whether a patent overlaps with those elsewhere, and offers the possibility of widespread dissemination and publicity — i.e., stimulating demand, and thus at least the potential for sanctions-breaking in any subsequent licensing the North Korean patent.

Igniting controversy has been a characteristic of Director General Gurry’s reign — indeed, even before he first took WIPO’s top executive office in 2008.

In 2015, the U.N.’s watchdog Office of Internal Oversight Services (OIOS) was asked by WIPO’s own General Assembly chair to investigate Gurry for allegedly ordering, in 2008, break-ins of the offices of staffers to seek DNA evidence that they wrote anonymous letters against him. Gurry was WIPO’s No. 2 at the time.

A year later, after much byzantine maneuvering, a heavily redacted version of the report declared that “while there were indications that Mr. Gurry had a direct interest in the outcome of the DNA analysis, there is no evidence that he was involved in the taking of DNA samples.”

But the same document also found that Gurry had bent the organization’s rules and steered a sensitive cyber-security contract to a business acquaintance, , something alleged by one of Gurry’s former top deputies, James Pooley.

Under Gurry, WIPO also has been the only U.N. agency ever sanctioned by the U.S. State Department, on the grounds that it failed to adopt “best practices” in ethics and whistle-blower standards — a punishment first meted out by the pro-U.N. Obama administration in September 2015.

Among the whistle-blowers who say they were forced to leave WIPO during Gurry’s tenure for drawing attention to the agency’s previous computer shipments to North Korea is Miranda Brown, formerly Gurry’s senior strategic advisor.

Brown has repeatedly asked for her reinstatement at the WIPO, and just as often has been turned down by Gurry’s office.

 

No Cyber Policy, Doctrine, Protection, Result of Senate Hearing

President Trump signed another executive order today. This one is on cyber security and protecting infrastructure. Read it here.

Image result for trump signs executive order BusinessInsider

No one wants to participate in the hard debate regarding cyber, where it is noted to be the highest threat for the homeland. At least the Trump White House is taking note, yet this executive order may not be enough or engage the private sector. It is gratifying however that some inside and outside experts are in fact having talks on an international basis with cyber experts. That is always a good thing.

At issue on this topic is the path forward and the estimated costs. Cyber is a battlespace where it should be noted it could cost what conventional military operations costs against adversaries and could take as long if not forever. All government infrastructure is dated, unprotected and there are no measures to correct in a priority ranking.

The other item of note, there is no legal or case law condition where the cyber attackers are prosecuted. Exactly why did Sony not sue North Korea? If there is no consequence, even ceremoniously, then expect more hacks. Of note, to sue and or sanction North Korea, China would have to be included, as the internet connectivity to North Korea is provided by China and further, China trained the hackers in North Korea….sheesh right?

Politico reports: The directive is Trump’s first major action on cyber policy and sets the stage for the administration’s efforts to secure porous federal networks that have been repeatedly infiltrated by digital pranksters, cyber thieves and government-backed hackers from China and Russia.

“The trend is going in the wrong direction in cyberspace, and it’s time to stop that trend and reverse it on behalf of the American people,” White House Homeland Security Adviser Tom Bossert told reporters during a Thursday afternoon briefing.

Cyber specialists say the order breaks little new ground but is vastly improved over early drafts, which omitted input from key government policy specialists. The final version, cyber watchers say, essentially reaffirms the gradually emerging cyber policy path of the past two administrations.

As part of the executive order’s IT upgrade initiative, administration officials will study the feasibility of transitioning to shared IT services and networks across the government. An estimated 80 percent of the $80 billion federal IT budget goes toward taking care of aging systems.

Senior Trump adviser Jared Kushner’s Office of American Innovation will play a significant role in the federal IT modernization effort, multiple people tracking the efforts have told POLITICO. Earlier this month, Trump signed an executive order creating the American Technology Council, with Kushner as director, to help coordinate that effort. More here.

*** Personally, it must be mentioned there is a problem with this operating out of the White House and certainly out of Jared Kushner’s office, he is way too tasked to be effective. Other professionals in the cyber realm agree, the matter of a ‘net’ command and operations that collaborate with the private sector should be it’s own command and separated from NSA.

There was a significant hearing today on The Hill while the FBI hearing was going on. Those on the witness panel included James Clapper, Jim Stavridis and Michael Hayden. The Senate Armed Services Committee hosted this session and it included high rate discussions including why there is no cyber doctrine, why there are no offensive measures and what the highest cyber threats are for the homeland.

NSA Chief Testimony, Cyber Security Threats and Solutions

French presidential candidate Marcon was hacked on Friday before the Sunday voting. Per the NSA Chief, U.S. Tipped Off France on the Russia hacks. The U.S. tipped off France when it saw that Russians were carrying out cyberattacks targeting French President-elect Emmanuel Macron, NSA chief Adm. Mike Rogers told a Senate panel on Tuesday. Macron’s campaign revealed it was hacked just hours before a campaigning blackout in the country ahead of the presidential election on Sunday. Macron ended up handily defeating his rival, Putin-backed Marine Le Pen. “We had become aware of Russian activity. We had talked to our French counterparts and gave them a heads-up—‘Look, we’re watching the Russians. We’re seeing them penetrate some of your infrastructure. Here’s what we’ve seen. What can we do to try to assist?’” Rogers told the Senate Armed Services Committee.

*** Meanwhile….there is no strategy or policy position on U.S. cyber warfare. However…

Next Steps for U.S. Cybersecurity in the Trump Administration: Active Cyber Defense

The failure of the government to provide adequate protection has led many cybersecurity analysts, scholars, and policymakers to suggest that there is a need for private-sector self-help. If the government is unable or unwilling to take or threaten credible offensive actions to deter cyberattacks or to punish those who engage in them, it may be incumbent upon private-sector actors to take up an active defense. In other words, the private sector may wish to take actions that go beyond protective software, firewalls, and other passive screening methods—and instead actively deceive, identify, or retaliate against hackers to raise their costs for conducting cyberattacks. Taking into consideration U.S., foreign, and international law, the U.S. should expressly allow active defenses that annoy adversaries while allowing only certified actors to engage in attribution-level active defenses. More aggressive active defenses that could be considered counterattacks should be taken only by law enforcement or in close collaboration with them.

Key Takeaways

If the government is unable or unwilling to deter cyberattacks, it may be incumbent upon private-sector actors to take up an active defense.

Before the U.S. authorizes private hack back, it must consider not only U.S. laws, but also foreign and international laws governing cyberspace.

Congress should establish a new active cyber defense system that enables the private sector to identify and respond to hackers more effectively.

***

Heritage: Americans want their cyber data to be safe from prying eyes. They also want the government to be able to catch criminals. Can they have both?

It’s an especially pertinent question to ask at a time when concerns over Russian hacking are prevalent. Can we expose lawbreakers without also putting law-abiders at greater risk? After all, the same iPhone that makes life easier for ordinary Americans also makes life easier for criminals.

Manhattan District Attorney Cyrus Vance Jr. has described the operating system of the iPhone as “warrant-proof,” saying criminals are using the devices – encrypted by default – to their advantage. In one instance, he quoted an inmate who, ironically, called the iPhone a “gift from God.”

Divine involvement is a matter of debate, but there’s no question that when it comes to the choice of breaking the cybersecurity of criminals without also endangering the personal data of ordinary Americans, well, the devil is in the details.

This is especially true given the evolving nature of the threat. Even if we wanted to give the government access to all the metadata it wants (when, where, and who called), technology is moving away from phone calls to text messages and other non-telephony applications. Traditional metadata will be of limited use to law enforcement in pursuit of the savvy criminal of the future. Law enforcement needs to develop new strategies and investigative techniques without making us all prey.

It’s nearly impossible to assess the total monetary value for all successfully prosecuted cybercrimes in the U.S., let alone estimate the number of criminal cases that would have fallen apart without access to a smartphone’s data. The Department of Justice doesn’t publish such data. But, according to the 2014 Center for Strategic and International Studies report “Net Losses: Estimating the Global Cost of Cybercrime,” global cybercriminal activity is valued at $400 billion a year. Cybercrime damages trade, reduces competitiveness, and limits innovation and global growth.

The fundamental problem is that no one in the government is responsible for securing the internet for all of us. The Department of Homeland Security is responsible for safeguarding our nation’s critical infrastructure, yet the insecure internet presents cyberthreats to non-enterprise users affect individual security, safety and economic prosperity. Who is responsible for their security?

Some elements of the federal government are so focused on hunting down information against a few horrendous criminals that they don’t seem to realize they’re doing it at the expense of our right to privacy and online protection. We can appreciate their dedication in these noble causes, but the fact remains that the internet has become a host to more and more personal information ever since Steve Jobs introduced the first iPhone.

Since then, the smartphone has evolved to have much more control over our lives, homes and vehicles. There is no sign of less data being held in the cyberspace.

In attempting to square this cyber-circle, the government would be wise to take a cue from the medical profession, which uses the Hippocratic oath to dictate an underlying requirement to refrain from causing harm to patients.

There is no such oath for members of the Department of Justice. They simply affirm that they will faithfully execute their duties without affirming that they will do so without harming the citizenry as a whole.

DOJ lawyers focus on individual prosecutions. That is too narrow of a definition of success. It forces them to use all means they can muster to make their prosecutions successful with little or no consideration of the larger harm their efforts may cause to the population in general.

That is a problem today and will only be magnified in the coming years as technology advances and the gap between those advances and the DOJ’s understanding of them widens. Within this environment, where insecurity breed’s criminality and stopping individual high-value criminals can motivate the DOJ to undermine security, one can only wonder, who is responsible for our security?

The world has changed. A new paradigm is needed to ensure the safety and security of all American’s data predicated on applying airtight security to our data. There is no return to the past. Perhaps the Trump administration will make this need for security a priority in a manner the previous administration did not.