Category Archives: North Korea

Complicating the China Trade Talks, Taiwan

Posted on by

Since 1972, the United States has had a policy position titled the ‘One China Policy‘. This policy regarded that Taiwan was part of China. Since 1972, conditions have changed dramatically where Taiwan wants complete independence and should have it. China is now prepared for war to halt that independence move and it could snare the United States into a military conflict.

Without any fanfare, President Trump signed into law the Asia Reassurance Initiative Act of 2018 on New Year’s Eve. As a result of this new law, China’s President Xi told his top military authority to take responsibility for preparing and waging war.

Meanwhile, as a result of the detention of Meng Wanzhou, the CFO of Huawei in Canada and is to be prepared for extradition to the United States, a travel advisory has been issued by the U.S. State Department for Americans traveling in China for either business or pleasure.

Even more importantly, President Trump has taken a harder line on Chinese foreign investment in the United States….finally. Remember it was CFIUS that gave us Uranium One. So, with this harder line, Chinese investors planted in Silicon Valley are bailing out. Silicon Valley is complaining.

Washington demonstrated its tougher stance even before the new law was passed, when Trump in March blocked a $117 billion hostile bid by Singapore-based Broadcom Ltd (AVGO.O) to acquire Qualcomm Inc (QCOM.O) of San Diego. CFIUS said the takeover would weaken the United States in the race to develop next-generation wireless technology.

The above is an example and for more context, go here.

Just in the past few days, a U.S. guided missile destroyer traveled through the South China Sea, quite near the Paracel Island chain. The USS McCampbell did so under the ‘freedom of navigation operation essentially challenging China and China has responded by dispatching military ships and aircraft identifying the U.S. flag and to issue warnings.

China has constructed islands in the region and made them into military bases. Further, Vietnam along with other nations including Malaysia, Taiwan, the Philippines, Indonesia and Brunei also have laid claims to the disputed islands.

USS McCampbell | 121015-N-TG831-208 SOUTH CHINA SEA (Oct ...

As part of the law that was signed by President Trump, a particular section is noted as follows with regard to Taiwan:

SEC. 209.Commitment to Taiwan.

(a) United States commitment to Taiwan.—It is the policy of the United States—

(1) to support the close economic, political, and security relationship between Taiwan and the United States;

(2) to faithfully enforce all existing United States Government commitments to Taiwan, consistent with the Taiwan Relations Act of 1979 (Public Law 96–8), the 3 joint communiques, and the Six Assurances agreed to by President Ronald Reagan in July 1982; and

(3) to counter efforts to change the status quo and to support peaceful resolution acceptable to both sides of the Taiwan Strait.

(b) Arms sales to Taiwan.—The President should conduct regular transfers of defense articles to Taiwan that are tailored to meet the existing and likely future threats from the People’s Republic of China, including supporting the efforts of Taiwan to develop and integrate asymmetric capabilities, as appropriate, including mobile, survivable, and cost-effective capabilities, into its military forces.

(c) Travel.—The President should encourage the travel of highlevel United States officials to Taiwan, in accordance with the Taiwan Travel Act (Public Law 115–135).

When it comes to freedom of navigation in the new law, this is noted:

SEC. 213.Freedom of navigation and overflight; promotion of international law.

(a) Freedom of navigation.—It is the policy of the United States—

(1) to conduct, as part of its global Freedom of Navigation Program, regular freedom of navigation, and overflight operations in the Indo-Pacific region, in accordance with applicable international law; and

(2) to promote genuine multilateral negotiations to peacefully resolve maritime disputes in the South China Sea, in accordance with applicable international law.

(b) Joint Indo-Pacific diplomatic strategy.—It is the sense of Congress that the President should develop a diplomatic strategy that includes working with United States allies and partners to conduct joint maritime training and freedom of navigation operations in the Indo-Pacific region, including the East China Sea and the South China Sea, in support of a rules-based international system benefitting all countries.

Pray for peace, prepare for war. Imagine how complicated those trade talks really are.

 

This the Reason N Korea Cancelled the Meeting?

Posted on by

The excuses both sides explain scheduling conflicts. C’mon, lil Kim is not exactly that busy to take a meeting with America, right? As North and South Korea have begin to dismantle 20 guard posts along the DMZ. South Korea has 60 such positions while North Korea has an estimated 160. Allegedly, all firearms have been already removed from the guard posts. Personnel is still there but it is said they are unarmed.

Back to that cancelled meeting….

 A satellite image of a secret North Korean ballistic missile base. The North has offered to dismantle a different major missile launching site while continuing to make improvements at more than a dozen others.CreditCreditCSIS/Beyond Parallel, via DigitalGlobe 2018

More detail is explained here.

What is the reason then? Missile sites….hummm

North Korea are still operating undeclared missile bases and even improving some of their missile sites instead of shutting them down.

The latest report from the Center for Strategic and International Studies in Washington said it had identified 13 of an estimated 20 secret missile operating bases inside North Korea.

They could be used to house ballistic missiles of various ranges, with the largest believed to be capable of striking anywhere in the United States.

The report, written by researcher Joseph Bermudez, said maintenance and minor infrastructure improvements have been observed at some of the sites.

The sites identified in the report are scattered in remote, mountainous areas across North Korea.

It even identified improvements being made to its Sakkanmol site, close to the border with South Korea.

President Trump is still hoping to persuade Pyongyang to give up its nuclear weapons and long-range missiles.

The North Korean leader Kim Jong Un and U.S. President Donald Trump pledged to work towards ‘denuclearization’ at their landmark June summit in Singapore.

Shortly after the summit, Trump tweeted that there was no longer a nuclear threat from North Korea.

North Korea declared its nuclear force ‘complete’ and halted missile and nuclear bomb testing earlier this year.

North Korea has said it has closed its Punggye-ri nuclear testing site and the Sohae missile engine test facility.

It also raised the possibility of shuttering more sites and allowing international inspections if Washington took ‘corresponding measures’.

Last week, North Korea called off a meeting with U.S. Secretary of State Mike Pompeo in New York.

The country’s state media said on Monday the resumption of some small-scale military drills by South Korea and the United States violated a recent agreement aimed at lowering tensions on the Korean peninsula.

‘Missile operating bases are not launch facilities,’ Bermudez wrote.

‘While missiles could be launched from within them in an emergency, Korean People’s Army (KPA) operational procedures call for missile launchers to disperse from the bases to pre-surveyed or semi-prepared launch sites for operations.’

None of the missile bases have been acknowledged by North Korea, and analysts say an accurate disclosure of nuclear weapons and missile capabilities would be an important part of any denuclearization deal.

 

Items SecState Pompeo Manages in Dealing with N Korea

Posted on by
All is not so copacetic with North Korea. The United States has many channels of intelligence regarding North Korea and dealing with Kim Jung Un with many of the moving parts requires diplomatic artistry.
Below are but two examples and the prediction of a second summit between the United States and North Korea being noted, the logistics is a chess game.
Pompeo Meets North Korean Leader Kim Jong Un | One-News
FireEye has released a report stating the tools and techniques used by the group, “We believe APT38’s financial motivation, unique toolset, and tactics, techniques, and procedures (TTPs) observed during their carefully executed operations are distinct enough to be tracked separately from other North Korean cyber activity. There are many overlapping characteristics with other operations, known as “Lazarus” and the actor we call TEMP.Hermit; however, we believe separating this group will provide defenders with a more focused understanding of the adversary and allow them to prioritize resources and enable defense.
In their official blog, the company further explained the distinction of the group from any other hackers out there. Foremost, the malware tools used overlap or are similar indicating the similar developer behind the scenes.
The general pattern used by APT38 was observed to be this way –
  • First, the information is gathered by targeting third-party vendors to understand the mechanics of their transactions.
  • Then, initial compromise takes place followed by internal reconnaissance, pivot to victim servers used for swift transactions.
  • After this, finally, the funds are transferred or stolen.
  • This group does not stop just there but it removes all the evidence that might help the authorities trace them back or know the exact way or methodology of the fraud.
FireEye addressed the threat the group poses to its targeted sector by stating, “APT38 is unique in that it is not afraid to aggressively destroy evidence or victim networks as part of its operations. This attitude toward destruction is probably a result of the group trying to not only cover its tracks but also to provide cover for money laundering operations.The full 32 page report is here.
Meanwhile:

The U.S. Treasury Department last week sanctioned a Turkish company, two Turkish individuals, and a North Korean individual for violating UN sanctions on Pyongyang. These sanctions came just before Secretary of State Mike Pompeo’s fourth trip to North Korea in preparation for an anticipated second Trump-Kim summit.

Treasury targeted the Turkey-based company SIA Falcon International Group; the company’s chief executive officer, Huseyin Sahin; the company’s general manager, Erhan Culha; and North Korea’s economic and commercial counselor in Mongolia, Ri Song Un. The sanctions were issued pursuant to Executive Order 13551, which restricts trade in arms and luxury goods with North Korea. UN Security Council Resolution 1718 from 2006 also prohibits member states from conducting such trade.

In a press release, Treasury noted that SIA Falcon operates in Latvia. In February 2018, Treasury’s Financial Crimes Enforcement Network (FinCEN) named ABLV Bank of Latvia an institution of primary money laundering concern. FinCEN noted that ABLV “institutionalized money laundering as a pillar of the bank’s business practices” and conducted illicit financial transactions for North Korean procurement or export of ballistic missiles. Treasury did not confirm, however, that SIA Falcon’s Latvian branch office used ABLV’s bank services.

Treasury’s latest sanctions came the same day as The Rodong Sinmun, a North Korean state-run newspaper, published an article lambasting U.S. sanctions policy. Just days earlier, North Korea’s foreign minister, Ri Yong Ho, implored the UN Security Council to lift sanctions in response to Pyongyang’s moves to freeze missile and nuclear testing and to destroy the Punggye-ri test facility. However, until North Korea agrees to denuclearization and a full declaration of Pyongyang’s nuclear weapons program, facilities, and capabilities, Washington has confirmed it will not ease sanctions pressure

After Secretary Pompeo’s latest trip to North Korea, Pyongyang’s media outlets suggested U.S.-North Korea relations are improving. Of course, these latest designations, as well as ongoing U.S. diplomatic efforts to ensure international compliance with UN sanctions, could stir further tensions. Despite these risks, the sanctions send a useful message to Pyongyang that the Trump administration will not back down until the Kim regime meets its core demands. Hat tip FDD.

Trump Admin Trying to Get a Cyber Doctrine

Posted on by

October is national cyber awareness month, frankly every month and every day should be an awareness day.

octo | Office of the Chief Technology Officer

So, back in late 2017, the House passed by a voice vote H.R. 3559 – Cybersecurity and Infrastructure Security Agency Act of 2017. As you may guess, it is stalled in the Senate.

Meanwhile, in an effort to mobilize and consolidate cyber operations for the United States, there is no consensus within Congress. Should every government agency has a cyber division? Should the United States be able to perform counter cyber attacks? What kind of a cyber attack on the United States constitutes an act of war?

Just last month, Politico published a piece stating in part:

Recent reports that Russia has been attempting to install malware in our electrical grid and that its hackers have infiltrated utility-control rooms across America should constitute a significant wakeup call. Our most critical infrastructure systems are vulnerable to malicious foreign cyberactivity and, despite considerable effort, the collective response has been inadequate. As Director of National Intelligence Dan Coats ominously warned, “The warning lights are blinking red.”

A successful attack on our critical infrastructure — power grids, water supplies, communications systems, transportation and financial networks — could be devastating. Each of these is vital to our economy, health and security. One recent study found that a single coordinated attack on the East Coast power grid could leave parts of the region without power for months, cause thousands of deaths due to the failure of health and safety systems, and cost the U.S. economy almost $250 billion. Cyberattacks could also undermine our elections, either by altering our voter registration rolls or by tampering with the voting systems or results themselves.

The op-ed was written by retired General and former CIA Director David Petraeus who is arguing: “Our grab-bag approach isn’t working. Gen. David Petraeus says it’s time to go big.”

Actually, I agree with General Petraeus on his position. Last month also, John Bolton on the White House National Security Council declared that the U.S. is going on the offensive. Yet in an interesting article, Forbes offers a point and counter-point to that argument.

Last week, President Trump spoke to world leaders about how China is interfering in U.S. elections via the cyber realm. While no evidence has been offered, that is not to say there is no evidence, it is a common tactic of China. Additionally, the United States is offering robust assistance to NATO allies.

Acting to counter Russia’s aggressive use of cyberattacks across Europe and around the world, the U.S. is expected to announce that, if asked, it will use its formidable cyberwarfare capabilities on NATO’s behalf, according to a senior U.S. official.

The announcement is expected in the coming days as U.S. Defense Secretary Jim Mattis attends a meeting of NATO defense ministers on Wednesday and Thursday.

Katie Wheelbarger, the principal deputy assistant defense secretary for international security affairs, said the U.S. is committing to use offensive and defensive cyber operations for NATO allies, but America will maintain control over its own personnel and capabilities.

The decision comes on the heels of the NATO summit in July, when members agreed to allow the alliance to use cyber capabilities that are provided voluntarily by allies to protect networks and respond to cyberattacks. It reflects growing concerns by the U.S. and its allies over Moscow’s use of cyber operations to influence elections in America and elsewhere.

“Russia is constantly pushing its cyber and information operations,” said Wheelbarger, adding that this is a way for the U.S. to show its continued commitment to NATO.

Wheelbarger told reporters traveling to NATO with Mattis that the move is a signal to other nations that NATO is prepared to counter cyberattacks waged against the alliance or its members.

Much like America’s nuclear capabilities, the formal declaration of cyber support can help serve as a military deterrent to other nations and adversaries.

The U.S. has, for some time, considered cyber as a warfighting domain, much like air, sea, space and ground operations. In recent weeks the Pentagon released a new cybersecurity strategy that maps out a more aggressive use of military cyber capabilities. And it specifically calls out Russia and China for their use of cyberattacks.

China, it said, has been “persistently” stealing data from the public and private sector to gain an economic advantage. And it said Russia has use cyber information operations to “influence our population and challenge our diplomatic processes.” U.S. officials have repeatedly accused Moscow of interfering in the 2016 elections, including through online social media.

“We will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of a crisis or conflict,” the new strategy states, adding that the U.S. is prepared to use cyberwarfare along with other military weapons against its enemies when needed, including to counter malicious cyber activities targeting the country. Read more here.

Not to be left out is North Korea.

The Department of Homeland Security, the Department of the Treasury, and the Federal Bureau of Investigation have identified malware and other indicators of compromise used by the North Korean government in an ATM cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

For more information, see:

Yup, in closing…..we agree with General Petraeus….it is long overdue to go big and go NOW.

N Korean, Park Jin hyok Charged with Global Cyber Attacks

Posted on by

U.S. CHARGES NORTH KOREAN HACKER

Federal prosecutors charged a North Korean man, Park Jin-hyok, with crimes in connection with a series of costly cyberattacks around the globe, including the WannaCry ransomware attack in 2018, the heist of Bangladesh’s central bank in 2017, and the hack of Sony Pictures in 2014. It is the first time the Justice Department has explicitly charged a North Korean hacker backed by the government. Park was allegedly working as a programmer for a North Korean front company in China called Chosun Expo, which had ties to North Korea’s military intelligence.

Legal analysts say the complaint is the most detailed public accounting yet of North Korea’s cyberattacks against foreign adversaries. The Justice Department has now brought hacking-related charges against North Korea, China, Iran, and Russia. (WSJ, NYT, Reuters, DOJ)

Park Jin Hyok, named by officials as a member of the so-called Lazarus Group hacking team behind last year’s WannaCry global ransomware attack and the 2014 digital attack on Sony, apparently used not only advanced technology, but elaborate reconnaissance work to digitally steal money and sensitive information.

First, Park would obtain a number of email addresses of people affiliated with target businesses from traders dealing in large amounts of personal information. Then he would use the emails to gain an understanding of company employees’ fields of interest and personal relationships.

That would let him craft emails that could pass as genuine messages from major companies in content and style, a tactic known as spear phishing. After spending some time building trust, he would send the malicious links to websites that would infect a target’s computer.

In one case, Park apparently masqueraded as a human resources official at a U.S. defense-linked company to exchange messages with workers at one of the company’s competitors.

Last week’s charges were said to be the first in years against a North Korean hacker related to high-profile attacks linked to the state. The attack on Sony came as the company was preparing to release a movie called “The Interview,” which depicted the assassination of a character resembling North Korean leader Kim Jong Un. The group also allegedly stole $81 million from the central bank of Bangladesh in 2016.

A North Korean suspect is wanted by U.S. authorities on suspicion of hacking. (Courtesy of the U.S. Federal Bureau of Investigation)

“We stand with our partners to name the North Korean government as the force behind this destructive global cyber campaign,” Christopher Wray, director of the Federal Bureau of Investigation, said in a statement on Sept. 6.

The U.S. Treasury also imposed sanctions on Park and a Chinese business he was affiliated with. “We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,” Treasury Secretary Steven Mnuchin said in his own statement.

Under Kim, the North has consolidated its cyber forces under its Reconnaissance General Bureau, which handles overseas spying. The state has a team of 6,800, according to the South Korean government, and is counted as one of the five cyber powers along with the U.S., Russia, China and Israel.

The core of cyber operations is a team known as “Bureau 121,” established in 1998 by Kim’s father, then-leader Kim Jong Il. Bureau 121 is known for its willingness to commit crimes for the sake of bringing in cash.

“The technology behind North Korea’s cybercrimes is some of the most advanced in the world,” said a source with the U.S. State Department.

Governments and businesses around the world are hurrying to guard themselves from the North’s attacks even as its methods grow more sophisticated. Further cooperation between countries’ cyberdefense authorities may be key to finding effective solutions.

British Airways: The airline said a “very sophisticated” hacker stole credit card details of hundreds of thousands of its customers in recent days. Anyone who lost out financially as a result of the breach would be compensated, BA officials said. (Reuters)

JPMorgan Hacker: A Russian man, Andrei Tyurin, has been extradited by Georgia to the United States on charges that he participated in the 2014 hack of JPMorgan Chase and other U.S. companies. (Reuters)