Category Archives: NSA Spying

The Facts of North Korea Nuclear and WMD Program

Posted on by

Professionals at Los Alamos and Oak Ridge Laboratories estimate it would take up to ten years to dismantle all programs and operations in North Korea. Further, Tehran, Moscow and Beijing will work hard to delay what they can due to eliminating evidence of their respective involvement for decades in North Korea.

The Nine Steps Required to
Really Disarm North Korea

By WILLIAM J. BROAD, DAVID E. SANGER and TROY GRIGGS

NYT’s: The vast scope of North Korea’s atomic program means ending it would be the most challenging case of nuclear disarmament in history. Here’s what has to be done to achieve — and verify — the removal of the nuclear arms, the dismantlement of the atomic complex and the elimination of the North’s other weapons of mass destruction.

Nuclear Capabilities

  • Dismantle and remove
    nuclear weapons

    Take apart every nuclear weapon in the North’s arsenal and ship the parts out of the country.

  • Halt uranium enrichment

    Dismantle the plants where centrifuges make fuel for nuclear reactors and atom bombs.

  • Disable reactors

    Shutter the nuclear reactors that turn uranium into plutonium, a second bomb fuel.

  • Close nuclear test sites

    Confirm that the North’s recent, staged explosions actually destroyed the complex.

  • End H-bomb fuel production

    Close exotic fuel plants that can make atom bombs hundreds of times more destructive.

  • Inspect anywhere, forever

    Give international inspectors the freedom to roam and inspect anywhere.

Non-Nuclear Capabilities

  • Destroy germ weapons

    Eliminate anthrax and other deadly biological arms, under constant inspection.

  • Destroy chemical weapons

    Eliminate sarin, VX and other lethal agents the North has used on enemies.

  • Curb missile program

    Eliminate missile threats to the U.S., Japan and South Korea.

President Trump says he is meeting Kim Jong-un in Singapore because the North Korean leader has signaled a willingness to “denuclearize.’’

But that word means very different things in Pyongyang and Washington, and in recent weeks Mr. Trump has appeared to back away from his earlier insistence on a rapid dismantlement of all things nuclear — weapons and production facilities — before the North receives any sanctions relief.

Whether it happens quickly or slowly, the task of “complete, verifiable, irreversible denuclearization’’ — the phrase that Secretary of State Mike Pompeo keeps repeating — will be enormous. Since 1992, the country has repeatedly vowed never to test, manufacture, produce, store or deploy nuclear arms. It has broken all those promises and built a sprawling nuclear complex.

North Korea has 141 sites devoted to the production and use of weapons of mass destruction, according to a 2014 Rand Corporation report. Just one of them — Yongbyon, the nation’s main atomic complex — covers more than three square miles. Recently, the Institute for Science and International Security, a private group in Washington, inspected satellite images of Yongbyon and counted 663 buildings.

North Korea is the size of Pennsylvania. The disarmament challenge is made worse by uncertainty about how many nuclear weapons the North possesses — estimates range from 20 to 60 — and whether tunnels deep inside the North’s mountains hide plants and mobile missiles.

The process of unwinding more than 50 years of North Korean open and covert developments, therefore, would need to start with the North’s declaration of all its facilities and weapons, which intelligence agencies would then compare with their own lists and information.

***

Nuclear experts like David A. Kay, who led the largely futile American hunt for weapons of mass destruction in Iraq, argue that the North Korean arms complex is too large for outsiders to dismantle. The best approach, he contends, is for Western inspectors to monitor North Korean disarmament. The time estimates range from a few years to a decade and a half — long after Mr. Trump leaves office.

The magnitude of the North Korean challenge becomes clearer when compared with past efforts to disarm other nations. For instance, Libya’s nuclear program was so undeveloped that the centrifuges it turned over had never been unpacked from their original shipping crates. Infrastructure in Syria, Iraq, Iran and South Africa was much smaller. Even so, Israel saw the stakes as so high that it bombed an Iraqi reactor in 1981, and a Syrian reactor in 2007.

Undoing weapons of mass destruction

Full elimination Partial elimination
Steps North Korea Libya Syria Iraq Iran South Africa
Dismantle nuclear arms X X
Halt uranium enrichment X X X / X
Disable reactors X X X X
Close nuclear test sites X X
End H-bomb fuel production X
Destroy germ arms X X
Destroy chemical arms X X / X
Curb missile program X X

Here’s what is involved in each of the major disarmament steps:

Dismantle and remove
nuclear weapons

Under the eye of a declared nuclear state — like
the United States, China or Russia — take apart
every nuclear weapon in the North Korean arsenal
and safely ship the components out of the country.

missile_nkorea.jpg

North Korea released a photograph of the country’s leader, Kim Jong-un, center, inspecting what it said was a hydrogen bomb that could be fitted atop a long-range missile. Korean Central News Agency

John R. Bolton, Mr. Trump’s hawkish national security adviser, has argued that before any sanctions are lifted, the North should deliver all its nuclear arms to the United States, shipping them to the Oak Ridge National Laboratory in Tennessee, where inspectors sent Libya’s uranium gear.

It’s almost unimaginable that the North would simply ship out its weapons — or that the rest of the world would be convinced that it had turned over all of them.

Siegfried S. Hecker, a Stanford professor who formerly headed the Los Alamos weapons laboratory in New Mexico, argues that the only safe way to dismantle the North’s nuclear arsenal is to put the job, under inspection, in the hands of the same North Korean engineers who built the weapons. Otherwise, he said, outsiders unfamiliar with the intricacies might accidently detonate the nuclear arms.

Halt uranium enrichment

Dismantle the plants where centrifuges
spin at supersonic speeds to make fuel
for nuclear reactors and atom bombs.

Factories holding hundreds of centrifuges spin gaseous uranium until it is enriched in a rare form of the element that can fuel reactors — or, with more enrichment, nuclear arms.

It’s easy to shut down such plants and dismantle them. The problem is that they’re relatively simple to hide underground. North Korea has shown off one such plant, at Yongbyon, but intelligence agencies say there must be others. The 2014 Rand report put the number of enrichment plants at five.

Because uranium can be used to fuel reactors that make electricity, North Korea is almost certain to argue it needs to keep some enrichment plants open for peaceful purposes. That poses a dilemma for the Trump administration.

In the case of Iran, it has insisted that all such plants be shut down permanently. After arguing that the Obama administration made a “terrible deal” by allowing modest enrichment to continue in Iran, it is hard to imagine how Mr. Trump could insist on less than a total shutdown in North Korea.

Disable reactors

Shutter nuclear reactors that turn uranium
into plutonium, a second bomb fuel.

Inside a reactor, some of the uranium in the fuel rods is turned into plutonium, which makes a very attractive bomb fuel. Pound for pound, plutonium produces far more powerful nuclear blasts than does uranium. In 1986, at Yongbyon, North Korea began operating a five-megawatt reactor, which analysts say produced the plutonium fuel for the nation’s first atom bombs. Today, the North is commissioning a second reactor that is much larger.

Jan. 17, 2018 image from DigitalGlobe via Institute for Science and International Security

Reactors are hard to hide: They generate vast amounts of heat, making them extremely easy to identify by satellite.

But reactors that produce large amounts of electricity — such as the new one being readied in North Korea — pose a dilemma, because the North can legitimately argue it needs electric power. It seems likely that the Trump administration will come down hard on the North’s new reactor, but might ultimately permit its operation if the North agrees for the bomb-usable waste products to be shipped out of the country.

Close nuclear test sites

Confirm that the North’s recent, staged
explosions actually destroyed the deep
tunnels and infrastructure, or take additional
steps to make the complex unusable.

Atom and hydrogen bombs need repeated testing to check their performance. Since 2006, the North has detonated nuclear devices at least six times in tunnels dug deep inside Mount Mantap, a mile-high peak in the North’s mountainous wilds.

Last month, the North blew up test-tunnel portals at Mount Mantap as a conciliatory gesture before the planned denuclearization talks. Experts say the thick clouds of rising smoke and debris, while impressive for television cameras, leave open the question of whether the damage is irreversible. Presumably, the North could also dig new test sites beneath other mountains. The Trump administration has called for an end to all explosive testing.

End H-bomb fuel production

Close exotic fuel plants that can make atom
bombs hundreds of times more destructive.

At the heart of a missile warhead, an exploding atom bomb can act as a superhot match that ignites thermonuclear fuel, also known as hydrogen fuel. The resulting blast can be 1,000 times more powerful than the Hiroshima bomb. North Korea is suspected of having at least two sites for different aspects of H-bomb fuel production — one at Yongbyon, and one near Hamhung, on the country’s east coast.

The exotic fuels also have civilian uses for the manufacture of glow-in-the-dark lighting, exit signs and runway lights. The Trump administration stance is unclear. Atomic experts say the military threat can be reduced by shuttering large plants, building smaller factories and carefully regulating their products.

Inspect anywhere, forever

In a mountainous country, give
international inspectors the freedom
to roam and inspect anywhere — with
automated monitoring of key sites.

Under past nuclear agreements, inspectors from the International Atomic Energy Agency have lived in North Korea, but their movements were limited to small parts of the giant Yongbyon facility, where the nation’s nuclear reactors are located. For inspections to be effective, they must cover the whole country — including military facilities. (One of Mr. Trump’s complaints about the Iran agreement was that inspectors were inhibited from going anywhere.)

But inspecting all of North Korea — land of underground tunnels — would be an enormous job. American intelligence agencies have spent billions of dollars watching missiles move, mapping likely facilities, and using spy satellites and cyber reconnaissance to track the arms. But they have surely made mistakes, and missed some facilities. The problem gets larger if the inspectors are seeking out underground bunkers that hide missiles for quick strikes.

Destroy germ weapons

Eliminate anthrax and other deadly biological
weapons, under constant inspection.

Biological weapons can be more destructive than nuclear arms. A single gallon of concentrated anthrax is said to have enough spores to kill every person on Earth. The challenge is how to deliver the living weapons. The anthrax attacks of 2001 relied on letters, killing five people, sickening 17 others and frightening the nation.

North Korea is suspected of having a large complex for making germ weapons. The problem is learning its true dimensions, and verifying its dismantlement. While nuclear and missile tests advertise their developmental strides openly, the production and testing of deadly pathogens can be done behind closed doors.

Moreover, experts argue that the gear for producing germ weapons is often identical or similar to that of medicine and agriculture, making it extremely hard if not impossible for outsiders to verify that germ-weapon work has ended. The Trump administration’s stance is unknown other than it wants the North to end all work on biological weapons.

Destroy chemical weapons

Eliminate sarin, VX and other lethal
agents the North has used on enemies.

Last year, the deadly nerve agent VX was used to assassinate Kim Jong-nam, the estranged half brother of the North’s leader. The killing cast light on the North’s long pursuit of chemical weapons. Although the North denies having any, experts rank the nation as among the world’s top possessors, saying it harbors thousands of tons of the banned armaments.

The Trump administration’s negotiating list with the North includes chemical disarmament. Syria is a reminder of the difficulty. President Barack Obama cut a deal with Damascus to destroy its chemical arsenal. This year, the United States accused the Syrian government of using the banned weapons at least 50 times since the civil war began, topping previous official estimates. The attacks have maimed and killed hundreds of Syrians, including many children.

Curb missile program

Eliminate the long-range threat to the U.S. and
mid-range missile threat to Japan and South Korea.

In November, the North tested a greatly improved intercontinental ballistic missile that flew farther than any other — far enough to threaten all of the United States. It was a remarkable achievement that brought the current, long-escalating crisis to a head. While experts say the North still needs to do more testing to ensure that the missile’s warheads can survive fiery re-entry, the test flight showed that Mr. Kim had come remarkably close to perfecting a weapon that could threaten American cities.

Curbing the North’s missile program is high on the Trump administration’s negotiation list. A simple precaution is to limit the range of test flights — a fairly easily thing to monitor. A key question is whether arms negotiators will also try to redirect the North’s large corps of rocket designers and engineers into peaceful activities, such as making and lofting civilian satellites.

Is a Chinese Hack on our Naval Weapons an Act of War?

Posted on by

It is long been a question of the point that a foreign hack for espionage and theft is an act of war with emphasis on our naval weapons programs or those of the Army or Air Force.

Cyber warfare is an issue few care about or have control over because data resides outside of our individual control but that is NOT the case when it comes to government. They are accountable for safeguarding networks and data.

WashingtonAfter a hiatus of several years, Chinese state hackers are once again penetrating networks at a range of U.S. corporations in a campaign to steal secrets and leapfrog ahead in a race for global technology supremacy, cyber researchers say.

Companies in fields such as biomedicine, robotics, cloud computing and artificial intelligence have all been hit by cyber intrusions originating in China, the researchers say.

“It’s definitely accelerating. The trend is up,” said Dmitri Alperovitch, cofounder and chief technology officer at CrowdStrike, a threat intelligence firm based in Sunnyvale, Calif.,

Chinese state hacking teams linked to the People’s Liberation Army and the Ministry of State Security are becoming visible on U.S. networks again, although they are using new methods to remain undetected, researchers said.

“In the last few months, we’ve definitely seen … a reemergence of groups that had appeared to have gone dormant for a while,” said Cristiana Brafman Kittner, principal analyst at FireEye, a cybersecurity firm that has tracked China hacking extensively.

The activity comes after a sharp drop in Chinese hacking that began in September 2015, when former President Barack Obama and Chinese leader Xi Jinping reached an agreement to end the hacking theft of commercial secrets. The agreement quelled U.S. anger over its charge that China is the “world’s most active and persistent perpetrator of economic espionage.”

U.S. prosecutors in 2014 indicted five PLA officers for economic espionage for hacking into firms like Westinghouse, U.S. Steel and Alcoa. The 56-page indictment said the five men worked for Unit 61398 of the PLA’s Third Department in Shanghai. The highly detailed complaint entered into details that U.S. officials later said were meant to “name and shame” China for commercial hacking.

Why China’s hackers may be getting back into the game is not readily clear. Renewed trade tensions may be a reason. President Donald Trump has threatened to impose $50 billion of tariffs on China-made products to cut the U.S. trade deficit of $375 billion with China.

Another factor may be the conclusion of a massive reorganization of China’s military, which began in late 2015 and under which various signals intelligence and cyber hacking units “were dissolved and absorbed into this one mega organization, called the Strategic Support Force,” said Priscilla Moriuchi, an expert on East Asia at Recorded Future, a cyber-threat intelligence firm based in Somerville, Mass.

China’s Xi has laid out ambitious goal of catching up with the United States and Europe in 10 key sectors, including aerospace, semiconductors and robotics, under its “Made in China 2025” program.

Moriuchi, who spent 12 years in the U.S. intelligence community, eventually leading the National Security Agency’s East Asia and Pacific cyber threats office, said China’s hackers are broadening tactics, burrowing into telecommunications networks even as they steal secrets to help party leaders achieve “Made in China 2025” goals.

“The sectors that they are going after are things like cloud computing, (Internet of Things), artificial intelligence, biomedicines, civilian space, alternative energy, robotics, rail, agricultural machinery, high-end medical devices,” Moriuchi said.

“There are companies in all of these sectors that have experienced intrusions over the past year from actors who are believed to be China state-sponsored,” she said.

Since early in the past decade, U.S. officials have alleged that Chinese state hackers were tasked with obtaining commercial secrets from Western corporations to help Chinese firms, many of them state-owned, overtake competitors to the global forefront in technology.

In a renewed warning alert for China, a March 22 report from the Office of the U.S. Trade Representative on China’s trade actions said, “Beijing’s cyber espionage against U.S. companies persists and continues to evolve.

So as you read about the stolen data from the Navy by China consider this: Should the NSA get inside the Chinese networks now and infect and or re-steal our intelligence?

Unmanned underwater vehicles take advantage of advanced ... photo

(Note: according to the Washington Post item below, the contractor is not named, however ‘Inside Defense’ in September of 2016 published an item that GD Electric Boat was awarded the $105.5 million contract modification moving it into the second phase.)

electric boat « Breaking Defense - Defense industry news ... photo

WaPo: Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to undersea warfare — including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials.

The breaches occurred in January and February, the officials said, speaking on the condition of anonymity to discuss an ongoing investigation. The hackers targeted a contractor who works for the Naval Undersea Warfare Center, a military organization headquartered in Newport, R.I., that conducts research and development for submarines and underwater weaponry.

The officials did not identify the contractor.

Taken were 614 gigabytes of material relating to a closely held project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit’s electronic warfare library.

The Washington Post agreed to withhold certain details about the compromised missile project at the request of the Navy, which argued that their release could harm national security.

The data stolen was of a highly sensitive nature despite being housed on the contractor’s unclassified network. The officials said the material, when aggregated, could be considered classified, a fact that raises concerns about the Navy’s ability to oversee contractors tasked with developing cutting-edge weapons.

The breach is part of China’s long-running effort to blunt the U.S. advantage in military technology and become the preeminent power in east Asia. The news comes as the Trump administration is seeking to secure Beijing’s support in persuading North Korea to give up nuclear weapons, even as tensions persist between the United States and China over trade and defense matters.

The Navy is leading the investigation into the breach with the assistance of the FBI, officials said. The FBI declined to comment.

On Friday, the Pentagon inspector general’s office said that Defense Secretary Jim Mattis had asked it to review contractor cybersecurity issues arising from The Post’s story.
Navy spokesman Cmdr. Bill Speaks said, “There are measures in place that require companies to notify the government when a ‘cyber incident’ has occurred that has actual or potential adverse effects on their networks that contain controlled unclassified information.”

Speaks said “it would be inappropriate to discuss further details at this time.”

Altogether, details on hundreds of mechanical and software systems were compromised — a significant breach in a critical area of warfare that China has identified as a priority, both for building its own capabilities and challenging those of the United States.

“It’s very disturbing,” said former Sen. Jim Talent (R-Mo.,) who is a member of the U.S. China Economic and Security Review Commission. “But it’s a of a piece with what the Chinese have been doing. They are completely focused on getting advanced weapons technology through all kinds of means. That includes stealing secrets from our defense contractors.” Talent had no independent knowledge of the breach.
Undersea priority

The Sea Dragon project is an initiative of a special Pentagon office stood up in 2012 to adapt existing U.S. military technologies to new applications. The Defense Department, citing classification levels, has released little information about Sea Dragon other than to say that it will introduce a “disruptive offensive capability” by “integrating an existing weapon system with an existing Navy platform.” The Pentagon has requested or used more than $300 million for the project since late 2015 and has said it plans to start underwater testing by September.

Military experts fear that China has developed capabilities that could complicate the Navy’s ability to defend U.S. allies in Asia in the event of a conflict with China.

The Chinese are investing in a range of platforms, including quieter submarines armed with increasingly sophisticated weapons and new sensors, Adm. Philip S. Davidson said during his April nomination hearing to lead U.S. Indo-Pacific Command. And what they cannot develop on their own, they steal — often through cyberspace, he said.

“One of the main concerns that we have,” he told the Senate Armed Services Committee, “is cyber and penetration of the dot-com networks, exploiting technology from our defense contractors, in some instances.”

In February, Director of National Intelligence Daniel Coats testified that most of the detected Chinese cyber-operations against U.S. industry focus on defense contractors or tech firms supporting government networks.

In recent years, the United States has been scrambling to develop new weapons or systems that can counter a Chinese naval buildup that has targeted perceived weaknesses in the U.S. fleet. Key to the American advantage in any faceoff with China on the high seas in Asia will be its submarine fleet.

“U.S. naval forces are going to have a really hard time operating in that area, except for submarines, because the Chinese don’t have a lot of anti-submarine warfare capability,” said Bryan Clark, a naval analyst at the Center for Strategic and Budgetary Assessments. “The idea is that we are going to rely heavily on submarines in the early effort of any conflict with the Chinese.”

China has made closing the gap in undersea warfare one of its three top military priorities, and although the United States still leads the field, China is making a concerted effort to diminish U.S. superiority.

“So anything that degrades our comparative advantage in undersea warfare is of extreme significance if we ever had to execute our war plans for dealing with China,” said James Stavridis, dean of the Fletcher School of Law and Diplomacy at Tufts University and a retired admiral who served as supreme allied commander at NATO.

The U.S. military let its anti-ship weaponry languish after the Cold War ended because with the Soviet Union’s collapse, the Navy no longer faced a peer competitor on the seas. But the rapid modernization and buildup of the Chinese navy in recent years, as well as Russia’s resurgent forces at sea, have prompted the Pentagon to renew heavy investment in technologies to sink enemy warships.

The introduction of a supersonic anti-ship missile on U.S. Navy submarines would make it more difficult for Chinese warships to maneuver. It would also augment a suite of other anti-ship weapons that the U.S. military has been developing in recent years.
Ongoing breaches

For years, Chinese government hackers have siphoned information on the U.S. military, underscoring the challenge the Pentagon faces in safeguarding details of its technological advances. Over the years, the Chinese have snatched designs for the F-35 Joint Strike Fighter; the advanced Patriot PAC-3 missile system; the Army system for shooting down ballistic missiles known as Terminal High Altitude Area Defense; and the Navy’s new Littoral Combat Ship, a small surface vessel designed for near-shore operations, according to previous reports prepared for the Pentagon.

In some cases, suspected Chinese breaches appear to have resulted in copycat technologies, such as the drones China has produced that mimic U.S. unmanned aircraft.

[Chinese cyberspies stole a long list of U.S. weapons designs]

Speaks, the Navy spokesman, said: “We treat the broader issue of cyber intrusion against our contractors very seriously. If such an intrusion were to occur, the appropriate parties would be looking at the specific incident, taking measures to protect current information, and mitigating the impacts that might result from any information that might have been compromised.”

The Pentagon’s Damage Assessment Management Office has conducted an assessment of the damage, according to the U.S. officials. The Office of the Secretary of Defense declined to comment.

Theft of an electronic warfare library, Stavridis said, could give the Chinese “a reasonable idea of what level of knowledge we have about their specific [radar] platforms, electronically and potentially acoustically, and that deeply reduces our level of comfort if we were in a close undersea combat situation with China.”

Signals and sensor data is also valuable in that it presents China with the opportunity to “know when we would know at what distance we would be able to detect their submarines” — again a key factor in undersea battles.

Investigators say the hack was carried out by the Chinese Ministry of State Security, a civilian spy agency responsible for counterintelligence, foreign intelligence and domestic political security. The hackers operated out of an MSS division in the province of Guangdong, which houses a major foreign hacking department.

Although the Chinese People’s Liberation Army is far better-known than the MSS when it comes to hacking, the latter’s personnel are more skilled and much better at hiding their tracks, said Peter Mattis, a former analyst in the CIA counterintelligence center. The MSS, he said, hack for all forms of intelligence: foreign, military and commercial.

In September 2015, in a bid to avert economic sanctions, Chinese President Xi Jinping pledged to President Barack Obama that China would refrain from conducting commercial cyberespionage against the United States. Following the pact, China appeared to have curtailed much, although not all, of its hacking activity against U.S. firms, including by the People’s Liberation Army.

Both China and the United States consider spying on military technology to fall outside the pact. “The distinction we’ve always made is there’s a difference between conducting espionage in order to protect national security and conduct military operations, and the theft of intellectual property for the benefit of companies inside your country,” said Michael Daniel, the White House cybersecurity coordinator under Obama.

 

Facebook Shared your Data with 60+ Other Tech Companies

Posted on by

New privacy law forces some U.S. media offline in Europe

continue here where it has affected U.S. media.

It is a privacy war. It is data abuse. It is exploitation.

More than 50 companies including Apple and Amazon participated in the Facebook data-sharing partnership.

Have you noticed emails and terms of privacy has changed in volumes with those sites you often visit? Well we can thank Europe as the new privacy law went into effect in recent weeks.

On May 25, however, the power balance will shift towards consumers, thanks to a European privacy law that restricts how personal data is collected and handled. The rule, called General Data Protection Regulation or GDPR, focuses on ensuring that users know, understand, and consent to the data collected about them. Under GDPR, pages of fine print won’t suffice. Neither will forcing users to click yes in order to sign up. Read the details here.

But, it is suggested that you actually read what updates are in fact happening in the U.S., as it may not be all that protective. Fair warning and take caution, abuses may still continue.

Read on…it is no wonder that Facebook is running TV ads, but that still does not assure us our data is being abused.

Facebook: The Social Accelerator? | emergent by design photo

Facebook Gave Device Makers Deep
Access to Data on Users and Friends

The company formed data-sharing partnerships with Apple, Samsung and
dozens of other device makers, raising new concerns about its privacy protections.

As Facebook sought to become the world’s dominant social media service, it struck agreements allowing phone and other device makers access to vast amounts of its users’ personal information.

Facebook has reached data-sharing partnerships with at least 60 device makers — including Apple, Amazon, BlackBerry, Microsoft and Samsung — over the last decade, starting before Facebook apps were widely available on smartphones, company officials said. The deals allowed Facebook to expand its reach and let device makers offer customers popular features of the social network, such as messaging, “like” buttons and address books.

But the partnerships, whose scope has not previously been reported, raise concerns about the company’s privacy protections and compliance with a 2011 consent decree with the Federal Trade Commission. Facebook allowed the device companies access to the data of users’ friends without their explicit consent, even after declaring that it would no longer share such information with outsiders. Some device makers could retrieve personal information even from users’ friends who believed they had barred any sharing, The New York Times found.

Most of the partnerships remain in effect, though Facebook began winding them down in April. The company came under intensifying scrutiny by lawmakers and regulators after news reports in March that a political consulting firm, Cambridge Analytica, misused the private information of tens of millions of Facebook users.

In the furor that followed, Facebook’s leaders said that the kind of access exploited by Cambridge in 2014 was cut off by the next year, when Facebook prohibited developers from collecting information from users’ friends. But the company officials did not disclose that Facebook had exempted the makers of cellphones, tablets and other hardware from such restrictions.

“You might think that Facebook or the device manufacturer is trustworthy,” said Serge Egelman, a privacy researcher at the University of California, Berkeley, who studies the security of mobile apps. “But the problem is that as more and more data is collected on the device — and if it can be accessed by apps on the device — it creates serious privacy and security risks.”

In interviews, Facebook officials defended the data sharing as consistent with its privacy policies, the F.T.C. agreement and pledges to users. They said its partnerships were governed by contracts that strictly limited use of the data, including any stored on partners’ servers. The officials added that they knew of no cases where the information had been misused.

The company views its device partners as extensions of Facebook, serving its more than two billion users, the officials said.

“These partnerships work very differently from the way in which app developers use our platform,” said Ime Archibong, a Facebook vice president. Unlike developers that provide games and services to Facebook users, the device partners can use Facebook data only to provide versions of “the Facebook experience,” the officials said.

Some device partners can retrieve Facebook users’ relationship status, religion, political leaning and upcoming events, among other data. Tests by The Times showed that the partners requested and received data in the same way other third parties did.

Facebook’s view that the device makers are not outsiders lets the partners go even further, The Times found: They can obtain data about a user’s Facebook friends, even those who have denied Facebook permission to share information with any third parties.

In interviews, several former Facebook software engineers and security experts said they were surprised at the ability to override sharing restrictions.

“It’s like having door locks installed, only to find out that the locksmith also gave keys to all of his friends so they can come in and rifle through your stuff without having to ask you for permission,” said Ashkan Soltani, a research and privacy consultant who formerly served as the F.T.C.’s chief technologist.

Details of Facebook’s partnerships have emerged amid a reckoning in Silicon Valley over the volume of personal information collected on the internet and monetized by the tech industry. The pervasive collection of data, while largely unregulated in the United States, has come under growing criticism from elected officials at home and overseas and provoked concern among consumers about how freely their information is shared.

In a tense appearance before Congress in March, Facebook’s chief executive, Mark Zuckerberg, emphasized what he said was a company priority for Facebook users.“Every piece of content that you share on Facebook you own,” he testified. ”You have complete control over who sees it and how you share it.”

But the device partnerships provoked discussion even within Facebook as early as 2012, according to Sandy Parakilas, who at the time led third-party advertising and privacy compliance for Facebook’s platform.

“This was flagged internally as a privacy issue,” said Mr. Parakilas, who left Facebook that year and has recently emerged as a harsh critic of the company. “It is shocking that this practice may still continue six years later, and it appears to contradict Facebook’s testimony to Congress that all friend permissions were disabled.”

The partnerships were briefly mentioned in documents submitted to German lawmakers investigating the social media giant’s privacy practices and released by Facebook in mid-May. But Facebook provided the lawmakers with the name of only one partner — BlackBerry, maker of the once-ubiquitous mobile device — and little information about how the agreements worked.

The submission followed testimony by Joel Kaplan, Facebook’s vice president for global public policy, during a closed-door German parliamentary hearing in April. Elisabeth Winkelmeier-Becker, one of the lawmakers who questioned Mr. Kaplan, said in an interview that she believed the data partnerships disclosed by Facebook violated users’ privacy rights.

“What we have been trying to determine is whether Facebook has knowingly handed over user data elsewhere without explicit consent,” Ms. Winkelmeier-Becker said. “I would never have imagined that this might even be happening secretly via deals with device makers. BlackBerry users seem to have been turned into data dealers, unknowingly and unwillingly.”

In interviews with The Times, Facebook identified other partners: Apple and Samsung, the world’s two biggest smartphone makers, and Amazon, which sells tablets.

An Apple spokesman said the company relied on private access to Facebook data for features that enabled users to post photos to the social network without opening the Facebook app, among other things. Apple said its phones no longer had such access to Facebook as of last September.

Samsung declined to respond to questions about whether it had any data-sharing partnerships with Facebook. Amazon also declined to respond to questions.

Usher Lieberman, a BlackBerry spokesman, said in a statement that the company used Facebook data only to give its own customers access to their Facebook networks and messages. Mr. Lieberman said that the company “did not collect or mine the Facebook data of our customers,” adding that “BlackBerry has always been in the business of protecting, not monetizing, customer data.”

Microsoft entered a partnership with Facebook in 2008 that allowed Microsoft-powered devices to do things like add contacts and friends and receive notifications, according to a spokesman. He added that the data was stored locally on the phone and was not synced to Microsoft’s servers.

Facebook acknowledged that some partners did store users’ data — including friends’ data — on their own servers. A Facebook official said that regardless of where the data was kept, it was governed by strict agreements between the companies.

“I am dumbfounded by the attitude that anybody in Facebook’s corporate office would think allowing third parties access to data would be a good idea,” said Henning Schulzrinne, a computer science professor at Columbia University who specializes in network security and mobile systems. Keep reading here for specific details.

Fed Gov Spent $76 Billion in 2017 for Cyber Security, Fail v Success

Posted on by

Go here for the Forum Part One

Go here for the Forum Part Two

Fascinating speakers from private industry, state government and the Federal government describe where we are, the history on cyber threats and how fast, meaning hour by hour the speed at which real hacks, intrusions or compromise happen.

David Hoge of NSA’s Threat Security Operations Center for non-classified hosts worldwide describes the global reach of NSA including the FBI, DHS and the Department of Defense.

NSA Built Own 'Google-Like' Search Engine To Share ... photo

When the Federal government spent $76 billion in 2017 and we are in much the same condition, Hoge stays awake at night.

With North Korea in the constant news, FireEye published a report in 2017 known as APT37 (Reaper): The Overlooked North Korea Actor. North Korea is hardly the worst actor. Others include Russia, China, Iran and proxies.

Targeting: With North Korea primarily South Korea – though also Japan, Vietnam and the Middle East – in various industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive, and healthcare.
Initial Infection Tactics: Social engineering tactics tailored specifically to desired targets, strategic web compromises typical of targeted cyber espionage operations, and the use of torrent file-sharing sites to distribute malware more indiscriminately.
Exploited Vulnerabilities: Frequent exploitation of vulnerabilities in Hangul Word Processor (HWP), as well as Adobe Flash. The group has demonstrated access to zero-day vulnerabilities (CVE-2018-0802), and the ability to incorporate them into operations.
Command and Control Infrastructure: Compromised servers, messaging platforms, and cloud service providers to avoid detection. The group has shown increasing sophistication by improving their operational security over time.
Malware: A diverse suite of malware for initial intrusion and exfiltration. Along with custom malware used for espionage purposes, APT37 also has access to destructive malware.

More information on this threat actor is found in our report, APT37 (Reaper): The Overlooked North Korean Actor.

** NSA 'building quantum computer to crack security codes ...  photo

Beyond NSA, DHS as with other agencies have cyber divisions. The DHS cyber strategy is found here. The fact sheet has 5 pillars:

DHS CYBERSECURITY GOALS
Goal 1: Assess Evolving
Cybersecurity Risks.
We will understand the evolving
national cybersecurity risk posture
to inform and prioritize risk management activities.
Goal 2: Protect Federal Government
Information Systems.
We will reduce vulnerabilities of federal agencies to ensure they achieve
an adequate level of cybersecurity.
Goal 3: Protect Critical
Infrastructure.
We will partner with key stakeholders
to ensure that national cybersecurity
risks are adequately managed.
Goal 4: Prevent and Disrupt Criminal
Use of Cyberspace.
We will reduce cyber threats by
countering transnational criminal
organizations and sophisticated cyber
criminals.
Goal 5: Respond Effectively to Cyber
Incidents.
We will minimize consequences from
potentially significant cyber incidents
through coordinated community-wide
response efforts.
Goal 6: Strengthen the Security and
Reliability of the Cyber Ecosystem.
We will support policies and activities
that enable improved global cybersecurity risk management.
Goal 7: Improve Management of
DHS Cybersecurity Activities.
We will execute our departmental
cybersecurity efforts in an integrated
and prioritized way.

Related reading:National Protection and Programs Directorate

NPPD’s vision is a safe, secure, and resilient infrastructure where the American way of life can thrive.  NPPD leads the national effort to protect and enhance the resilience of the nation’s physical and cyber infrastructure.

*** Going forward as devices are invented and added to the internet and rogue nations along with criminal actors, the industry is forecasted to expand with experts and costs.

Research reveals in its new report that organizations are expected to increase spending on IT security by almost 9% by 2018 to safeguard their cyberspaces, leading to big growth rates in the global markets for cyber security.

The cyber security market comprises companies that provide products and services to improve security measures for IT assets, data and privacy across different domains such as IT, telecom and industrial sectors.

The global cyber security market should reach $85.3 billion and $187.1 billion in 2016 and 2021, respectively, reflecting a five-year compound annual growth rate (CAGR) of 17.0%. The American market, the largest segment, should grow from $39.5 billion in 2016 to $78.0 billion by 2021, demonstrating a five-year CAGR of 14.6%. The Asia-Pacific region is expected to grow the fastest among all major regions at a five-year CAGR of 21.4%, due to stringent government policies to mitigate cyber threats, and a booming IT industry.

Factors such as the growing complexity and frequency of threats, increasing severity of cyber security, stringent government regulations and compliance requirements, ubiquity of online communication, digital data and social media cumulatively should drive the market. Moreover, organizations are expected to increase IT spending on security solutions and services, as well. Rising adoption of technologies such as Internet of things, evolution of big data and cloud computing, increasing smartphone penetration and the developing market for mobile and web platforms should provide ample opportunities for vendors.

By solution type, the banking and financial segment generated the most revenue in 2015 at $22.2 billion. However, the defense and intelligence segment should generate revenues of $50.7 billion in 2021 to lead all segments. The healthcare sector should experience substantial growth with an anticipated 16.2% five-year CAGR.

Network security, which had the highest market revenue in 2015 based on solution type, should remain dominant through the analysis period. Substantial growth is anticipated in the cloud security market, as the segment is expected to have a 27.2% five-year CAGR, owing to increasing adoption of cloud-based services across different applications.

“IT security is a priority in the prevailing highly competitive environment,” says BCC Research analyst Basudeo Singh. “About $100 billion will be spent globally on information security in 2018, as compared with $76.7 billion in 2015.”

List of Issues for Talks Between Trump and Kim Jung Un

Posted on by

North Korea is holding up to 120,000 political prisoners in “horrific conditions” in camps across the country, according to estimates from a newly released State Department report.

The department on Tuesday issued its annual International Religious Freedom Report for 2017, which covers 200 countries and territories, documenting religious freedom and human rights abuses.

The findings on North Korea come as the Trump administration is working to engage the isolated regime. The White House says the administration continues to “actively prepare” for a possible summit with Kim Jong Un.

The report, though, addressed the brutal conditions festering inside Kim’s kingdom. It revealed 1,304 cases of alleged religious freedom violations in the country last year, while detailing the harsh treatment of political and religious prisoners — and persecution of Christians.

Secretary of States Mike Pompeo is meeting with 4 Star General and head of the military intelligence, Kim Yong Chol is a longtime spy chief and vice chairman of the ruling Workers’ Party was responsible for hacking Sony. More here.

North Korea Releases 3 US Citizens Ahead of Trump-Kim ... photo

Then North Korea has 2 satellites in orbit and more planned in 2018-2019.

“The Unha launcher can put maybe 100 kilograms [220 lbs.] into a pretty low orbit, maybe 400 or 500 kilometers [250 to 310 miles]” above the Earth’s surface, Wright said. “By increasing the thrust, it allows North Korea to lift satellites to higher altitudes, or to carry a greater payload to longer distances if it is a ballistic missile.”

Wright noted that the earlier, Nodong engine was essentially a scaled-up version of the one in the Scud, the Soviet missile that Iraq often used during the Gulf War of the 1990s. Whereas the Nodong used Scud-level propellants instead of ones used in more modern rockets, Wright noted that the color of the flame coming from the new engine in photos of the test suggest that this missile uses more advanced propellants that can generate higher thrust. [Top 10 Space Weapons]

“The surprise has been why North Korea has stuck with Scud propellants for so long,” Wright said. “There have been reports for 15 years now that North Korea had bought some submarine-launched missiles from the Soviet Union after it collapsed that used more advanced propellants, yet in all this time, we didn’t see them launch missiles with anything but Scud propellant.

In 2016, At United States Strategic Command, controllers likely had a high-workload evening as STRATCOM monitored the launch of a Russian Soyuz rocket from the Plesetsk Cosmodrome just eight minutes prior to North Korea’s launch, as is typical for launches from Russia’s military launch site. The ascending Unha rocket was tracked using the Space-Based Infrared System in Geostationary Orbit, capable of detecting the infrared signature of ascending rockets from ground level all the way into orbit. This allows the U.S. military to track the vehicle’s trajectory in real time before relying on ground-based radars to track any objects that entered orbit. More here .

Ah but there is but one more issue at least. Yes, North Korea imploded their nuclear test site at Punggye-ri. But…there are 4 more locations.

nk map amanda photo

The most important is Yongbyon, while the other locations appear to have slight or no activity.

Further, North Korea maintains a rather advanced air defense system, listed among the top in the world.

However, while North Korean technology is relatively primitive—the nation’s air defenses are coordinated.

“They do have an old Soviet computerized anti-aircraft command and control system. Most of the radars are old, but they did receive some newer Iranian phased array radars,” Kashin said. “This is what I know, the anti-aircraft units are extensively using underground shelters for cover—not easy to destroy.”

Thus, while generally primitive, North Korean defenses might be a tougher nut to crack than many might expect. Moreover, while their technology is old, North Korea’s philosophy of self-reliance means it can produce most of its own military hardware. More here.

North Korea has a fairly robust chemical and biological weapons program. The 46 page report is found here.

Lastly but hardly finally is the cyber weapons produced and applied by North Korea.

Most recently is: May 29, 2018, The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released a joint Technical Alert (TA) that identifies two families of malware—referred to as Joanap and Brambul—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

In conjunction with the release of this TA, NCCIC has released a Malware Analysis Report (MAR) that provides analysis on samples of Joanap and Brambul malware.

NCCIC encourages users and administrators to review TA18-149A: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm and MAR-10135536-3 – RAT/Worm.

While there has been recent discussions about applying the Libya model to North Korea for removing nuclear weapons, you can bet Kim Jung Un is going to demand the Pakistan model.