Please Don’t Sign it Mr. Trump, You Cant Sign it…

Posted on March 29, 2017March 29, 2017 by Denise Simon

(CNN)FBI Director James Comey warned Wednesday that Americans should not have expectations of “absolute privacy,” adding that he planned to finish his term leading the FBI.

“There is no such thing as absolute privacy in America; there is no place outside of judicial reach,” Comey said at a Boston College conference on cybersecurity. He made the remark as he discussed the rise of encryption since 2013 disclosures by former National Security Agency contractor Edward Snowden revealed sensitive US spy practices.

“Even our communications with our spouses, with our clergy members, with our attorneys are not absolutely private in America,” Comey added. “In appropriate circumstances, a judge can compel any one of us to testify in court about those very private communications.”

Did you get that? What? Keep reading, it gets worse….

Here’s the Data Republicans Just Allowed ISPs to Sell Without Your Consent

Privacy watchdogs blasted the vote as a brazen GOP giveaway to the broadband industry.

Motherboard: Financial and medical information. Social Security numbers. Web browsing history. Mobile app usage. Even the content of your emails and online chats.

These are among the types of private consumer information that House Republicans voted on Tuesday to allow your internet service provider (ISP) to sell to the highest bidder without your permission, prompting outrage from privacy watchdogs.

The House action, which was rammed through by a vote of 215 – 205 on a largely partisan basis by the GOP majority, represents another nail in the coffin of landmark Federal Communications Commission consumer privacy rules that were passed in 2016. The rules, which were set to go into effect later this year, would have required broadband providers to obtain “opt-in” consent before using, sharing, or selling private consumer data.

“Ignoring calls from thousands of their constituents, House Republicans just joined their colleagues in the Senate in violating internet users’ privacy rights,” Craig Aaron, CEO of DC-based public interest group Free Press Action Fund, said in a statement. “They voted to take away the privacy rights of hundreds of millions of Americans just so a few giant companies could pad their already considerable profits.”

Last week, the Senate passed its version of the legislation. President Trump, who “strongly” supports the FCC privacy rollback, is expected to sign the measure soon, as part of the widening Republican campaign to reverse federal safeguards across broad swaths of the economy, including rules protecting the environment, public health, and consumer interests.

Privacy watchdogs say the FCC’s policy is necessary because ISPs can see everything that consumers do online. Unless you use a Virtual Private Network (VPN), every website you visit, every mobile app you use, every online search you conduct, is visible on their networks. Needless to say, this data is immensely valuable because it can be used to create detailed profiles for marketing and tracking purposes.

Related reading: Is Your Favorite Website Spying on You?

Corporate giants like Comcast, AT&T and Verizon already rake in billions of dollars annually from internet, cable, and mobile subscriptions. Now, these broadband firms will be able to make even more money by selling your private data to third party marketers without your permission.

“What the heck are you thinking? What is in your mind?”

Last year, the FCC detailed the data covered by its privacy policy. Thanks to Capitol Hill Republicans, ISPs will no longer be required to obtain “opt-in” consent before using, sharing, or selling this data.

Image: FCC

“What the heck are you thinking?” Rep. Michael Capuano, the Massachusetts Democrat, demanded of his GOP colleagues during floor debate earlier Tuesday. “What is in your mind? Why would you want to give out any of your personal information to a faceless corporation for the sole purpose of them selling it?”

Privacy advocates are particularly outraged because Republican lawmakers are nuking the FCC privacy policy using a controversial legislative tool called the Congressional Review Act (CRA), which allows Congress to nullify recently-approved federal regulations. “Resolutions of disapproval” passed under the CRA cannot be filibustered, and prohibit the agency in question, in this case the FCC, from adopting “substantially similar” privacy rules in the future.

“Once President Trump signs this resolution, there will be no effective federal cop on the beat to proactively protect consumer information collected by ISPs,” Dallas Harris, Policy Fellow at DC-based digital rights group Public Knowledge, said in a statement. “Without the FCC’s broadband privacy rules, Americans go from being internet users to marketing data—from people to the product.”

It should come as no surprise that many of the Republicans leading the charge to roll back the FCC’s privacy rules, including Rep. Marsha Blackburn of Tennessee, have received vast sums of campaign cash from the broadband industry.

Over the course of Blackburn’s 14-year career in the House, she has received $75,750 from AT&T and $72,650 from Verizon, her second and third largest corporate donors, respectively, according to the Center for Responsive Politics. Blackburn has also received $66,000 from NCTA, the broadband industry trade group, and $49,500 from Comcast.

For the last year, the broadband industry has complained that the FCC’s privacy policy is unfair because it doesn’t apply to so-called “edge providers” like Google and Facebook, which are regulated by the Federal Trade Commission (FTC). But instead of fighting to bolster the FTC’s privacy policy to create a level playing field, Republican lawmakers instead chose to eliminate the FCC’s more robust protections. Now the measure moves to Trump’s desk.

“If President Trump was serious about his campaign promises to stand up for the rights of the individual over the powerful special interests in Washington DC, then he would veto this bill,” Nathan White, Senior Legislative Manager at Access Now, said in a statement.

Russia is a Threat, China Aggression is Under-Reported

Posted on March 28, 2017March 28, 2017 by Denise Simon

President Jimmy Carter gave away the Panama Canal which was officially transferred in 2000. Few know about the other canal project in Nicaragua, which is designed to be bigger and better. It was launched by a Chinese billionaire however, it appears the Chinese government is actually behind it.

Image result for china nicaragua canal

The whole matter is shrouded in secrecy while the Panama Canal is going through a huge expansion.

Image result for china militarize islands PBS

China has been creating islands in the South China Sea while other islands are a source of major dispute. China has been seen as militarizing the manufactured islands giving rise to concerns of major cargo and global shipping lanes. Could China be making a worldwide play to control commerce and sea transportation?

Chinese state firms have expressed an interest to develop land around the Panama Canal, the chief executive of the vital trade thoroughfare said, underlining China’s outward push into infrastructure via railways and ports around the world. China’s state firms have in recent years already chalked up investments in key logistics nodes, including Piraeus in Greece and Bandar Malaysia, a major development project that is set to be the terminal for a proposed high-speed rail link between Kuala Lumpur and Singapore. More here from Reuters.

So is there more to this under reported threat by China? Yes. For instance:

HONG KONG — When the United States Air Force wanted help making military robots more perceptive, it turned to a Boston-based artificial intelligence start-up called Neurala. But when Neurala needed money, it got little response from the American military.

So Neurala turned to China, landing an undisclosed sum from an investment firm backed by a state-run Chinese company.

Chinese firms have become significant investors in American start-ups working on cutting-edge technologies with potential military applications. The start-ups include companies that make rocket engines for spacecraft, sensors for autonomous navy ships, and printers that make flexible screens that could be used in fighter-plane cockpits. Many of the Chinese firms are owned by state-owned companies or have connections to Chinese leaders.

The deals are ringing alarm bells in Washington. According to a new white paper commissioned by the Department of Defense, Beijing is encouraging Chinese companies with close government ties to invest in American start-ups specializing in critical technologies like artificial intelligence and robots to advance China’s military capacity as well as its economy. More here from the New York Times.

Humm, need more? Both China and North Korea are known for hacking. China may have some obscure agreement with North Korea to hack selected global sites. As we know, North Korea is a threat as they are continuing to advance their missile program and super thrust rocket engines which are tied to their nuclear weapons program. China provides that communications, telecom and internet platform and servers for North Korea.

Image result for china hacking BBC

North Korea relies on China for Internet connectivity, partially due to longstanding ties between the two nations and partly because it has few options. North Korea borders just three countries: South Korea, with which it is still technically at war, Russia and China. The Chinese Internet is well developed and the Russian border is far from Pyongyang, the North Korean capital, making China a good choice. Going back to 2014, the U.S. State Department was well aware of all these conditions between China and North Korea, still no solution by the Obama administration.

***

Hackers associated with the Chinese government have repeatedly infiltrated the computer systems of U.S. airlines, technology companies and other contractors involved in the movement of U.S. troops and military equipment, a U.S. Senate panel has found.

Cybersecurity expert Dmitri Alperovitch, chief technology officer with the security firm Crowdstrike, said China had for years shown a keen interest in th the logistical patterns of the U.S. military.

The investigation focused on the U.S. military’s ability to seamlessly tap civilian air, shipping and other transportation assets for tasks including troop deployments and the timely arrival of supplies from food to ammunition to fuel. U.S. authorities charged five Chinese military officers, accusing them of hacking into American nuclear, metal and solar companies to steal trade secrets.

Last month, Community Health Systems (CYH.N), one of the largest U.S. hospital groups, said Chinese hackers had stolen Social Security numbers and other personal data from some 4.5 million patients.

*** North Korea has an elite and secret hacking unit as well known as Bureau 121. The Department of Defense submitted a report to Congress on Bureau 121 using asymmetric warfare. North Korea also has an additional cyber unit known as Office 91.

Office 91 is thought to be the headquarters of North Korea’s hacking operation although the bulk of the hackers and hacking and infiltration into networks is done from Unit 121, which operates out of North Korea and has satellite offices overseas, particularly in Chinese cities that are near the North Korean border. One such outpost is reportedly the Chilbosan Hotel in Shenyang, a major city about 150 miles from the border. A third operation, called Lab 110, participates in much the same work.

There are also several cyberunits under North Korea’s other arm of government, the Workers’ Party of Korea.

Unit 35 is responsible for training cyberagents and is understood to handle domestic cyberinvestigations and operations. Unit 204 takes part in online espionage and psychological warfare and Office 225 trains agents for missions in South Korea that can sometimes have a cyber component. More here from PCWorld.

*** China is well aware of North Korea activities, while China has and is becoming more aggressive globally. There is clearly collusion, yet what is the West and in particular the United States prepared to do in response remains unclear. However, China did approve 38 Trump trademarks. President Trump meets with Xi Jinping, maybe we will know more in April.

Russian FSB Officers Charged in Yahoo Hack and More

Posted on March 15, 2017March 15, 2017 by Denise Simon

NBC, Washington

Yahoo announced on Thursday that the account information of at least 500 million users was stolen by hackers two years ago, in the biggest known intrusion of one company’s computer network.

In a statement, Yahoo said user information — including names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions — was compromised in 2014 by what it believed was a “state-sponsored actor.” More here from NYT’s.

U.S. Charges Russian FSB Officers and Their Criminal Conspirators for Hacking Yahoo and Millions of Email Accounts

FSB Officers Protected, Directed, Facilitated and Paid Criminal Hackers

Karim Taloverov, arrested in Canada

A grand jury in the Northern District of California has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for computer hacking, economic espionage and other criminal offenses in connection with a conspiracy, beginning in January 2014, to access Yahoo’s network and the contents of webmail accounts. The defendants are Dmitry Aleksandrovich Dokuchaev, 33, a Russian national and resident; Igor Anatolyevich Sushchin, 43, a Russian national and resident; Alexsey Alexseyevich Belan, aka “Magg,” 29, a Russian national and resident; and Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22, a Canadian and Kazakh national and a resident of Canada.

The defendants used unauthorized access to Yahoo’s systems to steal information from about at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies. One of the defendants also exploited his access to Yahoo’s network for his personal financial gain, by searching Yahoo user communications for credit card and gift card account numbers, redirecting a subset of Yahoo search engine web traffic so he could make commissions and enabling the theft of the contacts of at least 30 million Yahoo accounts to facilitate a spam campaign.

The charges were announced by Attorney General Jeff Sessions of the U.S. Department of Justice, Director James Comey of the FBI, Acting Assistant Attorney General Mary McCord of the National Security Division, U.S. Attorney Brian Stretch for the Northern District of California and Executive Assistant Director Paul Abbate of the FBI’s Criminal, Cyber, Response and Services Branch.

“Cyber crime poses a significant threat to our nation’s security and prosperity, and this is one of the largest data breaches in history,” said Attorney General Sessions. “But thanks to the tireless efforts of U.S. prosecutors and investigators, as well as our Canadian partners, today we have identified four individuals, including two Russian FSB officers, responsible for unauthorized access to millions of users’ accounts. The United States will vigorously investigate and prosecute the people behind such attacks to the fullest extent of the law.”

“Today we continue to pierce the veil of anonymity surrounding cyber crimes,” said Director Comey. “We are shrinking the world to ensure that cyber criminals think twice before targeting U.S. persons and interests.”

“ The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI’s point of contact in Moscow on cybercrime matters, is beyond the pale,” said Acting Assistant Attorney General McCord. “Once again, the Department and the FBI have demonstrated that hackers around the world can and will be exposed and held accountable. State actors may be using common criminals to access the data they want, but the indictment shows that our companies do not have to stand alone against this threat. We commend Yahoo and Google for their sustained and invaluable cooperation in the investigation aimed at obtaining justice for, and protecting the privacy of their users.”

“This is a highly complicated investigation of a very complex threat. It underscores the value of early, proactive engagement and cooperation between the private sector and the government,” said Executive Assistant Director Abbate. “The FBI will continue to work relentlessly with our private sector and international partners to identify those who conduct cyber-attacks against our citizens and our nation, expose them and hold them accountable under the law, no matter where they attempt to hide.”

“Silicon Valley’s computer infrastructure provides the means by which people around the world communicate with each other in their business and personal lives. The privacy and security of those communications must be governed by the rule of law, not by the whim of criminal hackers and those who employ them. People rightly expect that their communications through Silicon Valley internet providers will remain private, unless lawful authority provides otherwise. We will not tolerate unauthorized and illegal intrusions into the Silicon Valley computer infrastructure upon which both private citizens and the global economy rely,” said U.S. Attorney Stretch. “Working closely with Yahoo and Google, Department of Justice lawyers and the FBI were able to identify and expose the hackers responsible for the conduct described today, without unduly intruding into the privacy of the accounts that were stolen. We commend Yahoo and Google for providing exemplary cooperation while zealously protecting their users’ privacy.”

Summary of Allegations

According to the allegations of the Indictment:

The FSB officer defendants, Dmitry Dokuchaev and Igor Sushchin, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere. In the present case, they worked with co-defendants Alexsey Belan and Karim Baratov to obtain access to the email accounts of thousands of individuals.

Belan had been publicly indicted in September 2012 and June 2013 and was named one of FBI’s Cyber Most Wanted criminals in November 2013. An Interpol Red Notice seeking his immediate detention has been lodged (including with Russia) since July 26, 2013. Belan was arrested in a European country on a request from the U.S. in June 2013, but he was able to escape to Russia before he could be extradited.

Instead of acting on the U.S. government’s Red Notice and detaining Belan after his return, Dokuchaev and Sushchin subsequently used him to gain unauthorized access to Yahoo’s network. In or around November and December 2014, Belan stole a copy of at least a portion of Yahoo’s User Database (UDB), a Yahoo trade secret that contained, among other data, subscriber information including users’ names, recovery email accounts, phone numbers and certain information required to manually create, or “mint,” account authentication web browser “cookies” for more than 500 million Yahoo accounts.

Belan also obtained unauthorized access on behalf of the FSB conspirators to Yahoo’s Account Management Tool (AMT), which was a proprietary means by which Yahoo made and logged changes to user accounts. Belan, Dokuchaev and Sushchin then used the stolen UDB copy and AMT access to locate Yahoo email accounts of interest and to mint cookies for those accounts, enabling the co-conspirators to access at least 6,500 such accounts without authorization.

Some victim accounts were of predictable interest to the FSB, a foreign intelligence and law enforcement service, such as personal accounts belonging to Russian journalists; Russian and U.S. government officials; employees of a prominent Russian cybersecurity company; and numerous employees of other providers whose networks the conspirators sought to exploit. However, other personal accounts belonged to employees of commercial entities, such as a Russian investment banking firm, a French transportation company, U.S. financial services and private equity firms, a Swiss bitcoin wallet and banking firm and a U.S. airline.

During the conspiracy, the FSB officers facilitated Belan’s other criminal activities, by providing him with sensitive FSB law enforcement and intelligence information that would have helped him avoid detection by U.S. and other law enforcement agencies outside Russia, including information regarding FSB investigations of computer hacking and FSB techniques for identifying criminal hackers. Additionally, while working with his FSB conspirators to compromise Yahoo’s network and its users, Belan used his access to steal financial information such as gift card and credit card numbers from webmail accounts; to gain access to more than 30 million accounts whose contacts were then stolen to facilitate a spam campaign; and to earn commissions from fraudulently redirecting a subset of Yahoo’s search engine traffic.

When Dokuchaev and Sushchin learned that a target of interest had accounts at webmail providers other than Yahoo, including through information obtained as part of the Yahoo intrusion, they tasked their co-conspirator, Baratov, a resident of Canada, with obtaining unauthorized access to more than 80 accounts in exchange for commissions. On March 7, the Department of Justice submitted a provisional arrest warrant to Canadian law enforcement authorities, requesting Baratov’s arrest. On March 14, Baratov was arrested in Canada and the matter is now pending with the Canadian authorities.

An indictment is merely an accusation, and a defendant is presumed innocent unless proven guilty in a court of law.

The FBI, led by the San Francisco Field Office, conducted the investigation that resulted in the charges announced today. The case is being prosecuted by the U.S. Department of Justice National Security Division’s Counterintelligence and Export Control Section and the U.S. Attorney’s Office for the Northern District of California, with support from the Justice Department’s Office of International Affairs.

Defendants: At all times relevant to the charges, the Indictment alleges as follows:

- Dmitry Aleksandrovich Dokuchaev, 33, was an officer in the FSB Center for Information Security, aka “Center 18.” Dokuchaev was a Russian national and resident.

- Igor Anatolyevich Sushchin, 43, was an FSB officer, a superior to Dokuchaev within the FSB, and a Russian national and resident. Sushchin was embedded as a purported employee and Head of Information Security at a Russian investment bank.

- Alexsey Alexseyevich Belan, aka “Magg,” 29, was born in Latvia and is a Russian national and resident. U.S. Federal grand juries have indicted Belan twice before, in 2012 and 2013, for computer fraud and abuse, access device fraud and aggravated identity theft involving three U.S.-based e-commerce companies and the FBI placed Belan on its “Cyber Most Wanted” list. Belan is currently the subject of a pending “Red Notice” requesting that Interpol member nations (including Russia) arrest him pending extradition. Belan was also one of two criminal hackers named by President Barack Obama on Dec. 29, 2016, pursuant to Executive Order 13694, as a Specially Designated National subject to sanctions.

- Karim Baratov, aka “Kay,” “Karim Taloverov” and “Karim Akehmet Tokbergenov,” 22. He is a Canadian and Kazakh national and a resident of Canada.

Victims: Yahoo; more than 500 million Yahoo accounts for which account information about was stolen by the defendants; more than 30 million Yahoo accounts for which account contents were accessed without authorization to facilitate a spam campaign; and at least 18 additional users at other webmail providers whose accounts were accessed without authorization.

Time Period: As alleged in the Indictment, the conspiracy began at least as early as 2014 and, even though the conspirators lost their access to Yahoo’s networks in September 2016, they continued to utilize information stolen from the intrusion up to and including at least December 2016.

Crimes:

Count(s)	Defendant(s)	Charge	Statute 18 U.S.C.	Conduct	Maximum Penalty
1	All	Conspiring to commit computer fraud and abuse	§ 1030(b)	Defendants conspired to hack into the computers of Yahoo and accounts maintained by Yahoo, Google and other providers to steal information from them. First, Belan gained access to Yahoo’s servers and stole information that allowed him, Dokuchaev, and Sushchin to gain unauthorized access to individual Yahoo user accounts. Then, Dokuchaev and Sushchin tasked Baratov with gaining access to individual user accounts at Google and other Providers (but not Yahoo) and paid Baratov for providing them with the account passwords. In some instances, Dokuchaev and Sushchin tasked Baratov with targeting accounts that they learned of through access to Yahoo’s UDB and AMT (e.g., Gmail accounts that served as a Yahoo user’s secondary account).	10 years
2	Dokuchaev Sushchin Belan	Conspiring to engage in economic espionage	§ 1831(a)(5)	Starting on Nov. 4, 2014, Belan stole, and the defendants thereafter transferred, received and possessed the following Yahoo trade secrets: the Yahoo UDB, which was proprietary and confidential Yahoo technology and information, including subscriber names, secondary accounts, phone numbers, challenge questions and answers; the AMT, Yahoo’s interface to the UDB; and Yahoo’s cookie “minting” source code, which enabled the defendants to manufacture account cookies to then gain access to individual Yahoo user accounts.	15 years
3	Dokuchaev Sushchin Belan	Conspiring to engage in theft of trade secrets	§ 1832(a)(5)	See Count 2	10 years
4-6	Dokuchaev Sushchin Belan	Economic espionage	§§ 1831(a)(1), (a)(4), and 2	See Count 2	15 years (each count)
7-9	Dokuchaev Sushchin Belan	Theft of trade secrets	§§ 1832(a)(1), and 2	See Count 2	10 years (each count)
10	Dokuchaev Sushchin Belan	Conspiring to commit wire fraud	§ 1349	The defendants fraudulently schemed to gain unauthorized access to Yahoo’s network through compromised Yahoo employee accounts and then used the Yahoo trade secrets to gain unauthorized access to valuable non-public information in individual Yahoo user accounts.	20 years
11-13	Dokuchaev Sushchin Belan	Accessing (or attempting to access) a computer without authorization to obtain information for the purpose of commercial advantage and private financial gain.	§§ 1030(a)(2)(C), 1030(c)(2)(B)(i)-(iii), and 2	The defendants gained unauthorized access to Yahoo’s corporate network and obtained information regarding Yahoo’s network architecture and the UDB.	5 years (each count)
14-17	Dokuchaev Sushchin Belan	Transmitting code with the intent to cause damage to computers.	§§ 1030(a)(5)(A), 1030(c)(4)(B), and 2	During the course of their unauthorized access to Yahoo’s network, the defendants transmitted code on Yahoo’s network in order to maintain a persistent presence, to redirect Yahoo search engine users and to mint cookies for individual Yahoo accounts.	10 years (each count)
18-24	Dokuchaev Sushchin Belan	Accessing (or attempting to access) a computer without authorization to obtain information for the purpose of commercial advantage and private financial gain.	§§ 1030(a)(2)(C), 1030(c)(2)(B)(i)-(iii), and 2	Defendants obtained unauthorized access to individual Yahoo user accounts.	5 years (each count)
25-36	Dokuchaev Sushchin Belan	Counterfeit access device fraud	§§ 1029(a)(1), 1029(b)(1), and 2	Defendants used minted cookies to gain unauthorized access to individual Yahoo user accounts.	10 years (each count)
37	Dokuchaev Sushchin Belan	Counterfeit access device making equipment	§§ 1029(a)(4)	Defendants used software to mint cookies for unauthorized access to individual Yahoo user accounts.	15 years
38	Dokuchaev Sushchin Baratov	Conspiring to commit access device fraud	§§ 1029(b)(2)	Defendants Dokuchaev and Sushchin tasked Baratov with gaining unauthorized access to individual user accounts at Google and other Providers and then paid Baratov for providing them with the account passwords. In some instances, Dokuchaev and Sushchin tasked Baratov with targeting accounts that they learned of through access to Yahoo’s UDB and AMT (e.g., Gmail accounts that served as a Yahoo user’s secondary account).	7 ½ years.
39	Dokuchaev Sushchin Baratov	Conspiring to commit wire fraud	§ 1349	See Count 38	20 years
40-47	Dokuchaev Baratov	Aggravated identity theft	§ 1028A(a)(1)	See Count 38	2 years

Dmitri Dokuchae et al Indictment Redacted

17-278

National Security Division (NSD)

USAO – California, Northern

Topic:

Counterintelligence and Export Control

Updated March 15, 2017

Plan to Destroy N. Korea Missile Nuclear Program

Posted on March 14, 2017March 14, 2017 by Denise Simon

Report: Japan’s Largest Warship Heading to South China Sea, Will Train With U.S., Indian Navies

Izumo is one of two helicopter carriers the Japanese have built for the stated claim of anti-submarine warfare and humanitarian aid and disaster relief operations. The ship entered into service in 2015 and its sister ship Kaga is set to commission this year.

Both ships field seven Mitsubishi-built SH-60k ASW helicopters and seven AgustaWestland MCM-101 mine countermeasure (MCM) helicopters, according to U.S. Naval Institute’s Combat Fleets of the World. Both ships can also accommodate U.S. Marine Corps MV-22 Osprey tilt-rotor aircraft.

Japanese officials have said the threat of an expanded Chinese submarine fleet was a key driver of Japan developing the ship class.

Izumo’s ASW capability fits in with the goals of Malabar 2017 trilateral exercise with India and the U.S., according to a December interview with U.S. 7^th Fleet commander Adm. Joseph Aucoin with the Press Trust of India.

Aucoin promised a larger and more complex ASW exercise in 2017 that would combine new capabilities of the Indian and U.S. forces in the region – like the Indian and U.S. P-8A and Indian P-8I ASW aircraft.

Beijing, for its part, has been vocally opposed to Japan operating warships in the South China Sea and leaned on memories of Imperial Japanese actions in World War II.

Meanwhile:

Side-by-Side

The aircraft carrier USS Carl Vinson conducts a replenishment at sea with the fleet replenishment oiler USNS Tippecanoe in the South China Sea, March 5, 2017. Navy photo by Petty Officer 2nd Class Sean M. Castellan.

***

The United States will permanently station attack drones in South Korea, the US military announced.

The announcement came a week after North Korea shot off four ballistic missiles into the Sea of Japan, also known as the East Sea, and while the US and South Korea are conducting their annual joint military exercises.

“The stationing of this company, which will be assigned to the 2nd Combat Aviation Brigade of the 2nd Infantry Division, directly supports the US Army’s strategic plan to add one Gray Eagle company to each division in the Army,” USFK said in a news release.

“The UAS adds significant intelligence, surveillance and reconnaissance capability to US Forces Korea and our ROK (Republic of Korea) partners.” More here from CNN.

*** The conditions in N. Korea and the plan? Military planners are beginning to consider the unthinkable — a first-strike targeting North Korea’s nuclear facilities

North Korea has been developing nuclear weapons now for more than two decades. A number of international diplomatic efforts slowed this progress, but the last such program failed in 2009. The country which calls itself the Democratic People’s Republic of Korea (DPRK), tested its first nuclear weapon in 2006. Since then the DPRK has accelerated its progress, testing new nuclear devices in 2009, 2013, and then two more last year.

The explosive yields on these bombs have been small (for nuclear weapons) however, analysts believe this points to a disturbing possibility– that North Korea is attempting to build miniaturized nuclear warheads. While its propaganda channels already claim to have achieved this capacity, the DPRK’s nuclear test program seems to be a step-by-step approach to building nuclear missiles.

Concurrent to its nuclear program, North Korea has also forged ahead with the testing of new missile types. Among these, are the Taepodong-2 intercontinental ballistic missile (ICBM), theoretically capable of reaching the west coast of the United States, as well as the Scud-derived Hwasong and Rodong missiles, which were tested this week, and have a strike range which threatens regional US allies such as South Korea and Japan. One final, and perhaps most worrying threat is the Pukkuksong-1 submarine-launched ballistic missile (SLBM) which can be launched from beneath the waves.

Clearly, the country is hell-bent on creating the ability to launch a nuclear attack. The likely reason for this is to function as a so-called “nuclear deterrent.” Should an adversarial nation such as the US or South Korea attempt to attack the North, they can retaliate with nuclear weapons and make such an attack too costly to be considered. Assuming this, all intentional diplomatic efforts have gone into trying to prevent it.

Unfortunately, they have failed.

“Many analysts believe that North Korea already has the capability to place a nuclear weapon on top of a Rodong missile, so South Korea and Japan are already threatened by a possible North Korean nuclear strike,” says Scott Snyder, Director of the Program on U.S.-Korea Policy at the Council on Foreign Relations.

John Schilling, an expert on missile technology from DPRK analysis portal 38 North also supports this view.

“North Korea is probably capable of mounting atomic warheads in the Scud-ER and similar Rodong missiles today, giving them a credible deterrent against South Korea and Japan. The history of their nuclear testing suggests a focused effort at developing lightweight atomic weapons, with consistent results in the last few tests pointing to at least one warhead design having achieved high reliability. Almost certainly this warhead will fit their existing missiles,” he explains.

Even using the small-yield devices so far developed by the DPRK, a nuclear first strike, if successful could easily kill millions in north Asia, and cripple the global economy. Given this, the US and its regional allies are taking defensive measures.

The most talked up of these is the US deployment this week of the Terminal High Altitude Area Defense (THAAD) system to South Korea. This anti-ballistic missile system fires its own missiles to intercept incoming threats before they hit their targets. It is combined with other systems in use including Aegis and Patriot to provide a measure of breathing room. But in a real war, it might not be sufficient.

“THAAD, Aegis, and Patriot are all capable of engaging multiple targets simultaneously, and will probably destroy most missiles aimed at South Korea or Japan. With nuclear warheads on some of those missiles, ‘most’ may not be enough,” says Schilling.

With the situation growing ever more dire, military planners are beginning to consider the unthinkable – a first-strike targeting North Korea’s nuclear facilities. This would theoretically cripple the country’s nuclear weapons production and would buy time for a more congenial government to come to power in Pyongyang.

To say such an action would be difficult and risky however would be a massive understatement.

Some North Korean nuclear sites, such as the Yongbyon nuclear complex are above ground and would be relatively easy to destroy. Other sites, however, are likely located in hardened underground shelters, meaning that a large strike element would be necessary.

“Much of the Yongbyon nuclear complex could be destroyed by air attacks — aircraft and/or cruise missiles. But underground facilities first have to be found and then have to be struck by precision munitions — finding things is the potentially difficult part — North Korea denies a lot of information to the outside world,” says Bruce W. Bennet, a senior defense researcher at RAND Corporation.

“A major attack against those facilities almost certainly cannot be done without starting a wider conflict.”

Even if nuclear weapons are not used, North Korea has enough artillery aimed at South Korea to all but level the capital Seoul and cause hundreds of thousands of casualties.

Scott Snyder agrees that such a first-strike would likely lead to a disastrous war.

“The United States could not strike North Korean nuclear facilities without running the risk of nuclear disaster. Pre-emptive options plausibly might be used to strike North Korean missile sites but North Korea would likely retaliate to such strikes,” he says.

Alternative options such as information operations aiming to destabilize the North Korean regime could be more attractive, as would be additional diplomatic pressure by China. But this itself could leave the DPRK’s leadership feeling even more under siege and may precipitate yet more irrational behavior.

The situation on the Korean Peninsula remains one of the greatest challenges currently facing the international community. With the DPRK preparing for what looks like yet another nuclear test, countries in the region, and major powers like the US and China need to present a united front in order to deter aggression and work together on a possible solution. The only other alternative would be war. More here.

*** In 2013 it was reported: North Korea is reported to have more than thousand missiles of varying capabilities, ranging from short-range (120 km and above) to long-range (greater than 5,500km). The country is believed to have developed its missile programme from Scuds, which it received from Egypt in 1970s. The following decade saw North Korea build its own Scuds – the Hwasong-5 and Hwasong-6, and a medium-range missile, the Nodong. These technologies are said to have been extensively used by the country in building its long-range missile, Taepodong.

***

A greater concern than multiple Scud-type missiles would be if North Korea proved the ability to fire simultaneous salvos of other types of missiles that could carry heavier payload, said one U.S. official, speaking on the condition of anonymity.

North Korea theoretically had enough launchers to send at least 36 ballistic missiles of various types at the same time, said Joseph S. Bermudez, a strategic advisor at Allsource Analysis Inc and contributor to the 38 North Korea monitoring project. More here including comprehensive details on THAAD.

Vault 7 Breach the Worst Yet or this Military Holy Grail Breach?

Posted on March 13, 2017March 13, 2017 by Denise Simon

Image result for security clearance cyber briefings

Do we have a concept of the insider threat condition within government with emphasis added on contractors within the intelligence community? Anyone? Combined with stupidity, lax security measures, no passwords and dated software platforms, is there anything left our adversaries don’t know by now?

Referencing Vault 7 and the CIA, the agency has agreements with several outside contractor firms. The employees of those firms have a much lower standard of security, behavior and access than that of the CIA. The agency holds contracts with 5 major outside firms that do 80% of the private contract work to include Booz, Allen and Hamilton. The next logical question is who else besides the CIA holds private contract work agreements, DNI, Defense Department, Geo-Spatial, NSA? Yes.

Where does one begin to document cyber vulnerabilities and how to close those gaps immediately and at what cost? Meanwhile little is being reported about NSA documents thief Harold Martin.

US military leak exposes ‘holy grail’ of security clearance files

Exclusive: These security clearance applications contain sensitive personal information, and are highly valuable to foreign adversaries seeking to undermine US national security.

ZDNet: A unsecured backup drive has exposed thousands of US Air Force documents, including highly sensitive personnel files on senior and high-ranking officers.

Security researchers found that the gigabytes of files were accessible to anyone because the internet-connected backup drive was not password protected.

The files, reviewed by ZDNet, contained a range of personal information, such as names and addresses, ranks, and Social Security numbers of more than 4,000 officers. Another file lists the security clearance levels of hundreds of other officers, some of whom possess “top secret” clearance, and access to sensitive compartmented information and codeword-level clearance.

Phone numbers and contact information of staff and their spouses, as well as other sensitive and private personal information, were found in several other spreadsheets.

The drive is understood to belong to a lieutenant colonel, whose name we are not publishing. ZDNet reached out to the officer by email but did not hear back.

The data was secured last week after a notification by MacKeeper security researcher Bob Diachenko.

Among the most damaging documents on the drive included the completed applications for renewed national security clearances for two US four-star generals, both of whom recently had top US military and NATO positions.

Both of these so-called SF86 applications contain highly sensitive and detailed information, including financial and mental health history, past convictions, relationships with foreign nationals, and other personal information.

These completed questionnaires are used to determine a candidate’s eligibility to receive classified material.

Several national security experts and former government officials we spoke to for this story described this information as the “holy grail” for foreign adversaries and spies, and said that it should not be made public.

For that reason, we are not publishing the names of the generals, who have since retired from service.

Nevertheless, numerous attempts to contact the generals over the past week went unreturned.

“Some of the questions ask for information that can be very personal, as well as embarrassing,” said Mark Zaid, a national security attorney, in an email. The form allows prospective applicants to national security positions to disclose arrests, drug and alcohol issues, or mental health concerns, among other things, said Zaid.

Completed SF86 forms aren’t classified but are closely guarded. These were the same kinds of documents that were stolen in a massive theft of sensitive files at the Office of Personnel Management, affecting more than 22 million government and military employees.

“Even if the SF86 answers are innocuous, because of the personal information within the form there is always the risk of identity theft or financial fraud that could harm the individual and potentially compromise them,” said Zaid.

One spreadsheet contained a list of officers under investigation by the military, including allegations of abuses of power and substantiated claims of wrongdoing, such as wrongfully disclosing classified information.

A former government official, who reviewed a portion of the documents but did not want to be named, said that the document, in the wrong hands, provided a “blueprint” for blackmail.

Even officers who have left in recent years may still be vulnerable to coercion if they are still trusted with historical state secrets.

“Foreign powers might use that information to target those individuals for espionage or to otherwise monitor their activity in the hopes of gaining insight into US national security posture,” said Susan Hennessey, a Brookings fellow and a former attorney at the National Security Agency.

Government officials use the form as a screening mechanism, said Hennessey, but it also offers applicants the chance to inform the government of past indiscretions or concerns that eliminate the possibility of blackmail in the future, she added. “These are people whose lives can depend on sensitive information being safeguarded, so the notion they would fail to put country over self in that kind of circumstance is far-fetched and supported by relatively few historical examples,” she said.

“Still, it is the obligation of the government to keep this kind of information safe, both in order to protect the privacy of those who serve and their families and to protect them against being placed in difficult situations unnecessarily,” said Hennessey.

Though many of the files were considered “confidential” or “sensitive,” a deeper keyword-based search of the files did not reveal any material marked as classified.

A completed passport application for one of the generals was also found in the same folder, as well as scans of his own and his wife’s passports and driving licenses.

Other data included financial disclosures, bank account and routing information, and some limited medical information.

Another document purported to show the lieutenant colonel’s username and password for a sensitive internal Dept. of Defense system, used to check staff security clearances.

Another document listed the clearance levels of one of the generals.

And, a smaller spreadsheet contained a list of Social Security numbers, passport numbers, and other contact information on high-profile figures and celebrities, including Channing Tatum.

The records were collected in relation to a six-day tour to Afghanistan by Tatum in 2015. An email to Tatum’s publicist went unreturned.

The drive also contained several gigabytes of Outlook email files, covering years worth of emails. Another document purported to be a backup.

Nevertheless, this would be the second breach of military data in recent months.

Potomac, a Dept. of Defense subcontractor, was the source of a large data exposure of military personnel files of physical and mental health support staff. Many of the victims involved in the data leak are part of the US Special Operations Command (SOCOM), which includes those both formerly employed by US military branches, such as the Army, Navy, and Air Force, and those presumably still on active deployment.

It’s not known how long the backup drive was active. Given that the device was public and searchable, it’s not known if anyone other than the security researchers accessed the files.

The Office of Personnel Management, which processes security clearance applications, referred comment to the Pentagon.

A Pentagon spokesperson would not comment in an email Monday.