Who is hosting the Hacker’s Servers?

Posted on April 10, 2015April 10, 2015 by Denise Simon

State report reveal 130 compromised websites used in travel-related watering hole attacks

By Bill Gertz

One hundred thirty websites are hosting malicious software on their websites in what the State Department is calling a sophisticated Russian cyber spying operation, according to security analysts.
“These websites include news services, foreign embassies and local businesses that were compromised by threat actors to serve as ‘watering holes,’” according to a report by the Overseas Security Advisory Council distributed this week. A watering hole is a hijacked website used by cyber attackers to deliver malware to unsuspecting victims.
“For example, users may navigate to one of these malicious sites with the intent of checking travel requirements or the status of a visa application and unknowingly download the embedded malware onto their computers,” the report said.
The report identified the locations of the compromised websites as the United States, South America, Europe, Asia, India and Australia.
The report appears to indicate Russian intelligence may be behind the operations. Also, none of the compromised websites are in China, an indication that Beijing’s hackers could be involved.
A total of 15 of the 130 websites used for watering holes were government embassy websites located in Washington, DC, and two were involved in passport and visa services and others are offering travel services.
The embassy targeting suggests some or all of the operations are linked to foreign intelligence services that are breaking into the networks as part of tracking and monitoring of foreign travel.
Another possibility is that the operation are part of information warfare efforts designed to influence policies and publics. Both Russia and China are engaged in significant strategic information operations targeting foreign governments and the private sector.
“The threat actors are likely attempting to gather information from entities with vested interests in international operations,” the report said. “Identified victims in this sector include embassies, defense industrial base groups, and think tanks.”
The report, based on data provided by the security firm iSight Partners, says the watering holes are likely part of cyber espionage operations.
“Analysis indicates this campaign has a global reach, continuing to target users of identified intelligence value long after the initial infection,” the report says.
The compromised websites are increasingly functioning as indirect malicious software attack tools. The compromised sites represent a different method than widely used spear phishing – the use of emails to trigger malicious software downloads.
“Rather than send a malicious email directly to a target of interest, threat actors research and compromise a high-traffic website that will likely be visited by numerous targets of interest,” the report said.
“Watering holes are effective, as they often exploit existing vulnerabilities on a user’s machine,” the report said. More sophisticated threat actors have been observed employing zero-day exploits – those which are previously unknown and evade antivirus and intrusion detection systems (IDS) to successfully compromise victims. Zero-days were used in the widely publicized Forbes.com watering hole in late 2014.”
The hijacked websites appear to be part of a campaign spanning 26 upper-level Internet domains and include affiliations with 21 nations and the European Union.
According to iSight, evidence suggests the campaign is “likely tied to cyber espionage operations with a nexus to the Russian Federation.”
The compromised government websites included those from Afghanistan, Iraq, Jordan, Namibia, Qatar and Zambia. The report recommended not visiting any of those embassy websites or risk being infected with malware.
Technically, the attackers arranged for computer users who visited the compromised websites to be infected with an embedded JavaScript that redirected users to a Google-shortened URL, and then on to websites the mapped their computer systems. This “profiling” is used by cyber spies to identify valuable targets and control that specific victims who are injected with a malware payload.
The profiling is used to identify targets that will produce “high intelligence value” returns, indicating sophisticated cyber spies are involved. The infection also employed a technique called the use of “evercookie” a derivative of the small files that are inserted on computers and can be used by remote servers to tailor information, such as advertisements, to specific user.
While normal cookies can be easily removed, evercookies store data in multiple locations, a method that makes them extremely difficult to find and removed. The use of evercookies also permits long-term exploitation by cyber attackers.
To counter watering hole attacks, users should make sure system and software security updates are applied, and avoid visiting suspicious websites.
In particular, network monitoring should be used to spot unusual activities, specifically geared toward attacks that exploit zero-day vulnerabilities.
“The threat of watering holes is likely to remain high, given their increasing popularity and success in the last year,” the report said.
The report, “Compromised Global Websites Target Unsuspecting Travelers,” was produced by OSAC’s Research & Information Support Center (RISC). It is available for OSAC members at osac.gov. *** But there is more.

SAN FRANCISCO (Reuters) – Hacking attacks that destroy rather than steal data or that manipulate equipment are far more prevalent than widely believed, according to a survey of critical infrastructure organizations throughout North and South America.

The poll by the Organization of American States, released on Tuesday, found that 40 percent of respondents had battled attempts to shut down their computer networks, 44 percent had dealt with bids to delete files and 54 percent had encountered “attempts to manipulate” their equipment through a control system.

Those figures are all the more remarkable because only 60 percent of the 575 respondents said they had detected any attempts to steal data, long considered the predominant hacking goal.

By far the best known destructive hacking attack on U.S. soil was the electronic assault last year on Sony Corp’s Sony Pictures Entertainment, which wiped data from the Hollywood fixture’s machines and rendered some of its internal networks inoperable.

The outcry over that breach, joined by President Barack Obama, heightened the perception that such destruction was an unusual extreme, albeit one that has been anticipated for years.

Destruction of data presents little technical challenge compared with penetrating a network, so the infrequency of publicized incidents has often been ascribed to a lack of motive for attackers.

Now that hacking tools are being spread more widely, however, more criminals, activists, spies and business rivals are experimenting with such methods.

“Everyone got outraged over Sony, but far more vulnerable are these services we depend on day to day,” said Adam Blackwell, secretary of multidimensional security at the Washington, D.C.-based group of 35 nations.

The survey went to companies and agencies in crucial sectors as defined by the OAS members. Almost a third of the respondents were public entities, with communications, security and finance being the most heavily represented industries.

The questions did not delve into detail, leaving the amount of typical losses from breaches and the motivations of suspected attackers as matters for speculation. The survey-takers were not asked whether the attempted hacks succeeded, and some attacks could have been carried off without their knowledge.

The survey did allow anonymous participants to provide a narrative of key events if they chose, although those will not be published.

Blackwell told Reuters that one story of destruction involved a financial institution. Hackers stole money from accounts and then deleted records to make it difficult to reconstruct which customers were entitled to what funds.

“That was a really important component” of the attack, Blackwell said.

In another case, thieves manipulated equipment in order to divert resources from a company in the petroleum industry.

Blackwell said that flat security budgets and uneven government involvement could mean that criminal thefts of resources, such as power, could force blackouts or other safety threats.

At security company Trend Micro Inc. , which compiled the report for the OAS, Chief Cybersecurity Officer Tom Kellermann said additional destructive or physical attacks came from political activists and organized crime groups.

“We are facing a clear and present danger where we have non-state actors willing to destroy things,” he said. “This is going to be the year we suffer a catastrophe in the hemisphere, and when you will see kinetic response to a threat actor.”

So-called “ransomware,” which encrypts data files and demands payment be sent to remote hackers, could also have been interpreted as destructive, since it often leaves information unrecoverable.

A spokesman for the U.S. Department of Homeland Security, SY Lee, said the department did not keep statistics on how often critical U.S. institutions are attacked or see destructive software and would not “speculate” on whether 4 out of 10 seeing deletion attempts would be alarming.

U.S. political leaders cite attacks on critical infrastructure as one of their greatest fears, and concerns about protecting essential manufacturers and service providers drove a recent executive order and proposed legislation to encourage greater information-sharing about threats between the private sector and government.

Yet actual destructive attacks or manipulation of equipment are infrequently revealed. That is in part because breach-disclosure laws in more than 40 states center on the potential risks to consumers from the theft of personal information, as with hacks of retailers including Home Depot Inc and Target Corp.

Under Securities and Exchange Commission guidelines, publicly traded companies must disclose breaches with a potential material financial impact, but many corporations can argue that even deletion of internal databases, theft and manipulation of equipment are not material.

Much more is occurring at vital facilities behind the scenes, and that is borne out by the OAS report, said Chris Blask, who chairs the public-private Information Sharing and Analysis Center for cybersecurity issues with the industrial control systems that automate power, manufacturing and other processes.

“I don’t think the public has any appreciation for the scale of attacks against industrial systems,” Blask said. “This happens all the time.”

Russian Aggression Noticed Globally

Posted on April 9, 2015April 9, 2015 by Denise Simon

The West has gone back to the future, Cold War conditions when it comes to Russia. When it comes to Ukraine, the media refers to the conflict as coming from Russian separatists, this is a misnomer, they are ‘Soviet’ loyalists.

US aerospace command moving comms gear back to Cold War bunker

Washington (AFP) – The US military command that scans North America’s skies for enemy missiles and aircraft plans to move its communications gear to a Cold War-era mountain bunker, officers said.

The shift to the Cheyenne Mountain base in Colorado is designed to safeguard the command’s sensitive sensors and servers from a potential electromagnetic pulse (EMP) attack, military officers said.

The Pentagon last week announced a $700 million contract with Raytheon Corporation to oversee the work for North American Aerospace Command (NORAD) and US Northern Command.

Admiral William Gortney, head of NORAD and Northern Command, said that “because of the very nature of the way that Cheyenne Mountain’s built, it’s EMP-hardened.”

“And so, there’s a lot of movement to put capability into Cheyenne Mountain and to be able to communicate in there,” Gortney told reporters.

“My primary concern was… are we going to have the space inside the mountain for everybody who wants to move in there, and I’m not at liberty to discuss who’s moving in there,” he said.

The Cheyenne mountain bunker is a half-acre cavern carved into a mountain in the 1960s that was designed to withstand a Soviet nuclear attack. From inside the massive complex, airmen were poised to send warnings that could trigger the launch of nuclear missiles.

But in 2006, officials decided to move the headquarters of NORAD and US Northern Command from Cheyenne to Petersen Air Force base in Colorado Springs. The Cheyenne bunker was designated as an alternative command center if needed.

That move was touted a more efficient use of resources but had followed hundreds of millions of dollars worth of modernization work at Cheyenne carried out after the attacks of September 11, 2001.

Now the Pentagon is looking at shifting communications gear to the Cheyenne bunker, officials said.

“A lot of the back office communications is being moved there,” said one defense official.

Officials said the military’s dependence on computer networks and digital communications makes it much more vulnerable to an electromagnetic pulse, which can occur naturally or result from a high-altitude nuclear explosion.

Under the 10-year contract, Raytheon is supposed to deliver “sustainment” services to help the military perform “accurate, timely and unambiguous warning and attack assessment of air, missile and space threats” at the Cheyenne and Petersen bases.

Raytheon’s contract also involves unspecified work at Vandenberg Air Force Base in California and Offutt Air Force Base in Nebraska.

***

AMARI AIR BASE, Estonia – Russia is so close that the F-16 fighter pilots can see it on the horizon as they swoop down over a training range in Estonia in the biggest ever show of U.S. air power in the Baltic countries.

The simulated bombs release smoke on impact, but the M-61 cannon fires live ammunition, rattling the aircraft with a deafening tremor and shattering targets on the ground.

The four-week drill is part of a string of non-stop exercises by U.S. land, sea and air forces in Europe — from Estonia in the north to Bulgaria in the south — scaled up since last year to reassure nervous NATO allies after Russia’s military intervention in Ukraine. U.S. and Russian forces are now essentially back in a Cold War-style standoff, flexing their muscles along NATO’s eastern flank.

The saber-rattling raises the specter that either side could misinterpret a move by the other, triggering a conflict between two powers with major nuclear arsenals despite a sharp reduction from the Cold War era.

“A dangerous game of military brinkmanship is now being played in Europe,” said Ian Kearns, director of the European Leadership Network, a London-based think-tank. “If one commander or one pilot makes a mistake or a bad decision in this situation, we may have casualties and a high-stakes cycle of escalation that is difficult to stop.”

With memories of five decades of Soviet occupation still fresh, many in the Baltic countries find the presence of U.S. forces a comfort rather than a risk.

In recent months, Estonia, Latvia and Lithuania have seen hundreds of U.S. armored vehicles, tanks and helicopters arrive on their soil. With a combined population of just over 6 million, tiny armies and no combat aircraft or vehicles, the last time tanks rumbled through their streets was just over 20 years ago, when remnants of the Soviet army pulled out of the region.

The commander of Estonia’s tiny air force, Col. Jaak Tarien, described the roar of American F-16s taking off from Amari — a former Soviet air base — as “the sound of freedom.”

Normally based in Aviano, Italy, 14 fighter jets and about 300 personnel from the 510th Fighter Squadron are training together with the Estonians — but also the Swedish and Finnish air forces. Meanwhile, Spain’s air force is in charge of NATO’s rotating air patrols over the Baltic countries.

“A month-long air exercise with a full F-16 squadron and, at the same time, a Spanish detachment doing air policing; that is unprecedented in the Baltics,” said Tarien, who studied at the U.S. Air Force Academy in Colorado Springs.

In Moscow the U.S. Air Force drills just 60 miles from the Russian border are seen in a different light.

“It takes F-16 fighters just a few minutes to reach St. Petersburg,” Foreign Ministry spokesman Alexander Lukashevich said, referring to the major Russian port city on the Baltic Sea. He expressed concern that the ongoing exercise could herald plans to “permanently deploy strike aircraft capable of carrying nuclear weapons at the Russian border.”

Moscow also says the U.S. decision to deploy armored vehicles in Eastern Europe violates an earlier agreement between Russia and NATO.

American officials say their troop deployments are on a rotational basis.

Russia has substantially increased its own military activity in the Baltic Sea region over the past year, prompting complaints of airspace violations in Estonia, Finland and Sweden, and staged large maneuvers near the borders of Estonia and Latvia.

“Russia is threatening nearly everybody; it is their way,” said Mac Thornberry, the Republican chairman of the U.S. House Armed Services Committee, during a recent visit to Vilnius, the Lithuanian capital.

“They want to intimidate the Baltic states, Poland, Ukraine and Romania, country after country. And the question is, do you let the bully get away with that or do you stand up and say ‘no, you can threaten, but we will not allow you to run over us,'” Thornberry said.

The Pentagon has said that some 3,000 U.S. troops will be conducting training exercises in Eastern Europe this year. That’s a small number compared to the hundreds of thousands of U.S. troops that have been withdrawn from Europe since the days when the Iron Curtain divided the continent. But the fact that they are carrying out exercises in what used to be Moscow’s backyard makes it all the more sensitive; the Kremlin sees NATO’s eastward expansion as a top security threat.

During a symbolic visit to Estonia in September, U.S. President Barack Obama said that the defense of the Baltic capitals of Tallinn, Riga and Vilnius is just as important as defending Berlin, Paris and London — a statement warmly received in Estonia, a nation of 1.3 million and with a mere 5,500 soldiers on active duty.

Welcoming the U.S. fighter squadron to Estonia, U.S. Ambassador Jeffrey D. Levine said the air drill was needed “to deter any power that might question our commitment to Article 5” — NATO’s key principle of collective defense of its members.

On Wednesday, The Associated Press observed bombing and strafing drills at the Tapa training ground both from the ground and from the back seat of one of the two F-16s taking part.

On board the fighter jet, the pull of the G-force was excruciating as the pilot swooped down onto his target before brutally ascending to circle the range.

After dropping six practice bombs each, the two jets returned to Amari air base, flying so low over the flat Estonian countryside that they frequently had to gain altitude to avoid radio towers.

On the ground, Lt. Col. Christopher Austin, commander of the 510th Squadron, dismissed the risk of his pilots making any rash moves that could provoke a reaction from the Russians.

“We stay far enough away so that we don’t have to worry about any (border) zones or anything like that,” he said. “We don’t even think about it.”

30 Guilty Verdicts, Bomber did not Shed a Tear

Posted on April 8, 2015April 8, 2015 by Denise Simon

17 of the 30 charges carry the death penalty, and Jokar Tsarneav sat in the courtroom listening to each ‘guilty’ verdict being read for all charges. He showed no emotion. The jury was shown every piece of evidence, each video captured, including broken bodies.

Now that the trial is over, the sentencing phase begins as these are all Federal charges. Sentencing will commence next week.

A jihadi….

Legal council for Jokar is Ms. Judy Clarke, a 60-year-old lawyer based in San Diego, is defending Tsarnaev. A “master strategist” in death penalty cases, according to the New York Times, she has represented some of the most difficult clients in recent US history.

“She has stood up to the plate in the kinds of cases that bring the greatest disdain from the public,” as Gerald Goldstein, a Texas lawyer who knows her well, told the newspaper.

She represented Ted Kaczynski, known as the Unabomber, and al-Qaeda operative Zacarias Moussaoui. Another one of her clients, Jared Lee Loughner, shot and killed six people and wounded Congresswoman Gabrielle Giffords.

Profile: Who is Boston bomber Dzhokhar Tsarnaev?

Dzhokhar Tsarnaev has been found guilty of carrying out the 2013 Boston Marathon bombings, but what do we know about him?

A second-year medical student. An all-star wrestler. Recipient of a $2,500 (£1,635) scholarship for promising school children.

These are some of the superlatives that described the man behind the deadliest terror attack on US soil since 9/11.

Tsarnaev and his elder brother, Tamerlan, planted bombs close to the finish line of the Boston Marathon two years ago.

When the brothers’ bombs exploded on 15 April 2013, killing three and injuring over 260 people, friends of Tsarnaev expressed shock at the news and described him as a popular teenager.

The older brother was killed in shootout with police on 18 April. Tsarnaev fled the shootout and was captured a day later, after being found hiding a boat in the backyard of a house in Watertown – a suburb of Boston.

The brothers had been living in the Massachusetts town of Cambridge, home of the prestigious Harvard University. Tsarnaev attended the University of Massachusetts, and, according to his father, was studying medicine with aspirations of becoming a brain surgeon.

Ethnic Chechens, the family emigrated to the US in 2002.

Their route from the troubled Caucasus region of southern Russia to the US is not exactly clear.

They are thought to have lived in Kyrgyzstan, a Central Asian republic which is home to many Chechen refugees who were deported under Stalin. Tsarnaev is thought to have have been born there in 1994.

Chechnya is a predominantly Muslim area that has fought for full independence from Russian in the past.

The family was forced to flee to the neighbouring Russian republic of Dagestan after the Second Chechen War broke out in 1999.

Three years later, they made their way to the US. Tsarnaev became an American citizen in 2012.

Police vehicle — A large manhunt was launched in the days following the bombing

Shortly before the bombing, the brothers’ father, Anzor Tsarnaev, moved back to Dagestan following a divorce from his wife.

In the wake of the bombing, Anzor Tsarnaev told the BBC he believed the secret services had frame his sons.

Both had attended the Cambridge Rindge and Latin School.

Tsarnaev’s Facebook profile listed “Islam” as his world view and said his life goals as “career and money”. On the Russian social networking site VKontakte he was a member of various Chechen groups.

Rolling Stone’s decision to feature Mr Tsarnaev on its cover prompted an uproar

Shortly after the bombings, the brothers’ uncle, Ruslan Tsarni, said the brothers had “put shame on our family and on the entire Chechen ethnicity,” and noted that he had not seen his nephews since December 2005.

There had never been any apparent sign of “hatred toward the US” or else he would have turned them over to the police himself, he said.

He went on to describe the brothers as “being losers,” when asked what might have provoked the bombings.

“These are the only reasons I can imagine of. Anything else, anything else to do with religion, with Islam, it’s a fraud, it’s a fake,” he said.

DC was Hacked by Russians?

Posted on April 7, 2015April 7, 2015 by Denise Simon

So today there was a widespread power outage in Washington DC. The State Department, the Air and Space Museum, the Capitol building and even train stations were offline. Immediately officials came out early and said it was not terrorism.

Well that could depend on the definition of terrorism and who was behind it. Somehow the story turned to an explosion at a power station in Maryland. Humm, sounds like a hack of a portioned power grid, or does it? Even the White House is pointing to the Russians. Any other president would consider this an act of war.

How the U.S. thinks Russians hacked the White House

Washington (CNN)Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.

While the White House has said the breach only ever affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president’s schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say.

The White House in October said it noticed suspicious activity in the unclassified network that serves the executive office of the president. The system has been shut down periodically to allow for security upgrades.

The FBI, Secret Service and U.S. intelligence agencies are all involved in investigating the breach, which they consider among the most sophisticated attacks ever launched against U.S. government systems. The intrusion was routed through computers around the world, as hackers often do to hide their tracks, but investigators found tell-tale codes and other markers that they believe point to hackers working for the Russian government. A spokesman for the National Security Council declined to comment. Neither the U.S. State Department or the Russian immediately embassy responded to a request for comment.

To get to the White House, the hackers first broke into the State Department, investigators believe.

The State Department computer system has been bedeviled by signs that despite efforts to lock them out, the Russian hackers have been able to reenter the system. One official says the Russian hackers have “owned” the State Department system for months and it is not clear the hackers have been fully eradicated from the system.

As in many hacks, investigators believe the White House intrusion began with a phishing email that was launched using a State Department email account that the hackers had taken over, according to the U.S. officials.

Director of National Intelligence James Clapper, in a speech at an FBI cyberconference in January, warned government officials and private businesses to teach employees what “spear phishing” looks like.

“So many times, the Chinese and others get access to our systems just by pretending to be someone else and then asking for access, and someone gives it to them,” Clapper said.

Related: What is spear fishing?

The ferocity of the Russian intrusions in recent months caught U.S. officials by surprise, leading to a reassessment of the cybersecurity threat as the U.S. and Russia increasingly confront each other over issues ranging from the Russian aggression in Ukraine to the U.S. military operations in Syria.

The attacks on the State and White House systems is one reason why Clapper told a Senate hearing in February that the “Russian cyberthreat is more severe than we have previously assessed.”

The revelations about the State Department hacks also come amid controversy over former Secretary of State Hillary Clinton’s use of a private email server to conduct government business during her time in office. Critics say her private server likely was even less safe than the State system. The Russian breach is believed to have come after Clinton departed State.

But hackers have long made Clinton and her associates targets.

The website The Smoking Gun first reported in 2013 that a hacker known as Guccifer had broken into the AOL email of Sidney Blumenthal, a friend and advisor to the Clintons, and published emails Blumenthal sent to Hillary Clinton’s private account. The emails included sensitive memos on foreign policy issues and were the first public revelation of the existence of Hillary Clinton’s private email address now at the center of controversy: [email protected]. The address is no longer in use.

Iran Parameter Framework by the Numbers

Posted on April 3, 2015April 3, 2015 by Denise Simon

To see the Iran parameters framework by the numbers and with charts, click here.

In what represents the worst aspect of this flawed deal, Obama has placed responsibility for verification of the agreement back on the United Nations. This is a hazardous repeat of the flawed UN response to Iraq’s proliferation after the Gulf War. Simply put, the UN Security Council will have veto powers over anything Iranian and nuclear when it comes to verification. This gives Beijing, and even more Moscow, a critical lever over the process.

We’ve seen this movie before, with Iraq in the 1990s. Charles Duelfer, who led the UN’s nuclear inspection regime in Iraq from 1993 to 2000, has termed this the “fatal flaw” of Obama’s deal, and that may be charitable. Yeltsin’s Russia was not very cooperative about Baghdad’s nuclear game-playing, and we should expect Putin’s Kremlin, which is engaged in Cold War 2.0 against the West, to be anything but helpful.

While Tehran and Moscow have no love for each other, between mutual fear and loathing, they both hate the West more, and any deal that puts Putin’s Kremlin in a verification role over Iran’s nuclear program is a farce, not to mention a strategic delusion. At worst, this may give a strategic partnership between Russia and Iran, which has been growing slowly, a new life, with an explicitly anti-Western focus. None of this can be mistaken for good news for the West.

After years of painstaking effort, the Obama administration has managed to craft a framework agreement with Iran. In the next three months, this structure is meant to be filled out with details regarding the scale of Iran’s enrichment capacity and the stages of sanctions relief. If the devil is in the detail, much mischief may await us.

However, even before all this happens, the Iranian nuclear drama is proving to be one of the most curious arms control episodes in history. As the scale of American concessions becomes evident, the White House and its defenders seldom justify the emerging accord strictly on terms of the proliferation threat that remains. Their response is often limited to claiming that an admittedly imperfect agreement is still preferable to the alternatives. And the alternatives are usually painted in hysterical terms with Iran surging toward the bomb, the sanctions regime collapsing and an isolated United States helplessly watching all this unfold. Not for the first time, the Obama administration is demonstrating a poor understanding of Iran’s strategies, the resilience of the sanctions regime and the nature of the international system.

By this time the essential contours of the agreement are all obvious. The accord will leave Iran with a sizeable enrichment capacity and none of its facilities will be shuttered as was once contemplated. The agreement’s most important sunset clause will be 10 years upon whose expiration, all essential restriction on Iran’s enrichment infrastructure will collapse. In essence, Iran can then move toward an industrial-size nuclear program similar to that of Japan. This means that the Islamic Republic will be in a position to manufacture numerous bombs on short order. The ballistic missiles, which are an essential part of any nuclear weapons program, will be excluded from the deal. And previous Iranian experiments with the military dimension of nuclear energy are postponed from scrutiny. Thus, any verification regime will not be informed by the history of Iran’s clandestine program.

The proponents of this deal have to account for why they are not bothered by such a large residual enrichment capacity. Why do they think a sunset clause is a wise idea? Why do they believe ballistic missiles should be ignored and how can once craft an intrusive verification system that has no historical memory? An arms control agreement has to be justified first and foremost on technical grounds and whether it meets the essential non-proliferation standards.

The path that the proponents of this accord have chosen is to avoid such questions and take refuge in the world of ominous alternatives. One of their favorite talking points is to suggest that coercion has not forestalled Iran’s nuclear path and that since 2003 as sanctions were imposed Iran has gone from 200 to 19,000 centrifuges. They neglect to mention that only approximately 9,500 of those machines are operational. Thus, during this period Iran increased its capacity by an average of 800 centrifuges a year. Although this is hardly ideal it is not an unmanageable situation. The notion that without this agreement Iran would immediately surge to a bomb is belied by the evidence that the proponents of this accord present.

Beyond that what is often missed is that Iran’s ingenious strategy is to advance its program incrementally and not provocatively. Iran has always been cautious to step and not leap forward. This way as Iran’s program inches forward, the international community routinely accedes to its new gains. In absence of an agreement, Iran will certainly take measures to advance its program, but those moves are likely to be cautious and incremental so to avoid a military reaction.

It is often suggested that should there be breakdown in the talks, the sanctions regime will collapse. The European states and Asian powers will rush back into Iran in defiance of American prohibitions. This notion ignores the fact that U.S. sanctions are secondary in nature, meaning that if there is European bank or an Asian firm that wishes to invest in Iran then it will lose its access to the U.S. market. There is no way that such firms will risk losing access to a U.S. economy estimated at $16.8 trillion dollars for sake of an Iranian economy of $368 billion. To be frank, the U.S. sanctions can success even if there is a perception that they are unfair. That is one of the advantages of being a superpower with the largest economy in the world.

None of this means the Iran deal is beyond repair. In the next three months, Secretary of State John Kerry has an opportunity to craft an agreement that addresses some of the deficiencies of the framework accord. He may wish to reconsider the wisdom of such a shortened sunset clause. The need for Iran to come clean on all its previous attempts at nuclear weaponization is critical if the agreement is to have a reliable inspection regime. And the ballistic missiles that are already part of UN resolutions should be addressed as part of this agreement and not separately. Finally, there has to be a mechanism in place for how to deal with Iranian violations. The history of arms control suggests that violations are rarely prosecuted and reversed in a timely manner.

Should he do so, he would have forged a deal that reliably restrains Iran’s nuclear appetite, enjoys bipartisan support at home and is embraced by our allies in the region. And that agreement would be worthy of the appellation historic.