Tag Archives: Internet security

Navy Warns Marines And Sailors Of “Card Cracking” Scam

Standard
(tuan_azizi/iStock/Getty Images Plus)

NAVY TIMES

The Naval Criminal Investigative Service is seeing an uptick in reports from sailors and Marines who have been duped in a card-cracking scam on social media — in some cases after being promised money as a gesture of gratitude for their military service.

____________________________________________________________________________

“The scammers are reaching out to service members through several different ways, NCIS warned.

In some cases, service members are receiving friend requests on Facebook from someone with mutual friends. The scammer then tells the service members they would like to offer them grant money to thank them for their service, or offer them money for their “debt relief.”

Another trend NCIS has witnessed is scammers connecting with service members on social media through either posts or messages, all under the guise of being a debt consolidator or business owner.

Regardless of initial contact, scammers then ask service members to share their bank login information, along with some of the security question prompts that appear on their online bank account.

“Victims have reported that after the money is deposited directly into their accounts, the scammer then asks the victim to send a portion of the money via wire or cash to a third party,” NCIS said in a recent news release.

“Victims then discover that loans have been opened in their name with the same financial institution. Any attempts to further contact the scammer are unsuccessful, leaving the victim to pay off the loan.”

These scams have resulted in “severe financial losses” for service members, NCIS said.

NCIS provided a series of recommendations to sailors, such as halting continued contact with the scammer, alerting their banks or financial institutions to lock accounts, and looking into a credit lock through credit bureaus like Equifax.

Likewise, NCIS recommended sailors inform their commands, the NCIS office, and also law enforcement authorities, and advised against sharing bank login details with anyone.

Although NCIS warned sailors last month to be aware of COVID-19-related schemes, the agency initially said it did not believe these card-cracking scams are connected to the pandemic because there had already been a rise in scams over the past year.

However, NCIS told Military Times it received an image Thursday afternoon of a scam circulating via email targeting Navy Federal Credit Union members that offered to assist them with $800 for COVID-19 relief. The email requested members to validate their Navy Federal customer data in order for the funds to clear.

“We urge the Department of the Navy family to remain vigilant of scams offering promises getting out of debt and making extra money, especially during this challenging time for our nation,” NCIS spokesman Jeff Houston said in an email to Military Times.

Service members have frequently fallen prey to scammers and lost millions of dollars as a result.

According to a December report analyzing data from the Federal Trade Commission and Better Business Bureau, active duty personnel and veterans from the Navy have been tied up in 143,718 scams totaling $62,542,897 since 2012. Those from the Marine Corps have also been involved in 57,204 scams totaling $24,976,528.”

https://www.navytimes.com/news/your-navy/2020/04/09/beware-of-thank-you-for-your-service-money-scams-ncis-warns-sailors-and-marines/

5 Cyber Issues The Coronavirus Lays Bare

Standard
Image: “FirstGov

FIFTH DOMAIN

As vast segments of society are temporarily forced into isolation to achieve social distancing, the internet is their window into the world.

The pandemic also lays bare the many vulnerabilities created by society’s dependence on the internet. These include the dangerous consequences of censorship, the constantly morphing spread of disinformation, supply chain vulnerabilities and the risks of weak cybersecurity.”

—————————————————————————————————————-

“Intellectual property and proprietary data protection should be tailored to your organization, its industry relationships, people and practices.  It must grow as the company grows, adapt to changing conditions and be ever-sensitive to risk.
The best intellectual property protections are well understood, practical, teaming relationships among partners, employees, industry and government.  All sides in such relationships lose if disclosure or violations occur. 

“As more and more U.S. schools and businesses shutter their doors, the rapidly evolving coronavirus pandemic is helping to expose society’s dependence — good and bad — on the digital world.

Entire swaths of society, including classes we teach at American University, have moved online until the coast is clear. Online social events like virtual happy hours foster a sense of connectedness amid social distancing. While the online world is often portrayed as a societal ill, this pandemic is a reminder of how much the digital world has to offer.

1. China’s censorship affects us all

The global pandemic reminds us that even local censorship can have global ramifications. China’s early suppression of coronavirus information likely contributed to what is now a worldwide pandemic. Had the doctor in Wuhan who spotted the outbreak been able to speak freely, public health authorities might have been able to do more to contain it early.

China is not alone. Much of the world lives in countries that impose controls on what can and cannot be said about their governments online. Such censorship is not just a free speech issue, but a public health issue as well. Technologies that circumvent censorship are increasingly a matter of life and death.

2. Disinformation online isn’t just speech — it’s also a matter of health and safety

During a public health emergency, sharing accurate information rapidly is critical. Social media can be an effective tool for doing just that. But it’s also a source of disinformation and manipulation in ways that can threaten global health and personal safety — something tech companies are desperately, yet imperfectly, trying to combat.

Facebook, for example, has banned ads selling face masks or promising false preventions or cures, while giving the World Health Organization unlimited ad space. Twitter is placing links to the Centers for Disease Control and Prevention and other reliable information sources atop search returns. Meanwhile, Russia and others reportedly are spreading rumors about the coronavirus’s origins. Others are using the coronavirus to spread racist vitriol, in ways that put individuals at risk.

Not only does COVID-19 warn us of the costs — and geopolitics — of disinformation, it highlights the roles and responsibilities of the private sector in confronting these risks. Figuring out how to do so effectively, without suppressing legitimate critics, is one of the greatest challenges for the next decade.

3. Cyber resiliency and security matter more than ever

Our university has moved our work online. We are holding meetings by video chat and conducting virtual courses. While many don’t have this luxury, including those on the front lines of health and public safety or newly unemployed, thousands of other universities, businesses and other institutions also moved online — a testament to the benefits of technological innovation.

At the same time, these moves remind us of the importance of strong encryption, reliable networks and effective cyber defenses. Today network outages are not just about losing access to Netflix but about losing livelihoods. Cyber insecurity is also a threat to public health, such as when ransomware attacks disrupt entire medical facilities.

4. Smart technologies as a lifeline

The virus also exposes the promise and risks of the “internet of things,” the globe-spanning web of always-on, always-connected cameras, thermostats, alarm systems and other physical objects. Smart thermometers, blood pressure monitors and other medical devices are increasingly connected to the web. This makes it easier for people with pre-existing conditions to manage their health at home, rather than having to seek treatment in a medical facility where they are at much greater risk of exposure to the disease.

Yet this reliance on the internet of things carries risks. Insecure smart devices can be co-opted to disrupt democracy and society, such as when the Mirai botnet hijacked home appliances to disrupt critical news and information sites in the fall of 2016. When digitally interconnected devices are attacked, their benefits suddenly disappear — adding to the sense of crisis and sending those dependent on connected home diagnostic tools into already overcrowded hospitals.

5. Tech supply chain is a point of vulnerability

The shutdown of Chinese factories in the wake of the pandemic interrupted the supply of critical parts to many industries, including the U.S. tech sector. Even Apple had to temporarily halt production of the iPhone. Had China not begun to recover, the toll on the global economy could have been even greater than it is now.

This interdependence of our supply chain is neither new nor tech-specific. Manufacturing — medical and otherwise — has long depended on parts from all over the world. The crisis serves as a reminder of the global, complex interactions of the many companies that produce gadgets, phones, computers and many other products on which the economy and society as a whole depend. Even if the virus had never traveled outside of China, the effects would have reverberated — highlighting ways in which even local crises have global ramifications.

Cyber policy in everything

As the next phase of the pandemic response unfolds, society will be grappling with more and more difficult questions. Among the many challenges are complex choices about how to curb the spread of the disease while preserving core freedoms. How much tracking and surveillance are people willing to accept as a means of protecting public health?

As Laura explains in “The Internet in Everything,” cyber policy is now entangled with everything, including health, the environment and consumer safety. Choices that we make now, about cybersecurity, speech online, encryption policies and product design will have dramatic ramifications for health, security and basic human flourishing.”

https://www.fifthdomain.com/opinion/2020/04/09/5-cyber-issues-the-coronavirus-lays-bare/

Spinning Up Telework Presents Procurement Challenges

Standard
Image: Eztalks.com

FCW

There’s good news and bad news for agencies looking to ramp up telework in the wake of the coronavirus pandemic, according to federal contracting experts.

The good news is federal acquisition contracts are set up for quick acquisition of essential telework equipment, such as laptops or tablets, said acquisition experts FCW spoke with. The bad news could be that online scammers are watching the expanding tele-workforce with great interest.

___________________________________________________________________________

“The emphasis on agency telework is growing, and although most agency employees are already assigned computers, there may be some hardware gaps to fill as workforces move to remote locations.

Federal governmentwide acquisition contracts, such as NASA’s Services for Enterprise-Wide Procurement, the General Services Administration’s ordering schedule and the National Institutes of Health Information Technology Acquisition and Assessment Center (NITAAC) are set up to help quickly fill laptops, tablets and other IT commodity orders, they said.

“In general, SEWP is an agile acquisition vehicle that allows for quick turn-around times for quotes and provides points of contacts for all contract holders to facilitate quick communications,” Joanne Woytek, SEWP manager told FCW. The GWAC, she said, has not seen any specific increase related to teleworking support, so far.

“For laptops, tablets, printers, agencies have purchase cards,” Alan Chvotkin, executive vice president and counsel for the Professional Services Council, told FCW. “Orders placed on SEWP and federal schedules can get responses within 24 hours,” he said, adding that speedier responses could pump up costs.

SEWP posted a warning on its webpage at the beginning of March saying delays in some order could result from stresses on the supply chain.

In an email to FCW on March 11, Woytek again noted that delivery of technology “is limited by the capacity of industry.” She said order delivery “is going to be on a case by case basis and greatly dependent on the complexity, configuration and size of an order.”

However, the demand for laptop and tablet computers from federal agencies during the next few weeks, probably won’t be too steep, said Roger Waldron, president of the Coalition for Government Procurement.

Agencies, however, should be working diligently to “level set” their computer and network needs for the coming weeks, as well as keep informed on their existing IT contracts and how to leverage GWACs, such as SEWP, to back fill last-minute IT and IT commodity needs.

Even though agencies will probably have the resources to get any necessary computers for new telecommuters, another acquisition expert said they face a sneaky obstacle — telework-savvy cyber adversaries.

Bad actors are on the lookout for new teleworkers, as those workers open up a vulnerability to protected networks, said Evan Wolff, a partner at Crowell & Moring, who co-chairs the firm’s Privacy & Cybersecurity Group and is a member its Government Contracts Group.

Targeted phishing emails and other cyber crime techniques could be a challenge for federal IT managers with increasing numbers of telecommuters, Wolff told FCW in an interview.

Federal IT managers, he said, may not have appropriately secure infrastructure in place to lock down all communications. Additionally, simple things, such as shared living space with non-government employee roommates, could also present issues, if the federal teleworker has a sensitive post, he said.

“We’re already seeing a focus on customized phishing” aimed at non-government telecommuters as the coronavirus spreads, said Wolff. That wave of targeted remote worker phishing email is probably coming to new federal telecommuters too.

“Bad actors understand a target’s leadership and the types of appropriate email” that could temp them into taking the bait, he said.”


Overseas Trolls Targeting Veterans

Standard
Image: Capt. Lisa Beum/DOD

“MILITARY TIMES”

Foreign agitators continue to target American veterans through a complex network of fraudulent social media pages mimicking well-known service groups and brands, officials from Vietnam Veterans of America [VVA] warned.”

______________________________________________________________________________

“Their goals are to perpetrate financial fraud, spread anti-American propaganda, manipulate the online public community spaces and sow discord by exploiting and inflaming national divisions,” the VVA analysis states.

“While their objectives also include election interference, their activities and their effects continue without interruption year-round and are not limited to political elections.”

The findings are part of a wide-ranging report on the influence of foreign groups on the U.S. veterans community, the culmination of more than two years of work by the group. Author Kris Goldsmith, chief investigator and associate director for policy and government affairs at VVA, said the report should serve as a wake-up call for law enforcement and the American public.

“We ought to be looking outside the country at this problem,” he said. “If someone stole technology from a defense contractor and used it to attack America, we’d be going after the people who did the attack. But here, we seem to expect Facebook to be policing all of this and taking these sites down.”

Goldsmith first got involved in tracking the problem after discovering an unauthorized “Vietnam Vets of America” Facebook page using the VVA logo and branding in 2017.

The site, run by a Bulgarian “troll farm” active in U.S. election destabilization efforts in 2016, grew to nearly 200,000 followers in less than a year and mixed legitimate news stories with faked reports and inflammatory commentary, all under the guise of representing an official veteran service organization’s views.

After refusing to censor the page for several weeks, Facebook officials eventually relented and shut it down. Since then, VVA investigators have tracked more than 150 other similar overseas-based efforts on Facebook, Instagram, Snapchat and other social media and blogging platforms. Most are connected to well-known Russian and Eastern European agitators and criminals.


VVA@VVAmerica

Breaking News: @VVAmerica Releases Massive Report On Foreign Entities Targeting Veterans Online (Washington, D.C.)

Today VVA made public the results of a two-year investigation into foreign entities targeting service members, veterans, & their families. https://vva.org/wp-content/uploads/2019/09/VVA-Press-Release19-19-Troll-Report.pdf …

View image on Twitter

253:09 PM – Sep 17, 2019Twitter Ads info and privacy27 people are talking about this

In some cases, the sites appear to be scams designed to peddle unauthorized merchandise, a long-standing problem within the veterans community. But others seem focused less on direct financial gain and more on creating confusion and division within the veterans’ community.

Investigators found one Facebook page titled “Vietnam Veterans” and using pictures of VVA leadership officials alongside the group’s logo was being used by foreign administrators to sell merchandise supporting the election of Donald Trump. Another, titled “Vietnam Veterans Advocacy,” used similar tactics to promote anti-Trump memes and stories.

In both cases, the pages drew followings of tens of thousands of followers, many of them real American veterans who may have confused the postings with official messages and group positions.

“(U.S. veterans) have a higher propensity than other subgroups of Americans to be politically engaged — they are more likely to vote and serve in public office — and they tend to wield greater political influence on those around them,” the report states.

“Additionally, nearly one-third of the federal workforce is composed of veterans. This makes the targeting of the MilVets population a means to jeopardize federal agencies ranging from law enforcement and defense to healthcare and food safety.”

Goldsmith said social media companies thus far have been open to working with veterans groups on the issue, but shutting down sites only temporarily disrupts the scammers’ work. He wants to see more involvement from the FBI and U.S. law enforcement in tracking and prosecuting the foreign troublemakers.

VVA is also pushing the White House to issue an executive order “to protect troops and veterans from exploitation by foreign actors and to strengthen American cybersecurity.”

The full report is available on the VVA website. “

https://www.militarytimes.com/news/pentagon-congress/2019/09/17/overseas-trolls-targeting-veterans-on-social-media-report/

Company Buys Russian Troll And Hacks Own Site Researching State-Sponsored Disinformation

Standard
Image: “Wired

WIRED

A targeted troll campaign today can cost as little as $250, says Andrew Gully, a research manager at Alphabet subsidiary Jigsaw. He knows because that’s the price Jigsaw paid for one last year.

Jigsaw set out to test just how easily and cheaply social media disinformation campaigns, or “influence operations,” could be bought in the shadier corners of the Russian-speaking web.

______________________________________________________________________________

“For more that two years, the notion of social media disinformation campaigns has conjured up images of Russia’s Internet Research Agency, an entire company housed on multiple floors of a corporate building in St. Petersburg, concocting propaganda at the Kremlin’s bidding. But a targeted troll campaign today can come much cheaper

As part of research into state-sponsored disinformation that it undertook in the spring of 2018, Jigsaw set out to test just how easily and cheaply social media disinformation campaigns, or “influence operations,” could be bought in the shadier corners of the Russian-speaking web. In March 2018, after negotiating with several underground disinformation vendors, Jigsaw analysts went so far as to hire one to carry out an actual disinformation operation, assigning the paid troll service to attack a political activism website Jigsaw had itself created as a target.

In doing so, Jigsaw demonstrated just how low the barrier to entry for organized, online disinformation has become. It’s easily within the reach of not just governments but private individuals. Critics, though, say that the company took its trolling research a step too far, and further polluted social media’s political discourse in the process.

“Let’s say I want to wage a disinformation campaign to attack a political opponent or a company, but I don’t have the infrastructure to create my own Internet Research Agency,” Gully told WIRED in an interview, speaking publicly about Jigsaw’s year-old disinformation experiment for the first time. “We wanted to see if we could engage with someone who was willing to provide this kind of assistance to a political actor … to buy services that directly discredit their political opponent for very low cost and with no tooling or resources required. For us, it’s a pretty clear demonstration these capabilities exist, and there are actors comfortable doing this on the internet.”

Trolls Behind the Counter

In early 2018, Jigsaw hired a security firm to sniff around Russian-language black-market and gray-market web forums for disinformation-for-hire services. (That company asked WIRED not to name it, to preserve its ability to work on underground forums.) Browsing sites like Exploit, Club2Crd, WWH, and Zloy, the security firm’s researchers say they didn’t find explicit offers of trolling or disinformation campaigns for sale, but plenty of related schemes like fake followers, paid retweets, and black hat search engine optimization. The team guessed, though, that more awaited beneath the surface.

“If we look at this as window shopping, we hypothesized that if someone was selling fake likes in the window, there’s probably something else behind the counter they might be willing to do,” says Gully. When researchers for the security firm Jigsaw had hired started chatting discreetly with those vendors, they found that a few did in fact offer mass-scale social media posting on political subjects as an unlisted service.

Before it bought one of those paid trolling campaigns, Jigsaw realized that it first needed a target. So together with its hired security firm, Jigsaw created a website—seeded with blog posts and comments they’d written to make it appear more real—for a political initiative called “Down With Stalin.” While the question of Stalin’s image sounds like a decades-old debate, it engaged with a current, ongoing argument in Russia about whether Stalin should be remembered as a hero or a criminal. (Partly due to the Kremlin’s rehabilitation efforts, polls show positive sentiments toward Stalin are at their highest in years.)

“The idea was to create a tempest in a teacup,” says one of the security firm staffers who worked on the project, explaining the decision to focus on a historical figure. “We wanted to be very careful, because we didn’t want too much tie-in to real-life issues. We didn’t want to be seen as meddling.”

To attack the site it had created, Jigsaw settled on a service called SEOTweet, a fake follower and retweet seller that also offered the researchers a two-week disinformation campaign for the bargain price of $250. Jigsaw, posing as political adversaries of the “Down with Stalin” site, agreed to that price and tasked SEOTweet with attacking the site. In fact, SEOTweet first offered to remove the site from the web altogether fraudulent complaints that the site hosted abusive content, which it would ostensibly send to the site’s web host. The cost: $500. Jigsaw declined that more aggressive offer, but green lit its third-party security firm to pay SEOTweet $250 to carry out its social media campaign, providing no further instructions.


Down With Stalin, Up With Putin

Two weeks later, SEOTweet reported back to Jigsaw that it had posted 730 Russian-language tweets attacking the anti-Stalin site from 25 different Twitter accounts, as well as 100 posts to forums and blog comment sections of seemingly random sites, from regional news sites to automotive and arts-and-crafts forums. Jigsaw says a significant number of the tweets and comments appeared to be original post written by humans, rather than simple copy-paste bots. “These aren’t large numbers, and that’s intentional,” says Jigsaw’s Gully. “We weren’t trying to create a worldwide disinformation campaign about this. We just wanted to see if threat actors could provide a proof of concept.”

Without any guidance from Jigsaw, SEOTweet assumed that the fight over the anti-Stalin website was actually about contemporary Russian politics, and the country’s upcoming presidential elections. “You simply don’t understand all that the president does for our country so that people can live better, and you armchair analysts can’t do anything,” read one Russian-language tweet (below) posted by a fake user named @sanya2un1995, including a photo of Stalin in her post but clearly referring to Russian president Vladimir Putin. Another fake account wrote a post on a forum accusing the anti-Stalin site of “writing all kinds of nasty things about our president, supposedly he has everyone on their knees and is trying to bring back the USSR, but personally I think that’s not how it is, he is doing everything for us, for the common man.”

Strangely, neither Jigsaw nor the security firm hired for the experiment said they were able to provide WIRED with more than a couple of samples of the campaign’s posts, due to a lack of records of the experiment from a year ago. The 25 Twitter accounts used in the campaign have since all been suspended by Twitter.

WIRED tried reaching out to SEOTweet via its website, seo-tweet.ru, which currently advertises the services of a self-professed marketing and cryptocurrency entrepreneur named Markus Hohner. But Hohner didn’t respond to a request for comment.

An example tweet posted by the SEOTweet service’s disinformation-for-hire campaign. Although it shows a picture of Stalin, it clearly expresses support for current Russian president Vladimir Putin.JIGSAW

Blowback

Even as Jigsaw exposes the potential for cheap, easily accessible trolling campaigns, its experiment has also garnered criticism of Jigsaw itself. The company, after all, didn’t just pay a shady service for a series of posts that further polluted political discourse online. It did so with messages in support of one of the worst genocidal dictators of the 20th century, not to mention the unsolicited posts in support of Vladimir Putin.

“Buying and engaging in a disinformation operation in Russia, even if it’s very small, that in the first place is an extremely controversial and risky thing to do,” says Johns Hopkins University political scientist Thomas Rid, the author of a forthcoming book on disinformation titled Active Measures.

Even worse may be the potential for how Russians and the Russia media could perceive—or spin—the experiment, Rid says. The subject is especially fraught given Jigsaw’s ties to Alphabet and Google. “The biggest risk is that this experiment could be spun as ‘Google meddles in Russian culture and politics.’ It fits anti-American clichés perfectly,” Rid says. “Didn’t they see they were tapping right into that narrative?”

But Jigsaw chief operating officer Dan Keyserling stands by the research, pointing out that the actual content it generated represents an insignificant drop in the social media bucket. “We take every precaution to make sure that our research methods minimize risk,” Keyserling says. “In this case, we weighed the relatively minor impact of creating fake websites and soliciting this kind of small scale campaign against the need to expose the world of digital mercenaries.”

To what degree the Jigsaw experiment really exposed that practice, however, deserves scrutiny, says Alina Polyakova, a disinformation-focused fellow at the Brookings Institution. She supports the idea of the research in theory, but notes that Jigsaw never published its results—and still hasn’t, even now.

“I don’t think policymakers or your average citizen gets how dangerous this is, that the cost of entry is so low,” Polyakov says. “As an experiment, I don’t think this is a problem. What I do think is a problem is not actually publicizing it.” Jigsaw’s staff concedes that they didn’t publish their results, or even publicize the experiment until now—in part, they say, to avoid revealing anything about their research methodology that would inhibit their security firm partners’ ongoing work in Russian-language underground markets. But Jigsaw says it did use the experiment’s results to inform its work on detecting disinformation campaigns, as well as in a summit they held in Ukraine on disinformation in late 2018, ahead of the Ukrainian presidential election.

Jigsaw wouldn’t be the first to court controversy for flirting with the disinformation dark arts. Last year, the consultancy New Knowledge acknowledged that it had experimented with disinformation targeted at conservative voters ahead of Alabama’s special election to fill an open Senate seat. Eventually, internet billionaire Reid Hoffman apologized for funding the group that had hired New Knowledge and sponsored its influence operation test.

The Jigsaw case study has at least proven one point: The incendiary power of a disinformation campaign is now accessible to anyone with a few hundred dollars to spare, from a government to a tech company to a random individual with a grudge. That means you can expect those campaigns to grow in number, along with the toxic fallout for their intended victims—and in some cases, to the actors caught carrying them out, too.WIREDSign up for our daily newsletter and get the best of WIRED.Email addressSIGN UPWill be used in accordance with ourPrivacy Policy

https://www.wired.com/story/jigsaw-russia-disinformation-social-media-stalin-alphabet/


China Will Likely Corner the 5G Market While The U.S. Has No Plan

Standard

Image: “Insights Jumoreglobal” https://insights.jumoreglobal.com

“WIRED”

China has cornered much of the world’s supply of strategic metals and minerals crucial for new technology, including lithium, rare earths, copper, and manganese used in everything from smartphones to electric cars. 

China is also on track to control most of the world’s flow of high-capacity online services—the new industries, relying on the immediate communication among humans and machines, that will provide the jobs and opportunities of the future.”

______________________________________________________________________________

“As of 2015, China was the leading global producer of 23 of the 41 elements the British Geological Society believes are needed to “maintain our economy and lifestyle” and had a lock on supplies of nine of the 10 elements judged to be at the highest risk of unavailability.

China’s Belt and Road Initiative, supporting infrastructure and investment projects in nearly 70 countries, will have profound consequences for 40 percent of the world’s economic output. Crucially, each of the many trans-Eurasian rail lines that are part of this mammoth project will be accompanied by fiber-optic cables carrying impossibly huge amounts of data across thousands of miles without delay. According to Rethink Research, China is also planning to deploy fiber-optic connections to 80 percent of the homes in the country.

China’s ambitious deployment of fiber will have several consequences. In communicating with Russia and Europe, it won’t have to rely on undersea fiber-optic cables running through the Indian Ocean that might be subject to surveillance by the US. Even more important, it will have access to a giant market of consumers and businesses across an enormous terrestrial area that ties Central Asia even more closely to Russia as well as China.

Fiber-optic cable—made of hair-thin, extraordinarily pure synthetic glass through which pulses of light encoded with tens of thousands of gigabits of data are sent each second by lasers—has been around for a while. Fiber runs today between continents and between US cities. What’s new about China’s massive deployment of fiber, both in its own territory and in its global market along its planned Belt and Road, is that China is likely to permit only 5G equipment made by Huawei and a handful of other Chinese companies to connect to that fiber. Ninety percent of any wireless transmission actually moves through a wire attached to a “cell” spewing and receiving data from the outside air; in the case of 5G, that wire will have to be fiber. And the entity installing fiber in the ground or on poles can decide what 5G wireless equipment is allowed to physically connect to that fiber; in China’s case, it’s clear the country will prefer its own companies’ equipment.

A crucial element of 5G is to give wireless companies the ability to monetize their services more effectively, to ensure they’ll never again be treated like “dumb pipes” by online businesses they don’t control. For carriers or network providers, the great advance of 5G is “network slicing,” which will allow carriers to create, on the fly, multiple customized virtual private networks for particular customers or applications. This will create a high-priced, services-based, perfectly-billed-for ecosystem that’s very different from the 4G world.

In effect, each 5G carrier will be able to define its network from moment to moment, charge whatever it wants for heavily marketed levels of service differentiation, and act as a gatekeeper for applications seeking entry. This allows for unlimited pricing power and deeply undermines the internet protocol’s basic premise—that any computer could speak to another using the same basic language. Instead, transport of bits will be completely software-defined and virtualized: Think proprietary cable network instead of internet access.

You can bet that Huawei, already the world’s largest maker of telecommunications equipment, will be looking for exclusivity in its geographic territories. This is the way telecom works, absent oversight: Companies that have made big up-front investments in infrastructure will always carve up territories so as to avoid ruinous competition. (The cable industry did this in the US, playfully calling their 1997 agreements to swap and combine systems to ensure individual companies would control entire markets the “Summer of Love.”)

And so Huawei, and perhaps a couple of other Chinese companies, will control which data-rich services (think logistics, telemedicine, education, virtual reality, telepresence) are allowed to reach China’s global market over 5G. This means China, through the actions of its 5G carriers, will be able to exclude US companies from that market. Yes, China already does this inside its borders; the Belt and Road Initiative will allow China to do this across huge territories that 65 percent of the global population calls home. China will have created, in effect, its own extraterritorial internet of high-capacity services, many of which we cannot now even imagine.

You may immediately think of the additional reach for Chinese surveillance; consider, in addition, the economic productivity and growth these high-capacity connections will make possible. The ability to be in the presence of a doctor or a teacher, to work effortlessly from any location without any perception of difference, to upload enormous files without interruption in a split-second—all of this will be made possible by China’s fiber-plus-advanced-wireless internet.

The risk to the US of China’s plans is obvious: American companies don’t stand a chance in this context. China, not America, will be the place where new online services are born. Although the US came up with the idea of the internet, we don’t have a sandbox to play in, a giant market in which to test new high-capacity services. That’s because we haven’t committed ourselves to keeping up with Asia and the Nordics by upgrading the ends of our networks, the “last-mile” network section that reaches homes and businesses, to fiber-optic cable.

Luckily, nearly 800 municipalities and cooperatives across the US are showing us the way. Sick of the expensive and second-rate connectivity they’ve been stuck with by federal policy failures, which have left most urban areas dominated by local cable monopolies charging whatever they want for whatever services they want to provide, and rural areas out in the cold almost entirely, they’ve taken matters into their own hands and called for the installation of fiber-optic cables. We need this policy issue to be on the radar screen at every level of government in America.

Here’s what should happen: Publicly controlled fiber-optic cables should form a kind of wholesale street-grid, available for lease under nondiscriminatory terms to private operators who sell services. Government doesn’t need to control connectivity; we are not China. Ideally, government should require frequent, open interconnection points for competing 5G operators to hang their gear on this street-grid made of glass, so that no one operator can pick which services succeed in a particular geographic area. Again, we shouldn’t replicate the domineering ways of China’s Huawei.

Above all, we need a plan. Right now we don’t have one.”

https://www.wired.com/story/china-will-likely-corner-5g-market-us-no-plan/

China’s Belt and Road Initiative, Five Years In

Standard

 

China's ambitious Belt and Road Initiative, formally announced in 2013, has revived the country's ancient concept of the Silk Road.

“06 Photo Shutterstock

“STRATFOR Worldview”

[While the U.S. fights wars and donates abused “Foreign Aid] “In the past five years, China has spent at least $34 billion on the Belt and Road Initiative, focusing primarily on connectivity projects such as railways, ports, energy pipelines and grids.” [ They use loans, which if defaulted upon, yield full ownership of the infrastructure to China.]

“Since it began in 2013, the Belt and Road Initiative has become the centerpiece of China’s domestic and foreign policy, jump-starting diplomatic, financial and commercial cooperation between China and more than 70 neighboring countries across the Eurasian landmass.”


“When complete, the massive infrastructure project will increase China’s overland and maritime connectivity to other regions, extending its trade and technology to new markets. The initiative also gives Beijing the opportunity to offload some of its excessive industrial capability, facilitating the necessary domestic industrial reforms it needs to establish a more stable economy.

And though China has made major progress toward its long-term goals, it has also experienced several delays and setbacks. Given the sheer scale of the Belt and Road Initiative and how many large projects it encompasses, hold-ups, cancellations and failures are to be expected. But the causes of delays, in some cases a result of increased skepticism and resistance to China’s strategic aims, will continue to shape the future development of the Belt and Road Initiative.

Strategic Partnerships

Though one of Beijing’s stated goals is to foster inclusive Eurasian integration with the Belt and Road Initiative, its scheme so far has focused on the developing world, particularly countries in Central and Eastern Europe, South and Southeast Asia and Central Asia. It has achieved only limited success drawing developed states, such as Japan, and core European powers into the Belt and Road project. After all, though they may share business interests with China, they also maintain a strong and growing skepticism about Beijing’s means of increasing its competitiveness and its agenda for strategic expansion on the global stage.

According to a survey covering primarily emerging and transitional economies, Chinese financing — such as the Silk Road Funds and the Asian Infrastructure Investment Bank — provides a more significant boost to the majority of Belt and Road countries than their own domestic financing or even, in many cases, the International Monetary Fund, the World Bank and other international financing institutions.

China has many reasons for focusing on developing nations with strategic positions. And the developing countries themselves, which in many cases have weak economic foundations and governance, have been extremely welcoming to the Belt and Road Initiative. Many of these countries — 11 of which have been identified by the United Nations as the world’s least developed, such as Laos, Tanzania and Djibouti — have major infrastructure deficits but are eager to avoid the kind of restrictive, strings-attached financing offered by Western institutions. Since China’s approach to funding emphasizes non-interference and is generally unconditional and indiscriminate of regime, Beijing has achieved more access and goodwill than is usually given to its Western competitors. China’s methods to draw these smaller countries into its Belt and Road framework also offer them a way to leverage their strategic positions and balance regional powers such as Russia, the European Union and India.

Domestic Complications

China’s aspirations with the Belt and Road Initiative have increasingly been constrained by its own approaches and strategic objectives. Though the Belt and Road gained great success in the developing world, challenges over financing capabilities and political instability in the recipient states have repeatedly caused delays and even cancellations. This has been the case with several transportation and energy projects in countries such as Kazakhstan, Bangladesh, Myanmar and Pakistan. Beijing also had the unlikely hope that it could link several war-torn states, such as Afghanistan and Yemen, but that will certainly not happen in the foreseeable future.

Moreover, China’s partnership and perceived support for partner countries’ ruling regimes have led to domestic political polarization, opposition and international criticism. In some cases, leaders of these states have used the Belt and Road Initiative in service of their domestic political agendas, leveraging Beijing’s international clout to further their own international interests. And more significantly, corrupt governments have used Chinese funds for their own personal and political benefit.

Political corruption and instability have not only invited judgment but have also put Belt and Road projects at risk of delay. In Malaysia, for example, a game-changing May election turned several China-backed infrastructure projects into centerpieces of the political discourse. The new ruling power in Kuala Lumpur aims to investigate unscrutinized investments as a means to not only delve into the corruption of the former government but to reduce its debt burden. Although Beijing’s policies are mostly to blame for such complications, China has also been frustrated by the liabilities caused by corrupt regimes. For instance, despite early investment, China has had to hold back some of its projects in politically risky countries such as Djibouti and Venezuela.

Finally, China’s eagerness to draw in partner countries provides these governments with leverage as they attempt to win investment from China’s rivals. Countries such as Thailand, Indonesia and some South Asian states, in particular, have been able to encourage Japan and India to compete with China over railways and hydropower projects at home, dampening Beijing’s objective of becoming the most influential regional power.

Debt Concern, or Debt Strategy?

China’s approach to debt financing in key strategic projects has also led to pushback, mainly over Beijing’s level of influence. For example, the East Coast Rail Link in Malaysia and the deep-water Kyaukpyu port in southern Myanmar are currently under review by the recipient governments, which are already critical of Beijing’s goal of securing supply routes other than the Strait of Malacca. Like Malaysia, Myanmar is concerned about the possibility of ending up in a “debt trap,” where China holds disproportionate control over the nation’s economy. After all, the $9 billion Kyaukpyu project is equivalent to 14 percent of Myanmar’s gross domestic product. As a result, the country is fearful that China could ultimately exert its influence in order to gain ownership of the strategically important Kyaukpyu port.

Myanmar’s concern is not unfounded. Both Sri Lanka and Pakistan — governments struggling with debt repayment and financing negotiations — have entered into “debt-for-assets” land-lease agreements with Chinese companies. In Sri Lanka, the Hambantota Port is now leased for 99 years, while areas around the Gwadar Port in Pakistan are leased for 43 years. In other states that already have high external debt or rely excessively on direct Chinese investment — such as Djibouti, Laos, Tajikistan, Kyrgyzstan and Montenegro — Beijing has used different forms of debt relief or forgiveness measures, in some cases resorting to acquiring the recipient country’s natural resources or long-term oil contracts to offset the loans. And speculation is rising over whether China will leverage its financing of strategic deep-water ports in countries like Myanmar and Djibouti to gain an advantage in the Indian Ocean supply routes. Just recently, China established its first overseas naval base in Djibouti.

Confronting the Core Powers

There is a growing wariness of China’s strategic intent and expanding influence with the Belt and Road Initiative. Beyond the concerns of developing states, China’s strategic rivals and powers throughout the developed world maintain a strong, if not growing, resistance to the project. Though core regional powers such as India, Russia and some European countries share business interests with China, they also maintain a strong and growing skepticism about Beijing’s means of increasing its competitiveness. And beyond that, China’s hidden agenda for strategic expansion on the global stage.

Despite India’s tactical recalibration to ease its tense relationship with China, New Delhi remains vehemently opposed to the China-Pakistan Economic Corridor. This is seen by India as part of Beijing’s strategy to encroach on the subcontinent and could potentially undermine New Delhi’s claims to the contested Kashmir region. Indeed, India’s opposition has factored significantly in some South Asian states’ strenuous geopolitical balance. For instance, last year Nepal scrapped a $2.5 billion Budhi Gandaki hydropower project, because of Indian concerns.

In Europe, core EU members such as Germany and France have found Beijing’s outreach in Central and Eastern Europe to be more competitive than cooperative, viewing the project as an attempt to dilute the bloc’s rule and agenda. This led to ongoing criticism and increased scrutiny over Chinese investment and projects in Eastern and Central Europe. In particular, the proposed railway between Budapest and Belgrade — a key piece of Beijing’s strategy to link to the Mediterranean port of Piraeus — is under review.

Where China’s outreach has received some success in the developed world is in Russia and, to some extent, Japan. Initially suspicious of the Belt and Road Initiative, Russia has grown more amiable as it recognizes how Chinese investment can benefit its own economy and foster development in Central Asian countries over which it exerts significant control. Moscow has begun supporting and even participating in some Belt and Road projects. Most recently, it entered into a co-financing agreement with China for close to 70 projects under its own Eurasian Economic Union, a move that will greatly ease the barriers to Beijing’s investment in some Eastern European and Central Asian countries as well as the Arctic.

Japan, for its part, continues to refrain from openly endorsing the Belt and Road Initiative. But in more tacit ways, the Japanese government is working to encourage its companies to participate in some of China’s projects. This is especially true in areas such as Central Asia and Africa, where Tokyo hopes to boost Japanese corporations’ waning overseas presence.

Looking Forward

Despite these successes, Beijing’s ambitious outreach will continue to fuel skepticism, suspicion and resistance among the core powers and complicate its agenda, especially as it works to hedge against increased pressure from the United States. And China has even inadvertently encouraged loose regional blocs to counter it. Japan and India, for instance, have begun working on an alternative to the Belt and Road Initiative on the African continent, participating in a U.S.-led proposal to establish a quadrilateral framework for infrastructure investment. Elsewhere, Australia is pledging an extensive campaign of aid, trade and diplomacy in the South Pacific, hoping to regain the position it has lost to China in its traditional backyard.

The reality is that none of these countries’ proposals can outdo China’s enormous and well-funded infrastructure plan. They lack China’s capital, human resources and moral flexibility. For participating countries, the long-term benefits of Chinese investment and infrastructure construction in many ways outweigh the risks. So, while investors should be aware that China will continue to experience setbacks in its Belt and Road projects, the initiative as a whole is still moving along relatively successfully, as are Beijing’s expansionary aspirations.”

https://worldview.stratfor.com/article/chinas-belt-and-road-initiative-five-years

 

 

 

The FCC Seems Unlikely to Stop Internet Providers from Selling Your Data

Standard

selling-your-data-cbs-news-dot-com

Image: CBS News.com

“WIRED”

“Little seems to be standing in the way of Comcast, Verizon, and other internet service providers selling your personal information without your permission.

The Federal Communications Commission took a first step toward delaying its own rules protecting consumer privacy and security.

Last October the agency passed a set of rules that would have required internet providers to take new steps to protect your private data from hackers. That same regulatory package would have required ISPs to notify you if someone hacked your data and to get your active permission before selling your data. The FCC suspended the data security rules from that package that would have taken effect Thursday

The FCC and the Federal Trade Commission, which regulates the privacy and security practices of websites like Google and Facebook, also issued a joint statement that signaled a seeming intention to jettison the privacy rules as well before they take effect later this year. (Neither agency responded to a request for comment.)

“The Federal Communications Commission and the Federal Trade Commission are committed to protecting the online privacy of American consumers,” FCC chairman Ajit Pai and FTC chairman Maureen K. Ohlhausen said. “We believe that the best way to do that is through a comprehensive and consistent framework.”

Ajit Pai, chairman of the FCC, has opposed the rules all along, saying he believes websites and internet providers should follow similar privacy and security practices. He contends that multiple sets of rules will lead to confusion among consumers. The upshot for consumers: Your internet provider has less obligation now than it would have to protect you from hackers. And providers seem to be facing few legal roadblocks standing in the way of selling your personal data to advertisers.

Reasonable Protections

Rather than spelling out specific steps that internet providers should follow to protect customer data, last year’s privacy and security order called for internet providers to provide “reasonable data security.” The order made it clear that internet providers wouldn’t be held liable for all data breaches and provided some guidance that it described as consistent with the Federal Trade Commission’s privacy rules. It also suggested that providers look to other privacy laws, such as the the Health Insurance Portability and Accountability Act (HIPAA). Industry groups objected, claiming the FCC’s new rules were too vagu

Protecting internet privacy has also traditionally fallen to the FTC. But in 2015, the FCC reclassified internet providers as utility-like “common carriers,” a change that enabled the agency to enforce net neutrality rules banning internet providers from discriminating against or favoring particular websites or apps. Last year as result of a lawsuit filed by AT&T, a federal court decided that because internet providers now qualify as common carriers, the FTC no longer has authority over them. Responsibility for regulating how internet access providers manage privacy instead fell to the FCC, while the way websites like Facebook and Google manage privacy remained the FTC’s responsibility.

Shortly after the court’s decision, the FCC set about creating a set of stricter privacy rules. The biggest and most controversial difference between the FCC’s newer rules and the FTC’s rules was the ban on selling customer data without your permission, set to take effect as early as December. Your internet provider has a view of your most intimate online activities. Although Google uses encryption to prevent prying eyes from seeing your online searches, your internet provider can see what websites you visit, when you visit them, and how much time you spend there.

In 2012, Verizon began tracking its wireless customers’ activities across the internet. It then used that data to target ads on the various sites it owns, such as the Huffington Post. Eventually the company gave customers the option to opt out of that tracking, and later it limited tracking your behavior on Verizon-owned sites only. The FCC’s newer rules would ban Verizon or any other provider from similar data collecting without getting customers’ permission, unless the Congress or the FCC delay or overturn them before they go into effect.

Pre-existing FCC rules already ban providers from tracking customers without at least notifying them, but unless the new, more stringent rules take hold, telcos will have much more freedom to sell your data. Regulations letting both internet access providers and websites sell your data may be consistent. But that doesn’t mean they make sense.”

https://www.wired.com/2017/03/fcc-graciously-sets-internet-providers-free-sell-data/

 

 

 

The Pentagon Hooked Everything To The Internet – ‘Big, Big Problem’

Standard

CBS News.com

Image: CBS News.com

“DEFENSE ONE”

“The Internet of Things is supposed to make life easier.

For the Pentagon, the quintessential early adopter, it has made life much harder.

Very smart people in the Pentagon believed that connecting sensitive networks, expensive equipment, and powerful weapons to the open Internet was a swell idea. This ubiquitous connectivity among devices and objects — what we now call the Internet of Things — would allow them to collect performance data to help design new weapons, monitor equipment remotely, and realize myriad other benefits. The risks were less assiduously catalogued.

That strategy has spread huge vulnerabilities across the Defense Department, its networks, and much of what the defense industry has spent the last several decades creating.

“We are trying to overcome decades of a thought process…where we assumed that the development of our weapon systems that external interfaces, if you will, with the outside world were not something to be overly concerned with,” Adm. Michael Rogers, the commander of Cyber Command, told the Senate Armed Services Committee today. “They represented opportunity for us to remotely monitor activity, to generate data as to how aircraft, for example, or ships’ hulls were doing in different sea states around the world. [These are] all positives if you’re trying to develop the next generation of cruiser [or] destroyer for the Navy.”

But in a world where such public interfaces are points of vulnerability, Rogers said, adversaries develop strategies based on stealing Pentagon data, and then fashion copycat weapons like China’s J-31 fighter, which many call a cheaper cousin to the F-35.

“That’s where we find ourselves now. So one of the things I try to remind people is: it took us decades to get here. We are not going to fix this set of problems in a few years,” Rogers told the senators. “We have to prioritize it, figure out where is the greatest vulnerability.”

The 2014 National Defense Authorization Act requires the services to discover and report to the Senate about the cyber vulnerabilities of their weapons and communications systems. That report is overdue, according to Sen. Jeff Sessions, R-Ala.

At the hearing, Deputy Defense Secretary Robert Work said that Frank Kendall, the Pentagon’s top weapons buyer, is going through virtually the entire U.S. arsenal to understand how hackable is each weapon.

“I expect this work to be done very soon,” Work said.

Such vulnerabilities constitute  “a big, big problem,“ for Work. He added “Most of the weapons systems that we have today were not built to withstand a concerted cyber threat.”

The Defense Department has only recently begun to attack its problems in this area, but it is making an honest effort.Cybersecurity is now listed as a key performance parameter, along with survivability, for every new weapon. Work also described efforts to reduce the number of exploitable attack surfaces within the military — in other words, to shrink the Internet of Things just a bit.

“We’re going from 15,000 enclaves to less than 500,” he said, referring to smaller computing networks governed by a central authority. “We’re going from 1,000 defendable firewalls to less than 200, somewhere between 50 and 200.”

Considering that more than 50 billion interconnected devices will populate the world by the year 2020, by most estimates, the Pentagon’s limited, early-adopter experience of the Internet of Things is enough to give even the most optimistic futurist some serious pause.”

http://www.defenseone.com/technology/2015/09/years-pentagon-hooked-everything-internet-now-its-big-big-problem/122402/?oref=d-river

DARPA-Air Force project will track data’s Internet travels

Standard

Getty Images

Getty Images

“MILITARY TIMES”

“The initiative will track and record data across three different layers: the point of user interaction with a program, program processing of data input, and program and network interactions with an operating system.

Currently, the ability to track the flow of information is limited to only one of those layers.

As pieces of data traverse the web, at what point exactly might a potential adversary attach malicious code en route to its destination? Right now that kind of information is a mystery, but may be solved in a new initiative funded by the Defense Advanced Research Projects Agency.

THEIA – named for the Greek goddess of shining light – is a new, $4.2 million program awarded by DARPA and the Air Force Research Laboratory to the Georgia Institute of Technology’s College of Computing. The goal is to clarify and illustrate exactly where and how data move when routed between Internet hosts – and where along the way it might be modified.

“The project has wide implications for any industry and anyone who needs to send secure information, make sure it is not manipulated during transfer, and that it arrives securely intact – but especially for those banking, shopping or trading online,” Dr. Wenke Lee, primary investigator and professor in the College of Computing, said in a July 30 Georgia Tech release announcing the program. “If we have the ability to fully track how data is processed until it reaches the intended recipient, then we can better detect and stop advanced persistent threats.”

“Our ultimate goal is to provide complete transparency, or full visibility, into host events and data so that APT activities cannot evade detection,” Lee said. “THEIA represents what could be a significant advance over state-of-the-art approaches, which typically are forced to make arbitrary trade-offs between verifying accuracy and maintaining total computational efficiency.”

http://www.militarytimes.com/story/military-tech/cyber/2015/07/30/darpa-air-force-project-will-track-datas-internet-travels/30898423/