Category Archives: History

Energy, History, Security

It’s China! It’s Israel! It’s…

Leave a comment

Pick your favorite bogeyman. The latest outsider attack is probably their fault…

My presentation at BSidesSF this year tried to make the argument that attribution is harder than ever online. Attackers make extensive use of proxies and remote control, so it can be very difficult to trace all the points back to an actual person…and even if you do, they may only be one of a thousand mules following instructions. It was gratifying to hear General Alexander at the RSA keynote on February 17th after my presentation admit to his audience “We don’t have situational awareness”.

I could go into the complicated philosophy of why attribution is a double-edged sword (e.g. users on the Internet do not want to sacrifice their privacy) or go into the long history of technical issues with attribution (e.g. smurfing), but instead I just want to point out the two most recent spectacular attribution failures.

First, WordPress suffered a denial of service attack that came from systems in China. I asked my audience at BSidesSF “how many people in the audience use products made in China” and the entire room raised their hand. Granted, there were only three people in the room (jk), but my point is that “it came from China” should be immediately discounted as a strong attribution link. If a weapon found after an attack has “from China” stamped on it, investigators should not jump to the conclusion that the attacker therefore must also be from China. Even worse is to super-impose Chinese state motives onto a suspected Chinese attacker, all because the weapon is “from China”.

WordPress said last week the attacks might have been politically motivated and aimed at an unnamed Chinese-language blog, but it no longer has that view.

“Don’t think it’s politically motivated anymore,” WordPress Founder Matt Mullenweg said in an e-mail to IDG News Service. “However the attacks did originate in China.”

Mullenweg did not elaborate on the change in view or offer details on the source of the attacks.

I had tried to warn against this in my Operation Sloppy Night Dragon post.

Second, I have a lot of respect for Ralph Langner who has been credited with exposing the details of the Stuxnet attack. When I listened to his recent interview he made points like Stuxnet was very basic because it did not need to be complex and Stuxnet was directed at Natanz, never at Busheir. Why did he say at first it was probably directed at Busheir? In the interview he said it was because he assumed that would be a target of Mossad…in other words, his bias on international politics overshadowed his analysis of the facts. He recently reiterated it was the Mossad.

“My opinion is that the Mossad is involved,” Ralph Langner said while discussing his in-depth Stuxnet analysis at a prestigious TED conference in the Southern California city of Long Beach.

We should not lose sight of the fact that he already has admitted he made one serious mistake because he believed Mossad was to blame before his investigation started. The Mossad certainly has a lot of people spooked, but every suspicious bird and rock is not necessarily their handiwork.

Every piece of dog poop you see, on the other hand, should in fact be attributed to the CIA.

I appreciate Langner’s honest, clear and open style; yet it seems when he switches to geopolitical analysis he overlooks important data points like the significance of Pakistan and German intelligence operations.

Note the recent mass exodus of US special forces and operatives from Pakistan after the arrest of Davis. The US denies he was anything more than a diplomat, but let’s face the fact that a fight with Afghans and Iranians makes Pakistan a really good proxy. The British certainly made this point when they told the CIA under Tenet that Iran was stealing nuclear secrets from Pakistan. Without the Davis incident (he killed two motorcyclists that probably were trying to assassinate him) we would have far less data on how Pakistani operations might be attributed back to American objectives. Instead an exodus of US operatives now is suggested by some to be related to the drop in US drone attacks in Afghanistan (e.g. disruption of intelligence channels); it probably also is impacting other Pakistan-originated operations that could affect Iran (e.g. Stuxnet).

While there is a case to be made that Pakistan has been a proxy to US and Israeli objectives, that is far from achieving attribution. Maybe Britain was acting on its own, with the support of Germany, on behalf of the US. Time will tell and probably reveal a more complicated picture than we might believe today; and that is just for the physical world. Take for example the overthrow of Iran’s Mossadegh in 1953. It served British objectives, but today we know it was an American-led operation masked to look like an insider revolt against nationalism, despite the fact that the prior year Iran’s nationalist movement fit American interests. Attribution of crowd events was hard. Attribution of Internet crowd events is even harder.

Energy, History, Security

Winning the Oil Endgame

Leave a comment

Amory Lovins from 2005

Unexpectedly, whalers ran out of customers before they ran out of whales…the remnant whale populations were saved by technological innovators and profit maximizing capitalists.

He proposes two steps, both of which cost less than buying the petroleum they offset

  1. Retool transportation to be two or three-times more efficient (save more than 60% by 2025)
  2. Move to biofuel

We’ve done this before…1977-1985 when we last paid attention…oil imports from the Persian Gulf fell 87% and would have been gone if we had kept that up one more year.

History, Security

The London Schools on Libya

Leave a comment

It is hard for me, an alumnus of both the London School of Economics (LSE) and the School of Oriental and African Studies (SOAS), not to juxtaposition their announcements on recent international news.

Professor Stephen Chan OBE at SOAS has provided commentary on the characteristics of the current uprisings in Libya and Egypt and the underlying reasons behind the demonstrations.

Meanwhile, I received the following alert in my inbox from LSE with a link to a full announcement. The LSE Student Union has successfully pushed out the Director after protesting his ties to Libya.

It is with great regret that I am writing to inform you, as an alumnus/alumna of LSE, that the LSE Council has accepted the offer of resignation of Sir Howard Davies as Director. This follows an extraordinary meeting of the LSE Council yesterday evening. Sir Howard has, at the behest of the Council, agreed to continue to serve as Director whilst arrangements for succession are resolved.

At the same meeting, Council also resolved to commission an independent external inquiry into the School’s relationship with Libya, to be Chaired by Lord Woolf.

Sir Davies now says his decision to accept £300,000 from the son of Col Gaddafi has “backfired” as he has lost the confidence of the student body.

There were risks involved in taking funding from sources associated with Libya which should have been weighed more heavily in the balance, he concluded in his resignation letter.

He said the decision to accept the British government’s invitation to become an economic envoy to Libya had “muddled” his personal position and his role at the LSE.

A former head of the Financial Services Authority and deputy governor of the Bank of England, Sir Howard gave advice to the Libyan Investment Authority.

He said he was offered a $50,000 (£30,700) fee for doing so, but asked that it be used for a scholarship at the LSE.

The LSE Student Union also has successfully redirected the £300,000 amount from Gaddafi into scholarships for North African students.

This perhaps illustrates the irony of the political history of these two London schools. LSE, which was a liberal institution of social change, has come to serve and represent some of the most conservative voices in the world while SOAS, once an institution of military/colonial intelligence and training, has evolved into a liberal thought leader for students of the developing world.

Energy, Food, History, Security

WTF is Wrong with Wisconsin?

Leave a comment

Provocative title? Although I originally am from Kansas I spent several years working and living in Wisconsin so I know the area fairly well. Remember the book called “What’s the Matter with Kansas” by Thomas Frank? It seems like he might want to publish a new edition that takes a look at the roots of the current crisis in Madison.

A movie might be an even better idea:

Consider, for example, the recent announcement of a clean water bill.

…the rules were developed after years of research and public input, including extensive stakeholder input from farmers, municipal water treatment systems, manufacturers, food processors, local governments and environmental groups. Organizations that supported passage of the rules included the Wisconsin Farm Bureau, the Dairy Business Association, the Potato and Vegetable Growers Association, the Wisconsin State Cranberry Growers Association, the Wisconsin Corn Growers Association, the Wisconsin Pork Association, the Wisconsin Cattlemen’s Association, the Municipal Environmental Group (representing local wastewater systems), Clean Wisconsin, Midwest Environmental Associates, the Wisconsin Association of Lakes, the Wisconsin River Alliance, Wisconsin Environment, and the Sierra Club.

[DNR Secretary Matt] Frank added, “We are currently working with all stakeholders on implementation guidelines as well as the design of a pollutant trading system that will lower the cost of compliance even further.”

Wow, that’s a broad-base of industry and organizations who have taken a careful and long-term approach to managing risk. Frank offers this explanation for the popular support.

“Wisconsin’s lakes and rivers are the foundation for our economy, our environment and our quality of life. Stakeholder groups came together to preserve that foundation by addressing phosphorus pollution comprehensively. Under this rule, Wisconsin can look forward to cleaner beaches, more swimmable lakes, improved public health, healthier fisheries and wildlife habitat.

Cleaning up waters polluted by excessive phosphorus is crucial to protecting our $12 billion tourism economy and our $2.75 billion fishing industry. Reducing phosphorus will protect private property values and local tax base, as shown by state and national research linking higher property values with water clarity.

Ok, the quality (safety) of water is essential to the state economy. This is not just based on conjecture and theory. Milwaukee has had a host of water contamination issues from heavy metals to a catastrophic water crisis of 1993.

The massive outbreak of waterborne cryptosporidiosis in Milwaukee, Wisconsin in 1993 is an example of how contaminated water distributed through a municipal water system can lead to a major public health crisis. As a result of the Cryptosporidium contamination, an estimated 403,000 Milwaukee residents developed diarrhea reflecting an attack rate of 52% of the population with more than 4,000 requiring hospitalization. Cryptosporidiosis was listed as the underlying or contributory cause of death in 54 residents following the outbreak, severely impacting susceptible populations most at risk. An estimated 725,000 productive days were lost as a result of the water contamination event and more than $54 million in lost work time and additional expenses to residents and local government resulted from the waterborne disease outbreak

So Wisconsin has some very real and local data on the harm from a failure to protect their water supplies, which include death and economic disaster. The 2010 Water Quality Report shows warnings for mercury and industrial contaminants for most of the state and shows how regulations have helped document, assess and reduce risk.

It all makes sense so far. Here’s the problem: Republicans in both the House and Senate of Wisconsin recently have tried to kill a bill that regulates phosphorous pollution in their water — a bill wanted by industries to protect and preserve water quality.

Believe it or not, despite the data and analysis I quote above, the Republicans argue that protecting water is too expensive a burden to the economy. They think municipal governments can not afford the security.

But their analysis fails on two very obvious and simple points:

  1. It is far more expensive and disruptive to clean up pollution in the environment than to prevent it.
  2. The state has developed their own localized approach after careful study and time for comment and feedback. A failure to follow-through will set themselves up for hasty and less palatable reaction to a disaster (e.g. 1993). A federal approach may also become necessary. An unwillingness to solve obvious health risks at the state level will not make solutions any easier or less expensive.

Perhaps the real reason they are intent on stopping state regulation is because they do not fear #2. They believe there will not be any federal investigation or regulation to prevent the next water quality crisis because of recent legal decisions, such as Rapanos vs. the United States in 2006, that block the government from testing for contamination in “non-navigable” water.

New York’s Assistant Commissioner for Water Resources James M. Tierney told The New York Times that the court decision creates a big problem. “There are whole watersheds that feed into New York’s drinking water supply that are, as of now, unprotected.” The EPA says that over 100 million Americans are drinking water that comes from unguarded sources.

That still leaves problem #1.

Perhaps the short-term blind-eye approach to contamination is best understood by looking at an obscure wetlands strategy by the new Wisconsin Governor. Government oversight for “every wetland in Brown County, both federal and nonfederal, of less than 3 acres in size” was declared “over regulation” — as if security is an impediment to business development.

Gov. Scott Walker has proposed exempting a parcel of Brown County wetlands owned by a Republican campaign donor from water quality standards.

The donor is said to seek the Governor’s assistance with relaxation of state security standards because he intends to fill in 2 acres of wetlands and build…a Bass Pro Shops store to sell fishing supplies. Really.

WTF is wrong with Wisconsin?

The Governor seems to think that ruining the security and economic base of the state by ignoring long-term damage from the contamination and destruction of resources is a good business plan. That’s like lighting your store on fire and then charging admission to watch it burn down. Not the best business strategy. You might end the day with a few more dollars in your pocket, but then what?

Applying just a tiny bit of common sense would make fishing store developers want to preserve and protect natural resources. I mean perhaps the Governor could use the same emphasis he has put into halting wind energy innovation (supposedly based on concern for the purity of the environment) and just apply it to water?