New Report on Chinese Intelligence Cyber-Operations

The company ProtectWise just published a long report linking a bunch of Chinese cyber-operations over the past few years. The always interesting gruqq has some interesting commentary on the group and its tactics. Lots of detailed information in the report, but I admit that I have never heard of ProtectWise or its research team 401TRG. Independent corroboration of this information…

The company ProtectWise just published a long report linking a bunch of Chinese cyber-operations over the past few years.

The always interesting gruqq has some interesting commentary on the group and its tactics.

Lots of detailed information in the report, but I admit that I have never heard of ProtectWise or its research team 401TRG. Independent corroboration of this information would be helpful.

from https://www.schneier.com/blog/

New Report on Chinese Intelligence Cyber-Operations

The company ProtectWise just published a long report linking a bunch of Chinese cyber-operations over the past few years. The always interesting gruqq has some interesting commentary on the group and its tactics. Lots of detailed information in the report, but I admit that I have never heard of ProtectWise or its research team 401TRG. Independent corroboration of this information…

The company ProtectWise just published a long report linking a bunch of Chinese cyber-operations over the past few years.

The always interesting gruqq has some interesting commentary on the group and its tactics.

Lots of detailed information in the report, but I admit that I have never heard of ProtectWise or its research team 401TRG. Independent corroboration of this information would be helpful.

from https://www.schneier.com/blog/

The Spy in the Boardroom

The government has former spies, military officials, and law enforcement professionals on hundreds of corporate boards to protect national security, in what a Washington University Law Review study calls an increase in “national security corporate governance.”

The government has former spies, military officials, and law enforcement professionals on hundreds of corporate boards to protect national security, in what a Washington University Law Review study calls an increase in “national security corporate governance.”

The study claims that,in effect, shareholders are relegated to little influence on the corporation’s business or management.

“Corporate boardrooms have quietly become instruments of national defense, marrying the efficiency norms of corporate law and the protective ambitions of national security,” writes the author of the study, Andrew Verstein, an associate professor at the Wake Forest University School of Law.

The program was developed from the idea of merging private sector efficiency and economy with public security efforts, Verstein writes, adding that roughly 400 companies are currently operating under this government oversight.

A firm is subject to this form of government intervention if its work includes a classified project, a potentially influential foreign client or investor, or is a project “vital to military or espionage agencies.”

The report, entitled “The Corporate Governance of National Security,” focuses especially on the ways in which the government’s national security corporate governance affects the defense contracting industry, particularly those companies involving some measure of Foreign Ownership, Control, or Influence (FOCI).

Impositions on contractors with FOCI include, among other things, a Government Security Committee, composed of senior management and company directors tasked with security compliance with the Defense Security Service (DSS). The contractor must also “be organized , structured, and financed so as to be capable of operating as a viable business entity independent from the foreign owner,” the study says

Much of American defense has outsourced its preparation and production to private contractors, “where market dynamics encourage creativity and economy” normally considered optimal goals, added Verstein.

The study also warns that market dynamics can damage national security if corporations perceive their interests are better served by subverting projects of vital national security importance and engage in spying or leaking information “perhaps because a major investor or another client has ties to a foreign state.”

The report notes the program has potential structural shortcomings

“(It) works by inverting the dictates of orthodox corporate governance wisdom. If this lowers accountability and efficiency at vital projects, then the nation will get far less security than it bargained for.”

The report points out that national security corporate governance also generates opportunities for wasteful management that exploits shareholders, and it tempts government officials serving on these boards to favor foreign companies in the hopes of lucrative retirement jobs on the boards of FOCI firms.

There is also the risk that private defense contractors may be influenced by shareholders pushing for immediate profits, even if it puts the country at risk.

When companies comply with the imposition of government officials, the decision-making capacity lies with the government agents, and decisions are made in the interest of national security rather than shareholder interests.

Tensions that arise from the practice of national security corporate governance involve the mandates of corporate law and national security law. Corporate law is designed around private organization, the accountability of shareholders, profit and efficiency. National security law is based on general defense, even if that mandates secrecy, coercion, and bureaucracy, says the report.

National security corporate governance provides “a channel for increased government influence and preparatory field for possible wartime industrial efficiency. It has a secret ambition as a succession planning tool, allowing the government to better control captured assets in times of emergency.”

In a wartime scenario, if America should choose to expropriate foreign-owned assets, national security corporate governance can ease government expropriation of private enterprise by assisting in succession planning, thus contributing to industrial readiness and security.

During World War 2, the US expropriated a German chemical plant, but the government found it difficult to find “competent and skilled personnel under wartime conditions.” The U.S. was forced to staff potential “enemy spies and saboteurs just to keep the factory running.”

Ever since, national security corporate governance has installed former intelligence and defense officials at complying companies that would be most likely to face expropriation during a war.

“These are foreign-owned companies that provide functions useful to America’s espionage or military efforts,” the report says.

A full copy of the paper can be downloaded here:

This summary was prepared by TCR news intern John Ramsey. Readers’ comments are welcome.

from https://thecrimereport.org

Japan’s Directorate for Signals Intelligence

The Intercept has a long article on Japan’s equivalent of the NSA: the Directorate for Signals Intelligence. Interesting, but nothing really surprising. The directorate has a history that dates back to the 1950s; its role is to eavesdrop on communications. But its operations remain so highly classified that the Japanese government has disclosed little about its work ­ even the…

The Intercept has a long article on Japan's equivalent of the NSA: the Directorate for Signals Intelligence. Interesting, but nothing really surprising.

The directorate has a history that dates back to the 1950s; its role is to eavesdrop on communications. But its operations remain so highly classified that the Japanese government has disclosed little about its work ­ even the location of its headquarters. Most Japanese officials, except for a select few of the prime minister's inner circle, are kept in the dark about the directorate's activities, which are regulated by a limited legal framework and not subject to any independent oversight.

Now, a new investigation by the Japanese broadcaster NHK -- produced in collaboration with The Intercept -- reveals for the first time details about the inner workings of Japan's opaque spy community. Based on classified documents and interviews with current and former officials familiar with the agency's intelligence work, the investigation shines light on a previously undisclosed internet surveillance program and a spy hub in the south of Japan that is used to monitor phone calls and emails passing across communications satellites.

The article includes some new documents from the Snowden archive.

from https://www.schneier.com/blog/

The NSA’s 2014 Media Engagement and Outreach Plan

Interesting post-Snowden reading, just declassified. (U) External Communication will address at least one of "fresh look" narratives: (U) NSA does not access everything. (U) NSA does not collect indiscriminately on U.S. Persons and foreign nationals. (U) NSA does not weaken encryption. (U) NSA has value to the nation. There’s lots more….

Interesting post-Snowden reading, just declassified.

(U) External Communication will address at least one of "fresh look" narratives:

  1. (U) NSA does not access everything.
  2. (U) NSA does not collect indiscriminately on U.S. Persons and foreign nationals.
  3. (U) NSA does not weaken encryption.
  4. (U) NSA has value to the nation.

There's lots more.

from https://www.schneier.com/blog/

Fighting Leakers at Apple

Apple is fighting its own battle against leakers, using people and tactics from the NSA. According to the hour-long presentation, Apple’s Global Security team employs an undisclosed number of investigators around the world to prevent information from reaching competitors, counterfeiters, and the press, as well as hunt down the source when leaks do occur. Some of these investigators have previously…

Apple is fighting its own battle against leakers, using people and tactics from the NSA.

According to the hour-long presentation, Apple's Global Security team employs an undisclosed number of investigators around the world to prevent information from reaching competitors, counterfeiters, and the press, as well as hunt down the source when leaks do occur. Some of these investigators have previously worked at U.S. intelligence agencies like the National Security Agency (NSA), law enforcement agencies like the FBI and the U.S. Secret Service, and in the U.S. military.

The information is from an internal briefing, which was leaked.

from https://www.schneier.com/blog/