10 May 2018

America’s being invaded by China and Russia with chips, bits and bytes

BY MORGAN WRIGHT

Let’s say you wanted to send a secret letter and wanted to make sure your competitors couldn’t see it. You write it, seal it, and put it in the mail. Except the post office is in Russia. Along with your ISP — internet service provider. And your email service provider. And your cell phone company. And your bank. Now substitute China for Russia. America is being invaded incrementally through hardware and software. The most vital parts of our economy and national security are being targeted — our communications. Whether it’s a computer, cell phone or software program, we’ve been invaded. Even though our government has been warning about this for over a decade.

The Pentagon just announced a ban on the sale of Huawei and ZTE mobile phones on U.S. military bases. It only took 10 short years for the Pentagon to come to the conclusion that Chinese telecommunications companies posed a threat to our national security.

In 2008, the Treasury Department, through their Committee on Foreign Investment, blocked the sale of 3com, an American company that makes anti-hacking computer software for the military, to Huawei on national security grounds. In 2010, Sprint said security was the official reason they would not consider bids from Huawei and ZTE for the $7 billion upgrade of their network.


"Will not be taking part in the building of America's interoperable wireless emergency network for first responders due to U.S. government national security concerns."

Most recently, the U.S. Commerce Department slapped ZTE with an export ban that effectively shuts the door on the U.S. market. The ban makes it illegal for any U.S. company to sell any components to ZTE. That includes hardware (like chips from Qualcomm).

This version of an economic death penalty wasn’t for some trivial infraction. ZTE sold equipment to Iran and North Korea in violation of a whole lot of U.S. restrictions. This included equipment by Microsoft, HP, Oracle, Dell, Cisco and Symantec.

Huawei is no stranger to violating U.S. law either, including the outright massive theft of intellectual property from Cisco back in 2003. And not just a little bit. My previous column called for a “people warfare” strategy against China to stop the theft of intellectual property for this exact reason.

China and Russia have produced companies with unsettling ties and relationships with military and intelligence units. Kaspersky Labs from Russia has been dogged with stories of its ties with the former-KGB, along with the modern-day successor, FSB.

Kaspersky’s antivirus software operates as a modern-day false flag operation. In intelligence work, false flag operations are a deception to disguise the true origin of an activity. For example, in 1996 the FBI agent Earl Edwin Pitts was discovered to be committing espionage after undercover agents posed as Russian spies. But it’s hard to scale a massive spying operation one traitor at a time.

An easier way is software. And what better way than to get you to install an antivirus program and give it access to every file on your computer? And that is what Kaspersky Labs has been doing since 1997. The very design of antivirus software means that when a suspicious file is detected, it is quarantined and sent back to a lab for examination.

Kaspersky’s lab is in Moscow, Russia. This means every file is scanned by software that originates in Russia. Every now and then, you win the lottery, which is what happened in 2017 when the personal computer of another NSA contractor was scanned and found to have the mother-lode of classified technology.

Kaspersky claims it’s nothing but a pawn in this intelligence battle between the U.S. and Russia. That’s a little hard to believe after how it helped Iran in 2012 remediate and fix their centrifuges after the Flame virus and Stuxnet worm had been discovered.

How Kaspersky was able to know classified NSA tools and flag them is still murky. What we do know is that Russian intelligence officials ended up in possession of these cyber weapons. And no one does business in Russia without paying their respects to the modern-day Don Corleone Vladimir Putin.

The most powerful billionaires can’t escape arrest or imprisonment, especially when you criticize the Russian godfather. Which makes Kaspersky’s claims that they don’t collaborate with Russian intelligence a little hard to believe.

As a result, President Trump signed into law a ban on the use of Kaspersky software within the federal government. Yet, the software is still in use on our schools, law enforcement agencies, hospitals, state governments and more. This invasion has turned into an infection that is resistant to our attempts to eradicate it.

And I still haven’t covered the use of Chinese made drones and surveillance cameras, along with the chipsets that power thousands of law enforcement body-worn cameras. We’re losing a war. Not against a country, but against bits, bytes, and chips.

Morgan Wright is an expert on cybersecurity strategy, cyberterrorism, identity theft and privacy. Previously Morgan was a senior advisor in the U.S. State Department Antiterrorism Assistance Program and senior law enforcement advisor for the 2012 Republican National Convention. Follow him on Twitter @morganwright_us.

No comments: