It is a dangerous place to be in. We all have been there and in most cases it is as innocent as it could ever be. You see, sometimes life throws you a curveball. Gamers tend to identify it most easily. In my particular case it was a game called Magic Carpet. It was a Bullfrog game and I was testing it on the PC. It played magnificently there, and soon thereafter I also tested it on the very first PlayStation. There, because of the controller it was good, but not great. Still, it was fun to play and I tended (in those early years) to really get into a game, so when the situation blew into my face, I got a little frustrated. The next two times were worse and the last time (on that day) I went slightly angry (with myself) and I kicked the door. The issue was not the door, it was my steel tipped boot and I went straight through the door, so, I was not merely ticked off, I had a hole in the door (which would require funds to repair) and the boss in Magic Carpet was still alive. We all have had these moments. Our car, our bike, the TV, things go wobbly on you and we sometimes react wrongly to this situation and in light of that get to reflect on our own ego’s a little.
These are the images going through me when I was confronted to new information when looking at the unrealistic response by America (and Australia) to Huawei. In the case of Australia it seemed the mere application of greed and fear as politicians cater to the greed of a large telecom company, which was not seemingly the case with America. Yet that tip was raised for me less than 24 hours ago. The article (at https://foreignpolicy.com/2018/08/15/botched-cia-communications-system-helped-blow-cover-chinese-agents-intelligence/), shows how the CIA got their own systems handed to them through ego and what I would regard as stupidity. The initial headline ‘The number of informants executed in the debacle is higher than initially thought‘ is rather unsettling. It gets to be worse with “The CIA had imported the system from its Middle East operations, where the online environment was considerably less hazardous, and apparently underestimated China’s ability to penetrate it. “The attitude was that we’ve got this, we’re untouchable,” said one of the officials who, like the others, declined to be named discussing sensitive information. The former official described the attitude of those in the agency who worked on China at the time as “invincible.” Other factors played a role as well, including China’s alleged recruitment of former CIA officer Jerry Chun Shing Lee around the same time.” This is the most dangerous of settings. The wrongful setting comes straight from Sun Tsu where we learn that all war is based on deception. China is not some place that is tinkering at the side of the road, the Art of War COMES FROM CHINA! It gets to be worse when you consider that that book was written long before Americans had adopted proper reading and writing skills, close to 1200 years before that, so that was their first error.
When we see: “But the penetration of the communication system seems to account for the speed and accuracy with which Chinese authorities moved against the CIA’s China-based assets. “You could tell the Chinese weren’t guessing. The Ministry of State Security [which handles both foreign intelligence and domestic security] were always pulling in the right people,” one of the officials said. “When things started going bad, they went bad fast.”“. The entire matter seems to be exponentially wrong. The big issue is not on how it was cracked, or even if it was cracked. My issue had been (for a much longer time now) that for too long, the deciding voices, all listening to some CTO, often with multiple sides lacking wisdom that the setting was not merely that there was ‘a security risk’, there was for the longer time a much larger security flaw. For much too long a time, we got the ‘slides of wisdom’ on how data in transit tends to be safe and data at rest tended to be in danger. Even when I started my CCNA, the amount of knowledge given in the Cisco books gave the rise to the consideration that data in transit is not merely as vulnerable, it was that a lot more could be done unnoticed (not merely by the Chinese mind you). It was some time before the Sony hack that I expected a setting where the routers themselves might be used against the owner, it went further when we consider Wired in 2013 (at https://www.wired.com/2013/09/nsa-router-hacking/). The headline is not merely ‘NSA laughs at pc’s, prefers hacking routers and switches‘. It is the setting where we see: ““No one updates their routers,” he says. “If you think people are bad about patching Windows and Linux (which they are) then they are … horrible about updating their networking gear because it is too critical, and usually they don’t have redundancy to be able to do it properly.” He also notes that routers don’t have security software that can help detect a breach“. This is where I was in 2011, when I started to comprehend the working of a router and router tables, I figured out that it is not the router they can see that is the problem; it is the one they cannot see. That idea came from a presentation by Thomas Akin, CISSP, Director, Southeast Cybercrime Institute who had a presentation for the Blackhat briefings. The 2002 presentation gave me the idea. You see apart from the lack of security, the +1 hop hack allows form something truly unique. Consider [.MIL Server], that server connects to <secure router 1> and things are set into motion. Now, we cannot direct all the traffic, yet materials from that location to let’s say ‘preferred consultant one‘ will go via certain paths, yet the first router after <secure router 1> tends to be merely one or two routers (depending on traffic) to that preferred consultant. It is easy to find a router that could optionally be a link to these routers and duplicate all packages that go to that specific next step. Not only is the task easily done, the path is not hindered, the router is not intervened with and a simple reset takes away whatever evidence existed in the first place. In addition, the additional part is that the compact flash in those routers is ‘The maximum storage capacity for the CF in Slot0 and Slot1 is 4GB‘, yet the only part here is that you only needed 32 MB, which is what most of us used then, but cards that small are no longer made, so most IT people just plug in what they have. You have well over 3GB of package storage, so all packages to that one location could be stored and redirected on the ‘off’ hours as not to leave any monitored spike. Until the CFlash card is ejected from the router and investigated no one will have a clue. That was 7 years ago and the systems are even more capable now, a 3GB glitch will not register on most systems, especially when those IT people do not block Spotify and/or YouTube. By the time they figured it out, the setting is already wiped, and this path can be adjusted on a daily bases so that most IT networkers never had a clue in the first place.
You think that I am alone in this, that I am this clever? No, I am not! There are plenty of IT Networkers running circles around me and that is now set into the stage of ‘we’re untouchable‘. The CIA was never that, they never needed to be touched, the opponent merely needed a clear line of sight to the router that is one skip from the secure router that they needed to get to. We see more in the Foreign Policy article with the quotes “Information about sources is so highly compartmentalized that Lee would not have known their identities. That fact and others reinforced the theory that China had managed to eavesdrop on the communications between agents and their CIA handlers” and “an encrypted digital program, allows for remote communication between an intelligence officer and a source, but it is also separated from the main communications system used with vetted sources, reducing the risk if an asset goes bad“. Now we merely add “But the CIA’s interim system contained a technical error: It connected back architecturally to the CIA’s main covert communications platform. When the compromise was suspected, the FBI and NSA both ran “penetration tests” to determine the security of the interim system. They found that cyber experts with access to the interim system could also access the broader covert communications system the agency was using to interact with its vetted sources, according to the former officials“. I believe it goes further than that. If we see the entire layer process and consider that in the end, certain systems merely replicate a process. Cisco (at https://www.cisco.com/c/en/us/support/docs/lan-switching/8021q/17056-741-4.html) gives us: “A device can determine which VLAN the traffic belongs to by its VLAN identifier. The VLAN identifier is a tag that is encapsulated with the data. ISL and 802.1Q are two types of encapsulation that are used to carry data from multiple VLANs over trunk links”, as well as “The DA field of the ISL packet is a 40-bit destination address. This address is a multicast address and is set at “0x01-00-0C-00-00” or “0x03-00-0c-00-00”. The first 40 bits of the DA field signal the receiver that the packet is in ISL format“, so as the destination was known, the people needing this could search very specifically. When we consider ‘It connected back architecturally to the CIA’s main covert communications platform‘, the connection back would enable those seeking to find the needed value of the DA field. That does not merely impede the CIA, it stands to reason that to some degree the NSA would be just as vulnerable.
The main course
In my case, I tend to go for the Bambi burger, ideally I watch Bambi whilst having that lovely slice of venison. You see when we get to “As part of China’s Great Firewall, internet traffic there is watched closely, and unusual patterns are flagged. Even in 2010, online anonymity of any kind was proving increasingly difficult. Once Chinese intelligence obtained access to the interim communications system, penetrating the main system would have been relatively straightforward, according to the former intelligence officials. The window between the two systems may have only been open for a few months before the gap was closed, but the Chinese broke in during this period of vulnerability“, I believe the setting is worse than that. These players still require their consultants. It does not matter whether you call them construction workers, members of Blackwater, Xe Services, or Academi. It is those places as well as Booz Allan Hamilton and other providers that still require to be informed, and that is where the interception could start. The setting is not ‘the Chinese broke in during this period of vulnerability‘, it is the long term flags that they were able to test at this point and that is the fear we see with their setting of Huawei and partners. Not that Huawei is the danger, but the fact that Chinese intelligence is just as able to get into nearly all systems, it merely can get into Chinese systems faster (for now). This is where it gets a little more complicated, because it is not about the now, it is about tomorrow and the tomorrows that are coming. The only ones who have a chance of getting things done are players like the Constellis Group and Palantir when they unite abilities. It is going to be about data and about the ability to forecast how traffic goes. Thomas Akin was teaching this wisdom 16 years ago. We see this when we are made to realise
- Live system data is the most valuable.
- Immediate shutdown destroys all of this data.
- Investigators must recover live data for analysis.
And the loss is merely a reset away, in most cases if there is an automatic reset; the only data available is the last transgression at best. With the coming of 5G live real-time capturing data streams is what is more likely to set the stage of finding out what happened, in this the entire setting of ‘China’s Great Firewall‘, we are already looking at outdated Chinese technology and I do believe that those behind the article, as well as some DARPA people are aware of that. America and Europe are behind in ways that we cannot even perceive, because the players that need to move forward are doing so iteratively, that whilst the time of reengineering is now merely 10% of what the development time was. We see this with “Call this the IBM problem, which faced an existential threat as soon as Asian groups started churning out cheap PCs in the 1990s. But here IBM also provides a few tips to the future, with its pivot to software and solutions. By the time of IBM’s iconic “solutions for a small planet” ad campaign in 1996, the company was trumpeting voice recognition and ecommerce — producing the sort of digital enterprise backbone that ended up helping develop the internet economy” (source: Australian Financial Review). In the first instance the Asian market required 10-15 years to catch up, the second time around it took 2-3 years and now with Google and Apple working globally, it takes months. IBM (others too) took iterative steps to maximise the economic footprint, instead of truly leaping forward whenever possible, they lost the advantage and are now trailing the markets. Huawei is one clear example where the American market was surpassed. Samsung showed its supremacy by having 5G home routers ahead of everyone else and the advantage in Asia is only growing. It is seen with “Alternatively, authorities might have identified the system through a pattern analysis of suspicious online activities. China was so determined to crack the system that it had set up a special task force composed of members of the Ministry of State Security and the Chinese military’s signals directorate (roughly equivalent to the NSA), one former official said“. I do not read this part in the same way. I believe that with ‘set up a special task force composed of members of the Ministry of State Security‘, was not about cracking. I personally believe that the Cisco books were so illuminating that they decided to change the setting in their own game. I believe that the Chinese now have a more advanced system. They have done what players like Cisco should have done before 2014 and they did not. I believe that when we see a partnership between Constellis and Palantir, their findings will bear that out with in addition an optional link that shows part of the accusation that China let Russia in on certain findings (and the Russian evolution of certain networking devices). This and the next part is largely speculative, but it is supported to some extent. We see this in: “Once one person was identified as a CIA asset, Chinese intelligence could then track the agent’s meetings with handlers and unravel the entire network. (Some CIA assets whose identities became known to the Ministry of State Security were not active users of the communications system, the sources said.)“. I believe that he part given in ‘not active users of the communications system‘ gives us the third part. I believe that the system was not merely invaded. There is every chance that certain systems when activated also leave tags behind and that is where the intrusion would have paid off. You see, in the Cisco setting (as an example), the data frame has an optional 60 bytes of extension headers, yet is that always empty? More important, when were these data packages truly thoroughly checked? In this speculative setting I take you to the movie Die Hard 2. In that movie we see on how someone decided to get clever and uses the outer marker beacon to warn the planes that were in danger. The beacon can be used in other ways than merely give a beep. I believe that Cisco data packages have other optional parts than can be ‘reused’ to do something different, like the optional headers. They are to most merely empty pre-set ‘spaces’, but they could have more. That is the setting that America faces and the fact that they could get overwhelmed by Chinese intelligence because they did not rely on iterative parts. Huawei had been leaping forward, for example now offering a 128GB Android 8.1 phone (the Huawei nova 3i 128GB Handset), for 50% less than its competitors. A system that is just as advanced as anything Apple and Samsung offer; at merely half the price whilst Chinese Intelligence has been digging into that device for months, unlike the NSA that needs to queue up with all the other users to get to look at the Pixel 3 and the iPhone 8 on launch day. That is the setting we seem to be seeing and America is indeed and rightfully worried, not because Huawei has backdoors (which I never really believed) but because the players here had been held backwards through iterative technology. Apple is actually staged by Forbes that way with the quote ‘a minor point update for the iOS 11.1 iteration‘, even Forbes speaks about iterative changes. That is the setting that they are up against and they have been surpassed for years and with Huawei leading the 5G stage on a global setting the US authorities are merely getting more and more afraid that not only are they no longer the leading players, they are now sidelined by not being able to keep up with what will be presented ‘tomorrow’.
That part can be supported through the CIA with analyses reports (at https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/vol49no3/html_files/Collection_Analysis_Iraq_5.htm), in here we see that Richard Kerr, Thomas Wolfe, Rebecca Donegan, and Aris Pappas give us (in a different context): “The analysis on this issue by the Intelligence Community clearly was wide of the mark. That analysis relied heavily on old information acquired largely before late 1998 and was strongly influenced by untested, long-held assumptions. Moreover, the analytic judgments rested almost solely on technical analysis, which has a natural tendency to put bits and pieces together as evidence of coherent programs and to equate programs to capabilities. As a result the analysis, although understandable and explainable, arrived at conclusions that were seriously flawed, misleading, and even wrong“. It is important to realise that this was on the WMD setting, so in a different context and on a different setting. Yet the information systems were all designed to upholster that flaw to an ‘evolved’ placement, the systems in their entirety are nowhere near ready, now even for the previous setting. The movement from a lot of staff to more fruitful consultant settings is now paying off in a negative way for the CIA (and the NSA too). This is where it gets interesting. You see, the previous setting that I gave should partially have been dealt with through the flashlight program that DARPA has. Raytheon BBN is working on that with Professor Richard Guidorizzi from George Mason University Fairfax. I think that the system is not entirely ready here, not if the packages can be duplicated via the router and as long as the original is not touched, that system will not get the alert lights ringing.
To get you on board on how far all the NATO partners are behind, let me give you two settings. The first is a DARPA Project called ‘Probabilistic Programming for Advancing Machine Learning (PPAML)‘, the man in charge is Dr. Suresh Jagannathan, yet the bigger brain might be MIT graduate Dr. Jennifer Roberts. The given setting is “Probabilistic programming is a new programming paradigm for managing uncertain information. Using probabilistic programming languages, PPAML seeks to greatly increase the number of people who can successfully build machine learning applications and make machine learning experts radically more effective“, whilst we also see the goods in the DARPA article by Dr Roberts with “If successful, PPAML could help revolutionize machine learning capabilities in fields from Intelligence, Surveillance and Reconnaissance (ISR) and Natural Language Processing (NLP) to predictive analytics and cybersecurity“, this is certainly leaping forward, but it is still based on a system. I believe that the Chinese decided to turn the funnel upside down. To illustrate this I need to get you to an app called Inke. The article (at https://thenextweb.com/contributors/2018/02/09/hidden-world-chinese-livestreaming-app-inke/), gives us ‘The hidden world of Chinese livestreaming app Inke‘, this is not a few people; this is a craze that has already infected millions upon millions. So with “he was actually doing a livestream, an extremely popular hobby for young people in China. China is way ahead of the rest of the world when it comes to embracing livestreams.” you are missing out and missing out by a lot. These streams are real-time and often geo-tagged. I believe that the Chinese have changed the setting, they are optionally collecting Terabytes of daily data and they are converting that to actionable intelligence. Facial recognitions in phones, geo-tagged and all uploaded and streamed, all converted on the spot, like the SETI screensaver, millions of affordable mobiles (this is where the Huawei nova 3i 128GB Handset and all other new handsets come in), parsing all that data into uploaded files and Chinese intelligence gets global information close to real time, whilst their learning machines are about efficiencies of collected data, it is not about the better application by making them more effective, it is about the massive amounts of data offered to get the systems to upgrade the efficiency of parsing data, because parsing data is where the bottleneck will be in 5G and they already have a larger advantage.
In the meantime, on any given day thousands of Inke users are filming life around them in malls and famous places looking awesome doing it. Yet, if you look at the CCTV settings, how many users would have passed 935 Pennsylvania Avenue, Washington DC, or at London SE1 9EL, UK walking towards London Bridge? How many people were merely assuming that they were tourists face timing with mom and dad? Are you getting that picture now? and also realise that Inke is merely one of more than 300 live streaming companies, all capturing that data all those tags that a smartphone allows it to capture and at the top of all this, Facebook and YouTube are eagerly pushing people to gain following by doing just that. So how long until the user realises that uploading the same stream to 2-3 providers gets them to gain a lot more following and optionally cash? Yes, the intelligence community is that far behind at present. So when we are worrying on “The system was not designed to withstand the scrutiny of a place like China, where the CIA faced a highly sophisticated intelligence service and a completely different online environment“, we need to consider that China is already ahead of the game and the CIA systems might be merely an option to scrutinise their own data, because that remains the Chinese bottleneck, the data will require verification and that is the one field where their opposition could gain the advantage if they set their minds to a different algorithm, one on reliability, not on likelihood. It is a setting where all the players involved have a second tier of consideration. They embrace a ‘not now, but soon‘ thought, when ‘I needed this yesterday‘ is the proper setting as I personally see it, because data without proper vetting is merely used space on any given storage device.
That final part can be considered when we look at the linked article that NBC had from last January. There we see: “When agents searched Lee’s hotel rooms in 2012, they found notebooks with the names of covert CIA sources, according to court documents. But not all of the agent arrests and deaths could be linked to information possessed by Lee, who left the CIA in 2007“, an issue I mentioned in an earlier blog. We get there when we consider his actions and ‘found notebooks with the names of covert CIA sources‘, do you think that anyone, especially in this setting would be that stupid? It’s like keeping the condom as a trophy after having intercourse, its useless and stupid. I believe that either it is not the ‘covcom’ system, or not merely the ‘covcom’ system. I believe that (if it is all correct) that Chinese intelligence got in further and deeper into acquiring the data required and the notebook is the proverbial red herring in all this, especially as Jerry Chun Shing Lee left the CIA in 2007. You do not hold on to that level of information 11 years after you might have had some level of valid reasons to have it in the first place. That is the part many overlooked, or looked away from.
In the end, I do believe that it is not merely the inability that drove the anti-Huawei waves, it is the fact that those decision makers have no idea where to navigate towards next is what drives their fears almost exponentially.