Tag Archives: cyber espionage

Playing us for suckers.

Posted on by
7

Huawei NZ has offered to only use NZ citizens to install its 5G equipment as part of the national broadband upgrade. It does so because of concerns about a revised Chinese National Intelligence Law that requires all Chinese citizens and firms to serve the interests of state security. Prior to now, many of the technicians involved in installing Huawei equipment around the world were and are Chinese citizens. After the GCSB advised against using Huawei in the NZ 5G roll-out citing national security concerns and publicizing of the Chinese intelligence law requirement of its citizens, Huawei NZ decided to allay fears by offering to use Kiwi technicians instead.

This is akin to ISIS using white females to deliver package bombs. It is not the method of delivery that matters but the content of what is being delivered.

Huawei technicians in NZ may or may not know what “backdoors” or other bulk collection or data mining filters are embedded in the equipment that they install. That comes from the source, and when it comes to Huawei the source is intimately bound up with the Chinese state and its ruling party. Huawei is not a publicly traded company. Instead, it is a state capitalist enterprise and the CCP has a major role in its direction. Its technical arm is believed by Western intelligence agencies to have close ties to Chinese signals intelligence, which given the intelligence law’s requirement on Chinese firms is part but not all of the reason that Huawei has been banned from 5G roll-outs in Australia, NZ and the US.

Western telecommunications firms also install backdoors in their equipment. Those are used to, via bulk collection and data mining, ascertain customer preferences with an eye to selling advertising. According to Western security agencies, the difference between them and Huawei and its Chinese counterpart ZTE is that the former do not work hand in glove with intelligence agencies and in fact (especially after the Snowden revelations about bulk collection of domestic communications in Western democracies) require warrants from security courts in order to access encrypted communications on private networks.

So the argument goes that Western telecommunications firms install backdoors in their equipment in order to enhance commercial profitability while Huawei and ZTE install backdoors in order to serve Chinese intelligence. This includes collecting political, economic, military, diplomatic, commercial and intellectually proprietary information that extend well beyond aggregating and selling consumer preference data.

That is a big difference that the nationality of the technicians doing the installing of such equipment cannot obscure. Perhaps the Huawei NZ management think the NZ public are gullible enough to believe that the citizenship of technicians is the reason the GCSB advised against using it as a supplier.

When it comes to who to believe in a contest between NZ profit-seekers and national security professionals, especially when the profit-seekers are backed by an aggressive authoritarian state that regularly violates international norms, my inclination on this particular matter is to believe the security professionals, warts and all.

Cyberwar comes to New Zealand.

Posted on by
1

News that Chinese hackers obtained personal details of 4 million US federal employees dating to 1985, following on the heels of similar attacks on the customer records of private insurance companies and retirement funds as well as the internal email networks of the US State Department and White House, demonstrate that a guerrilla cyber-war is underway. Although it will not replace traditional warfare any time soon, this is the new face of war for several reasons.

First, it does not involve physical conflict using kinetic weapons, which removes direct bloodletting from the equation. Second, it can target critical infrastructure (power grids, water supplies) as well as the command, control, communications, computing and intelligence (C4I) capabilities of adversaries. Third, it can be masked so that perpetrators can claim a measure of plausible deniability or at least intellectual distance from the action. Fourth, it can be used for tactical and strategic purposes and the pursuit of short or long-term objectives.

Much like military drones, cyberwar is here to stay.

The war is not one sided: Russian hackers have penetrated Pentagon email networks and the 5 Eyes signals intelligence alliance has dedicated hacking cells working 24/7 on targets of opportunity. Many other nations also indulge in the practice as far as their technological capabilities allow them. To these can be added a host of non-state actors—Wikileaks, Anonymous, ISIS, among others—who have also developed the capability to engage in electronic espionage, sabotage, data capture and theft.

With the most recent revelations about the hacks on the US Office of Personnel Management (OPM) archival records (which include personal details of active and retired federal employees as well as identities of those who have had or hold security clearances, perhaps including myself given my prior employment by the Department of Defense) an evolution in cyber warfare is now evident.

Previously, most state-sanctioned cyber attacks were so-called “front door” attacks on government or corporate mainframes, servers and networks. The interest was in surreptitiously obtaining sensitive data or installing surveillance devices in order to engage in ongoing monitoring of targeted entities. “Back door” probes and attacks were the province of non-state actors, especially criminal organisations, seeking to obtain private information of individuals and groups for fraudulent use. However, the recent attacks have been of the “back door” variety yet purportedly state sanctioned, and the Snowden leaks have revealed that 5 Eyes targets the personal communications of government officials, diplomats, military officials and corporate managers as a matter of course.

The move to state-sponsored “back door” hacks is ominous. Accessing data about current and retired government employees can be used to blackmail those suffering personal liabilities (debt, infidelity) in order to obtain sensitive information about government processes, procedures, protocols and policy. It can target active and former intelligence and military officials and others with access to classified information. It can target former public officials that have moved to the private sector, particularly in fields of strategic or commercial importance. Likewise, obtaining sensitive personal data of employees working in private firms opens the door to similar exploitation for illicit commercial gain.

Advances in consumer telecommunications have made cyber hacking easier. Smart phones and their applications are considered to be the most vulnerable to hacking. Because many people store an enormous amount of personal data on these devices, and because they often mix work and personal business on them, they represent an enticing entry point when targeted. Yet even knowing this millions of consumers continue to pack their lives into electronic devices, treating them more as secure bank vaults rather than as windows on their deepest secrets. Not surprisingly, both state and non-state actors have embarked on concerted efforts to penetrate mobile networks and hand-held devices. Encryption, while a useful defense against less capable hackers, only slows down but does not stop the probes of technologically sophisticated hackers such as those in the employ of a number of states.

The bottom line is this: the smaller the telecommunications market, the easier it is for cyber hackers to successfully place backdoor “bugs” into the network and targets within it, especially if government and corporate resources are directed towards defending against “front door” attacks. On the bright side, it is easier to defend against attacks in a smaller market if governments, firms, service providers and consumers work to provide a common defense against both “front door” and “back door” hacking.

The implications for New Zealand are significant.

In this new battleground physical distance cannot insulate New Zealand from foreign attack because cyber-war knows no territorial boundaries. New Zealand provides an inviting target because not only is an integral and active member of Western espionage networks, it also has proprietary technologies and intellectual property in strategic sectors of its trade-dependent economy (including niche defense-related firms) that are of interest to others. Because New Zealand’s corporate, academic and public service elites are relatively small and the overlap between them quite extensive, hacks on their personal data are a valuable tool of those who wish to use them for untoward purposes.

New Zealand public agencies and private firms have been relatively slow to react to the threat of cyber warfare. The data they hold on their employees, managers, policy elites and general population is an inviting “back door” for determined hackers seeking to exploit vulnerabilities in New Zealand’s cyber networks. Since many Kiwis are lax about separating their work and private electronic correspondence and records, the potential to access sensitive personal information is high.

New Zealand has been the subject of numerous “front door” cyber attacks and probes on public and private agencies, including an attack by Chinese-based hackers on the NIWA supercomputer carried out in concert with a similar attack by the same source on the supercomputer run by the US National Oceanographic and Atmospheric Administration (NIWA’s US counterpart). New Zealanders have been the targets of numerous “back door” intrusions such as phishing and other scams perpetrated by fraudsters and conmen. Yet successive governments have been slow to recognize the new threat advancing towards it in the cyber-sphere, only recently creating dedicated cyber security cells within the intelligence community and just last year amending the GCSB Act to address vulnerabilities in domestic internet security. But it still may not be enough.

Until New Zealand resolves the problem of institutional lag (that is, the time gap between the emergence of a technologically-driven threat and an institutional response on the part of those agencies responsible for defending against it), there is reason to be concerned for the security of private data stored in it. After all, in the age of cyberwar there is no such thing as a benign strategic environment.

Crying wolf on terrorism for political gain.

Posted on by
2

The merit of a proposition can be judged by the strength of the argument in support or defense of it. In the case of the proposed changes to the GCSB and TICS Acts, the government’s argument has basically reduced to claims that terrorists will strike if the bills do not pass, perhaps even using weapons of mass destruction. More than an argument in favor of the bills, it is a sign of desperation on the part of a government unwilling to level with the public on its real intent.

To begin with, counter-terrorism is a very small part of what intelligence agencies do. Ninety percent of intelligence collection and analysis, to include its sub-set of electronic espionage and counterespionage, is focused on traditional corporate, diplomatic and military intelligence gathering. That is true for the Five Eyes/Echelon signals intelligence network and even more so for countries that are not on the front lines of the so-called War on Terrorism.

Yet countering “terrorism” has become the buzz word used by politicians to justify the expansion of the security apparatus in all its forms, to include the militarization of police functions and extension of powers of search and surveillance. It is the fig leaf that covers a multitude of sins perpetrated by the state in the name of national security.

This is an important point because as nasty as it is, terrorism is not an existential threat to any established state, much less a consolidated democracy. Viewed objectively, it can be properly seen is a crime of violence most often carried out as an irregular warfare tactic for ideological reasons. In the hands of non-state actors it is a weapon of the militarily weak that cannot be used regularly and systematically against a broad array of targets in the face of state enforced counter-measures. Although impossible to eliminate in its entirety, especially in its small cell or lone wolf application, this type of terrorism (i.e. in John Key’s airport bomb hypothetical) is a type of criminal violence best handled by the police using the intelligence made available by human as well as signals and technical intelligence agencies.

That may or may not involve electronic eavesdropping of a targeted sort. What is not needed to counter terrorism is blanket adoption of draconian security laws that restrict individual and collective freedoms, including the right to privacy. Oppressing the majority out of fear of an extremist few is counter-productive for no other reason than doing so plays into the hands of the aggressor.

In any event New Zealand is not on the front line of the War on Terrorism. Its threat environment is different than that of Australia, the UK and the US. It is more akin to (yet less than) that of Canada, and it is telling that Canada has resisted moves to closely align its domestic intelligence gathering powers with that of its Northern Hemisphere partners. The Canadians well understand the hierarchy of threats confronting them, and in light of that have shied away from the type of legislation currently being proposed in New Zealand.

If anything, the Canadian government knows that closer public alignment with the US and UK on security issues invites greater risk of attack from those engaged in armed conflict with them. It also understands that what irregular threats exist for Canada, they are more likely to be internal and related to domestic policy issues than external in origin or manifestation. New Zealand is similar in both regards.

What this means is that the specter of terrorism raised by John Key is a dark chimera that has little connection to New Zealand’s real threats, but which is used to defend the passing of security legislation that is more appropriate for the threat environment in Pakistan or Yemen than that of the South Pacific.

In recent years cyber espionage has become the predominant form of signals intelligence threat, to include that in New Zealand. The focus of attention of Five Eyes and other signals intelligence agencies is increasingly on fiber optic cables, routers, switches and the computers that use them, as opposed to radio and satellite intercepts (even if the latter remains a priority for Echelon). In pursuit of effective counter-measures, the Echelon partners have developed sophisticated labor-savings software such as PRISM and XKeyscore that filter the first cut on zillions of bytes of electronic data (the so-called meta-data), thereby making it easier for human analysts to target specific communications based upon keywords, phrases and usage patterns.

This mass trawling through personal as well as institutional electronic communications is indeed efficient, and not problematic for countries under non-democratic rule, but poses a problem for liberal democracies where the right to privacy and presumption of innocence go hand-in-hand as the bedrocks of citizenship.

Cyber espionage in New Zealand is mostly but not exclusively perpetrated by foreign state and non-state actors seeking to access sensitive corporate, political and security information. This includes back-door access via personal computers and electronic devices into work computers of targeted sectors. Since New Zealand has the most porous internet security of the Five Eyes partners and because its economic and political decison-making elite is relatively small in comparison, it is considered to be the weak link in the network by adversaries and allies alike.

Be it by groups such as Anonymous or by state agencies such as Chinese military intelligence (and there are many others), it is estimated that New Zealand computer networks are probed dozens of times a year (at least as far as what has been publicly admitted by the government). Thus the interest in increasing the GCSB’s cyber-securty function in order to bolster the defensive aspect of local cyber intelligence (targeted hacking of foreign networks being the offensive side).

The hard fact is that cyber espionage and counter-espionage is the newest and increasingly most pervasive form of spying and is here to stay, so New Zealand has to lift its game in that field of play.

This is the real reason why the Bills have been introduced. The trouble is that they contain a very strong offensive aspect to them, in part owing to the blurred nature of cyber espionage that does not conform easily to the foreign versus domestic dichotomy traditionally used to partition internal from foreign intelligence gathering. Threats now are seen as “glocal” or “intermestic,” and thus offensive cyber intelligence operations are run side-by-side with domestic counter-intelligence (defensive) work. That includes meta data mining on home soil, and the sharing of that data with Echelon partners.

Rather than honestly reveal the true reasons why the amendments to the GCSB and TICS Acts are being proposed, the National government has resorted to the old canard about terrorism. It may be doing so because it is undiplomatic to point out that its second largest trade partner has been accused by New Zealand’s strongest security and intelligence partners of being the source of most cyber attacks on their respective and shared computer networks. It may be doing so because it assumes that most people simply do not care about issues of security and intelligence, and it might be right. But whatever its rationale, its proposals are way over the top given the realities of New Zealand’s position in world affairs and its history as a democratic polity.

There is much more that is wrong with the New Zealand intelligence community–the lack of effective and independent oversight, the political manipulation of intelligence flows, the overly broad definition of national security and threats to it being foremost amongst them. It is therefore not surprising that in the very framing of the debate about the GCSB and TICS Bills, the government has resorted to bluster and fear-mongering rather than outline the real thrust of its changes.

That is a pity. Had it done so it might have been able to reach a compromise on cyber security more appropriate for a small liberal democracy on the periphery of the major conflicts of our times. However, as things stand New Zealand is about to be saddled with a cyber-security apparatus apparatus more similar to that of Singapore than those of Belgium, Norway or Uruguay.

That pretty much says it all about how National views the world.

 

Three perspectives on the spy bills.

Posted on by
Reply

Selwyn Manning has done a Q&A with three individuals who have different and at times conflicting views of the GCSB and TICS Bills, although all three are critically opposed to the bills in their present form. One is a strategic analyst, one is an internet entrepeneur and one is an IT lawyer. John Key may dismiss them as uninformed, politically motivated or holding some hidden agenda, but their differing takes on the issue may make for some food for thought for KP readers.

The Q&A can be found here.