Posts

[US Oil Fund ETF via Google Finance]

The Curious Timing of Kushner’s visit to KSA and the U.S.’ EITI Exit

Trump’s son-in-law Jared Kushner — he of the shaky memory and a massive debt in need of refinancing — met with Crown Prince Mohammed bin Salman within the same week the U.S. withdrew from an anti-corruption effort and Saudi Arabia cracked down on corruption. What curious timing.

Let’s look at a short timeline of key events:

Tuesday 24-OCT-2017 — Saudi Arabia’s Crown Prince Mohammed bin Salman helms a three-day business development conference at the Ritz-Carlton in Riyadh, referred to as “Davos in the desert.” Attendees include large investment banks as well as fund representatives; one of the key topics is the impending IPO for Saudi Aramco.

Wednesday 25-OCT-2017 — Jared Kushner departed for an unpublicized meeting with government officials in Saudi Arabia.

Wednesday 25-OCT-2017 — Treasury Secretary Steve Mnuchin and Undersecretary for Terrorism and Financial Intelligence Sigal Mandelker traveled separately from Kushner to participate in bilateral discussions, which included the memorandum of understanding with the Terrorist Financing Targeting Center (TFTC). The U.S. and Saudi Arabia chair the TFTC while Gulf States form its membership.

Friday 27-OCT-2017 — Reports emerged that at least one Trump campaign team will be indicted on Monday.

Monday 30-OCT-2017 — Jared Kushner met with Crown Prince Mohammed bin Salman, discussing strategy until 4:00 am. News reports didn’t indicate when exactly Kushner arrived or when discussions began. (Paul Manafort, Rick Gates, George Papadopolous were indicted this day, but not Kushner; good thing “excellent guy” Papadopolous as a former Trump campaign “energy and oil consultant” wasn’t involved in Kushner’s work with Saudi Arabia, that we know of.)

Thursday 02-NOV-2017 — U.S. Office of Natural Resources Revenue sent a letter to the Extractive Industries Transparency Initiative (EITI), a multinational effort to reduce corruption by increasing transparency around payments made by fossil fuel companies to foreign governments. The U.S. had been an implementing member since 2014.

Saturday 04-NOV-2017 — At 7:49 am EDT, Trump tweets,

“Would very much appreciate Saudi Arabia doing their IPO of Aramco with the New York Stock Exchange. Important to the United States!”

Saturday 04-NOV-2017 — (approximately 5:00 pm EDT, midnight Riyadh local time) At least 10 Saudi princes and dozens of government ministers were arrested and detained under what has been reported as an anti-corruption initiative. Prince Alwaleed Bin Talal, a critic of Trump and a tech industry investor of note, was among those arrested this weekend.

Saturday 04-NOV-2017 — At 11:12 pm EDT Reuters reported Trump said he had spoken with King Salman bin Abdulaziz about listing Saudi Aramco on the NYSE. The IPO is expected to be the largest offering ever.

But wait…there are some much earlier events which should be inserted in this timeline:

Friday 03-FEB-2017 — Using the Congressional Review Act to fast track their effort, Senate passes a joint resolution already approved by the house, disproving the Securities and Exchange Commission’s Rule 13q-1, which implemented Section 1504 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. Section 1504, the bipartisan product of former senator Richard Lugar and Sen. Ben Cardin (now ranking Democrat on the Foreign Relations Committee),

“…a public company that qualified as a “resource extraction issuer” would have been required to publicly disclose in an annual report on Form SD information relating to any single “payment” or series of related “payments” made by the issuer, its subsidiaries or controlled entities of $100,000 or more during the fiscal year covered by the Form SD to a “foreign government” or the U.S. Federal government for the “commercial development of oil, natural gas, or minerals” on a “project”-by-“project” basis. Resource extraction issuers were not required to comply with the rule until their first fiscal year ending on or after September 30, 2018 and their first report on Form SD was not due until 150 days after such fiscal year end.” (source: National Law Review)

Section 1504 and SEC rule 13q-1 enacted the U.S.’ participation in the EITI’s anti-corruption effort.

Monday 13-FEB-2017 — Trump signed the disproving resolution. (Probably just another coincidence that Michael Flynn resigned this day as National Security Adviser.)

From the earliest days of this administration, both the Trump White House and the GOP-led Congress have been ensuring that extractive industries including oil companies will not be accountable for taxes, fees, and other miscellaneous payments (read: dark money donations and bribes, the latter being a bone of contention to Trump) paid to foreign governments.

Some of the immediate beneficiaries are Exxon Mobil, for which Secretary of State Rex Tillerson used to work, and the Koch brothers, among U.S. oil companies which claimed additional reporting requirements under Rule 13q-1 would make them less competitive with overseas oil producers.

What’s not yet clear: How is this reduced openness supposed to help track financing of terrorism, which Treasury was supposed to be working on?

What of transparency related to arms deals involving Saudi money or Aramco? What of transactions between U.S. oil companies and other foreign companies involved in deals with Russian fossil fuel firms like Gazprom?

Can Trump, Jared Kushner, their family and minions, and members of Congress profit from this increased lack of transparency?

What happens to the U.S. and global economy when oil prices rise without adequate transparency to the market to explain price increases?

Also not yet clear: what happened to the 19.5% stake in Rosneft sold last year, allegedly bought by Qatar’s sovereign wealth fund and Glencore (the same Glencore now embroiled in Paradise Papers scandal)? This massive chunk of Russia’s largest oil company has increased in value in tandem with crude oil’s rise, especially since the Saudi crackdown on Saturday. What’s to keep this massive amount of Rosneft shares from being laundered through stock markets as Deutsche Bank did between 2011 and 2015?

It’s all just so curious, the unanswered questions, the odd timing: Aided and abetted by GOP-led Congress, Trump pulls out of an anti-corruption initiative while Treasury Department appears to work on anti-corruption, and Kushner meets on the sly with the Saudi crown prince just days before an anti-corruption crackdown.

Hmm.

Friday Morning: Looks Like We Made It!

Looks like we survived the first business week of the year, made it through floods and fire and other apocalyptic events. Can’t imagine what next week will bring at this rate.

Saudi Arabia may sell shares in oil producer Aramco
Listing Aramco could create the most valuable company in the world, worth over a trillion in U.S. dollars. The move may raise cash to pay down some of the Saudi government’s debt, but it opens the oil producer to public scrutiny. Would it be worth the hassle?

With Russia increasingly eating into Aramco’s market share of China, and OECD countries’ oil consumption falling, selling shares in Aramco may not raise enough cash as its revenues may remain flat. Prices for utilities have already been raised within Saudi Arabia, shifting a portion of expenses to the public. What other cash-producing moves might Saudi Arabia make in the next year?

Detroit’s annual Autoshow brings VW’s CEO for more than a visit to tradeshow booth
Looks like Volkswagen’s Matthias Mueller will be tap dancing a lot next week — first at the 2016 North American International Auto Show, which unofficially opens Sunday, and then with the Environmental Protection Agency.

What’s the German word for “mea culpa”? Might be a nice name for a true “clean diesel” vehicle.

Data breaches now so common, court throws out suit
You’re going to have to show more than your privacy was lost if you sue a company for a data breach. Judge Joanna Seybert for U.S. District Court for the Eastern District of New York dismissed a class action suit against craft supplies retailer Michael’s last week, writing that lead plaintiff “has not asserted any injuries that are ‘certainly impending’ or based on a ‘substantial risk that the harm will occur.” Whalen’s credit card had been used fraudulently, but she wasn’t liable for the charges.

Annoyingly, Clapper v Amnesty International USA was used as precedent, much as it had been in last summer’s suit against Home Depot for a data breach. At this rate, retailers will continue to thumb their noses at protecting their customers’ data, though identity theft-related losses amount to more than all other property theft losses combined [pdf].

Don’t forget China: DOJ raids Chinese hoverboard company’s stall at CES 2016
I can’t find any previous examples of law enforcement conducting a raid at a trade show — if you know of one, please share in comments. The Department of Justice’s raid yesterday on Changzhou First International Trade Co.’s booth at CES 2016 doesn’t appear to have precedent. Changzhou’s hoverboard product looks an awful lot like Future Motion’s Onewheel, which had been the subject of a Kickstarter project. The Chinese hoverboard was expected to market for $500, versus the Onewheel at $1500.

Makes me wonder if there are other examples of internet-mediated crowd-funded technology at risk of intellectual property theft.

Pass the Patron. I’m declaring it tequila-thirty early today.

Why Is the Aramco Hack Considered a Significant NSA Milestone?

Screen Shot 2015-06-06 at 10.04.57 AMI’ve been puzzling over the list of “key SSO cyber milestone dates” released with the upstream 702 story the other day.

For the most part, it lists technical and legal milestones leading to expanded collection targeting cyber targets (which makes sense, given that’s what Special Source Operations does — collect data off switches). There’s the one redacted bullet (which, if it referred to an attack thwarted, might refer to this thwarted attack on a US defense contractor in December 2012).

But what is the August 2012 DDOS attack on Saudi Aramco doing on the list? And, for that matter, why is it referred to as a DDOS attack?

The attack was publicly described as a two-step hack targeted against both Aramco and Qatar’s gas industry which copy-catted an attack associated with the Flame attack on Iran. It is generally now described as Iranian retaliation for StuxNet. Though at the time, potential attribution ranged from hacktivists, a single hacker, or Aramco insiders. The Sony hack used tools related to the Shamoon attack.

Not long after the Aramco hack, the NSA expanded their Third Party SIGINT relationship to include the Saudi Interior Ministry (then led by close US ally Mohammed bin Nayef). The next month the Saudis (again, with MbN in the leader) prematurely renewed their Technical Cooperation Agreement with the US, adding a new cybersecurity component.

So regardless of how serious an attack it was (on that, too, accounts varied) it did have a significant effect on our role in cybersecurity in the Middle East, potentially with implications for SSO.

But unless SSO thwarted the attack — or at least alerted the Saudis in time to pull their computers offline — why would that be a significant milestone for SSO?

 

Someone Hacked Our Memory: “Retaliation,” “Deterrence,” “Escalation”

The WSJ has a story developing on earlier WSJ and NYT reporting that someone — believed to be Iran — was using cyberattacks on energy companies in preparation to sabotage operations.

And while the WSJ responsibly includes a short paragraph noting that the US “has previously launched its own cyberattacks” on Iran to sabotage its nuke program, none of the people they interview seem to remember that we struck Iran first and that this should be regarded as retaliation to our own provocation, not vice versa.

In response, U.S. officials warn that Iran is edging closer to provoking U.S. retaliation.

“This is representative of stepped-up cyber activity by the Iranian regime. The more they do this, the more our concerns grow,” a U.S. official said. “What they have done so far has certainly been noticed, and they should be cautious.”

[snip]

Underscoring the Obama administration’s growing concern, the White House held a high-level meeting late last month on how to handle the Iranian cybersecurity threat. No decisions were made at that meeting to take action, however, and officials will reconvene in coming weeks to reassess, a U.S. official said.

“It’s reached a really critical level,” said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies, who frequently advises the White House and Capitol Hill. “We don’t have much we can do in response, short of kinetic warfare.”

The Obama administration sees the energy-company infiltrations as a signal that Iran hasn’t responded to deterrence, a former official said.

In October, then-Defense Secretary Leon Panetta issued a veiled threat to Iran, which he did not name in his speech, by warning the Saudi Aramco hack represented a dangerous escalation in cyberwarfare. Since then, the Iranian attacks have only ramped up. [my emphasis]

One of the reasons we’re likely left with little to do in response short of “kinetic warfare,” of course, is we’ve already economically sabotaged Iran’s economy with sanctions, gutting the already fewer targets we might hit to strike back. (Also, the countries that have exemptions to trade with Iran for oil likely would frown on any attempt on our part to further devastate Iran’s energy sector.)

You’d think someone would have thought of this entirely predictable state of affairs before advising the most cyber-vulnerable nation on earth to pioneer the use of syberwar to sabotage key infrastructure, huh?

The Sabotage Attack on the Syrian Coalition

The NYT reportsadding to an earlier WaPo story — that hackers have attempted to sabotage a bunch of US energy companies.

A new wave of cyberattacks is striking American corporations, prompting warnings from federal officials, including a vague one issued last week by the Department of Homeland Security. This time, officials say, the attackers’ aim is not espionage but sabotage, and the source seems to be somewhere in the Middle East.

It ties these attacks to earlier attacks, claimed to have been launched by Iran, against ARAMCO and Qatar’s RasGas.

Two senior officials who have been briefed on the new intrusions say they were aimed largely at the administrative systems of about 10 major American energy firms, which they would not name. That is similar to what happened to Saudi Aramco, where a computer virus wiped data from office computers, but never succeeded in making the leap to the industrial control systems that run oil production.

[snip]

At Saudi Aramco, the virus replaced company data on thousands of computers with an image of a burning American flag. The attack prompted the defense secretary at the time, Leon E. Panetta, to warn of an impending “cyber 9/11” if the United States did not respond more efficiently to attacks. American officials have since concluded the attack and a subsequent one at RasGas, the Qatari energy company, were the work of Iranian hackers. Israeli officials, who follow Iran closely, said in interviews this month that they thought the attacks were the work of Iran’s new “cybercorps,” organized after the cyberattacks that affected their nuclear facilities.

Saudi Aramco said that while the attackers had attempted to penetrate its oil production systems, they had failed because the company maintained a separation between employees’ administrative computers and the computers used to control and monitor production. RasGas said the attack on its computers had failed for the same reason.

And while the adoption of earlier sabotage approach used with ARAMCO and RasGas infrastructure to US energy producers does not mean all members of the coalition to topple Bashar al-Assad have been attacked by an entity insinuated to be Iran (unless the European parters’ energy companies have been attacked and we just don’t know about it). But this attack does seem to be an assault on the coalition trying to undercut Iran by taking down its client regime in Syria.

Which has me wondering whether this is an Iranian attack — revenge, if you will, for StuxNet, serves the US right. Or if it’s an attack launched by a coalition, possibly including Russia.

I also wonder whether the point of the sabotage isn’t on the information side of the equation, rather than the operational one.

In other news, remember how former NSA head and all-around cyberwar profiteer Mike McConnell declared digital 9/11 warning based on the ARAMCO attack and some crude DNS attacks on banks here in the US? Guess who has become a player in Saudi (and Gulf generally) cybersecurity?

During this event, Booz Allen Hamilton leadership shared their insights on global cyber security practices and the importance of a cross-border cooperative approach to protecting critical infrastructure in the Gulf.

Commenting at the event, McConnell said, “The GCC states have become global hubs in finance. However, this growth introduces increased cyber security risks by threat actors who target this region for monetary or political gain. GCC states have already experienced significant cybercrime in the recent past, it is now more important than ever to ensure that these are not repeated.”

He also added, “Financial institutions are a prime target for cyber criminals, and as a result, they need to focus on staying ahead of cyber threats by developing the right human capital, developing appropriate training programmes and retaining the right skills and technology to properly access and protect corporate data.”

Booz Allen Hamilton was recently registered by the Kingdom of Saudi Arabia Ministry of Commerce and Industry to pursue business opportunities in the Kingdom in support of domestic economic diversification. The firm will provide services to government and commercial clients on critical issues related to the Kingdom’s development, most notably in the areas of cyber security, information technology, financial services and other selected infrastructure. [my emphasis]

I’m guessing BAH’s work in KSA has a lot to do with the expanded Technical Cooperation Agreement signed with the US in January, which added a cyber component onto the previous effort to create a 35,000 person security force Mohammed bin Nayef could use to protect the kingdom’s oil infrastructure.

So if you’re bummed that BAH gets to troll American networks with abandon, rest assured that it will now be doing so in Saudi Arabia, too.