Posts

Thursday Morning: Snowed In (Get It?)

Yes, it’s a weak information security joke, but it’s all I have after shoveling out.

Michigan’s winter storm expanded and shifted last night; Marcy more than caught up on her share of snow in her neck of the woods after all.

Fortunately nothing momentous in the news except for the weather…

Carmaker Nissan’s LEAF online service w-i-d-e open to hackers
Nissan shut down its Carwings app service, which controls LEAF model’s climate control systems. Carwings allows vehicle owners to check information about their cars on a remote basis. Some LEAF owners conducted a personal audit and hacked themselves, discovering their cars were vulnerable to hacking by nearly anyone else. Hackers need only the VIN as userid and no other authentication to access the vehicle’s Carwings account. You’d think by now all automakers would have instituted two-factor authentication at a minimum on any online service.

Researcher says hardware hack of iPhone may be possible
With “considerable financial resources and acumen,” a hardware-based attack may work against iPhone’s passcode security. The researcher noted such an attempt would be very risky and could destroy any information sought in the phone. Tracing power usage could also offer another opportunity at cracking an iPhone’s passcode, but the know-how is very limited in the industry. This bit from the article is rather interesting:

IOActive’s Zonenberg, meanwhile, told Threatpost that an invasive hardware attack hack is likely also in the National Security Agency’s arsenal; the NSA has been absent from discussions since this story broke last week.

“It’s been known they have a semiconductor [fabrication] since January 2001. They can make chips. They can make software. They can break software. Chances are they can probably break hardware,” he said. “How advanced they were, I cannot begin to guess.”

The NSA has been awfully quiet about the San Bernardino shooter’s phone, haven’t they?

‘Dust Storm’: Years-long cyber attacks focused on intel gathering from Japanese energy industry
“[U]sing dynamic DNS domains and customized backdoors,” a nebulous group has focused for five years on collecting information from energy-related entities in Japan. The attacks were not limited to Japan, but attacks outside Japan by this same group led back in some way to Japanese hydrocarbon and electricity generation and distribution. ‘Dust Storm’ approaches have evolved over time, from zero-day exploits to spearfishing, and Android trojans. There’s something about this collected, focused campaign which sounds familiar — rather like the attackers who hacked Sony Pictures? And backdoors…what is it about backdoors?

ISIS threatens Facebook’s Zuckerberg and Twitter’s Dorsey
Which geniuses in U.S. government both worked on Mark Zuckerberg and Jack Dorsey about cutting off ISIS-related accounts AND encouraged revelation about this effort? Somebody has a poor grasp on opsec, or puts a higher value on propaganda than opsec.

Wonder if the same geniuses were behind this widely-reported meeting last week between Secretary of State John Kerry and Hollywood executives. Brilliant.

Case 98476302, Don’t text while walking
So many people claimed to have bumped their heads on a large statue while texting that the statue was moved. The stupid, it burns…or bumps, in this case.

House Select Intelligence Committee hearing this morning on National Security World Wide Threats.
Usual cast of characters will appear, including CIA Director John Brennan, FBI Director James Comey, National Counterterrorism Center Director Nicholas Rasmussen, NSA Director Admiral Michael Rogers, and Defense Intelligence Agency Director Lieutenant General Vincent Stewart. Catch it on C-SPAN.

Snow’s supposed to end in a couple hours, need to go nap before I break out the snow shovels again. À plus tard!

On Hiroshima Anniversary, Iran Deal Opponents Make One More Push Based on Parchin Photos

Hiroshima was flattened by the US on August 6, 1945 by the deployment of a nuclear weapon.

Hiroshima was flattened by the US on August 6, 1945 by the deployment of a nuclear weapon. (Wikimedia Commons)

Seventy years ago today, on August 6, 1945, the US dropped an atomic bomb on Hiroshima, Japan. By November of that same year, approximately 130,000 people were dead because of that single bomb, which targeted a civilian population. Three days later, the US deployed a second nuclear weapon in Nagasaki. It appears that these horrific weapons were not needed, despite the prevailing myth surrounding their use. Even with the subsequent proliferation of nuclear weapons, the US remains the only country to have ever used them outside a testing scenario, while countries as unstable as North Korea and Pakistan have achieved nuclear weapons capability at some level.

As might be expected, Japan’s Prime Minister Shinzo Abe is using the occasion of this anniversary to call for an end to nuclear weapons. Last week, Javad Zarif made an excellent move, in suggesting that now that Iran has signed an agreement with the P5+1 group of countries on its nuclear technology, there should be a push to remove nuclear weapons and all WMD from the Middle East. Recall that Iran has agreed to the most intrusive inspections regime ever put into place in a country that didn’t first lose a war, making their call for inspections of Israel’s nuclear weapons program especially strong. These two calls together represent an appeal to those who prefer peace over war while placing the highest possible value on civilian lives.

That attitude of favoring peace over war and putting civilians first stands in stark contrast to those who oppose the Joint Comprehensive Plan of Action signed by the P5+1 and Iran. As Barack Obama pointed out yesterday, those who are opposing the deal are the same people who were so tragically wrong about the decision to invade Iraq in 2003:

President Obama lashed out at critics of the Iran nuclear deal on Wednesday, saying many of those who backed the U.S. invasion of Iraq now want to reject the Iran accord and put the Middle East on the path toward another war.

/snip/

While calling the nuclear accord with Iran “the strongest nonproliferation agreement ever negotiated,” Obama also seemed to turn the vote on the deal into a referendum on the U.S. invasion of Iraq a dozen years ago, a decision he portrayed as the product of a “mind-set characterized by a preference for military action over diplomacy.”

Obama said that when he first ran for president, he believed “that America didn’t just have to end that war. We had to end the mind-set that got us there in the first place.” He added that “now, more than ever, we need clear thinking in our foreign policy.”

One of the saddest aspects of this push for war over diplomacy is that much of it comes from deep within the US government itself. In many of my posts on the path to the P5+1 accord with Iran, I have noted the nefarious process of anonymous “disclosures” coming sometimes from “diplomats” and sometimes from “intelligence sources” that get transcribed into the press by a small handful of “reporters”. Usually the worst offender on this front is George Jahn of AP. A recent retiree from this fold is Fredrik Dahl who now, ironically, appears to be the primary press contact for the IAEA. But never fear, rushing into the void created by the departure of Dahl (or perhaps his insertion into an operative role further inside the apparatus), we have the dynamic duo of Eli Lake and Josh Rogin. Their blather being put out as “journalism” is not worthy of a link here. If you want to find it, try going to Marcy’s Twitter and searching for “not The Onion”.

Of course, the high point of this process of manufacturing nuclear charges against Iran and then getting them into the media is the notorious “laptop of death“. Running a close second, though, are the charges that Iran has engaged in developing a high explosives trigger device at the Parchin site. Showing that those who engage in this level of deceit have absolutely no pride, the charges of this work have proceeded despite an equally plausible explanation that the high explosives chamber could just as easily have been used to develop nanodiamonds. Further, those making these charges have allowed themselves to be baited into a ridiculous level of “analysis” of satellite photos of the site, with hilarious results from how Iran has played them.

Despite this level of embarrassment, one of the primary tools in this process, David Albright, couldn’t resist one last try on the satellite photo front. Yesterday, he breathlessly informed us that there are a couple of new sheds on the Parchin site and there is even some debris. And, get this, a crate has been moved! Seriously, here is the “meat” of Albright’s analysis (pdf): Read more

“Cozy Ties Between Regulators, Politicians and Utilities” Gives New Nuke Agency in Japan, Business as Usual on Wall Street

Reuters reports this morning that Japan’s lower house of parliament has passed a law authorizing creation of a new nuclear regulatory agency. The second paragraph of the story stands out to me:

The 2011 Fukushima disaster cast a harsh spotlight on the cozy ties between regulators, politicians and utilities – known as Japan’s “nuclear village” – that experts say were a major factor in the failure to avert the crisis triggered when a huge earthquake and tsunami devastated the plant, causing meltdowns.

The underlying cause of the “nuclear village” where regulators are captured by the industry they regulate and the politicians also are owned by the same system applies equally as well to the situation that enabled the meltdown of global financial markets in 2008. There is far less recognition of the village aspect of Wall Street’s lack of regulation in the financial crisis, and where there have been moves ostensibly toward regulation or even prosecution of crimes, they have been a sham:

On March 9 — 45 days after the speech and 30 days after the announcement — we met with Schneiderman in New York City and asked him for an update. He had just returned from Washington, where he had been personally looking for office space. As of that date, he had no office, no phones, no staff and no executive director. None of the 55 staff members promised by Holder had materialized. On April 2, we bumped into Schneiderman on a train leaving Washington for New York and learned that the situation was the same.

Tuesday, calls to the Justice Department’s switchboard requesting to be connected with the working group produced the answer, “I really don’t know where to send you.” After being transferred to the attorney general’s office and asking for a phone number for the working group, the answer was, “I’m not aware of one.”

The promises of the President have led to little or no concrete action.

In fact, the new Residential Mortgage-Backed Securities Working Group was the sixth such entity formed since the start of the financial crisis in 2009. The grand total of staff working for all of the previous five groups was one, according to a surprised Schneiderman. In Washington, where staffs grow like cherry blossoms, this is a remarkable occurrence.

We are led to conclude that Donovan was right. The settlement and working group — taken together — were a coup: a public relations coup for the White House and the banks. The media hailed the resolution for a few days and then turned their attention to other topics and controversies.

But for 12 million American homeowners, collectively $700 billion under water, this was just another in a long series of sham transactions.

Perhaps in homage to the Schneiderman and other sham units, the Reuters article on Japan’s new agency does show a bit of caution regarding the new agency:

The legislation, however, swiftly came under fire for appearing to weaken the government’s commitment to decommissioning reactors after 40 years in operation, even as it drafts an energy program to reduce nuclear power’s role.

Under a deal ending months of bickering by ruling and opposition parties, the new regulatory commission could revise a rule limiting the life of reactors to 40 years in principle.

“Does this reflect the sentiment of the citizens, who are seeking an exit from nuclear power?” queried an editorial in the Tokyo Shimbun daily. “Won’t it instead make what was supposed to be a rare exception par for the course?”

And as for the coziness between politicians in the US and the financial industry, we need look no further than Wednesday’s appearance by Jamie Dimon before the Senate Banking, Housing and Urban Affairs Committee. One of Marcy’s tweets during the hearing says all we need to know about that “hearing”:

BOB CORKER WIPE THAT SPOOGE FROM YOUR CHIN RIGHT NOW!

Japan’s response to its meltdown has been to shut down all nuclear plants while the framework for how they will operate if they are allowed to restart is debated. Imagine how much better off the world would be if JP Morgan Chase and Goldman Sachs had been shut down while a proper regulatory framework for them was developed.

The End of an Era? Final Japanese Nuclear Power Plant to Shut Down Sunday

Damage at Fukushima Daiichi as seen on March 18, 2011. (photo: DigitalGlobe)

Before the massive earthquake and tsunami in Japan on March 11, 2011, about a third of the country’s electricity was supplied by the 54 nuclear power plants scattered throughout the country. In the intervening time, those nuclear reactors not directly damaged on March 11 have been shutting down for inspections and public opposition is preventing their re-start. The final plant remaining online, the number 3 reactor at the Tomari plant in Hokkaido, will be powered down late Saturday night into Sunday morning.

The Washington Post describes the political process by which the plants have been shut down:

The break from nuclear power is less a matter of policy than political paralysis. Japan’s central government has recommitted to nuclear power in the wake of last year’s triple meltdown at Fukushima Daiichi, but those authorities haven’t yet convinced host communities and provincial governors that nuclear power is necessary — or that a tarnished and yet-unreformed regulatory agency is up to the job of ensuring safety.

Because Japan depends on local consensus for its nuclear decisions, those maintenance checkups — mandated every 13 months — have turned into indefinite shutdowns, and resource-poor Japan has scrambled to import costlier fossil fuels to fill the energy void.

Before the Fukushima accident, Japan operated 54 commercial reactors, which accounted for about one-third of the country’s energy supply. But in the last year, 17 of those reactors were either damaged by the March 11 earthquake and tsunami or shut down because of government request. Thirty-six others were shuttered after inspections and have not been restarted.

The New York Times has more on the political standoff: Read more