[Update at end of article.—Rayne 6:45 pm EST]
Between 1030 and 0400 UTC last night or early morning, most of Russia’s GLONASS satellites reported “illegal” or “failure” status. As of this post, they do not appear to be back online.
GLONASS is the equivalent of GPS, an alternative global navigation satellite system (GNSS) launched and operated by Russian Aerospace Defense Forces (RADF). Apart from GPS, it is the only other GNSS with global capability.
It’s possible that the outage is related to either a new M-class solar storm — the start of which was reported about 48 hours ago — or recent X-class solar flare on March 29 at approximately 1700 UTC. The latter event caused a short-term radio blackout about one hour after the flare erupted.
But there is conjecture that GLONASS’ outage is human in origin and possibly deliberate. The absence of any reported outage news regarding GPS and other active satellite systems suggests this is quite possible, given the unlikelihood that technology used in GLONASS differs dramatically from that used in other satellite systems.
At least one observer mentioned that a monitoring system tripped at 21:00 UTC — 00:00 GLONASS system time. The odds of a natural event like a solar storm tripping at exactly top of the hour are ridiculously slim, especially since radiation ejected from the new M-class storm may not reach its peak effect on earth for another 24-48 hours.
It’s not clear whether the new GLONASS-M satellite launched March 24th may factor into this situation. There are no English language reports indicating the new satellite was anything but successful upon its release, making it unlikely its integration into the GLONASS network caused today’s outage.
If the outage is based in human activity, the problem may have been caused by:
— an accidental disabling here on earth, though RADF most likely has redundancies to prevent such a large outage;
— deliberate tampering here on earth, though with RADF as operator this seems quite unlikely; or
— deliberate tampering in space, either through scripts sent from earth, or technology installed with inherent flaws.
The last is most likely, and of either scripts sent from earth or the flawed technology scenarios, the former is more likely to cause a widespread outage.
However, if many or all the core operating systems on board the GLONASS satellites had been updated within the last four years – after the discovery of Stuxnet in the wild – it’s not impossible that both hardware and software were compromised with an infection. Nor is it impossible that the same infection was triggered into aggressive action from earth.
Which begs the question: are we in the middle of a cyberwar in space?
UPDATE — 6:45 PM EST—
Sources report the GLONASS satellite network was back online noon-ish Russian time (UTC+4); the outage lasted approximately 11 hours. Unnamed source(s) said the outage was due to the upload of bad ephemeris data, the information used by the satellites to locate other satellites in space. An alleged system-wide update with bad data suggests RADF has serious problems with change management, though.
There is speculation the M-class solar storm, summarized at 1452 UTC as an “X-ray Event exceeded M5,” may have impacted GLONASS. However early feedback about radiation ejected by an M-class storm indicated the effects would not reach earth for 24-48 hours after the storm’s eruption.
I freely admit to being the oddest of the quadruplets in the Emptywheel sensory deprivation pool, producing the quirky minority report from time to time.
Which may explain the following graphic with regard to current geopolitical tensions.As you can see, not every trending burp in the news about either Venezuela or Ukraine produced a corresponding bump in the fossil fuel market. Some trend-inducing news may have nothing at all to do with energy. It’s quite possible I may not have captured other key businesses as some of them don’t trade publicly, or are don’t trade in a manner readily captured by Google Finance.
But there are a few interesting relationships between news and price spikes, enough to make one wonder what other values may spike with increased volatility in places like Venezuela (which has the largest oil and natural gas reserves in the western hemisphere), and Ukraine (which lies between the EU and the largest natural gas deposits in the world, and the world’s eighth largest oil reserves).
Of course there’s an additional link between these two disparate countries. Both of them have already seen similar upheavals in which the U.S. played a role — Ukraine’s 2004 Orange Revolution, and the 2002 attempted coup in Venezuela.
When someone made noise about an Afghan Muslim being a key locus of the latest unrest in Ukraine, I couldn’t help but think of the Trans-Afghanistan Pipeline for natural gas which has yet to be realized, primarily for a lack of adequate political will among nation-states with a vested interest in its success.
It also made me think of news reports from this past summer when Turkmenistan, sitting on the fourth largest natural gas reserves in the world, expressed a readiness to export gas to Europe. This would cut into Russia’s sales, but not for a few years, requiring continuation of existing relationships for the next three to five years. Note the pipelines, existing and planned on the following U.S. State Department map (date unclear, believed to be post-2006).*Continue reading
The woman in the photo at the right has big titanium ovaries — not malleable brass or rusting iron. Do I know Mary Barra personally to attest to this fact? No. But I have a pretty damned good idea where GM’s new CEO has been, and it takes a pretty tough set of specifications to survive the road she’s traveled.
Like her I grew up in the I-75 corridor in Michigan, where much of the automotive industry’s OEM facilities and Tiers 1 through 3 suppliers could be found. Like her father, my father worked in the automotive business; if her household was like mine, there were copies of Car and Driver, Road & Track, machinist, tool-and-die, and metalforming magazines cluttering coffee tables or in dad’s man-cave. The smell of machine oil and the grit of metal chips are familiar, as are an ever-present collection of safety glasses, hearing protection, and greasy jumpsuits. Picture a garage like that in Clint Eastwood’s movie Gran Torino; I’ll lay good money her dad probably spent a lot of his free time between shifts in a home shop like that, and where she might have been found as well if he needed a hand or she needed a tool to fix something.
It was in her blood, I’m sure; I’ll bet she could taste it. I’m pretty certain this is why she went into engineering, and likely why she went to that particular private engineering school.
After working for a couple years as a high school engineering co-op student I had been accepted at the same school, but I went a different road, preferring business and then-nascent computing technology over engineering. My daughter, though, is at that school now. She could taste it, too; we have pictures of her at age nine, wearing safety glasses, proudly holding her first aluminum machined part. She’s the first person her dad asks for help when working on the cars at home.
I wish now I’d taken pictures of her the time she was so damned mad at her brother and his friend for accidentally breaking the sibling-shared PlayStation 2 console. She ripped it down, diagnosed it using internet research, fixed and reassembled it on her own in an afternoon.
Driven to identify and solve the problem — that’s what it takes to choose engineering as a career, particularly if you are a woman.
Sure, men too must be driven to pursue the same field, but they don’t face the hurdles that women faced then or even now, 30 years after General Motors’ new CEO first started college at the former General Motors Institute. Nobody ever questions a boy’s right to pursue engineering, or a man’s right to practice that discipline. Nobody ever questions the gender of a man with an engineering degree when he makes it to the pinnacle of the corporate ladder. Continue reading
Every once in a while there’s an opinion piece so grossly naive, horribly uninformed, or passively apologetic that it deserves pushback.
BBC’s Adam Curtis’ blog post, WHAT THE FLUCK [sic], is such a piece. Read it for yourself. I’m still scratching my head about this overlong, winding post that ultimately says,
“…Maybe today we are being farmed by the new system of power. But we can’t see quite how it is happening – and we need a new journalism to explain what is really going on. …”
No. We have the right journalism, even if it is not perfect or dispersed evenly, even if we could use more of it. The Guardian’s work on the Snowden story is just one example; if I may say so, Emptywheel sets another fine example as citizen journalism.
What we need is a public willing to invest time and energy in reading the material reported, discuss it openly after careful analysis, willing to demand and support more good journalism by way of subscription, donation, or advertising revenues as a last resort.
What we don’t need are naive or uninformed opinion leaders who tell us we don’t have journalism reporting about the size, scale, and nature of the corruption we face.
What we don’t need are apologias masquerading as demands for more and better journalism.
Curtis’ piece in particular does several things to muddy the public’s perception about journalism today:
• He throws us a narrative about poor little rich girl Tamara Yeardye Mellon and her father that is not unlike reading about poor little Paris Hilton, or poor little Kardashian Annoying-Sister-Of-The-Day. The narrative utterly misses a critical point, derailing its own effort, yet he feels the public need more backstory narrative in order to really understand today’s challenges..
• Rupert Murdoch is treated as if he was handed a bag of flaming dog poo by his editorial predecessor, dealing with the mess in the best manner he could — as if cellphone hacking by Murdoch’s employees was mere fallout inherited immaculately by Murdoch.
• Curtis ignores his own role, using his bully pulpit to complain about an absence of reporting he is capable of providing instead of this meandering whinge.
With regard to Tamara Mellon’s allegedly lost control over of her luxe shoe business Jimmy Choo Limited to Phoenix Private Equity, Curtis failed to note that not even a Mellon family member is safe from predation. Even a Mellon can be made into a corporate vulture’s bitch.
What does this tell us about the nature of the beast? Continue reading
The last decade witnessed the rise of deep state — an entity not clearly delineated that ultimately controls the military-industrial complex, establishing its own operational policy and practice outside the view of the public in order to maintain its control.
Citizens believe that the state is what they see, the evidence of their government at work. It’s the physical presence of their elected representatives, the functions of the executive office, the infrastructure that supports both the electoral process and the resulting machinery serving the public at the other end of the sausage factory of democracy. We the people put fodder in, we get altered fodder out — it looks like a democracy.
But deep state is not readily visible; it’s not elected, it persists beyond any elected official’s term of office. While a case could be made for other origins, it appears to be born of intelligence and security efforts organized under the Eisenhower administration in response to new global conditions after World War II. Its function may originally have been to sustain the United States of America through any threat or catastrophe, to insure the country’s continued existence.
Yet the deep state and its aims may no longer be in sync with the United States as the people believe their country to be — a democratic society. The democratically elected government does not appear to have control over its security apparatus. This machinery answers instead to the unseen deep state and serves its goals.
As citizens we believe the Department of State and the Department of Defense along with all their subset functions exist to conduct peaceful relations with other nation-states while protecting our own nation-state in the process. Activities like espionage for discrete intelligence gathering are as important as diplomatic negotiations to these ends. The legitimate use of military force is in the monopolistic control of both Departments of State and Defense, defining the existence of a state according to philosopher Max Weber.
The existing security apparatus, though, does not appear to function in this fashion. It refuses to answer questions put to it by our elected representatives when it doesn’t lie to them outright. It manages and manipulates the conditions under which it operates through implicit threats. The legitimacy of the military force it yields is questionable because it cannot be restrained by the country’s democratic processes and may subvert control over military functions.
Further, it appears to answer to some other entity altogether. Why does the security apparatus pursue the collection of all information, in spite of such activities disrupting the ability of both State and Defense Departments to operate effectively? Why does it take both individuals’ and businesses’ communications while breaching their systems, in direct contravention to the Constitution’s Fourth Amendment prohibition against illegal search and seizure? Continue reading
Playwright August Strindberg wrote, “…There are poisons that blind you, and poisons that open your eyes.”
We’ve been blinded for decades by complacency and stupidity, as well as our trust. Most Americans still naively believe that our government acts responsibly and effectively as a whole (though not necessarily its individual parts).
By effectively, I mean Americans believed their government would not deliberately launch a military attack that could affect civilians — including Americans — as collateral damage. Such a toll would be minimized substantively. Yesterday’s celebration related to the P5+1 interim agreement regarding Iran’s nuclear development program will lull most Americans into deeper complacency. The existing system worked, right?
But U.S. cyber warfare to date proves otherwise. The government has chosen to deliberately poison the digital waters so that all are contaminated, far beyond the intended initial target.
There’s very little chance of escaping the poison, either. The ubiquity of U.S. standards in hardware and software technology has ensured this. The entire framework — the stack of computing and communications from network to user applications — has been affected.
• Network: Communications pathways have been tapped, either to obtain specific content, or obtain a mirror copy of all content traveling through it. It matters not whether telecom network, or internal enterprise networks.
• Security Layer: Gatekeeping encryption has been undermined by backdoors and weakened standards, as well as security certificates offering handshake validation
• Operating Systems: Backdoors have been obtained, knowingly or unknowingly on the part of OS developers, using vulnerabilities and design flaws. Not even Linux can be trusted at this point (Linux progenitor Linus Torvalds has not been smart enough to offer a dead man’s switch notification.)
• User Applications: Malware has embedded itself in applications, knowingly or unknowingly on the part of app developers.
End-to-end, top-to-bottom and back again, everything digital has been touched in one layer of the framework or another, under the guise of defending us against terrorism and cyber warfare.
Further, the government watchdogs entrusted to prevent or repair damage have become part and parcel of the problem, in such a way that they cannot effectively be seen to defend the public’s interests, whether those of individual citizens or corporations. The National Institute of Standards and Technology has overseen the establishment and implementation of weak encryption standards for example; it has also taken testimony [PDF] from computing and communications framework hardware and software providers, in essence hearing where the continued weak spots will be for future compromise.
The fox is watching the hen house, in other words, asking for testimony pointing out the weakest patches installed on the hen house door.
The dispersion of cyber poison was restricted only in the most cursory fashion.
• Stuxnet’s key target appears to have been Iran’s Natanz nuclear facility, aiming at its SCADA equipment, but it spread far beyond and into the private sector as disclosed by Chevron. The only protection against it is the specificity of its end target, rendering the rest of the malware injected but inert. It’s still out there.
• Duqu, a “sibling” cyber weapon, was intended for widespread distribution, its aims two-fold. It delivered attack payload capability, but it also delivered espionage capability.
• Ditto for Flame, yet another “sibling” cyber weapon, likewise intended for widespread distribution, with attack payload and espionage capability.
There could be more than these, waiting yet to be discovered.
In the case of both Duqu and Flame, there is a command-and-control network of servers still in operation, still communicating with instances of these two malware cyber weapons. The servers’ locations are global — yet another indicator of the planners’/developers’ intention that these weapons be dispersed widely.
Poison everything, everywhere.
But our eyes are open now. We can see the poisoners fingerprints on the work they’ve done, and the work they intend to do. Continue reading
Over the last handful of days breathless reports may have crossed your media streams about Stuxnet infecting the International Space Station.
The reports were conflations or misinterpretations of cybersecurity expert Eugene Kaspersky’s recent comments before the Australian Press Club in Canberra. Here’s an excerpt from his remarks, which you can enjoy in full in the video embedded above:
[26:03] “…[government] departments which are responsible for the national security for national defense, they’re scared to death. They don’t know what to do. They do understand the scenarios. They do understand it is possible to shut down power plants, power grids, space stations. They don’t know what to do. Uh, departments which are responsible for offense, they see it as an opportunity. They don’t understand that in cyberspace, everything you do is [a] boomerang. It will get back to you.
[26:39] Stuxnet, which was, I don’t know, if you believe American media, it was written, it was developed by American and Israel secret services, Stuxnet, against Iran to damage Iranian nuclear program. How many computers, how many enterprises were hit by Stuxnet in the United States, do you know? I don’t know, but many.
Last year for example, Chevron, they agreed that they were badly infected by Stuxnet. A friend of mine, work in Russian nuclear power plant, once during this Stuxnet time, sent a message that their nuclear plant network, which is disconnected from the internet, in Russia there’s all that this [cutting gestures, garbled], so the man sent the message that their internal network is badly infected with Stuxnet.
[27:50] Unfortunately these people who are responsible for offensive technologies, they recognize cyber weapons as an opportunity. And a third category of the politicians of the government, they don’t care. So there are three types of people: scared to death, opportunity, don’t care.”
He didn’t actually say the ISS was infected with Stuxnet; he only suggested it’s possible Stuxnet could infect devices on board. Malware infection has happened before when a Russian astronaut brought an infected device used on WinXP machines with her to the station.
But the Chevron example is accurate, and we’ll have to take the anecdote about a Russian nuclear power plant as fact. We don’t know how many facilities here in the U.S. or abroad have been infected and negatively impacted as only Chevron to date has openly admitted exposure. It’s not a stretch to assume Stuxnet could exist in every manner of facility using SCADA equipment combined with Windows PCs; even the air-gapped Russian nuclear plant, cut off from the internet as Kaspersky indicates, was infected.
The only thing that may have kept Stuxnet from inflicting damage upon infection is the specificity of the encrypted payload contained in the versions released in order to take out Iran’s Natanz nuclear facility. Were the payload(s) injected with modified code to adapt to their host environs, there surely would have been more obvious enterprise disruptions.
In other words, Stuxnet remains a ticking time bomb threatening energy and manufacturing production at a minimum, and other systems like those of the ISS at worst case. Continue reading
The Republican-led House Committee on Science, Space and Technology, chaired by Rep. Lamar Smith (TX-21), wants the National Science Foundation’s grants to be evaluated based on the “national interest.”
Bring it, boneheads. By all means let’s try that standard against EVERYTHING on which we spend federal money.
How many television and radio stations, licensing publicly-owned airwaves, are granted licenses under which they are supposed to serve the “public interest, convenience, or necessity”? Because apart from emergency broadcast signal testing, most of them don’t actually do that any longer, suggesting we really need to re-evaluate broadcasters’ licenses. Let’s put the FCC’s licensing under the microscope. If broadcasters aren’t truly serving “national interest” in the manner parallel to a House Science Committee discussion draft — proposed criteria being “economic competitiveness, health and welfare, scientific literacy, partnerships between academia and industry, promotion of scientific progress and national defence” — the least they could do is pay us adequately for a license to abuse our publicly-owned assets as well as our sensibilities. There’s probably something in the defunct Fairness Doctrine about broadcasting and the nation’s interests…unless, of course, “public” does not mean “nation.” Perhaps Rep. Smith believes “national interest” = “business interest,” which opens up a massive can of definition worms.
How about banks and insurance companies? How many of them were in one way or another not merely affected by the financial meltdown of 2008, but direct contributors to the cataclysm because their standards of operation were shoddy — specifically, with regard to subprime mortgages. Why not put their regulation under the same lens: are these financial institutions serving the “nation’s interest”? The financial industry’s business practices and the regulatory framework existing in early 2008 certainly didn’t defend this nation’s economic competitiveness, damaging the ability to obtain credit as liquidity was threatened. Jeepers, wasn’t that the intent of defunct Glass-Steagall Act after the Great Depression, to assure that commercial and investment banking acted in a secure manner consistent with the nation’s interests?
We could go on and on across the breadth of departments and regulatory bodies which either issue funds or licenses, putting them all to the same test. Do they serve the “national interest”?
The problem here isn’t that the NSF in particular isn’t validating grants as to whether they serve the “national interest.” The NSF already uses criteria to evaluate proposal submissions for their alignment with the nation’s aims. Continue reading
There’s a sense of security vested in the idea that the caller is outside the house and the woman is tucked safely in the bosom of her home. Phew, she’s safe; nothing to see here, move along…
In reality the caller is camped directly outside the woman’s window, watching every move she makes even as she assures herself that everything is fine.
After a tepid reaction to the initial reporting last week, most media and their audience took very little notice of the Washington Post’s followup piece — what a pity, as it was the singular voice confirming the threat sits immediately outside the window.
Your window, as it were, if you have an account with either Yahoo or Google and use their products. The National Security Agency has access to users’ content inside the corporate fenceline for each of these social media firms, greasy nose pressed to glass while peering in the users’ windows.
There’s more to story, one might suspect, which has yet to be reported. The disclosure that the NSA’s slides reflected Remote Procedure Calls (RPCs) unique to Google and Yahoo internal systems is only part of the picture, though this should be quite frightening as it is.
Access to proprietary RPCs means — at a minimum — that the NSA has:
1) Access to content and commands moving in and out of Google’s and Yahoo’s servers, between their own servers — the closest thing to actually being inside these corporations’ servers.
2) With these RPCs, the NSA has the ability to construct remote login access to the servers without the businesses’ awareness. RPCs by their nature require remote access login permissions.
3) Construction through reverse engineering of proprietary RPCs could be performed without any other governmental bodies’ awareness, assuming the committees responsible for oversight did not explicitly authorize access to and use of RPCs during engineering of the MUSCULAR/SERENDIPITY/MARINA and other related tapping/monitoring/collection applications.
4) All users’ login requests are a form of RPC — every single account holder’s login may have been gathered. This includes government employees and elected officials as well as journalists who may have alternate accounts in either Gmail or Yahoo mail that they use as a backup in case their primary government/business account fails, or in the case of journalists, as a backchannel for handling news tips. Continue reading
This won’t be a cool, calm, collected post like Marcy writes, because it’s me, the angry mom. You might even have seen me Tuesday afternoon in the school parking lot waiting to pick up a kid after sports practice. I was the one gripping the steering wheel too tightly while shouting, “BULLSHIT!” at the top of my lungs at the radio.
President Obama to ABC’s new Latino channel, Fusion (1:34): It’s important for us to make sure that as technology develops and expands and the capacity for intelligence gathering becomes a lot greater that we make sure that we’re doing things in the right way that are reflective of our values.
Ari Shapiro (1:46): And, Audie, I think what you’re hearing in that quote is a sense that is widespread in this administration that technological improvements have let the government do all kinds of things they weren’t able to do before. They tapped the German Chancellor’s personal cellphone and nobody really stopped to ask whether these are things they should be doing. And so that question, just because we can do something, well, does it mean we should be doing it, that’s the question that seems to be the focus of this review.
Bullshit, bullshit, bullshit.
Here, let me spell this out in terms a school-aged kid can understand.
This is a doorknob with a lock; so is the second closure device on the right.
The lock technology used on the second door is very different; it’s no longer simple analog but digitally enhanced. The second lock’s technology might be more complicated and difficult to understand. But it’s still a lock; its intrinsic purpose is to keep unauthorized persons out.
If one were to pick either lock in any way, with any tools to enter a home that is not theirs and for which they do not have permission to enter, they are breaking-and-entering.
If it’s law enforcement breaching that lock, they’d better have a damned search warrant or a court order, in the absence of a clear emergency or obvious crime in progress.
The argument that information technology has advanced to the point where the NSA blindly stumbles along without asking whether they should do what they are doing, or asking whether they are acting legally is bullshit. They have actively ignored or bypassed the proverbial lock on the door. It matters not where the lock is located, inside or outside the U.S.
The Washington Post’s revelation Wednesday that the NSA cracked Yahoo’s and Google’s SSL — secure sockets layer — is equivalent to evidence of deliberately busted door locks. So is the wholesale undermining of encryption systems on computers, cellphones, and network equipment revealed in reports last month, whether by weakened standards or by willfully placed holes integrated in hardware or software.
The NSA has quite simply broken into every consumer electronic device used for communications, and their attached networks. When the NSA was forced to do offer explanations for their actions, they fudged interpretations of the Constitution and laws in order to continue what they were doing. Their arguments defending their behavior sound a lot like a child’s reasoning. Continue reading