Vaporous Voids: Questions Remain About Duqu 2.0 Malware

Cybersecurity_MerrillCollegeofJournalismThe use of stolen Foxconn digital certificates in Duqu 2.0 gnaws at me, but I can’t put my finger on what exactly disturbs me. As detailed as reporting has been, there’s not enough information about this malware’s creation. Nor is there enough detail about its targeting of Kaspersky Lab and the P5+1 talks with Iran.

Kaspersky Lab carefully managed release of Duqu 2.0 news — from information security firm’s initial post and an op-ed, through the first wave of media reports. There’s surely information withheld from the public, about which no other entities know besides Kaspersky Lab and the hackers.

Is it withheld information that nags, leaving vaporous voids in the story’s context? Possibly.

But there are other puzzle pieces floating around without a home, parts that fit into a multi-dimensional image. They may fit into this story if enough information emerges.

Putting aside how much Duqu 2.0 hurts trust in certificates, how did hackers steal any from Foxconn? Did the hackers break into Foxconn’s network? Did they intercept communications to/from Foxconn? Did they hack another certificate authority?

If they broke into Foxconn, did they use the same approach the NSA used to hack Syria — with success this time? You may recall the NSA try to hack Syria’s communications in 2012, by inserting an exploit into a router. But in doing so, the NSA bricked the router. Because the device was DOA, the NSA could not undo its work and left evidence of hacking behind. The router’s crash took out Syria’s internet. Rapid recovery of service preoccupied the Syrians so much that they didn’t investigate the cause of the crash.

The NSA was ready to deny the operation, though, should the Syrians discover the hack:

…Back at TAO’s operations center, the tension was broken with a joke that contained more than a little truth: “If we get caught, we can always point the finger at Israel.”

Did the NSA’s attempted hack of Syria in 2012 provide direction along with added incentive for Duqu 2.0? The failed Syria hack demonstrated evidence must disappear with loss of power should an attempt crash a device — but the malware must have adequate persistence in targeted network. NSA’s readiness to blame Israel for the failed Syria hack may also have encouraged a fuck-you approach to hacking the P5+1 Iran talks. Continue reading

The ameriMac

Presumably because of Apple’s rocky PR and financial results of late, Tim Cook gave two purportedly “Exclusive!” interviews, to NBC News and Businessweek. The big takeaway from both “Exclusives!” was the same, however: that Apple will move some production of the Mac back to the US next year.

You were instrumental in getting Apple out of the manufacturing business. What would it take to get Apple back to building things and, specifically, back to building things in the U.S.?
It’s not known well that the engine for the iPhone and iPad is made in the U.S., and many of these are also exported—the engine, the processor. The glass is made in Kentucky. And next year we are going to bring some production to the U.S. on the Mac. We’ve been working on this for a long time, and we were getting closer to it. It will happen in 2013. We’re really proud of it. We could have quickly maybe done just assembly, but it’s broader because we wanted to do something more substantial. So we’ll literally invest over $100 million. This doesn’t mean that Apple will do it ourselves, but we’ll be working with people, and we’ll be investing our money.

Thus far, I have not seen any acknowledgment that this move comes just two months after Lenovo made a similar announcement, that it was going to bring production of formerly IBM products back to Tim Cook’s old stomping grounds in IBM’s former production hub of North Carolina.

And so, perhaps predictably, the analysis of the move has been rather shallow. NBC first focuses on the jobs crisis here, and only later quotes Cook’s comments about skills (which echoes Steve Jobs’ old explanation for why Apple produced in China).

Given that, why doesn’t Apple leave China entirely and manufacture everything in the U.S.? “It’s not so much about price, it’s about the skills,” Cook told Williams.

Echoing a theme stated by many other companies, Cook said he believes the U.S. education system is failing to produce enough people with the skills needed for modern manufacturing processes. He added, however, that he hopes the new Mac project will help spur others to bring manufacturing back to the U.S.

“The consumer electronics world was really never here,” Cook said. “It’s a matter of starting it here.”

Businessweek also focuses on job creation (though Cook makes it clear that he doesn’t think Apple has to create manufacturing jobs, just jobs, which is consistent with his suggestion that someone else will be assembling the Mac in the US).

On that subject, it’s 2012. You’re a multinational. What are the obligations of an American company to be patriotic, and what do you think that means in a globalized era?
(Pause.) That’s a really good question. I do feel we have a responsibility to create jobs. I don’t think we have a responsibility to create a certain kind of job, but I think we do have a responsibility to create jobs.

Matt Yglesias purports to look for an explanation of Apple’s onshoring in this excellent Charles Fishman article on the trend. But with utterly typical cherry-picking from him, he finds the explanation in the 125 words that Fishman devotes to lower US wages rather than the remaining 5,375 words in the article, which describe how teamwork–teamwork including line workers–leads to innovation and higher quality.

Which is too bad, because Fishman’s article and Cook’s comments to Businessweek set up a pretty interesting dialogue about innovation.

Before I look at that, though, let me point to this other comment from Cook, which may provide a simpler explanation for the insourcing.

The PC space [market] is also large, but the market itself isn’t growing. However, our share of it is relatively low, so there’s a lot of headroom for us.

We know Lenovo is insourcing to better provide customized ThinkPads quickly. Here, Cook suggests he sees a way to pick up market share in the PC space. I would suggest it likely the Mac insourcing relates to this perceived market opportunity, and would further suggest that Apple’s reasons might mirror Lenovo’s own: to deliver better responsiveness to US-based customers, if not actual customization (though that would be news).

But that’s not what I find so interesting about the way the Fishman article and Cook interview dialogue.

Fishman’s article largely focuses on why GE has brought production back to its Appliance City in Louisville, KY. And while more docile unions and energy costs are two reasosn GE has made the move, the biggest benefit is that when entire teams–including line workers–focused on products, they could build better quality move innovative products more cheaply. Continue reading

Emptywheel Twitterverse
emptywheel Btw, Campbell's rave reviews of Ghani's cooperation all but guarantees NSA turned its full take back on in Afghanistan & Clapper was lying.
JimWhiteGNV RT @JulieDiCaro: Jess Mendoza is better on Sunday Night Baseball than anyone in that seat in a long while. Get used to women being around b…
emptywheel @attackerman Doesn't conflict at all w/what Campbell said abt what assigned role is ("are" v "were"). You have reason to believe it's wrong?
emptywheel General Campbell has claimed SOF "are" not fighting in Kunduz. But they were days b4 attack.
JimWhiteGNV RT @GatorsBB: Good luck to @PrestonTucker20 and the @astros in the A.L. Wildcard game tonight in New York #GoGators
emptywheel Gillibrand: What if leaders reported it to Afghan leaders & they said, "it's our culture"? Gillibrand: Our policy is STILL not to intervene
emptywheel Gillibrand asks what policy was before it was changed in 2011, and Campbell claims it was the same (per Tom Cotton).
emptywheel Gilibrand: Were those retaliation cases on child sex slavery handled properly? Campbell: I haven't checked.
emptywheel RT @MiekeEoyang: Why did @sfmnemonic & I ask HPSCI & SSCI to declassify #surveillance deliberations? Read: http://t.…
emptywheel @Atrios She could run for President!
emptywheel @attackerman Here's key exchange IMO. He did not deny SOF was w/Afghans who asked for strike. Q still needs answered
emptywheel @attackerman Yes. Again, there are good reasons that have nothing to do w/actual facts for saying that, esp given Carter said it.
October 2015
« Sep