Implementation Day: Full Description From JCPOA Text

/22 Comments/in , /by

It is now just over six months to the day since the historic P5+1 agreement with Iran was reached, dramatically decreasing Iran’s pathways to a nuclear weapon in return for dropping economic sanctions. Although some small amounts of cash have been freed up for Iran in this intervening period, this period has consisted almost exclusively of actions by Iran while the P5+1 group of nations awaits IAEA certification that Iran has met its obligations under the agreement. Only once this certification is in place will the sanctions against Iran be dropped. Removal of many of the existing sanctions (some that don’t relate to nuclear technology will remain in place and hawks in Congress are doing their best to keep or replace the ones due to be dropped) will be a huge development for Iran, as the sanctions have devastated Iran’s economy. We are hearing that Implementation Day will arrive any moment now, perhaps later today or tomorrow (maybe even before I finish writing this overdue post).

We are now over two years into the P5+1 process, and so it should come as no surprise that an agreement this long in the making is very long and quite detailed. This post will be quite long and dry, as what it will do is to set out the language from the agreement that describes just what has taken place to get us to Implementation Day and what will take place as a result. Many steps have been taken to get us to this pivotal moment, and it is important that we see them laid out in orderly fashion.

Implementation Day

From the White House document (pdf) providing us excerpts of the Joint Comprehensive Plan of Action (JCPOA), we have this:

Implementation Day is the date on which, simultaneously with the IAEA report verifying implementation by Iran of the nuclear-related measures described in Sections 15.1 to 15.11 of Annex V, the EU and the United States takes the actions described in Sections 16 and 17 of Annex V.

Links to the various documents that make up the text of the agreement itself can be found here.

Iran’s Actions Under JCOPA

As mentioned above, sections 15.1 to 15.11 describe the actions by Iran that the IAEA will certify to have been completed. I have put the topic for each of these entries into bold text and then provide the referenced material from the other parts of the agreement:
Read more

Share this entry

Ukraine’s Power System Hacking: Coordinated in More than One Way?

/12 Comments/in , /by

[original graphic: outsidethebeltway.com]

[original graphic: outsidethebeltway.com]

Analysis by industrial control team SANS determined hacking of Ukrainian electrical power utilities reported on 23-DEC-2015 was a coordinated attack. It required multiple phases to achieve a sustained loss of electricity to roughly 80,000 customers. SANS reported they “are confident” the following events occurred:

  • The adversary initiated an intrusion into production SCADA systems
  • Infected workstations and servers
  • Acted to “blind” the dispatchers
  • Acted to damage the SCADA system hosts (servers and workstations)
  • Action would have delayed restoration and introduce risk, especially if the SCADA system was essential to coordinate actions
  • Action can also make forensics more difficult
  • Flooded the call centers to deny customers calling to report power out

An investigation is still underway, and the following are still subject to confirmation:

  • The adversaries infected workstations and moved through the environment
  • Acted to open breakers and cause the outage (assessed through technical analysis of the Ukrainian SCADA system in comparison to the impact)
  • Initiated a possible DDoS on the company websites

The part that piques my attention is the defeat of SCADA systems by way of a multiphased attack — not unlike Stuxnet. Hmm…

Another interesting feature of this cyber attack is its location. It’s not near sites of militarized hostilities along the border with Russia. where many are of Russian ethnicity, but in the western portion of Ukraine.

More specifically, the affected power company served the Ivano-Frankivsk region, through which a large amount of natural gas is piped toward the EU. Note the map included above, showing the location and direction of pipelines as well as their output volume. Were the pipelines one of the targets of the cyber attack, along with the electricity generation capacity in the region through which the pipes run? Was this hack planned and coordinated not only to take out power and slow response to the outage but to reduce the pipeline output through Ukraine to the EU?

Share this entry

Thursday Morning: Chinese Fortune Not Looking Good

/9 Comments/in , , /by

If I was still a practicing Catholic, I’d be tempted to pray to St. Angela of Foligno today, her saint’s day. She was known for walking away from wealth and practicing charity. Given the Chinese stock market’s plummet overnight, St. Angela might be the right guide for this leg of the journey.

China halts stock trading after market sinks more than 7%
Second time this week trading has been suspended in China, with free fall blamed on Chinese currency, lower oil prices, economic slowdown. Some also blame North Korea’s nuclear test, but anecdotes from Pacific Rim region suggest news about the test did not receive the same level of attention across Asia as in U.S. Not much feedback at the time this post was written in news media about response to market by China’s leadership.

Richard Perle’s long tail seen in North Korea
Worth revisiting an analysis on North Korea’s nuclear program written last January by Siegfried Hecker of Stanford University’s Center for International Security and Cooperation (CISAC). I agree with Hecker’s assessment, only surprised he didn’t name Richard Perle specifically for the cascade of diplomatic fail on North Korea that began under the Bush administration.

Self-driving cars, now self-driving passenger drones?
At CES 2016, China’s Ehang Inc. showed off a single-passenger drone, launched by commands entered on a tablet. The drone has no backup controls, which sounds scary as hell for a passenger flying 1000-1600 feet above the ground at +60 miles per hour. I can hear George Jetson screaming, “Jane! Stop this crazy thing!” even now. FAA would be insane to permit these devices in the U.S.

Unnamed sources say VW may buy back polluting cars sold in U.S.
This report could be a trial balloon floated by Volkswagen to see if a buy-back or a hefty discount on a new car will appease U.S. owners of so-called “clean diesel” vehicles. Is this really a satisfactory remedy to fraud?

Rethinking Saudi Arabia’s future in a time of cheap oil
Another worthwhile read, if a bit shallow. It’s time to model not only Saudi Arabia’s future, but a global economy no longer dependent on oil; what risks are there for OPEC countries if they cannot depend on increasing oil revenues? Could political instability spread across Central and South America as it has in the Middle East and Africa? How will climate change figure into the equation, as it has in Syria? And then back to economic unease in China, where the market has reacted negatively to lower oil prices.

I’m out of pocket this morning, will check in much later. Talk amongst yourselves as usual.

Share this entry

Wednesday Morning: Otherwise Known as Mike-Mike-Mike Day

/17 Comments/in , , , /by

My condolences to the poor Mikes among us who have suffered every Hump Day since Geico’s TV commercial became so popular.

North Korean nuclear test detected by ‘earthquake’
About 10:00 a.m. North Korean local time Wednesday, an event measured at 5.1 on Richter scale occurred near the site of recent underground nuclear testing. South Korea described the “earthquake” as “man-made” shortly after. Interestingly, China called it a “suspected explosion” — blunt language for China so early after the event.

NK’s Kim Jong Un later confirmed a “miniaturized hydrogen nuclear device” had been successfully tested. Governments and NGOs are now studying the event to validate this announcement. The explosion’s size calls the type of bomb into question — was this a hydrogen or an atomic weapon?

I’m amused at the way the news dispersed. While validating the story, I searched for “North Korea earthquake”; the earliest site in the search was BNO News (a.k.a. @BreakingNews) approximately 45 minutes after the event, followed 17 minutes later by Thompson Reuters Foundation. Not Reuters News, but the Foundation, and only the briefest regurgitation of an early South Korean statement. Interesting.

Spies’ ugly deaths
Examining the deaths of spies from 250 AD to present, Lapham’s Quarterly shows us how very cruel humans remain toward each other over the last millennia. Clearly, vicious deaths have not foiled the use of spies.

Zika virus outbreak moves Brazil to caution women against pregnancy now
An outbreak of the mosquito-borne Zika virus in Brazil may be linked to a sizeable uptick in microcephalic births — 2782 this past year, compared to 150 the previous year. The Brazilian government is now cautioning women to defer pregnancy until the end of the rainy season when the virus’ spread has been slowed.

Compared to number of Ebola virus cases in 2014-2015, Zika poses a much greater risk in terms of spread and future affected population. The virus has not received much attention, in spite of more than a million cases in Brazil, as symptoms among children and adults are relatively mild.

BCP now available in Oregon over the counter
Thanks to recent state legislation, women in Oregon now have greater access to birth control pills over the counter. California will soon implement the same legislation.

That’s one way of reducing the future number of white male libertarian terrorists demanding unfettered use of public space and offerings of snacks.

Microsoft’s tracking users’ minutes in Windows 10
No longer content with tracking the number of devices using Windows operating system, Microsoft now measures how long each user spends in Windows 10. Why such granular measures? The company won’t say.

Worth remembering two things: 1) Users don’t *own* operating system software — they’re licensees; 2) Software and system holes open to licensors may be holes open to others.

New cross-platform ransomware relies on JavaScript*
Won’t matter whether users run Windows, Linux, Apple’s Mac OS: if a device runs JavaScript, it’s at risk for a new ransomware infection. Do read the article; this malware is particularly insidious because it hides in legitimate code, making it difficult to detect for elimination. And do make sure you keep backup copies of critical files off your devices in case you’re hit by this ransomware.

Buckle up tight in your bobsled. It’s all downhill after lunch, kids.

[* this word edited to JavaScript from Java./Rayne]

Share this entry

Big Game Trash Talk

/70 Comments/in , , /by

The world is now one week post Paris attacks. War drums are being pounded, and the worst tendencies of American chicken hawks is in its full pageant grandeur. For being such an “exceptional” people, we sure have our head up our ass an awful lot. No, ISIS is not here to steal your baby or turn the south into a caliphate. Just stop and take a breath politicians. Even the “Reasonable Republican™”, John Kasich, wants to return the US Government to the Judeo-Christian crusades mentality. Get a grip.

Last weekend, it almost felt bad to focus on sporting games; this weekend it seems necessary to take the mind off the stupidity at hand. Locally, that comes in a rare afternoon game at Sun Devil Stadium between Arizona State and Arizona for the treasured Territorial Cup. Both teams are huge disappointments this year, especially the Sun Devils. Preseason, several experts thought ASU had a real shot at the College Football Playoff. That is down the tubes, as the Devils are at 5-5 and have fallen off the face of the map by poor play and atrocious coaching. But, hey, the winner today will be eligible for the Dung Fertilizer Bowl or whatever. Yay.

Iowa should roll to 11-0 easily over Purdue. But I think Michigan may have a tougher time against Penn State in Happy Valley; possible upset there. Ohio State is a 14.5 point favorite in the Big House against the visiting Spartans. Man, that is a lot of points, not sure about that. Northwestern at Wisconsin should be a nail biter even though the Badgers are highly favored, but go Fighting Journalists! The usual garbage ball will be on display in the Big-12 between TCU/Oklahoma and Baylor/Oklahoma State. Hard to be too in love with any of these teams, but both Oklahoma schools look to be the more solid.

For the second week in a row, the Cardinals are on NBC’s Sunday Night Football. Despite a couple of hiccups, the Cards took care of business, and the Squawks, last week in Seattle. This time they are home in the Big Toaster facing the Bengals. The Bengals are really good, although not invincible, as the Texans proved. Should be a great game, but too close to call. This is a little shocking, but I am pretty interested to see how Kirk Cousins and the Skins do in Carolina. Washington really seems to be jelling a little bit, but this is a stiff test. The other really big time matchup is the wounded Packers at the resurgent, and now NFC Norske leading Vikings. The Pack cannot lose four in a row can they?? The Eagles need to hold serve at home against an improving Tampa Bay squad, if they want any real shot at the playoffs. But they are down to Mark Sanchize at QB, is that enough?

It is a little early to talk NBA, but hollee shit, the Golden State Warriors are fun to watch and are kicking ass. Some war music for your Sabbath.

Share this entry

The Curious Case of Stuxnet and North Korea: Why the News-Dumped Confession?

/2 Comments/in , /by
Map, NK's proliferation trading partners (see PBS' Frontline: Kim's Nuclear Gamble)

Map, NK’s proliferation trading partners (see PBS’ Frontline: Kim’s Nuclear Gamble)

In news dump territory — 2:59 p.m. on a Friday afternoon following this last Memorial Day, to be exact — Reuters published an EXCLUSIVE story in which anonymous sources claimed the U.S. launched a cyber attack on North Korea using a modified version of Stuxnet.

This is hardly news. It’s rather a confirmation by an anonymous source, likely a government official, of the Stuxnet program’s wider aims. This was discussed here at emptywheel in 2013.

Far too much of North Korea’s nuclear energy development program looked like Iran’s for Stuxnet not to be a viable counter-proliferation tool if North Korea had succeeded with uranium enrichment.

And far too much information had been shared in tandem between North Korea, Iran, and Syria on nuclear energy and missile development (see image), for Stuxnet not to have a broader range of targets than Iran’s Natanz facility.

Let’s assume folks are savvy enough to know the Stuxnet program had more than Iran in its sights.

Why, dear “people familiar with the covert campaign,” was the confirmation to Reuters now — meaning, years after the likely attempt, and years after Stuxnet was discovered in the wild?

And how convenient this confession, five days before Kaspersky Lab revealed the existence of Duqu 2.0? Did someone “familiar with the covert campaign” believe the admission would be lost in Duqu-related news?

With the confession, though, begins a volley of exchanges:

  • North Korea has now shut down uncensored 3G wireless service to foreigners, likely in response to this confession. While most Americans were still basking in the slow pace of the national holiday week to the exclusion of foreign policy news, North Korea was certainly paying attention.
  • But NK also has a second reason for shutting down wireless. They may be anticipating increased numbers of foreign aid workers delivering foodstuffs, given their remarkable admission that their country is suffering from the worst drought in 100 years.
  • While not absolute proof that NK has halted their nuclear development, recent satellite imagery shows signs of construction but a reactor not in full operation. The publication of such observation hints broadly to NK’s leadership that the U.S. hasn’t given up on counter-proliferation.

It’s anybody’s guess what the next lob will look like, especially after NK’s foreign minister met with China for reasons believed connected to drought aid.

You can bet there will be some effort to exchange nuclear inspection access for trade and aid, as previously negotiated during Bill Clinton’s administration.

 

Share this entry

Vaporous Voids: Questions Remain About Duqu 2.0 Malware

/6 Comments/in , /by

Cybersecurity_MerrillCollegeofJournalismThe use of stolen Foxconn digital certificates in Duqu 2.0 gnaws at me, but I can’t put my finger on what exactly disturbs me. As detailed as reporting has been, there’s not enough information about this malware’s creation. Nor is there enough detail about its targeting of Kaspersky Lab and the P5+1 talks with Iran.

Kaspersky Lab carefully managed release of Duqu 2.0 news — from information security firm’s initial post and an op-ed, through the first wave of media reports. There’s surely information withheld from the public, about which no other entities know besides Kaspersky Lab and the hackers.

Is it withheld information that nags, leaving vaporous voids in the story’s context? Possibly.

But there are other puzzle pieces floating around without a home, parts that fit into a multi-dimensional image. They may fit into this story if enough information emerges.

Putting aside how much Duqu 2.0 hurts trust in certificates, how did hackers steal any from Foxconn? Did the hackers break into Foxconn’s network? Did they intercept communications to/from Foxconn? Did they hack another certificate authority?

If they broke into Foxconn, did they use the same approach the NSA used to hack Syria — with success this time? You may recall the NSA try to hack Syria’s communications in 2012, by inserting an exploit into a router. But in doing so, the NSA bricked the router. Because the device was DOA, the NSA could not undo its work and left evidence of hacking behind. The router’s crash took out Syria’s internet. Rapid recovery of service preoccupied the Syrians so much that they didn’t investigate the cause of the crash.

The NSA was ready to deny the operation, though, should the Syrians discover the hack:

…Back at TAO’s operations center, the tension was broken with a joke that contained more than a little truth: “If we get caught, we can always point the finger at Israel.”

Did the NSA’s attempted hack of Syria in 2012 provide direction along with added incentive for Duqu 2.0? The failed Syria hack demonstrated evidence must disappear with loss of power should an attempt crash a device — but the malware must have adequate persistence in targeted network. NSA’s readiness to blame Israel for the failed Syria hack may also have encouraged a fuck-you approach to hacking the P5+1 Iran talks. Read more

Share this entry

US Extended Its Special Relations with the Saudis another Decade

/3 Comments/in /by

Back in 2013, then Saudi Interior Minister and current Crown Prince Mohammed bin Nayef came to the US for a great coming out party (and, seemingly, to herald Obama’s second term foreign policy team). While here, he signed an extension to the Technical Cooperation Agreement first signed back in 2008.

The TCA is basically a cooperation agreement to get direct help from us–including training and toys–to protect Saudi infrastructure and borders, particularly its oil infrastructure. As part of it, the Saudis are developing a 35,000 person force, including a paramilitary force, with US training. But unlike our other defense agreements with the Saudis (and like theJoint Commission for Economic Cooperation it was explicitly modeled on, which had been in place from the 1970s until 1999), this one includes a special bank account to fund it all.

The Kingdom of Saudi Arabia will establish a dollar disbursement account in the United States Treasury. Any funds required by the United States for agreed-upon projects will be deposited by the Kingdom of Saudi Arabia in the account in such amounts and at such times as are mutually agreed, and the United States may draw on this account in the amount so agreed. If upon termination of this agreement there are funds remaining in the special account after all expenses have been paid, such funds will be refunded to the Kingdom of Saudi Arabia.

That account could fund contractors and toys. But at least at first, it could not fund US government employees.

The United States will pay for all costs of U.S. Government direct-hire employees assigned to the Kingdom of Saudi Arabia to perform services under this Agreement.

Less than a year into the agreement, that changed, with MbN agreeing the Saudis would also pay for US personnel salaries.

MbN was grateful for USG efforts and assured us full funding would soon follow the signing of these documents, and reconfirmed the SAG’s commitment to pay all OPM-MOI costs. He also agreed to fund all USG employee costs, concurring with any necessary TCA changes to allow such payments, commenting that “hopefully the lawyers will not cause us any problems.”

And already by the time MbN made that agreement, the US was installing military and State employees to oversee this effort (see more on these personnel here).

After unsuccessfully trying to ask for the TCA, I FOIAed it, which I only finally got yesterday. For the most part, it wasn’t worth the wait, as it was only a formal extension of the deal.

That said, I find it interesting that rather than extend the deal 5 years (the original term of the TCA), they instead extended it over a decade, until May 15, 2023.

Given all the events in the Middle East, January 2013 was an interesting time for MbN to come to the US to preemptively sign this TCA. And it’s interesting they’ve extended it a full decade. I’m also curious about the timing of this release, as MbN just returned to the US (this time as part of the Gulf summit), for the first time as the US-backed heir to the Saudi throne (though maybe it just takes State 2 years to release a totally unclassified document as a matter of course?).

Share this entry

Given Call for War, Pakistan’s Parliament Chose Peace. Will US Congress Ignore Call for Peace, Choose War?

/4 Comments/in , /by

As Congress here in the US creeps ever closer to amassing a veto-proof margin for war with Iran by keeping sanctions in place even after a final P5+1 agreement would end them, it comes as especially refreshing that Pakistan’s Parliament has expressed clear sentiment against committing troops to a foreign exercise in folly. Especially remarkable is that this blunt refusal in the face of the Saudi request for Pakistani troops in Yemen comes only 13 months after the Saudis were found to have been the source of a critical $1.5 billion infusion of support when Pakistan’s economy was teetering.

Tim Craig gives us the essentials of Parliament’s move:

Pakistan’s parliament voted unanimously Friday to remain neutral in the conflict in Yemen, a major blow to Saudi Arabia as it seeks to build support for its offensive against the surging Houthi rebels there.

The parliament’s decision came after five days of debate in which lawmakers expressed major concern that Pakistan’s 550,000-man army could become entangled in an unwinnable conflict.

On Monday, Pakistan’s defense minister, Khawaja Muhammad Asif, said Saudi Arabia had requested that Pakistan send troops, warships and fighter jets to help it battle the Iranian-backed rebels in Yemen. But several Pakistani political leaders were strongly opposed to the request, saying the crisis in Yemen didn’t pose an immediate threat to Saudi Arabia.

The next paragraphs provide sharp contrast between the US Congress and Pakistan’s Parliament:

Instead, the resolution approved by Pakistan’s parliament warned that the Yemen crisis “could plunge the region into turmoil” if a negotiated peace and settlement was not reached soon.

“This bombing needs to be stopped because, as long as this is happening, the peace process can’t be launched,” Mohsin Khan Leghari, a Pakistani senator, said on the floor of parliament Friday.

A unanimous resolution against involvement in a foreign conflict that points out that Pakistan’s involvement “could plunge the region into turmoil”. Just wow. The US has sown turmoil on so many fronts throughout the Muslim world recently and yet Congress not only doesn’t see their own role in that turmoil but instead are doing their best to overcome the one opportunity we have there of establishing a peace process. I can’t think of a more damning indictment of Congress now than to put this move by Pakistan’s Parliament alongside Congress’ attempt to derail the Iran nuclear agreement. Given a call for war, Pakistan’s Parliament chose peace. Given a call for peace, the US Congress may still choose war.

For more details on the various forces at play in Yemen, this piece by Sophia Dingli at Juan Cole’s blog lays things out clearly.

The full text of the resolution can be found here.

Share this entry

Iran, P5+1 “Succeeded in Making History”

/12 Comments/in , /by

It has been a very long road since the announcement in November of 2013 that a preliminary agreement between Iran and the P5+1 group of nations had been made on Iran’s nuclear technology. There have been extensions along the way and times when a permanent deal appeared imminent along with times when no such deal seemed possible. Despite tremendous pressure from Israel and the neocon lobby who lust after a war with Iran, the outlines for a permanent deal are now in place. What remains is to nail down the details by the June 30 deadline when the extensions of the interim agreement expire. Laura Rozen and Barbara Slavin capture the historic significance of what has been achieved:

We have “found solutions,” Iran Foreign Minister Mohammad Javad Zarif first proclaimed on Twitter on April 2, “Ready to start drafting immediately.”

We have “succeeded in making history,” Zarif said at a press conference here April 2. “If we succeed, it is one of the few cases where an issue of significance is solved through diplomatic means.”

We have “reached a historic understanding with Iran, which, if fully implemented, will prevent it from obtaining a nuclear weapon,” US President Barack Obama said from the White House rose garden after the deal was announced April 2.

What stands out about the agreement is just how much Iran was forced to give up on issues that had been seen by most observers as non-negotiable. Jonathan Landay interviewed a number of nuclear experts on the agreement:

On its face, the framework announced Thursday for an agreement that limits Iran’s nuclear program goes further toward preventing Tehran from developing a nuclear weapon than many experts expected it would, including requiring an international inspection system of unprecedented intrusiveness.

The Agreement

The version of the agreement as released by the US can be read here. Let’s take a look by sections.

The first section addresses the general concept of uranium enrichment. Although hardliners in the US want all enrichment in Iran stopped, it was clear that Iran would never have agreed to stop. But what has been achieved is staggering. Iran will take two thirds of its existing centrifuges offline. Those centrifuges will be placed in a facility under IAEA inspection, so there is no concern about them winding up in an undisclosed facility. Further, only Iran’s original IR-1 centrifuge type will be allowed. That is a huge concession by Iran (everybody knows the IR-1’s suck), as they had been developing advanced centrifuges that are much more efficient at enrichment. Many critics of a deal with Iran had suspected that advanced centrifuges would be a route that Iran would use to game any agreement to increase their enrichment capacity if only the number and not the type of centrifuge had been restricted. Further, Iran will not enrich uranium above 3.67% for a period of 15 years. And the stockpile of 3.67% uranium will be reduced by 97%, from 10,000 kg to 300 kg. This reduction also will apply for 15 years. This section also carries an outright statement of targeting a breakout time of 12 months to produce enough enriched uranium for a bomb. [But as always, it must be pointed out that merely having enough enriched uranium for a bomb does not make it a bomb. Many steps, some of which there is no evidence Iran has or could develop under intense international scrutiny, would remain for making a bomb.]

The next section of the agreement is titled “Fordo Conversion”. Iran’s Fordo site is the underground bunker built for uranium enrichment. Iran has agreed not to enrich uranium at Fordo or to have uranium or any other fissile material present for 15 years. While many have advocated a complete shutdown of Fordo, the agreement provides a very elegant alternative. Fordo will now become a research site under IAEA monitoring. Had the site shut down, where would all of the scientists who work there now have gone? By keeping them on-site and under IAEA observation, it strikes me that there is much less concern about those with enrichment expertise slinking into the shadows to build a new undeclared enrichment facility.

The section on the Natanz facility follows Read more

Share this entry