Monthly Archives: May 2017

Cyberwar: government hackers

Leave a reply

The mysterious hacking group that supplied a critical component of the WannaCry “ransomware” software attack that spread across the globe in mid-May 2017 has been releasing alleged National Security Agency secrets for the past eight months.  Former intelligence officials now fear that the hackers, who go by the name Shadow Brokers, are taking a new tack: exposing the identities of the NSA’s computer-hacking team. That potentially could subject these government experts to charges when traveling abroad.

The Shadow Brokers on April 14, 2017 posted on a Russian computer file-sharing site what they said were NSA files containing previously unknown attack tools and details of an alleged NSA hack affecting Middle Eastern and Panamanian financial institutions.

But something went largely unnoticed outside the intelligence community. Buried in the files’ “metadata”—a hidden area that typically lists a file’s creators and editors—were four names. It isn’t clear whether the names were published intentionally or whether the files were doctored. At least one person named in the metadata worked for the NSA, a person familiar with the matter said.  Additionally, the hacking group in April, 2017 sent several public tweets that seemingly threatened to expose the activities of a fifth person, former NSA employee Jake Williams, who had written a blog post speculating the group has ties to Russia… Security experts who have examined the documents believe they contain legitimate information, including code that can be used in hacks, as well as the names of the files’ creators and editors.

Because nation-state hackers might run afoul of other countries’ laws while discharging their duties, they could, if identified, face charges when outside their country. So, to keep their own people safe, governments for decades have abided by a “gentleman’s agreement” that allows government-backed hackers to operate in anonymity, former intelligence officials say….

Some former intelligence officials suggested the U.S. prompted the outing of state-sponsored hackers when it indicted five Chinese military hackers by name in 2014, and more recently brought charges against two officers with Russia’s Federal Security Service over a 2014 Yahoo Inc. breach.  By exposing cyberagents, the Shadow Brokers appear to be taking a page from the U.S. playbook, said Mr. Williams, who worked for the NSA’s Tailored Access Operations hacking group until 2013. An NSA spokesman said the agency doesn’t comment about “most individuals’ possible current, past or future employment with the agency.”  “We’ve fired first,” Mr. Williams said, referring to the U.S. charging the alleged Chinese hackers by name. “This is us taking flak.”…

The documents revealed jealously guarded tactics and techniques the NSA uses to access computer systems…For example, the files include source code for software designed to give its creators remote access to hacked machines, and to evade detection from antivirus software. If the code was created by the NSA, it now gives security professionals a digital fingerprint they can use to track the NSA’s activities prior to the leak.

That could prove disruptive to NSA activities, forcing the agency to consider pulling its software from others’ networks and taking other steps to erase its tracks. And while the information could help companies determine whether they have been hacked by the NSA, it could also be used to create more malicious software. The Shadow Brokers tools, for example, are now being used to install malicious software such as WannaCry on corporate networks.

Mr. Williams initially thought the Shadow Brokers had access only to a limited set of NSA tools. His assessment changed after three tweets directed at him April 9, 2017 included terms suggesting the group had “a lot of operational data or at least operational insight” into his work at the NSA, he said.  The tweets, which are public, are cryptic. They express displeasure over an article Mr. Williams wrote attempting to link the Shadow Brokers to Russia. They also mention apparent software code names, including “OddJob” and “Windows BITS persistence.”…..OddJob is a reference to software released by the Shadow Brokers five days after the tweets. “Windows BITS persistence” is a term whose meaning isn’t publicly known.

Excerpts from In Modern Cyber War, the Spies Can Become Targets, Too, Wall Street Journal, May 25, 2017

 

Final Development Frontier in Nepal

Leave a reply

While India, Pakistan and China have all developed massive hydropower plants along the Himalayan mountains, Nepal’s civil war and political instability scared off investment for decades.  Now, thanks to an inclusive peace process that allowed the country’s main rebel leader to be elected prime minister twice, the focus is shifting to Nepal. Hydropower projects worth billions of dollars are in progress, with geologists and investors scouring the landscape for more.

Government surveys show Nepal’s abundant water resources can feasibly yield hydropower equal to more than 40% of U.S. output, a 40-fold increase from today. Officials project almost a third more hydropower capacity will come online this year. More than 100 projects under construction—over 40 since last year—and others in development will yield at least a tenfold increase in the next decade to 10 gigawatts of power, they say.

Nepal is ramping up its development of hydroelectric power plants in the Himalayas, but building in the region can be risky work. Photo: Brian Sokol for The Wall Street Journal  “There’s such an energy shortage that any project you build will find a market,” said Allard Nooy, CEO of InfraCo Asia, a development body funded by the U.K., Swiss and Australian governments that is financing one hydro project and seeking to develop two more.

Still, power companies don’t face an easy ride.  Among the hurdles are natural ones: earthquakes, landslides and inland tsunamis from glacial lakes as warmer temperatures prompt ice melt. Two years ago a series of massive quakes killed 9,000 people and shattered the country.

Opposition from environmental groups is another difficulty, especially for a new generation of dam projects. In the past, the World Bank and Japan’s Asian Development Bank have withdrawn support for projects amid opposition from environmental groups that say large dams can damage natural habitats like wetlands, threaten migratory fish stocks, and displace traditional farming communities.

Activists are concerned over the effects hydropower projects have on the environment and communities. Here are some of their top worries.

Displacement Dams flood valleys and in many cases require communities to abandon their land. A number of dam projects under consideration in Nepal would require whole villages to relocate.
Earthquakes A growing body of research suggests large dams can trigger quakes by adding pressure to areas near fault lines, a phenomenon known as “reservoir-induced seismicity.”
Wildlife Projects can disrupt the natural migration of fish and other river life. Environmentalists in Nepal are particularly concerned about the country’s small population of endangered Ganges River Dolphins.
Seasonal River-based hydropower projects, which are popular in Nepal, only generate electricity when water is flowing, making them less effective in the dry season. Dams can generate power in any season.

The greater stability has boosted momentum for rising investment in the Himalayas—a region dominated by Nepal, India and Bhutan that is considered the final development frontier in South Asia. Hydro energy projects are the biggest focus.  “The only resource we have, like the Arabian countries have oil, is water,” said Chhabi Gaire, project manager at the Rasuwagadhi Hydroelectric Project, a 1f11-megawatt plant under construction near China’s border.

Funding for projects is increasingly coming from Nepalese working abroad, says the Nepal Electricity Authority. Their remittances reached $6.7 billion in 2015, according to the World Bank, more than even Thai and South Korean workers abroad sent to their own countries.  Meanwhile, India’s cabinet approved $850 million in February to build a plant on Nepal’s Arun River that would export most of its energy to India. A month earlier, the Chinese-state owned China Three Gorges Company agreed to a joint venture with Nepal’s government to build a $1.6 billion hydropower plant on Nepal’s Seti River, also mainly for electricity export to India…

Workers on Nepal’s hydropower projects face sometimes deadly risks in the steep mountain valleys of the Himalayas such as landslides, falling boulders and flash floods…  [T] he 456-megawatt Upper Tamakoshi project, funded by a group of Nepal’s major banks and pension funds, is now under construction and set to open in mid-2018 with a reservoir to enable energy generation in the dry season.  It’s is also a risky project.

To the East the dangerous glacial lake Tsho Rolpa threatens to burst its banks. To the West, the Gongar river routinely spits boulders the size of two-story buildings over the valley wall. A bridge the developers built over the Gongar was swept away in a flash flood during monsoon season. Landslides triggered by quakes swept away swaths of the access road. To keep working, project developers built a steel truss bridge and drilled a new road tunnel through a collapsed valley wall.  Moreover, the project is built on such volatile terrain that the turbines and delicate transmission equipment were buried 460 feet beneath the surface.

Excerpts from In the Himalayas, a New Power Rises: Water, Wall Street Journal, May 18, 2017

 

Behavior Mining

Leave a reply

Understanding and assessing the readiness of the warfighter is complex, intrusive, done relatively infrequently, and relies heavily on self-reporting. Readiness is determined through medical intervention with the help of advanced equipment, such as electrocardiographs (EKGs) and otherspecialized medical devices that are too expensive and cumbersome to employ continuously without supervision in non-controlled environments. On the other hand, currently 92% of adults in the United States own a cell phone, which could be used as the basis for continuous, passive health and readiness assessment.  The WASH program will use data collected from cellphone sensors to enable novel algorithms that conduct passive, continuous, real-time assessment of the warfighter.

DARPA’s WASH [Warfighter Analytics using Smartphones for Health] will extract physiological signals, which may be weak and noisy, that are embedded in the data obtained through existing mobile device sensors (e.g., accelerometer, screen, microphone). Such extraction and analysis, done on a continuous basis, will be used to determine current health status and identify latent or developing health disorders. WASH will develop algorithms and techniques for identifying both known indicators of physiological problems (such as disease, illness, and/or injury) and deviations from the warfighter’s micro-behaviors that could indicate such problems.

Excerpt from Warfighter Analytics using Smartphones for Health (WASH)
Solicitation Number: DARPA-SN-17-4, May, 2, 2018

See also Modeling and discovering human behavior from smartphone sensing life-log data for identification purpose

Japan’s Nuclear Waste

Leave a reply

Japan seeks final resting place for highly radioactive nuclear waste…[W]ith a number of Japan’s nuclear reactors closed down for good in the wake of the Fukushima accident, the need for a permanent storage site is more pressing than ever.

The disaster, in which a 13-meter tsunami triggered by an off-shore earthquake crippled four reactors at the plant and caused massive amounts of radioactivity to escape into the atmosphere, also underlined just how seismically unstable the Japanese archipelago is and the need for the repository to be completely safe for 100,000 years.

“They have been trying to get this plan of the ground for years and one thing they tried was to offer money to any town or village that agreed to even undergo a survey to see if their location was suitable,” she said.  “There were a number of mayors who accepted the proposal because they wanted the money – even though they had no intention of ever agreeing to host the storage site – but the backlash from their constituents was fast and it was furious,” Smith added.  “In every case, those mayors reversed their decisions and the government has got nowhere,” she said. “But I fear that means that sooner or later they are just going to make a decision on a site and order the community to accept it.”

The security requirements of the facility will be exacting, the government has stated, and the site will need to be at least 300 meters beneath the surface in a part of the country that is not subject to seismic activity from active faults or volcanoes. It must also be safe from the effects of erosion and away from oil and coal fields. Another consideration is access and sites within 20 km of the coast are preferred.

The facility will need to be able to hold 25,000 canisters of vitrified high-level waste, while more waste will be produced as the nation’s nuclear reactors are slowly brought back online after being mothballed since 2011 for extensive assessments of their safety and ability to withstand a natural disaster on the same scale as the magnitude-9 earthquake that struck Fukushima.

When it is released, the government’s list is likely to include places in Tohoku and Hokkaido as among the most suitable sites, because both are relatively less populated than central areas of the country and are in need of revitalization efforts. Parts of Tohoku close to the Fukushima plant may eventually be chosen because they are still heavily contaminated with radiation from the accident.

Excerpts from Japan seeks final resting place for highly radioactive nuclear waste, Deutsche Welle, May 4, 2017

Waterbird Habitats Lacking

Leave a reply

The spring of 2017 50 million waterbirds will move from their winter homes in South-East Asia, Australia and New Zealand to their breeding grounds in Russia, Mongolia, northern China, the Korean peninsula, Japan and even Alaska. They rely on intertidal flats teeming with nourishing molluscs, worms and crustaceans, as well as plants, to supply the food that fuels their journeys.  Of the eight big flyways, the East Asian-Australasian is also the one displaying the sharpest decline in the number of birds. Of its 155-odd waterbird species, at least 24 are now globally threatened. They include the diminutive spoon-billed sandpiper, a wader whose numbers are down to fewer than 200 pairs.

Transiting one of the world’s most dynamic industrial regions is clearly taking a toll. Asia’s migratory waterbirds face immense pressures, from hunting, pollution, ingested plastic and competition from aquaculture. But the biggest disaster is the destruction of coastal way-stations. Since 1950 China has lost over half its coastal wetlands to “reclamation”. According to the International Union for Conservation of Nature (IUCN), the Yellow Sea, into which the Yellow River flows, has lost over 35% of intertidal habitat since the early 1980s. An especially destructive moment was the run-up to the Beijing Olympics of 2008, for which a lot of heavy industry was moved from the capital to the coast.

Xianji Wen, who works for the WWF, describes the Yellow Sea as a “bottleneck” for the whole flyway: so many waders pass through it that the loss of habitat there is particularly consequential. Four-fifths of Asia’s red knots, having wintered in Australasia, stop on their way north at one spot, Luannan, east of Beijing. The bar-tailed godwit flies non-stop from New Zealand to the Yellow Sea—over 6,000km. After recovering there, the species flies non-stop again to its breeding grounds in the extreme north of Russia.  Populations of both species have crashed by over a third, probably because of coastal development…..

There is a silver lining, however. The vast middle class created by the region’s breakneck growth is becoming interested in conservation…In China several hundred birdwatchers gather for the spring migration by the Yellow Sea near the North Korean border. And Mr Wen says that local governments in China increasingly take pride in the acclaim they win for conservation schemes—several work with the WWF. In 2016 China and New Zealand even signed an agreement—an “air bridge” between the two countries—to protect the habitat of the bar-tailed godwits, whose annual departure, Maori mythology holds, is for the homeland of the ancestors who first colonised New Zealand.

South Korea’s conservation movement is feeble. But the government of North Korea, by failing to develop the country, has inadvertently preserved a greater share of valuable waterbird habitats. It recently agreed to designate one as a protected site under the “Ramsar” international convention on wetlands….

Excerpt from Canaries in the Coal Fumes, Economist, Apr. 22, 2017

Nuclear Power in the United States: Westinghouse bankruptcy

Leave a reply

Westinghouse founded in 1886 is the company that brought electricity to the masses.  Its AP1000 pressurised water reactor was supposed to make nuclear plants simpler and cheaper to build, helping to jump-start projects in America and around the world.  But those nuclear ambitions have gone awry. On March 29th the firm filed for Chapter 11 bankruptcy in New York. Its troubles have been a running sore at Toshiba, its Japanese parent, a headache for its creditors, and the latest bad tidings for a nuclear industry beset with problems.

Toshiba was triumphant in 2006 when it paid $5.4bn for Westinghouse after a bidding war, beating out General Electric. Around the same time, Southern and SCANA, two big utilities based in Georgia and South Carolina, respectively, chose the AP1000 design for new nuclear plants.But these American projects soon faced the problems that have long plagued nuclear construction. In Westinghouse’s bankruptcy filing, the company explains a dismal chain reaction. Unexpected new safety and other requirements from American regulators caused delays and additional costs. That sparked a fight between the utilities, Westinghouse and its construction contractor, a subsidiary of Chicago Bridge & Iron (CB&I), about who should bear them. The brawl exacerbated delays…

There have been rumours that Korea Electric Power, a state-controlled utility, might take over, but Westinghouse’s steep losses may keep it away. “This has bankrupted Westinghouse,” says Mr Byrd. “Why would another firm step into that situation?”

The future for other AP1000 reactors looks bleak. A plant in China is years behind schedule. In America, the troubles in Georgia and South Carolina may bolster support for more modest nuclear projects, says Tyson Smith, a nuclear-energy expert at Winston & Strawn, a law firm. On March 15th, 2017 the country’s nuclear regulator said it would review an application for America’s first small modular nuclear reactor (SMR), from a company called NuScale, in Oregon. The SMR technology has been touted as a cheaper, easier way to build nuclear capacity. But it will have to compete with inexpensive natural gas, wind farms and solar plants. Those hoping for an American nuclear resurgence may have to wait a long time yet.

Excerpts Fallout Westinghouse files for bankruptcy, Economist, Apr. 1, 2017

SpaceX Falcon

Leave a reply

A SpaceX Falcon rocket lifted off from the Kennedy Space Center in Florida on May , 2017 to boost a classified spy satellite into orbit for the U.S. military, then turned around and touched down at a nearby landing pad.

It was the 34th mission for SpaceX, but its first flight for the Department of Defense, a customer long-pursued by company founder Elon Musk. The privately owned SpaceX once sued the Air Force over its exclusive launch services contract with United Launch Alliance (ULA), a partnership of Lockheed-Martin and Boeing.)  The liftoff of a classified satellite for the National Reconnaissance Office (NRO) officially broke ULA’s 10-year monopoly on launching U.S. military and national security satellites.

In addition to the NRO’s business, SpaceX has won two Air Force contracts to launch Global Positioning System satellites in 2018 and 2019.  For now, the military’s business is a fraction of more than 70 missions, worth more than $10 billion, slated to fly on SpaceX rockets. But with up to 13 more military satellite launches open for competitive bidding in the next few years and ULA’s lucrative sole-source contract due to end in 2019, SpaceX is angling to become a majo launch service provider to the Department of Defense.

A month ago, SpaceX for the first time launched one of its previously flown rockets to send an SES communications satellite into orbit, a key step in Musk’s quest to demonstrate reusability and slash launch costs.

Excertps, SpaceX Launches US Spy Satellite on Secret Mission, Nails Rocket Landing, Space.com, May 1, 2017