MS Risk Blog

Chinese Hacking Report Released

Posted on in China title_rule

A report released on 19 February indicated that hackers from a unit of China’s People’s Liberation Army (PLA) had amassed hundreds of terabytes of stolen data from over twenty nations as far back as 2006.

Chinese HackingThe report, released by American security company Mandiant, was the result of six years of investigations. The team tracked individual members of the Chinese hacker group to a high-rise building in residential Shanghai. The location is home to Unit 61398 of the People’s Liberation Army. The report claims that among other information, the unit has obtained technology blueprints, negotiating strategies, and manufacturing companies from 141 companes, 115 of which are in the United States. Among the diverse set of targets was a large defence contractor, and a company that helps utilities to run North American pipelines and power grids.

The most prolific of these actors, in terms of quantity of information stolen, is a group known as  APT1 (ATP stands for Advanced Persistent Threat). The Mandiant report indicates that APT1 is staffed by hundreds or thousands of English-proficient speakers with advanced computer security and networking skills. They have hacked into 141 companies, remaining in their networks for an average of 365 days (with the longest lasting 1,764 days), and have targeted companies across twenty industries which were identified by China as strategically important under its Five Year Plan for economic growth.

The Chinese government has denied and condemned the Mandiant report, calling it “unprofessional”. Chinese foreign ministry spokesman Hong Lei stated, “Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult. We don’t know how the evidence in this so-called report can be tenable.”

Mr. Hong further added that China opposes hacking, and believes the nation itself is a victim of cyber attacks. Yet the report, which is lauded in the West for its unprecedented level of detail, indicates that not only are the activities based in China, but that the Chinese government is aware of them.

Hackers in Chinese Culture

While the Chinese government may not know the full extent of Chinese hackers, they are aware that hacking is a prevalent part of Chinese tech-society. There are three types of hacker attacks emanating from China: economic espionage, cyber warfare, and attacks by “hacktivists” with a socio-political agenda. The latter of these, Chinese “Red Hackers” perceive themselves as Internet patriots. They number in the thousands, have nationalistic politics, and exist in a culture where hacking, particularly against the West, is “fashionable”. A 2005 Shanghai Academy of Social Sciences survey found that hackers equated with rock stars. Forty-three percent of elementary-school students “adore” China’s hackers and nearly a third aspire to join them. Within the culture, there are hacker magazines, clubs and online stories. Unlike Western hackers, who tend more anti-government, Chinese hackers are more involved with politics. “Nationalism is hip,” claims a man identified as “the Godfather of hackers”, “and hackers — who spearhead nationalist campaigns with just a laptop and an Internet connection — are figures to revere.”

Of China’s thousands of “Red Hackers”, many may not be acting on direct behalf of their government, but the net effect is the same. The Chinese government does not have a direct connection to all hacker groups, nor do they prosecute hackers for attacks outside of their borders. In instances where hackers work to the benefit of China, this lack of supervision is perceived as tacit approval, particularly as the Chinese distinction between the private and public domain is very small.

Refinement of Phishing

To companies in the West, the particularly increasing difficulty is in identifying the actual hack. The primary tactic used to enter a system is “phishing”, a process by which seemingly innocent messages include links or attachments which dump spyware on recipients’ computers. Initially, these emails were easy to spot, due to poor language use, or obviously malicious attachments, such as “.exe” or “.rar” files. However, Chinese hackers have polished their strategy, using polished English and more convincing attachments, such as links for RSVPs to events, or PDFs which must be opened to obtain the information.

ATP1 has effectively created webmail accounts using real names which are familiar to the recipient, such as a colleague, vendor, or client. The phishing attempts are customised with use subject lines and content relevant to the target, making it more difficult to identify when a security system had been compromised.

The most effective tool against this polished technology is a return to old mediums. Companies are urged to contact a sender face-to-face or via telephone to confirm the attachment’s safety. Even sending an email asking if an attachment is safe is risky, as the malicious sender can simply respond that it is legitimate.

Hacking and the Chinese Economy: What it could mean

Analysts believe that the pattern is likely to continue because it is affordable. Frank Smyth, founder of Global Journalist Security, says, “No one should be surprised, because it doesn’t take that much infrastructure. If you have a team of people in a room, you can create a lot of havoc. That’s much cheaper than building a tank or a jet fighter.”

China’s rapid growth and aging population has caused their reliance on foreign food and energy to increase dramatically. These leadership fears may serve as an impetus to justify an industrial espionage campaign. However these actions may serve to hinder economic progress. The acquisition of foreign technology may handicap Chinese development, according to James Lewis of the Center for Strategic and International Studies. “There is a puzzling lack of faith in China’s own strengths. Beijing has concluded that now is not yet the moment to tame the decades-old effort to pilfer technology.”

Hacking on this scale also signals a reluctance to play by the rules in the in the international market. China’s new leader, Xi Jinping has vocally suggested that the nation embrace reform and work within the rules of international law. The failure to acknowledge of the contents of the Mandiant report are a missed opportunity; the denial, and boomerang accusation that it is China which has been victimised,  may generate a loss of trust in both the Chinese government and business relations in the nation.

Mali Security Update (22 February 2013)

Posted on in Mali, Region Specific Guidance title_rule

This past week has seen a number of suicide incidents and increased fighting occurring throughout Mali, with one French Legionnaire being killed in the fighting.  The continued string of suicide bombings in the previously occupied northern regions of the country are further indications that al-Qaeda-linked groups have resorted to hit and run attacks as a means of destabilizing the security in Mali.  Anyone remaining in Mali is advised to either leave the country immediately or relocate to Bamako as it is highly likely that suicide attacks and clashes will take place throughout the northern regions of the country.  Such attacks and bombings are likely to take place in the previous rebel-strongholds and will likely target military camps and foreigners.  Clashes between militants and soldiers are also likely too occur throughout northern Mali as rebels attempt to disrupt the security. In turn, their is a heightened risk that similar attacks may occur in neighbouring countries, especially those West African nations which have sent their troops to Mali.

On Friday, five people, including two suicide bombers, died in car bombings that occurred in northern Mali just one day after fierce urban battles amongst French-led forces and Islamists resulted in the deaths of at least twenty al-Qaeda-linked militants.  Security sources have confirmed that today’s incident involved two vehicles that were targeting civilians and members of the ethnic Tuareg rebel group, the MNLA.  The incident occurred in the town of Tessalit, which is known as the gateway into the mountainous regions of the country.  It is believed that a number of rebels have fled to this region in order to seek shelter and to regroup.  Although no group has claimed responsibility, it is widely believed that the al-Qaeda-linked Movement for Oneness and Jihad in West Africa (MUJAO), which is one of Mali’s main Islamist groups, is behind today’s attack.  Furthermore, it is highly likely that any rebels in the mountainous regions, and nearby, will focus on hit and run attacks in the coming weeks as a means of preventing allied troops from gaining control of the region.

Today’s attack also comes after al-Qaeda-linked rebels claimed responsibility for another car bomb attack that occurred on Thursday near the city of Kidal.  The car blast occurred just 500 metres from the camp which is occupied by French and Chadian troops.  Although the vehicle was targeting the camp, it had exploded before it could reach the base.  At least two civilians were wounded in the incident.  MUJAO have claimed responsibility for this attack, stating that they had no difficulty getting into Kidal in order to blow up the vehicle as they had planned.  A spokesman for MUJAO, Abu Walid Sharoui also noted that “more explosions will happen across our territory.”

With an increase of attacks occurring this week, France announced its second military death since President Francois Hollande launched the unilateral military operation on 11 January 2013.  Military officials in Paris confirmed that Staff Sergeant Harold Vormeeele, an NCO and commando with the 2nd Foreign Parachute Regiment, an elite unit of the French Foreign Legion, was killed during an operation launched on Monday which resulted in the deaths of more than twenty rebels in the mountainous Ifoghas region.  According to military sources, 150 French and malian soldiers were taking part in the operation which was aimed at rooting the rebels out of their hideaways.

Over the past few weeks, the French-led forces have been increasingly facing guerrilla-style tactics after initially having been met with little resistance in their drive to force Islamist groups out of the main northern towns of Gao, Kidal and Timbuktu.  Although the large-scale military operations in the northern region of the country are beginning to wind down, sporadic fighting continues to erupt and may prove to be an issue once the French hand over their mission to the African Union forces.

Mali - Current

Terrorism and Oil

Posted on in Uncategorized title_rule

Islamic Terrorism and Oil

 

For over a decade, terrorist groups have focused particularly on the oil industry. In 2004, Osama bin Laden declared energy installations to be a legitimate target for militants, as the resultant increase in oil prices could damage Western economies. Yet the link between terrorism and oil is cyclical: in many cases, the money required to carry out these acts are derived from profits gained from oil sales to the West. In order to understand the cycle, it is necessary to understand the actors and the process.

Understanding Extreme Wahabism

 

Two centuries ago, a peaceful yet ultra-conservative reformist movement within Sunni Islam began in Saudi Arabia. Known amongst themselves ad dawa lil tawhid (Call to Unity), this faction is more commonly known by its more derogatory name “Wahabi”. The original goal of Wahabists was to abolish cultural practices that have permeated Islamic societies since the 3rd century.

Since the 1920s, Wahabists have established a new ideology, characterised by extreme views and interpretations of the Quran and Hadith. In the 1970s, the movement began to gather momentum with aid from wealthy benefactors. As the movement grew, factions mutated and splintered, some becoming radicalised in their beliefs. These factions became increasingly confrontational in attempting to impose their ideology around the world.

These extreme sub-sects of Wahabists believe that fundamental Islam can be implemented “by means of the sword”. Today, the Wahabist movement has manifested itself through armed terrorist attacks and insurrections, and has spread beyond Saudi Arabian borders through many parts of the Middle East and North Africa.

The majority of Muslims find the Wahabist use of the world “Islamic” grossly offensive, as these groups selectively misinterpret passages of the Quran and Hadith, and conveniently use the guise of Islamic faith to carry out actions such as fatwas (Islamic religious rulings), terror tactics, or legitimising the use of laundering, drug money, or ransoms to finance their activities.

Financing Wahabi Extremism

While a portion of Wahabi extremism is funded by illicit activities, Wahabi groups such as al-Qaeda have amassed millions of dollars through seemingly legitimate business ventures, including charitable organisations and non-governmental institutions. A great deal of the funding for these groups comes through profits from oil exports to the West.

A good example of this can be found in Saudi Arabia. The oil-rich nation is a rentier state, meaning a substantial portion of the governments profits are generated from the allowing international access to indigenous resources. In Saudi Arabia, 90-95% of total export earnings come from oil revenue. Oil also accounts for around 55% of the country’s gross domestic product (GDP). Saudi Arabian citizens do not pay taxes; rather, they pay zakat, one of the five Islamic pillars, which requires that individuals to give to charity.

Each Saudi citizen is required to give at least 2.5% of his income in zakat. In most instances, the charitable organizations are genuinely dedicated to good causes. However a small portion of these charities are fronts with dubious undertones, serving as money laundering organizations which finance terrorist operations. While many citizens contribute to these charities in good faith, they may not realize that their money is not going toward their intended cause.

In most Islamic nations, the payment of zakat is voluntary, with the exceptions of Libya, Malaysia, Pakistan, Sudan, Yemen, and Saudi Arabia. However, because it is an Islamic pillar, voluntary donations in other countries are high, which allows for similar charitable front organizations to crop up and receive funding from unwitting donors. In some instances however, individuals are fully aware of the funds ultimately land.

A 2010 WikiLeaks cable identified Qatar, Kuwait, the UAE, and Saudi Arabia as nations which are weak in preventing citizens from financing terrorist activities. Saudi Arabia received the harshest assessment, citing the Hajj, a pilgrimage to Mecca that is a pillar of the Islamic faith, as a security loophole. Pilgrims travel with large amounts of cash, and cannot be refused entry for the Hajj. Following the release of the cable, a council of top Saudi clerics issued a fatwa against terrorist funding, and increased financial monitoring, however many terrorist supporters use other means to deliver funds, including Hawala transactions.

The ancient and common Arabic tradition of Hawala-transactions is a record-free system. Money is moved through an honour-system based on verbal agreements, and debts are settled on a personal level, rather than through a traditional banking system. The transactions rely on a password for funds to be delivered. Often, if a recipient has a password, no further information is necessary to receive the funds. Money has historically been distributed this way throughout the Arab world, and through these means, it becomes difficult to assess the initial sources of funding for terrorist activities.

The Cycle of Radicalism and Oil

Oil-rich regimes in the Middle East have historically been oppressive, resisting progress or power-sharing with emerging parties. As tensions increase from radicalised groups, some regimes have given a blind-eye to certain terrorist fundraising activities. In turn, radical organisations may focus on conducting activities away from domestic soil, sometimes targeting nations with weaker governments or lax security. The intention for the extremists is two-fold: to increase Wahabi influence, and disrupt profit sectors which benefit Western nations; specifically the oil and energy industries.

In war-weakened Libya, security analysts have issued elevated warnings about possible threats to oil installations, similar to those that occurred in Algeria. Libyan oil and natural gas makes up nearly all of the nation’s export revenues, and account for 80% of government revenues.

Despite Algeria’s strong government and security infrastructures, weakened security around the gas complex allowed an opportunity for the January attack at Ain Amenas gas complex. The normally secluded nation became victim to an international terrorist incident because the Algerian government granted airspace permissions to French forces as they fight separatists in Northern Mali. Algeria’s hydrocarbon sector accounts for 98% of the nation’s exports.

In rare instances, regimes may provide direct yet concealed assistance to these groups if there is an opportunity for profit. For instance, in January, French officials accused Qatar of providing material support to Islamists in northern Mali. If successful, Qatar would benefit from supporting separatist allies in Mail because the African nation has huge oil and gas potential, as well as gold and uranium deposits. A good relationship with an Islamist ruled Northern Mali would provide Qatar the opportunity to develop the infrastructure and gain profit. Analysts believe that the Qatari government is placing itself in a position to act as a mediator, and possible beneficiary, in future negotiations between the rebels and the Malian government. This positioning by Qatar is not unfamiliar to Western Intelligence; in 2012, Washington raised alarms that Qatari arms shipments were being redirected to Libyan Rebels. Should the rebels become installed in powerful political seats; Qatar would find itself in a prime position to negotiate the development of infrastructure for Libya’s newly discovered oil reserves in the Ghadames Basin, about 370 miles southwest of Tripoli.

Increasing Security

Trends from the International Energy Agency estimate that the international demand for oil will continue to grow through 2035. Although nations outside of the Middle East and North Africa have increased oil production, the world is still heavily reliant on oil from the region. Likewise, these oil-rich nations rely on this resource as a primary component of GDP.

Many oil companies are reviewing security arrangements, seeking to tighten restrictions and strengthen weak areas. Sonatrach, the Algerian national oil company has identified the lack of armed guards as a critical weakness which allowed terrorists access to the complex. In Libya, more guards and military personal had been deployed to oil sites, as security patrols intensified around the clock. Similar security estimates are being conducted in Nigeria, Egypt and other nations, however US intelligence has indicated that nations hosting Western companies with significant hydrocarbon reserves may be vulnerable to disruptions in North Africa and sub-Saharan operations. Among those listed are installations in Egypt, Libya, Angola, Nigeria, and DR Congo.

Mali Security Update (18 February 2013)

Posted on in Mali title_rule

Foreign ministers from the European Union (EU) on Monday formally approved the launch of a EU military mission that will be composed of 500 troops and which will be tasked with training the Malian army.  The mission has already begun work on the ground as a group comprising of seventy EU military personnel arrived in Mali ten days ago.  Today’s approval of the launch was the final stage in setting up the European Union Training Mission (EUTM), which has a fifteen-month mandate to train Mali’s military.

EU foreign policy chief has indicated that the mission “is going to be of enormous importance in support of the Malian army.”  In December 2012, twenty-seven EU nations first approved the the notion of a training mission in order to boost the army’s abilities to fight Islamist rebels in the northern regions of the country.  However the launch of the programme was accelerated after France’s unilateral military intervention which they surprisingly launched on January 11 in order to prevent insurgents from moving further south and threatening the capital city.  A total of sixteen EU countries have agreed to take part in the EUTM mission, which will have a €12.3 million (£10 million) with each contributing nation financing its own troops.  Half of the troops deployed to Mali will provide training while the other half are set to provide protection as well as administrative and medical backup.

Meanwhile any foreigners remaining in Mali should either leave the country immediately or  remain in the capital city of Bamako.  MS Risk advices those in the country to avoid all travel to the previously occupied towns, including Gao, Kidal and Timbuktu as well as the northern mountainous regions and the town of Tessalit.  With last week’s suicide bombing in Gao, it is highly likely that any Islamist rebels remaining in their previous strongholds will use such methods of attack in order to destabilise the security situation throughout the country.  Suicide bombings may therefore occur at any place and at any time.  There is also a heightened risk of kidnapping which will likely target foreigners, especially French nationals, and which may occur at sites owned by foreign companies.  All companies in Mali should have a heightened level of security measure as they maybe targeted by al-Qaeda linked rebels.

Mali - Current

MENA Update (16 February 2013)

Posted on in Algeria, Egypt, Iran-Israel, MENA, Tunisia title_rule

Algeria: Algeria and the US agreed to work together to preventAlgeria criminal access to black market nuclear materials, citing fears that supplies from Gaddafi’s stock are within reach of Al-Qaeda in the Islamic Maghreb (AQIM).

Officials from both nations discussed security measures including border patrol, strategic trade controls and illicit transfer of conventional weapons, as well as constant monitoring of smuggling threats and trends.

Algerian Colonel Djamel Abdessalem Z’ghida announced that ground border surveillance in the southwest has been strengthened for the fight against trafficking and other criminal networks. Ground forces are supported by daily aerial surveillance.

The agreement between Algeria and the US is an unusual act of cooperation for Algeria, whose government prefers to conduct domestic security affairs unilaterally. US officials hope these efforts increase cooperation on a regional and international scale.

Internal reports by British Petroleum (BP) in 2011 and 2012 warned of risk of attack against gas plants in Africa. The reports anticipated the increasing likelihood of attacks in Africa following the killing of Osama bin Laden.

A May 2011 report, distributed immediately following bin Laden’s death, indicated that renewed terror activity could arise from within Algeria’s Al Qaeda franchise. The BP internal newsletter stated, “[Al Qaeda] affiliates and other groups will seek to fill the leadership and motivational void left by OBL.” However a report from January 2012 made no indication of threats to Algeria, rather focusing on other African and Middle Eastern nations, warning of a new brand of Islamic terrorism and “fostered by weak or nonexistent central governments, easily-crossed borders, ready availability of weapons and explosives, and simmering ethnic, religious and economic fissures.”

The militant group which conducted the terrorist storming of the Ain Amenas gas compound are led by Mokhtar Belmokhtar, a breakaway commander from AQIM. Both AQIM, and Belmokhtar’s group, called “Those Who Sign With Blood” originated in Algeria.

BP’s latest security assessment focuses on a standoff between Iran and the West, suggesting that Iran could use militia’s controlled by Irack to attack Western interests in Iran.

Bahrain: Rioters have blocked roads and clashed with security Saudi Arabiaforces following the death of a teenage boy during the protests for second anniversary of Bahrain’s uprising. The boy is reported to have died from “close range birdshot”. Hundreds of opposition demonstrators threw petrol bombs at police, who responded with tear gas.

On Saturday, police discovered a bomb on the Bahraini end of the King Fahd causeway, a 25km stretch which links Saudi Arabia to the island country. The route is used by thousands of people each day.

The protests occur in the midst of reconciliation talks between the predominantly Sunni government and Shi’ia opposition parties. The opposition wants to put an end to the Bahraini monarchy’s political domination and full power in parliament. The next round of talks is scheduled for Sunday, yet there is no word from either side whether the discussions will continue in the wake of the protests.

Egypt:  On Friday, Egyptian security officials seized two tons of explosives hidden in a truck carrying fruits and vegetables. TheEgypt explosives were confiscated in the main Suez Canal transport tunnel which connects Sinai to the rest of Egypt. The explosives were packed in 100 plastic bags, and are a type used for demolishing stones in quarries. The driver was been taken in for questioning, and said he was unaware he was transporting explosives. A businessman had asked him to take the goods to Sinai for collection.

Since the 2011, and particularly the Libyan revolution,  Egypt’s Interior Ministry has confiscated hundreds of weapons smuggled from Libya, some of which are meant to be delivered to Gaza. Sinai has increasingly become a haven for Islamist militants who have benefitted from lack of security in the area following the Egyptian Revolution.

The explosives designed for demolishing stones may be an indication that Egyptian attempts to block smuggling tunnels in the Sinai are being met with strong resistance. On Wednesday, Egyptian security forces began flooding smuggling tunnels between Sinai and the Gaza Strip, in an effort to shut them down. The network of tunnels provides an estimated 30% of all goods received into the region, circumventing a blockade imposed by Israel since 2007.

Hamas released a statement Saturday condemning the Egyptian government for the actions. Khalil El-Haya, a senior Hamas official, added that people in Gaza consider Egyptian actions equal to a renewal of the Israeli blockade.

Iran-Israel: Brigadier General Hassan Shateri (also known as Israel-IranHessam Khoshnevis), of Iran’s Quds Force of the Iranian Revolutionary Guard Corps, was killed on Tuesday in Syria, while heading back to Lebanon. Shateri had been engaged in civilian reconstruction in Lebanon for the last seven years, and is the first Iranian general killed in Syria. The Iranian government has accused opponents of Syrian leader Bashar al Assad of the murder. Syrian rebels have accused Iran of sending forces to assist Assad in suppressing the uprising.

An Iranian envoy to Beirut has connected the killing with the Israeli government, stating that the killing had strengthened Iran’s resolve against Israel.  Ali Shirazi, a representative of Ayatollah Khomenei to the Guards’ elite Quds force, stated, “Our enemies should also know that we will quickly get revenge for (the death of) Haj Hassan (Shateri) from the Israelis, and the enemies cannot shut off the Iranian people with such stupid acts.”

The Israeli government has not commented on the killing; however Israel has considered military action against Tehran if the Iranian government continues with a nuclear program. Iran claims that the nuclear program is peaceful.

On Friday, the chief UN nuclear inspector announced hopes to reach an agreement with Iran in March which allows them to probe into Iranian nuclear research activities.

Tunisia: Thousands of Tunisians responded to a call by the rulingTunisia Islamist Ennahda party and poured into the streets to support the ruling party. Demonstrators denounced Prime Minister Jebaili’s plans for a temporary “technocratic” government and chanted against the secular opposition parties.

The rally was called by Ennahda to denounce Prime Minister Jebali’s suggestion following the assassination of opposition leader Shokri Belaid on 6 February, which resulted in bloody classes between government supporters and opposition.  Jebaili has threatedn to resign if he fails to gain support to form a new government.

Religious and political tensions have risen over several months in what was a “proudly secular” Muslim nation. Talks regarding a new administration have been rescheduled for Monday. A previous deadline for a new administration had been cancelled with no new date scheduled as of yet.