Sunday, January 31, 2016

Two Rare Gifts For The Next 20 People Who Register for Suits and Spooks DC 2016

Suits and Spooks DC 2016 is now less than two weeks away and I'd like to make it our best attended event in the five years since I founded this security forum. To that end, I'm giving away two rare gifts for the next 20 people who register for a full two day pass ($599 for Industry; $499 for Gov't and Academia).

The first gift is an autographed and personalized 2nd edition copy of my book Inside Cyber Warfare (O'Reilly Media, 2011). The Russia section alone has been praised by Russia and China cyberwarfare expert Lt. Col. Timothy Thomas as containing unique material not found anywhere else.

The second gift is a 2011 Plank Holder Challenge Coin issued at our very first Suits and Spooks event at Facebook's old loft space in Palo Alto. The flip side of the coin says "PLANK HOLDER - SUITS AND SPOOKS 2011 - Palo Alto, CA".

This offer will end once we sell out so act today and pick up your book and challenge coin at the event on Feb 11-12 at the National Press Club.

Full details on the agenda and speakers as well as your registration options are at

Tuesday, January 26, 2016

Kung Fu Panda 3: A Collaboration Between Dreamworks and China's State Council

Kung Fu Panda 3 opens simultaneously in the U.S. and China on Jan 29th to high hopes by Dreamworks Animation and Oriental Dreamworks, which is a joint venture formed with China Media Capital and Shanghai Media Group. A test run of two screenings at various Chinese theaters last weekend yielded an impressive $6.5 million, and January 29th is a coveted opening date in China due to its proximity to the Chinese New Year and Valentines Day.

The Shanghai Media Group is a State-run organization, and animation is a strategic technology that has its own Five-Year Plan. The following is a high level overview from the 12th Five Year plan (2011-2015):
  • Guiding the production of original animation creation
  • Creating a system to make innovation profitable
  • Promoting the balanced development of the animation industry
  • Advancing the technical innovation ability of the animation industry
  • Implementing the strategy for key enterprises and major projects
  • Strengthening talent support
  • Facilitating the animation industry to “go global”
  • Enhancing the international cooperation of the animation industry
  • Encouraging the animation industry to “go global”
  • Safeguarding measures including increasing financial input to the industry, protecting intellectual property, and improving investing and financing policies
China's emphasis on improving its animation production facilities is a double-edged sword for foreign companies. On the one hand, it gives foreign animation companies like Dreamworks (NASDAQ: DWA) or Walt Disney (NYSE: DIS) hard-to-get access to China, which is arguably the most important market in the world. On the other hand, it gives China access to the foreign company's intellectual property through overt technology transfer that happens when foreign companies hire Chinese engineers who eventually leave the foreign company and take their newly found skills to a Chinese animation company. There is also covert technology acquisition which can occur through hacking and other secretive means.

One reason why the Chinese government is so enthusiastic about animation is that it serves the Chinese Communist Party's propaganda function. Song Lei, an expert in the subject and a former employee of China's Ministry of Culture wrote a blog post about Japan and America's use of animation as propaganda (machine translation):
"Of course. Japanese anime serve as propaganda in postwar Japan an important role in East Asian countries have large numbers of young people are fond of Japanese anime, there are tens of thousands of Chinese students learning Japanese because the Japanese anime away every year, the book in Japanese scholars Endo reputation , also devoted to the "knowledge-Japanese" and "Hari clan" generation. American animation also with its strong capital in the world to promote their liberty, equality of the world, the US-centered values, as well as a variety of American superheroes."
Later in the post Song writes that in comparison to Japan and America, China's animation propaganda has just started and the quality is relatively low. This is at least partly why foreign film and animation companies will find open arms in China, at least until China's ambitions in this area have been achieved. When that happens I predict that access to China's market will tighten considerably for those same foreign firms.

Thursday, January 7, 2016

7 Reasons Not To Miss Suits and Spooks DC This Year

#7: The Rise of Global Terrorism

Engage in a discussion about the evolution and expansion of terrorism by the Islamic State with CIA and DOD experts Mark Kelton and Dave Kilcullen.

#6:  Are Commercial Airlines Safe From Hacking

Should you be worried about hackers interfering with the control systems of commercial aircraft? What safety measures are in place to keep that from happening? Jim Vasatka, the Director of Aviation Security at Boeing will answer your questions in a special CLOSED TO THE PRESS briefing.

#5: Is The Cyber Security Industry Over-Valued

Should you invest in the cyber security industry or is the industry vastly over-valued? Niloo Howe, Elad Yoran, and other VCs will share their thoughts.

#4: How Do Adversaries Track U.S. Executives Overseas

Are you an executive who frequently travels overseas? Learn how foreign agents can target you through your mobile device's electronic signature and other means. A retired Navy SOF Chief will walk you through it.

#3: How Can Your Company Do Business In High Risk Countries Without Losing Its IP

If you work for a multinational corporation, learn how your company can do business in high risk nations and not lose your intellectual property to foreign governments or criminal hackers. Panelists: Jody Westby, Joel Brenner, and Jeffrey Carr

#2: How Are Criminals Using Digital Currencies

Hear Will Gragido explain what digital currencies are, how criminals are using them, and whether you should be concerned.

#1: What Legal Regimes Control Cyber Warfare, And How Are They Changing

Listen to NATO, DOD, and legal scholars (Eneken Tikk-Ringas, Gary Brown, and Catherine Lotrionte) debate the legal ramifications of digital attacks against civilian infrastructure and how that may change the way that warfare is conducted.

Only 30 seats remaining. Grab yours today.

Sunday, December 13, 2015

Get An Insider's Perspective On The Commercial Airline Threat Landscape (Closed To The Press)

This is a unique opportunity to hear Jim Vasatka (Director of Aviation Security at Boeing) discuss the overall cybersecurity threat space as it pertains to commercial aircraft in a NO PRESS, Chatham House Rules environment. Attendees will also be invited to submit implementation ideas for AIAA's Cybersecurity Framework. 

For the first time in five years, Suits and Spooks DC is structured in half-day blocks of sessions - Aerospace, Critical Infrastructure, Finance, and Future Warfare. You now have the option of registering for a single or multiple blocks ($199 per block), or the full two days ($599). Lunch is included with either option.

Learn More

Saturday, December 12, 2015

Who Has The Chinese Government Arrested For Hacking OPM? Possibly No One.

On December 1st, Attorney General Loretta E. Lynch and Department of Homeland Security Secretary Jeh Johnson, together with Chinese State Councilor Guo Shengkun, co-chaired the first U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues.

On December 2nd, China’s official news agency Xinhua reported on the meeting and dropped a bombshell: “Among the cases discussed included the one related to the alleged theft of data of the U.S. Office of Personnel Management by Chinese hackers. Through investigation, the case turned out to be a criminal case rather than a state-sponsored cyber attack as the U.S. side has previously suspected.”

The Washington Post’s Ellen Nakashima was the first to write an article about the Xinhua announcement and other news media quickly followed suit. The fact is that the Chinese government has not provided any details about the OPM hackers’ arrests. It’s hard to fathom why China’s Minister of Public Security State Councilor Guo Shengkun, who was part of the China delegation (depicted in the picture below), didn’t provide any details during the ministerial meetings. It certainly wasn’t mentioned in the U.S. Dept. of Justice’s press release.

It’s not that the Chinese government hasn’t been arresting hackers. The Ministry of Public Security (MPS) has been very busy doing just that for most of this year according to the Legal Daily, a State-owned newspaper that covers legal developments. According to the Legal Daily, China’s thirteenth five year plan (which hasn’t yet been formally released) emphasizes the following network security related issues:
  • Improved network security
  • Purify the Internet environment (gambling, pornography, drugs, etc.)
  • Strengthen multilateral and bilateral coordination
  • Participation in global network security initiatives

To combat criminal hackers, the MPS launched a six-month special action. As of November, the MPS opened 400 criminal cases against 900 individuals including cyber criminals and hackers. Those arrests occurred between May and November for crimes including gambling, extortion, hacking, drug sales, and pornography.

China has made commitments to the U.S. that it will not engage in acts of cyber espionage for commercial gain and it may have every intention to keep those commitments — partly because there are many other legal ways that it can acquire the information it wants, partly to avoid possible U.S. economic sanctions, and partly because it has made incredible technological progress over the past 20 years so stealing is less of a requirement than it used to be.

Arresting the OPM hackers and providing the details to the FBI would seem to be an easy way to gain credibility for its earlier promise. Perhaps the MPS will indeed provide the details that the Dept. of Justice is most likely asking for ever since the Xinhua article appeared on Dec 2nd. Otherwise, this entire affair will keep getting weirder and weirder.

Recommended Reading:

Graham Webster for The Diplomat: “Has U.S. Cyber Pressure Worked On China?
Peter Mattis for The Jamestown Foundation: “Three Scenarios for Understanding Changing PLA Activity in Cyberspace

This article is cross-posted from my article on Medium.

Wednesday, October 21, 2015

How “Hat-tribution” on China Has Harmed U.S. National Policymaking

Back in the early 2000’s, cybersecurity researchers blamed every financial services attack on Russian or Eastern European hackers and every non-financial services attack on China. Every attack literally fell into one of those two buckets. U.S. Air Force officers in the 90’s were convinced that only the Chinese government was interested in stealing non-financial data like intellectual property. They were so positive that they gave China a code name — Advanced Persistent Threat (APT). Some of those Air Force officers later founded Mandiant and commercialized the name APT in a white paper that they released in 2010. In those years, APT was a “who”, not a “what”.

After the Office of the National Counterintelligence Executive issued its report in 2011 which named at least four nations that were responsible for intellectual property theft: China, Russia, France, and Israel; Mandiant began losing the battle for keeping APT as a code name for China and it quickly evolved into a generic description for how hackers attack a network.

Mandiant made a fortune from its long-standing policy of blaming every network breach on Chinese hackers; a fact that didn’t go un-noticed by almost every other cybersecurity company. Between 2010 and 2015, any report that named China as the culprit caught the attention of corporate CEOs as well as major news outlets. In 2013, Mandiant issued its APT1 report. By the end of the year, it was acquired by FireEye for $1B.

In 2014, Crowdstrike issued its own PLA report which identified by name an alleged PLA hacker based in large part upon a photo that showed a PLA officer’s hat. CrowdStrike executives called it “hat-tribution” and the PLA hacker group was named “Putter Panda”.

That Crowdstrike considered a hat in a photo as evidence is a commentary on how badly private companies have handled intelligence collection and analysis. That, and a 10 year + history of mis-attributing every intellectual property attack that ever happened to the government of China has brought us to the inevitable end result — putting the White House in an uncomfortable diplomatic position with the Chinese government who may very well be keeping its word. Ironically, it’s Crowdstrike executive and co-founder Dmitri Alperovitch whose blog post brought this controversy about.
The very first intrusion conducted by China-affiliated actors after the joint Xi-Obama announcement at the White House took place the very next day — Saturday September 26th. We detected and stopped the actors, so no exfiltration of customer data actually took place, but the very fact that these attempts occurred highlights the need to remain vigilant despite the newly minted Cyber agreement.
We are releasing below the timeline of intrusions into these commercial entities that we detected over the course of the last 30 days. It is important to note that this is not an exhaustive list of all the intrusions from Chinese-government affiliated actors we have detected during this time period; it is limited only to commercial entities that fit squarely within the hacking prohibitions covered under the Cyber agreement. The intrusion attempts are continuing to this day, with many of the China-affiliated actors persistently attempting to regain access to victim networks even in the face of repeated failures.
We assess with a high degree of confidence that these intrusions were undertaken by a variety of different Chinese actors, includingDEEP PANDA, which CrowdStrike has tracked for many years breaking into national-security targets of strategic importance to China, as well as commercial industries such as Agriculture, Chemical, Financial, Healthcare, Insurance, Legal, Technology and many others.

This company blog post combined Crowdstrike’s threat intelligence with a marketing pitch for its Falcon platform. The post speaks for itself, blaming China for ongoing cyber attacks after the Xi-Obama agreement. However, after AP, CBS, and the Washington Post picked up the story, Alperovitch attempted to walk back his post’s claims by saying “We are not stating anywhere that the Chinese are violating the agreement. It is not up to us to draw that conclusion.”

A White House spokesman who spoke with Foreign Policy wouldn’t comment on the Crowdstrike blog post except to say “As a general matter, malicious cyber actors from a variety of nations find U.S. networks and companies attractive targets, and seek access to sensitive or proprietary information for a variety of purposes.”

How many of those “malicious cyber actors from a variety of nations” use China to launch their attacks from?

How many independent, non-state-affiliated Chinese hackers launch their own attacks for fun and profit?

And how does Crowdstrike, Mandiant or any other company differentiate between those and actual Chinese government attacks?

I’ve been challenging security intelligence companies to answer that question for years and have yet to hear a responsible answer from any of them.

Tuesday, October 13, 2015

Win A Free Trip To Suits and Spooks Paris!

UPDATE: As of this morning (Oct 16th), we have only 2 tickets remaining for this promotion.  Act fast to secure your chance to win a free trip to Paris Suits and Spooks.

UPDATE: As of the 15th, we have only 5 tickets remaining. This promotion will end at close of business omorrow, Friday Oct 16th.

For the next 48 hours, we will make ten tickets for Suits and Spooks DC (Feb 11-12, 2016) available for purchase at a huge discount- only $324. Our normal rate for October is $399 and effective Nov 1 it will go up to $499.

Even better, by taking advantage of this promotion, you'll enter our drawing to win roundtrip airfare (economy class from JFK or IAD) and one night hotel accommodations to our very first Paris Suits and Spooks event next March! 

Your admission to Suits and Spooks DC is 100% refundable prior to December 31, 2015. It includes:

  • Our Aerospace block which will feature panels from two of the world's largest  aerospace and defense companies,
  • Our Future Warfare block which will feature a panel of experts debating international law as it relates to cyber warfare,
  • Our Critical Infrastructure block that will explore vulnerabilities in transportation, communication, and utilities,
  • Our Financial Services block that will look into international investments in cyber security as well as challenges to global bankers.
We'll pick the winner in a blind drawing on New Years Day. Airfare and hotel will be prepaid and may not be substituted for cash. If you have already registered for Suits and Spooks DC, your name will automatically be entered for the Paris drawing, but please share this email with any of your peers who you think would be interested.

Register now and save $75 on our already low rate, and earn a chance to win a trip to Paris Suits and Spooks in March 2016. 

Good luck everyone!