Aug

19

Chinese Hacker Nabbed on Export Charges


Posted by at 9:20 pm on August 19, 2014
Category: Arms ExportCriminal PenaltiesDDTCDeemed Exports

Stephen Su photo taken by CBP during U.S. transit in 2011 via http://www.cbc.ca/news/canada/british-columbia/su-bin-chinese-man-accused-by-fbi-of-hacking-in-custody-in-b-c-1.2705169 [Public Domain]
ABOVE: Stephen Su


Well, we all know, or should know, that hacking is a criminal violation of the Computer Fraud and Abuse Act, at least when it entails unauthorized access to another party’s computer. What you may not know is that if you’re a foreign national and if the data accessed is technical data controlled by the International Traffic in Arms Regulations, hacking can also be a violation of the Arms Export Control Act.

Back in June, Canadian authorities arrested, at the request of the FBI, a Chinese citizen and Canadian permanent resident named, variously, Su Bin, Stephen Su and Stephen Subin, who we’ll refer to simply as Su for convenience.  Su , the owner of Lode-Tech, a Chinese company with an office in Canada, was accused of conspiring with several Chinese nationals to hack into U.S. defense contractors’ computer systems and to exfiltrate data about military aircraft back to China.  Last Friday, Su was indicted by a federal grand jury in California.

One of the charges in the indictment is a violation of the Arms Export Control Act.  The theory behind this charge is that Su, with his PRC-based co-conspirators, conspired to break in the U.S. computer systems and to disclose ITAR-controlled technical data to foreign nationals among whom were, of course, themselves.

The criminal complaint filed back in June, which served as the basis for Su’s arrest, contains some fascinating details.  First, it appears that access was gained to the defense contractors’ systems by sending emails to employees of the contractors containing infected attachments or links to infected websites that installed malware on the systems which allowed the hackers to control the systems, to view files on the system, and to send the files back to themselves.   Interestingly, the files were then transferred to hop points or servers in Hong Kong and Macao and from there were physically carried back into the PRC.   Interestingly, it appears that as the Internet becomes easier for security agencies to surveil, modern spies have started to revert back to older methods of spycraft such as smuggling documents, document drops, and, conceivably, even encrypted Morse code shortwave radio transmissions.  One wonders if the NSA is training folks in Morse Code and invisible ink.  What’s next?  Microdots?

Permalink Comments (0)

Bookmark and Share





Aug

14

What Happens in Nay Pyi Taw Doesn’t Always Stay in Nay Pyi Taw*


Posted by at 8:21 pm on August 14, 2014
Category: Burma SanctionsOFAC

Lake Garden Hotel Lobby via http://www.accorhotels.com/photos/9096_ho_00_p_346x260.jpg [Fair Use]
ABOVE: Lake Garden Hotel Lobby


When John Kerry, while attending the Association of Southeast Asian Nations (ASEAN) Regional Forum hosted by Burma, stayed at the Lake Garden Hotel, a posh French-managed resort in the country’s capital of Nay Pyi Taw, he probably wasn’t expecting it to be a big deal. Of course, that’s probably because no one at State realized that the resort was owned by Burmese tycoon U Zaw Zaw who is on OFAC’s SDN List. Sometimes you really are smarter when you stay at a Holiday Inn Express.

The State Department, however, rushed in to try to put out the public relations fires.

“You can stay at this hotel no matter who you are, you just can’t do business with it. So if you wanted to sell them towels, you could not do that. But you could stay there,” [State Department spokesman Marie] Harf explained.

That’s a fairly clumsy invocation of the travel exemption contained in the International Emergency Economic Powers Act (“IEEPA”), 50 U.S.C. § 1702(b)(4), which exempts from sanctions “any transactions ordinarily incident to travel to or from any country.” Although many exemptions do not extend to dealings with SDN, this statutorily based exemption does. (In case you’re wondering, the travel ban to Cuba is not affected by this exemption because those sanctions are imposed not under IEEPA but under the Trading with the Enemy Act.)

Of course, the problem here is this: what is “ordinarily incident” to international travel? Certainly, Kerry staying in the room, ordering a little room service, buying a miniature of vodka from the room’s minibar, and perhaps even watching a pay-per-view movie would fall within this. But suppose (purely hypothetically, of course) that Secretary Kerry decided to pay for a massage in the hotel spa? Is that “ordinarily incident” to international travel? Or paying the resort its standard greens fee for a round of golf?  As is the case in most sanctions matters, there is no clear answer here and no answers from OFAC.  That Holiday Inn Express is looking smarter and smarter.


*This headline would have been so much better if the military junta had not moved the capital of Burma from Rangoon to Nay Pyi Taw in 2005

Permalink Comments (0)

Bookmark and Share





Aug

13

SDNs of a Feather, Aggregate Together: New OFAC Guidance on 50 Percent Rule


Posted by at 8:15 pm on August 13, 2014
Category: OFACRussia SanctionsSDN List

SMP Bank Credit Cards via http://smpbank.ru/uploads/show/c20c2f8bd8d7d2550bdd3b4c38bbdd00839d8fd2.jpg [Fair Use]The Office of Foreign Assets Control (“OFAC”) today issued new guidanceand revised its FAQs, on its notorious fifty-percent rule. Under that rule, an entity in which a blocked person has a fifty percent interest or greater is itself blocked, even though it may not be listed on OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List.”).

Under the new guidance, if multiple blocked parties own an interest in an entity, their interests will be aggregated and that entity will be blocked if that aggregated interest is 50 percent or more. So if SDN1 holds 1 percent of Company X and SDN2 holds 49 percent of Company X, Company X will be blocked because the aggregated interests of SDN1 and SDN2 equal 50 percent.

This new rule is not merely a clarification policy but a clear reversal of guidance previously given by OFAC. As you may recall, when Arkady and Boris Rotenberg, co-owners of SMP Bank, were added to the SDN List back in March, Visa and Mastercard initially stopped allowing their cards to be processed through SMP Bank. The two credit card companies had a change of heart after having been apparently advised by OFAC that there was no need to aggregate the Rotenberg brothers individual 38.5 percent interests. Then, at the end of April, OFAC designated SMP Bank and Mastercard and Visa cut them off again from their international payment system. Why OFAC has changed its mind here on aggregation is not clear.

Ironically, this new rule may have more  negative impact on U.S. businesses than it will on Putin and his friends because it will make SDN screening quite difficult in many cases. Under the old rule, when evaluating whether an entity was blocked, you only needed to screen individuals with an interest of 50 percent or more. Under the aggregation rule, you must now screen every owner to see whether multiple owners are blocked and in the aggregate hold an interest of 50 percent or more. It seems no one at OFAC thought about this.

Permalink Comments (3)

Bookmark and Share





Aug

12

Chong Chon Gang(nam Style) Sanctions


Posted by at 6:00 pm on August 12, 2014
Category: Cuba SanctionsNorth Korea SanctionsOFACU.N. Sanctions

Weapons found on Chong Chon Gang via http://www.un.org/ga/search/view_doc.asp?symbol=S/2014/147 [Fair Use]Avid readers of this blog will be familiar with the saga of the euphoniously named Nork vessel, the Chong Chon Gang, which was seized by the Panamanians in the Panama Canal while the vessel was attempting to carry a boatload, so to speak, of Cuban arms to North Korea. Although the Cubans claimed, ahem, that this was not a “transfer” of the arms to North Korea in violation of U.N. sanctions because they retained title to the goods, they were unable to explain why, if that were the case, they buried the missiles and other armaments under enough sugar to keep the chubby Nork dictator in sweets for the next millennium or so. The attempted suicide by the ship’s captain once the Panamanians found the buried missile parts and systems also did not do much to bolster the Cuban argument that this shipment was perfectly legal.

The U.N. Panel of Experts convened to consider the legality of the shipment brushed aside Cuba’s arguments and back in March found the shipment to be a violation of U.N. sanctions on North Korea. At the end of last month, the United States joined the party and announced a variety of additions to the SDN list arising out of the Canal incident. The two North Korean companies involved in the shipment as well as the Chong Chon Gang were designated, as were 17 other Nork ships in which the two shipping companies had an interest.

In the “Some People Are Never Satisfied” category, a blogger at Capitol Hill Cubans called the Nork sanctions “enforcement malpractice” and moaned that there were no sanctions imposed on the Cuban officials involved in the Nork shipments. A Miami Herald article provided a succinct answer to this complaint

A knowledgeable Washington official noted that perhaps Treasury did not feel it was necessary to sanction Cuban government entities and individuals because they already are under strong sanctions from the U.S. trade embargo.

Good point. Given that virtually all dealings by U.S. persons and companies with Cuban officials are prohibited under the current sanctions, what exactly did the blogger contemplate as additional sanctions here? Military intervention?

 

Permalink Comments (1)

Bookmark and Share





Aug

8

Let Them Eat Goat


Posted by at 4:27 pm on August 8, 2014
Category: Russia Sanctions

Goat by JonStammers(Own work) [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://www.flickr.com/photos/62611896@N00/291467411Yesterday Russia published the list of food products that can no longer be imported from the United States, Canada, the European Union, Australia and Norway. These sanctions, a curious response to U.S. and E.U. sanctions on Russia, seem calculated to punish mostly Russian consumers, who may well see higher food prices and empty grocery store shelves. Muscovites and other Russians will be pleased to learn, however, that horse and goat meat are exempted from the ban. Also, in case you think Putin has no heart whatsoever, items destined for baby food are exempted from the ban.

Here is a translation of the list. (My Russian is rusty, so I welcome any corrections.)

FEACN CU Code* *** Item
0201 Meat of bovine animals, fresh or chilled
0202 Meat of bovine animals, frozen
0203 Pork, fresh, chilled or frozen
0207 Meat and edible offal of poultry, under heading 0105, fresh,chilled or frozen
0210** Meat salted, in brine, dried or smoked
0301, 0302, 0303, 0304, 0305, 0306, 0307, 0308 Fish and crustaceans, molluscs and other aquatic invertebrates
0401, 0402, 0403, 0404, 0405, 0406 Milk and dairy products
0701, 0702 00 000, 0703, 0704, 0705, 0706, 0707 00, 0708, 0709, 0710, 0711, 0712, 0713, 0714 Vegetables, edible roots and tubers
0801, 0802, 0803, 0804, 0805, 0806, 0807, 0808, 0809, 0810, 0811, 0813 Fruit and nuts
1601 00 Sausages and similar products of meat, meat offal or blood; food preparations based thereon
1901 90 110 0
1901 90 910 0
Food products, including cheese and curd made from vegetable oil
2106 90 920 0,
2106 90 980 4
2106 90 980 5,
2106 90 980 9
Foods (milk-based products and those based on vegetable fat)

*For the purposes of this list only Foreign Economic Activity Commodity Nomenclature of the Customs Union (FEACN CU) commodity codes should be considered; the name of goods is given for user convenience only.

**For the purposes of this item both the FEACN CU commodity code and the name of the product should be considered.

***Except for goods destined for baby food.

The last two entries on the list are somewhat confusing. The listing for heading 1901 refers to vegetable-oil-based cheese and curds, but the specific commodity codes appear to refer to certain malt extracts. The listing for heading 2106 refers to certain dairy and oil based food products, with 2106 90 920 0 referring to compound alcoholic preparations for beverage manufacture. The remaining three codes listed under that heading were missing from any version of the Russian (and Customs Union) tariff schedules that I could find.

Permalink Comments (3)

Bookmark and Share




« Previous posts |