Archive for the ‘China’ Category

Aug

26

Export Licenses For Radar Sales to Taiwan Complicate US-China Relations

Posted by Clif Burns at 8:51 pm on August 26, 2010
Category: Arms ExportChina

Chinese Military PosterThere was an interesting colloquy on Tuesday during the State Department’s daily press briefing. After Assistant Secretary Philip Crowley announced the approval of export licenses to permit sale of military radar systems and components to Taiwan, one reporter asked what China’s reaction would be to the sale. China, of course, objects to all military sales to Taiwan, but Crowley dodged the question, saying ” I’ll let China react to this as they see fit.”

QUESTION: Just a quick one. As far as this – the Pentagon report to Congress on China, how much concern do you have as far as Chinese military buildup?

MR. CROWLEY: Well, it is a – it is something that we watch closely. It’s something that other countries in the region watch closely. We would like to have a fuller military-to-military relationship and dialogue so that we can better understand China’s long-term military plans, and that is something that we continue to seek.

What Crowley doesn’t mention is that it was China that cut off military-to-military contact between the U.S. and China last January after the last announcement of U.S. arms sales to Taiwan. These new sales aren’t likely to change the situation.

Permalink Comments (1)

Bookmark and Share


Feb

8

Do Not Open That Email Attachment

Posted by Clif Burns at 10:11 am on February 8, 2010
Category: ChinaTechnical Data Export

Big News!Everyone that has sensitive data (including, of course, ITAR-controlled data) on their computers networks should read this sobering article in Wired, which reveals, for the first time that I am aware of, the methodology, extent and scope of Chinese cyber-attacks on U.S. computer networks. After you read this article, there will be no question in your mind that these attacks are orchestrated and carried out by the Chinese government, even though the Chinese government is currently issuing risible denials of its involvement. Also, you will never open an email attachment again from anyone. The problem is, of course, that someone on your network will.

Called Advanced Persistent Threats (APT), the attacks are distinctive in the kinds of data the attackers target, and they are rarely detected by antivirus and intrusion programs. What’s more, the intrusions grab a foothold into a company’s network, sometimes for years, even after a company has discovered them and taken corrective measures. …

The Heartland and RBS attackers, and other criminal hackers of their ilk, tend to use SQL injections attacks to breach front-end servers. The APT attackers, however, employ undetectable zero-day exploits and social engineering techniques against company employees to breach networks.

… They attempt to take every Microsoft Word, PowerPoint and Adobe PDF document from every machine they compromise, as well as all e-mail, says Mandia. …

Last year, for example, an unidentified defense contractor discovered 100 compromised systems on its network, and found that the intruders had been inside since at least 2007.

APT attackers also appear to be well-funded and well-organized. In some cases, Mandiant has found multiple groups inside a network, each pursuing their own data in a seemingly uncoordinated fashion. …

Many entities don’t discover a breach until someone from law enforcement tells them. By then, it’s too late.

“By the time the government is telling you, you’ve already lost the stuff you didn’t want to lose usually,” Mandia says, noting that it’s generally not possible to ascertain everything that an attacker took.

While APT attacks are sophisticated, they use simple techniques to gain initial entry and, once inside, adhere to a pattern.

For starters, the attackers conduct reconnaissance to identify workers to target in spear-phishing attacks — such as key executives, researchers and administrative assistants who have access to sensitive information — and then send malicious e-mails or instant messages that appear to come from a trusted colleague or friend.

The e-mails have an attachment or link to a ZIP file containing zero-day malware that exploits Microsoft Office or Adobe Reader vulnerabilities. Google employees received an e-mail with malware that exploited a vulnerability in Internet Explorer 6 that Microsoft had not yet publicly disclosed.

Once the attackers have a foothold on one system, they focus on obtaining elevated access privileges to burrow further into the network. They do this by grabbing employee password hashes from network domain controllers — and either brute-force decrypt them or use a pass-the-hash tool that tricks the system into giving them access with the encrypted hash.

Not only should you be extremely cautious about email attachments and forwarded links, even from trusted friends, but also you might think about taking down your entry on LinkedIn or other business networking sites. Unless, of course, it’s already too late.

Permalink Comments (4)

Bookmark and Share


Jan

5

The Name Game Chinese Style

Posted by Clif Burns at 8:16 pm on January 5, 2010
Category: ChinaOFACSanctions

Tiananmen SquareAn interesting story in today’s Wall Street Journal details instances in which a number of U.S. companies imported items from China Precision Machinery Import Export Corporation despite the fact that CPMIEC is on the Office of Foreign Assets Control’s Specially Designated Nationals List. The reason for this, asserts the story, is that Chinese companies on the SDN list “have proved adept at creating aliases or subsidiary shell companies to mask their ownership.”

Consider this example cited in the article:

John Iliff, general manager of American Forge & Foundry, says the single shipment of oil-drainage tanks it received in 2006 from the CPMIEC unit set off no alarms. “Trading in illegal goods certainly never crossed our minds,” he says.

The shipment came from China JMM Import & Export Shanghai Pudong Corp., which didn’t appear on any sanctions list until Thursday. Records indicate the company shares an address and phone number with a CPMIEC unit that was previously banned: CPMIEC Shanghai Pudong Corp. The Treasury determined that the two companies are affiliated.

That designation of JMM Import & Export occurred just a few days ago on December 31, 2009, almost three years after the cited shipment. But there were several red flags that American companies might have picked up on before OFAC’s belated designation of the CPMIEC affiliate. Not only is there a similarity in the names of the two companies, but they shared the same street address. Standard procedure should be not only to check names on the SDN list but addresses as well.

But the larger issue here is that the obvious ease with which Chinese companies can morph into new entities effectively renders company-based sanctions almost completely ineffective. It’s obviously as easy for Chinese companies to rename themselves as it is for underage Chinese gymnasts to acquire new, earlier and eligible birth dates on official documents. I’m not so sure what the solution is here but it doesn’t appear to be imposing penalties or additional compliance obligations on U.S. companies that deal with affiliates of companies on the SDN list.

Permalink Comments (5)

Bookmark and Share


Apr

10

Email: A Prosecutor’s Best Friend

Posted by Clif Burns at 7:32 am on April 10, 2009
Category: BISChinaCriminal Penalties
Everjet
ABOVE: Everjet HQ, allegedly

According to a Department of Justice press release, a federal grand jury indicted a California man and two of his companies — Fushine Technology, Inc., a California corporation, and Everjet Science and Technology Company, which is based in the PRC — for unlicensed exports of controlled microwave equipment to China.

Export prosecutions require proof that the defendant understood that the exports in question were illegal. Since there is often little dispute as to whether the exported item required a license or that a license was not obtained, this makes this scienter element the most important and interesting element of each case. Here the press release contains allegations that, if true, might go a long way towards showing the scienter element:

The indictment further alleges that the defendants knew about the licensing restrictions and specifically sought to circumvent them. The indictment quotes from an internal company e-mail in which an Everjet employee told a Fushine employee, “Since these products are a little bit sensitive, in case the maker ask you where the location of the end user is, please do not mention it is in China.” The indictment also quotes from another e-mail in which Lu advises a subordinate to pretend that the intended end-user for an item is in Singapore rather than China.

It seems to me that recent press releases, instead of merely focusing on the allegedly grave impact of the particular export on national security, have begun to provide much more information revealing the prosecution’s case for its claims that the exporter knew the export was illegal. And often the case revolves around emails sent to and from the exporter. Back in the days when exporters and their foreign customers communicated mostly by telex finding such proof was no doubt more difficult. But now the evidence may come, as allegedly it did in this case, wrapped up in a little gift package with a nice decorative bow on top and a subject line reading “Don’t tell anybody this chip is going to China.”

Permalink Comments (6)

Bookmark and Share


Dec

22

Aerospace Company Settles Charges of Aiding Chinese Rocket Program

Posted by Clif Burns at 8:10 pm on December 22, 2008
Category: BISChina
Long March 3B Rocket
ABOVE: Chinese Long March 3B
rocket blasts off on July 6, 2007

As the end of the year approaches, the Bureau of Industry and Security (“BIS”) has been busy releasing a flurry of settlement agreements for export violations. In the latest batch is a settlement agreement by Interpoint Corporation, a subsidiary of Washington-based Crane Aerospace and Electronics.

Crane agreed to pay BIS a $200,000 fine to settle charges that it engaged in 37 illegal exports of EAR99 items to China. In two instances, the exports were destined for the 13th Institute, an end-user in China on BIS’s Entity List. The remaining exports were alleged to violate section 744.3 of the Export Administration Regulation (“EAR”) because Interpoint had been informed that the items would be for use “in the PRC’s Long March [Chang Zheng] rocket program or in other commercial rocket programs.”

Section 744.3(a)(1) requires a license for any export to a country in Country Group D:4, which includes China, if the exporter knows that the item will be used for commercial (or other) rocket systems with a range in excess of 300 kilometers. The Chinese Long March rockets are designed to carry satellites into geosynchronous orbit, i.e. 35,786 kilometers above sea level on the Earth’s surface.

In instances in which the items weren’t destined for the Long March rockets, Interpoint knew that they were destined for other “commercial rocket programs,” although there is no allegation that Interpoint knew which rocket programs or that the rockets had ranges in excess of 300 kilometers. These exports were probably covered by section 744.3(a)(3), which requires a license for exports used in rocket systems by a country in group D:4 if the exporter is “unable to determine … [t]he characteristics (i.e., range capabilities) of the rocket systems.”

Although section 744.3(a) clearly embodies a knowledge requirement, the scope of that knowledge requirement is unclear, and the Settlement Agreement casts little light on this confusing issue. Was Interpoint required to know that the items were for use in the Long March rocket program and to know that the Long March rockets had a range in excess of 300 kilometers? Or was it enough that Interpoint knew that the items were destined for Long March rockets which, whether Interpoint knew it or not, had a range far in excess of 300 kilometers?

Section 744.3(a)(3) appears to answer part of this question by imposing a duty to investigate the range of the rocket: an export to a D:4 country requires a license if the exporter is unable to determine the range of the rocket. But that still doesn’t answer a more intransigent case. Suppose that the exporter is told falsely that the rocket is only designed to carry a payload to a Low Earth Orbit less than 300 kilometers? Of course, an exporter can avoid having to put itself in the uncomfortable position of answering that question by simply refusing to export parts without a license to a D:4 country if that part is to be used for a rocket of any range.

Permalink Comments Off

Bookmark and Share



« Older Entries
Newer Entries »