Archive for the ‘DDTC’ Category


Sep

24

Get Smart: Chinese Spy Edition


Posted by at 4:51 pm on September 24, 2014
Category: Arms ExportCriminal PenaltiesDDTCTechnical Data Export

By General Artists Corporation-GAC-management. [Public domain], via Wikimedia Commons http://commons.wikimedia.org/wiki/File%3ADonAdams.jpgMeet Charlie and Alice, two self-professed PRC spies who branched out from smuggling crystal meth into the United States to attempting to export airplanes and military technology from the United States to the PRC. Things did not turn out so well for Charlie and Alice who probably should have stuck with drug trafficking. So, find a comfortable chair, grab a bag of popcorn, and prepare to be entertained by the story that unfolds in the Criminal Complaint filed against them and to which they just pleaded guilty.

It was a dark and stormy evening in Manila when a counterfeit cigarette smuggler introduced two undercover agents working for the United States to Hui Sheng Shen, a/k/a “Charlie,” and Huan Ling Chang, a/k/a “Alice.” According to Mr. Counterfeit Cigarette Guy, Alice and Charlie could help the UCs obtain methamphetamine.

Alice and Charlie, explaining to the UCs that email was insecure, set up a drop email account, gave the UCs the credentials for the account, and said that they should communicate via messages left in the draft folder. (This method is not particularly effective in hiding communications from the government when you’re dealing with undercover agents but, whatever, it’s the trendy spycraft du jour.) Using this method, a deal for a kilo of meth was consummated and shipped to the UCs in tea bags hidden in computer towers. (Of course, no customs inspector would ever be suspicious of tea bags in computer towers so this is yet another example of top notch spycraft by Charlie and Alice.)

Emboldened by their world-class narcotics deal, Charlie and Alice decided to move on to bigger things and just kinda casually dropped into a subsequent conversation with the UCs that they would, oh, by the way, like to buy a military aircraft. Because, naturally, guys who buy drugs normally have a warehouse of military aircraft that they can sell to the people they buy drugs from.  And Charlie and Alice wanted not just any airplane but a honking huge E-2 Hawkeye reconnaisance aircraft. “Sure, Charlie, I’ll leave one for you at the front desk of your hotel after you wire me $100 million dollars.”

Of course, knowing the sensitivity of such an operation, Charlie and Alice wanted to refer to the Hawkeye in code as the “Big Toy.” That way, they could always claim, if caught, that they were really talking about a 12-ton toy Tonka truck. At this point, one of the UCs hits comedy gold when he says to Charlie and Alice:

“Do you guys realize what this thing is?.. . This thing is like a um 757 plane — it’s on aircraft carriers. Those things don’t just disappear.”

Undeterred, Charlie and Alice still kept negotiating to buy the “big toy,” stating that their buyer, which they described as the “Chinese C.I.A.,” could afford it. The UCs, however, managed to steer them to something more manageable, something that could fit in a backpack, namely, a Raven RQ 11B UAV. Charlie and Alice explained that they could smuggle the UAV out of the United States by having scuba divers or remote-controlled submersible vehicles carry the items to an off-shore Chinese ship. They also planned to get the manuals out by taking pictures of the manuals, deleting the pictures from the memory cards and then having their friends in China recover the deleted images.

There were, of course, two problems with the deleted image trick. First, everyone (even Customs) knows about it and can easily detect and recover deleted images on digital camera memory cards. Second, Charlie and Alice were arrested while taking the pictures.

For those who want to try at home the recovering deleted images trick, here’s a quick guide on how to do that.

 

Permalink Comments (2)

Bookmark and Share



Sep

17

Turkish Citizen Indicted For Foreign Downloads of Submarine Drawings


Posted by at 7:11 pm on September 17, 2014
Category: Arms ExportCriminal PenaltiesDDTCITARUSML

By U.S. Navy via http://www.navy.mil/view_image.asp?id=16778 [Public Domain]Alper Calik — a Turkish citizen and co-owner of Clifton, New Jersey based Clifmax LLC — has been arrested based on a criminal complaint, dated September 12, charging him, among other things, with violating the Arms Export Control Act by exporting without a license certain drawings relating to the NSSN (Virginia) class submarine. (And, no, I am not reporting this case simply because the company is named Clifmax, although that is, leaving the alleged criminal conduct aside, an awesome name for a company.)

At the heart of the allegations are two drawings that Calik downloaded from a DoD database after signing the Military Critical Technical Data Agreement which must be signed in order to gain access to the DoD drawing database at issue. The criminal complaint alleges that Calik downloaded these images while in Turkey and attempts to assert that Calik knew doing this was illegal because he had signed the Military Critical Technical Data Agreement.

However, the Military Critical Technical Data Agreement is hardly specific about what is or is not permitted with respect to the drawings, saying only this:

[The undersigned] acknowledge[s] all responsibilities under applicable U.S. export control laws and regulations (including the obligation, under certain circumstances, to obtain an export license from the U.S. Government prior to the release of militarily critical technical data within the United States) or applicable Canadian export control laws and regulations, and (2) agree[s] not to disseminate militarily critical technical data in a manner that would violate applicable U.S. or Canadian export control laws and regulations.

Suffice it to say that this certification is poorly drafted and confusing, mentioning an export license only in the context of releasing the data “within the United States.” Nor does the certification that he would not “disseminate” the data clearly prohibit him from downloading the information for his own personal review in a foreign country. Obviously, such downloads do in fact violate U.S. exports if the downloads include ITAR-controlled technical data, but this certification neither makes that clear nor establishes that Calik had the necessary criminal intent when he downloaded the documents

The complaint alleges that there were legends restricting export on the drawings involved, but does not quote those legends. Whether these legends are enough of a predicate to support the criminal intent necessary for conviction on the export charges depends on what those legends said and that remains to be seen.

UPDATE:  Two commenters make an excellent point about using the legends on the drawings as indicia of criminal intent: Calik would have only seen the legends after he downloaded the drawings in Turkey.  The significance of this point is magnified even further when you consider this statement from the criminal complaint:

Beginning in or around 2009 to the present time, ALPER CALIK downloaded approximately one hundred thousand drawings. some of which were subject to U.S. export control regulations without obtaining export licenses from the U.S. Department of State. ALPER CALIK was not in the United States when the majority of the drawings were downloaded.

At issue are only two of these one hundred thousand downloaded drawings, which would have revealed the legends only after being downloaded.  The overwhelming portion of the remainder of the drawings not having any indication that the downloading of these or other drawings might be problematic.

Permalink Comments (7)

Bookmark and Share



Sep

9

Export Fugitive Ends Life on the Lam, Pleads to Lesser Charge


Posted by at 9:06 pm on September 9, 2014
Category: Arms ExportCriminal PenaltiesDDTCExtradition

John NakkashianA little over five years ago, we reported on a settlement agreement pursuant to which Air Shunt, Inc., agreed to pay DDTC a penalty of $100,000 in connection with three unlicensed exports of military aircraft parts. These same three violations were alleged in an indictment of an Air Shunt Vice-President, John Nakkashian, who was at the time of the settlement nowhere to be found and presumed to be a “fugitive from justice.”

For reasons not entirely clear, Nakkashian was arrested in June of this year by ICE agents at the Los Angeles International Airport. I suspect that this was not because Nakkashian was trying to sneak back into the country to vacation at Disneyland. More likely it was part of a carefully negotiated deal, because Nakkashian and the prosecutors just submitted a plea agreement to the court under which Nakkashian pleaded to one false statement count (18 U.S.C. § 1001) in connection with one of the three illegal exports set forth in the original indictment. The false statement at issue was Nakkashian’s  statement in the export documents that no license was required for the export. The government, in return, agrees to a base offense level of 8 under the Sentencing Guidelines which would mean, if Nakkashian has no prior criminal history, a sentence of zero to six months. Compare this to the original indictment where each of the three counts had a base offense level of 26, meaning a sentence of at least 63-78 months for a defendant with no prior criminal history.

That’s a sweet deal and you have to wonder how a former “fugitive from justice” got this deal until you realize that Armenia, which is where we suspected Mr. Nakkashian (by virtue of his surname) was hiding out, has no extradition treaty with the United States. Moreover, given that this was not a crime of violence, it is unlikely that Armenia would voluntarily cooperate in returning Mr. Nakkashian to the United States for trial. That gave Nakkashian a potent bargaining chip which it would seem he used to maximum benefit with the U.S. preferring to impose some penalty rather than none at all.

Permalink Comments Off

Bookmark and Share



Aug

20

The Consolidated Screening List Isn’t


Posted by at 9:01 pm on August 20, 2014
Category: BISCompliance Programs and ProceduresDDTCDebarred ListDenied Party ListEntity ListOFACRussia SanctionsSanctionsSDN ListUnverified List

PortShip by USDA (cropped) via https://www.flickr.com/photos/usdagov/9715983721 [CC BY 2.0 https://creativecommons.org/licenses/by/2.0/]The U.S. Government, over at export.gov, provides a so-called Consolidated Screening List, which you might think would be a one-stop shopping list for your screening needs, something that might be useful if you or your company does not subscribe to or implement one of the commercial screening solutions. Unfortunately, the Consolidated Screening List doesn’t consolidate all the lists you should review and has other significant limitations.

The good news is that the list now does include the Foreign Sanctions Evaders List, which was not included for some time after the list was adopted by Treasury back in February of this year. The description of the list still does not mention the FSE list, but the entries on that list have been quietly added.

However, two other Treasury Department lists are still not included. The relatively new Sectoral Sanctions Identifications List is missing as action. U.S. persons are forbidden from engaging certain transactions with entities on this list, including providing credit in excess of ninety days. Part of the reason for this is probably that the “consolidated” list is infrequently updated. The last update of the list was almost two months ago, on June 26, 2014.

In addition, the Palestinian Legislative Council List, adopted back in 2006, is not included. U.S. financial institutions must reject (not block) transactions with people on the PLC list.

Not only is the “consolidated” list not complete or consolidated, but also it is dangerous to rely on it alone for another significant reason. The search page for the list only retrieves literal matches and does not allow address searching. In addition to searching the consolidated list, you should also rely on OFAC’s sanction list search tool. That tool uses, fairly successfully, “fuzzy logic” to retrieve similarly spelled names. Because many of the names on the list are transliterated versions of Arabic names, meaning that there are many alternate spellings, the “fuzzy logic” will be somewhat more successful in identifying alternate spellings.

Permalink Comments (1)

Bookmark and Share



Aug

19

Chinese Hacker Nabbed on Export Charges


Posted by at 9:20 pm on August 19, 2014
Category: Arms ExportCriminal PenaltiesDDTCDeemed Exports

Stephen Su photo taken by CBP during U.S. transit in 2011 via http://www.cbc.ca/news/canada/british-columbia/su-bin-chinese-man-accused-by-fbi-of-hacking-in-custody-in-b-c-1.2705169 [Public Domain]
ABOVE: Stephen Su


Well, we all know, or should know, that hacking is a criminal violation of the Computer Fraud and Abuse Act, at least when it entails unauthorized access to another party’s computer. What you may not know is that if you’re a foreign national and if the data accessed is technical data controlled by the International Traffic in Arms Regulations, hacking can also be a violation of the Arms Export Control Act.

Back in June, Canadian authorities arrested, at the request of the FBI, a Chinese citizen and Canadian permanent resident named, variously, Su Bin, Stephen Su and Stephen Subin, who we’ll refer to simply as Su for convenience.  Su , the owner of Lode-Tech, a Chinese company with an office in Canada, was accused of conspiring with several Chinese nationals to hack into U.S. defense contractors’ computer systems and to exfiltrate data about military aircraft back to China.  Last Friday, Su was indicted by a federal grand jury in California.

One of the charges in the indictment is a violation of the Arms Export Control Act.  The theory behind this charge is that Su, with his PRC-based co-conspirators, conspired to break in the U.S. computer systems and to disclose ITAR-controlled technical data to foreign nationals among whom were, of course, themselves.

The criminal complaint filed back in June, which served as the basis for Su’s arrest, contains some fascinating details.  First, it appears that access was gained to the defense contractors’ systems by sending emails to employees of the contractors containing infected attachments or links to infected websites that installed malware on the systems which allowed the hackers to control the systems, to view files on the system, and to send the files back to themselves.   Interestingly, the files were then transferred to hop points or servers in Hong Kong and Macao and from there were physically carried back into the PRC.   Interestingly, it appears that as the Internet becomes easier for security agencies to surveil, modern spies have started to revert back to older methods of spycraft such as smuggling documents, document drops, and, conceivably, even encrypted Morse code shortwave radio transmissions.  One wonders if the NSA is training folks in Morse Code and invisible ink.  What’s next?  Microdots?

Permalink Comments Off

Bookmark and Share