Archive for February, 2010


Feb

11

Company Agrees to $12.5 Million Fine For Predecessor’s Exports


Posted by Clif Burns at 7:45 pm on February 11, 2010
Category: BIS

FingerprintNorth Carolina based law enforcement supply company Sirchie has signed, and a federal court has entered, a deferred prosecution agreement under which Sirchie agreed to pay $12.6 million in penalties with $2 million of those penalties going to the Department of Commerce’s Bureau of Industry and Security (BIS”). The penalties arise from conduct that occurred in 2006 and 2007, prior to the current owners’ purchase of all the assets of Sirchie.

At issue were alleged violations of a BIS denial order entered in 2005 against John Carrington, the former president, CEO and majority shareholder of Sirchie. The denial order was premised on unlicensed exports by Sirchie of fingerprinting equipment. The deferred prosecution agreement against Sirchie alleges that Carrington violated the denial order against him when he set prices for goods being exported by Sirchie.

The problem here is that Sirchie wasn’t subject to a denial order, only Carrington was. And the deferred prosecution order doesn’t adequately explain how Carrington’s violations of that Denial Order led to criminal liability by Sirchie. The provisions in Carrington’s denial order that cover third parties such as Sirchie are limited to four situations. The denial order prohibits third parties from (1) exporting on Carrington’s behalf, (2) helping Carrington obtain possession of items for export, (3) acquiring items that Carrington has exported, or (4) servicing items in Carrington’s possession that will be exported. Sirchie was not alleged to have done any of these things. In short, it looks like Sirchie was steam-rolled here by BIS and some overzealous prosecutors.

Permalink Comments (2)

Bookmark and Share



Feb

9

If Only They Gave Darwin Awards for Export Violations


Posted by Clif Burns at 7:30 pm on February 9, 2010
Category: DDTC

Interturbine HeadquartersThe Directorate of Defense Trade Controls (“DDTC”) has posted the settlement documents for the case involving Interturbine Aviation Logistics GmbH and its Texas subsidiary which was reported by this blog last week. And — now, don’t faint from shock — an overeager business development executive and one of his employees appear to have been the source of Interturbine’s problems.

According to the Proposed Charging Letter, the $1 million penalty was premised on one shipment of 400 kilograms (880 pounds) of Dow Corning Ablative 93-104 Ablative Material and Sealant. The substance can be used to provide heat-protective coatings on missile tips and is controlled under Category IV(f) of the United States Munitions List.

In 2004 Dow Corning notified its customers that DC 93-104 was a USML item and could no longer be shipped outside the United States. On of Dow Corning’s former customers, Bayern-Chemie, began to look for a new supplier and contacted Interturbine’s German office. A business development employee of Interturbine thereafter met with GmbH. The employee then prepared a report stating that DC 93-104 couldn’t be sold outside the United States and that this presented an “excellent opportunity” to acquire a “profitable new customer.”

The Interturbine employee instructed an intern to prepare a purchase order. When the intern noted that the material was export-controlled the business development employee falsely told the intern that the export had been cleared. The intern then ordered DC 93-104 from Dow Corning for shipment to Interturbine’s Texas office.

Once the shipment from Texas to Germany had been made, the Vice-President of Business Development in Interturbine’s German office altered records to show that the 400 kilograms of DC 93-104 were still in Texas. He also created a delivery note indicating, falsely, that the material had been shipped to Bayern-Chemie from Interturbine’s facility in Germany.

Things went downhill rapidly after that. Bayern-Chemie questioned the absence of a U.S. export license, quarantined the shipment and refused to pay Interturbine for the shipment. Interturbine conducted an internal investigation and requested Bayern-Chemie to return the shipment to Texas. U.S. Customs seized the shipment on its way back to Texas. And the rest is now history.

Even though the Interturbine employees were selling missile products, it’s safe to say they weren’t rocket scientists. Trying to make an illegal export to Bayern-Chemie without having everyone at Bayern-Chemie in on the scheme is a little bit like writing a bank robbery demand note on the back of your own business card.

Permalink Comments (4)

Bookmark and Share



Feb

8

Do Not Open That Email Attachment


Posted by Clif Burns at 10:11 am on February 8, 2010
Category: ChinaTechnical Data Export

Big News!Everyone that has sensitive data (including, of course, ITAR-controlled data) on their computers networks should read this sobering article in Wired, which reveals, for the first time that I am aware of, the methodology, extent and scope of Chinese cyber-attacks on U.S. computer networks. After you read this article, there will be no question in your mind that these attacks are orchestrated and carried out by the Chinese government, even though the Chinese government is currently issuing risible denials of its involvement. Also, you will never open an email attachment again from anyone. The problem is, of course, that someone on your network will.

Called Advanced Persistent Threats (APT), the attacks are distinctive in the kinds of data the attackers target, and they are rarely detected by antivirus and intrusion programs. What’s more, the intrusions grab a foothold into a company’s network, sometimes for years, even after a company has discovered them and taken corrective measures. …

The Heartland and RBS attackers, and other criminal hackers of their ilk, tend to use SQL injections attacks to breach front-end servers. The APT attackers, however, employ undetectable zero-day exploits and social engineering techniques against company employees to breach networks.

… They attempt to take every Microsoft Word, PowerPoint and Adobe PDF document from every machine they compromise, as well as all e-mail, says Mandia. …

Last year, for example, an unidentified defense contractor discovered 100 compromised systems on its network, and found that the intruders had been inside since at least 2007.

APT attackers also appear to be well-funded and well-organized. In some cases, Mandiant has found multiple groups inside a network, each pursuing their own data in a seemingly uncoordinated fashion. …

Many entities don’t discover a breach until someone from law enforcement tells them. By then, it’s too late.

“By the time the government is telling you, you’ve already lost the stuff you didn’t want to lose usually,” Mandia says, noting that it’s generally not possible to ascertain everything that an attacker took.

While APT attacks are sophisticated, they use simple techniques to gain initial entry and, once inside, adhere to a pattern.

For starters, the attackers conduct reconnaissance to identify workers to target in spear-phishing attacks — such as key executives, researchers and administrative assistants who have access to sensitive information — and then send malicious e-mails or instant messages that appear to come from a trusted colleague or friend.

The e-mails have an attachment or link to a ZIP file containing zero-day malware that exploits Microsoft Office or Adobe Reader vulnerabilities. Google employees received an e-mail with malware that exploited a vulnerability in Internet Explorer 6 that Microsoft had not yet publicly disclosed.

Once the attackers have a foothold on one system, they focus on obtaining elevated access privileges to burrow further into the network. They do this by grabbing employee password hashes from network domain controllers — and either brute-force decrypt them or use a pass-the-hash tool that tricks the system into giving them access with the encrypted hash.

Not only should you be extremely cautious about email attachments and forwarded links, even from trusted friends, but also you might think about taking down your entry on LinkedIn or other business networking sites. Unless, of course, it’s already too late.

Permalink Comments (4)

Bookmark and Share



Feb

5

Breaking News from the Registration Front


Posted by Clif Burns at 4:26 pm on February 5, 2010
Category: DDTC

Big News!The biggest news today was the announcement by the Bureau of Industry and Security (“BIS”) of a U.K. company’s agreement to pay a $15 million fine, the largest fine ever collected by BIS. I’ll write about that when the charging and settlement documents are released.

In the meantime, however, I want to share with you a bumper crop of company press releases over the past few days announcing registration under Part 122 of the International Traffic in Arms Regulations. And, as always, these press releases are a never-ending source of amusement.

New-Hampshire-based Ion Beam Milling’s announcement perpetuates the myth that ITAR registration represents some kind of certification by the Directorate of Defense Trade Controls (“DDTC”):

Upon verification of a company’s ITAR compliance, an ITAR Registration Code is assigned and certifies the company’s clearance to work in conjunction with the US military and its counterparts.

Ion Beam also wins the award for the most original spin ever on ITAR registration:

ITAR Registration enhances Ion Beam Milling’s existing Intellectual Property and Document control policies.

A free subscription to this blog will be awarded to any reader who figures out just what the heck this means.

California-based Lenthor Engineering scores a first by issuing a press release announcing that it has renewed its registration. I can just imagine someone in the company saying that they’ve paid $2,250 and will be darned if they’re going to let that money go to waste.  Don’t be surprised if Lenthor announces next week that the company added another copy of the Pocket ITAR to the company’s library.

Munich-based computer hardware manufacturer Kontron AG’s announcement notes that the company

has registered and is in compliance with International Traffic in Arms Regulations (ITAR) administered by the United States Department of State Directorate of Defense Trade Controls who [sic] controls the export and import of defense articles and services.

Obviously Kontron didn’t have to take the legendary DDTC certification test or it would have known that DDTC only controls temporary imports of defense articles.

Permalink Comments (5)

Bookmark and Share



Feb

4

OFAC Mugabe Sanctions Hit Home, Our Home Not His


Posted by Clif Burns at 10:34 pm on February 4, 2010
Category: Economic SanctionsZimbabwe Sanctions

Kokopelli Golf ClubA golf course in Marion, Illinois, is set to close as a result of economic sanctions imposed by the Department of Treasury’s Office of Foreign Assets Control against Zimbabwe’s Robert Mugabe and his cronies. How do the Mugabe sanctions have an impact almost 9,000 miles away?

According to this story in an Illinois newspaper, Kokopelli Golf Course was purchased, almost 15 months ago, from a Florida partnership by local investors. One of the partners in the Florida partnership, it appears, was John Bredenkamp, alleged by OFAC to be a Mugabe crony — a charge that Bredenkamp denies. So OFAC blocked the title to the golf course and the sale hasn’t closed, despite the intervention of Senator Durbin, the senior senator from Illinois, and despite arguments that the closing of the golf course as a result of OFAC’s blocking title to the club would have a significant impact on the local economy. Indeed, the closing of this town’s golf club would appear to be the only visible impact of the Mugabe sanctions since, the last time I checked, Mugabe was still sitting fat, happy, rich and in power in Zimbabwe.

The news story does not reveal the size of Bredenkamp’s interest in the partnership that owned the golf club. If his interest was greater than 50 percent, then under current OFAC guidance, as this blog reported here, the partnership and all of its assets, including the golf club, would be a blocked asset. This case shows the problem with such a rule is that it potentially punishes innocent parties. Assuming, as is likely the case, that the other partners entered into the partnership with Bredenkamp prior to Bredenkamp becoming designated by OFAC as subject to the Mugabe sanctions, there is no conceivable reason to punish the other partners. Instead, OFAC should block Bredenkamp’s interest in the partnership and any revenue due to him under the partnership agreement. The policy behind this position is even more obvious when blocking the interest of innocent partners has an impact on the economy of a small U.S. town.

If the Kokopelli Golf Club closes, Marion residents can, ironically, always go to Zimbabwe to tee off. According to Golf Digest:

Despite hyperinflation, cholera and hugely unpopular President Robert Mugabe, golf survives in Zimbabwe. At Bulawayo Golf Club (founded in 1895), members have been paying with gasoline because local bank notes are now worthless.

Fore!

Permalink Comments (3)

Bookmark and Share