Author Archive

Jul

6

Malware Attack Targets Defense Exporters

Posted by at 8:52 pm on July 6, 2010
Category: General

Trojan HorseA multi-step attack targeting defense exporters was recently reported on Symantec’s security blog. This ploy first invaded one defense contractor’s network where it set up a directory on the system for fake press releases. The invaded network was then used to send emails from that network to employees of a second defense contractor. Those emails reported (falsely) that the CEO of the second defense contractor had been arrested for violations of the Export Administration Act and contained a link back to the fake press release directory on the first contractor’s website. Clicking that link would deliver the payload to the user’s computer.

Often these malware attacks originate outside the United States from people whose proficiency in English grammar and spelling is on the severely limited side, thereby providing the first clue that something is amiss. (If cybervillains could speak decent English, after all, they could probably get real jobs.)

The email with the payload link read as follows:

According to an official spokesperson of FBI, [name deleted], the CEO of [name deleted] had been detained for further investigation. The US government is accusing [name deleted] of vialating [sic] Export Administration Act. It is said that during 2001 and 2008 [name deleted] had been involved in several illegal technique exportation to Iran and North Korea. Click here for further information. [Link deleted.]

The missing “the” in front of “FBI” and “Export Administration Act” makes it sound like it was written by Natasha from Rocky and Bullwinkle and suggests a Slavic country as the origin. Read the email aloud in your best Natasha accent imitation and see if you don’t agree. My vote is for someone in Ukrussia as the culprit. (A friend of mine in the anti-malware business says that people in Ukraine and Russia are responsible for an alarmingly high number of malware attacks and has coined “Ukrussia” as a shorthand name for the two countries).

The lesson to be learned here is to think before you click. Look at an email, even from what appears to be a trusted source, with care for telltale signs that it was cooked up in Ukrussia and not in Rosslyn, Virginia. If you think that your competitor’s CEO may be headed for the hoosegow, try a Google News search rather than clicking an email link. And don’t forget that the recent large-scale invasion of defense networks by Chinese hackers relied on getting defense company employees to click on links in emails from people that they had met on Facebook and other social networks.

[Thanks to a reader for emailing a link to the Symantec article.]

Permalink Comments (2)

Bookmark and Share


Copyright © 2010 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)
Jul

1

Export Reform: A Return to Original Intent?

Posted by at 9:50 pm on July 1, 2010
Category: Arms ExportExport Reform
Richard Bistrong
ABOVE: Gen. James Jones

Yesterday’s post mentioned a speech given by National Security Advisor General James Jones to the Senate Aerospace Caucus. I’ve now had a chance to look at a text of his speech as prepared and noticed at least one part that may be of considerable interest to exporters.

General Jones begins his speech with, and mentions throughout, some significant changes that have occurred since our current export control regime was initially instituted. Most striking was his observation that when we first started controlling exports troops were moved around on trains and that, notwithstanding that military trains have gone the way of camels, horses and elephants as a mode of troop transport, “military railway trains” are still mentioned in USML Category VII.

More significantly, General Jones mentions this difference:

“Specifically designed for military use” – a term still used in our munitions controls today – meant what it says: items were intended only for military use having little or no civilian use.

My frisson of delight at that phrase — “‘specifically designed for military use’ meant what it says” — was probably counterbalanced by the grinch-like scowls it would have provoked at the Defense Technology Security Administration (“DTSA”).

The folks at DTSA have been the chief proponents at the Department of Defense for the notion that the phrase doesn’t mean what it says, that it instead means that an item, regardless of why it was designed, could be used for military purposes. DTSA has continued to champion that interpretation of “specifically designed” during the classification process even though it is so broad that virtually everything — from the flat panel TV in your living room to the toilet plunger in your bathroom — could be used for military purposes and therefore are properly classified as USML items.

Supplications to the deity of your choice that “specifically designed” is returned to its original meaning as part of the current export reform efforts would not be out of place.

Permalink Comments (3)

Bookmark and Share


Copyright © 2010 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)
Jun

30

Congress May Nix Single Export Agency

Posted by at 8:37 pm on June 30, 2010
Category: Export Reform

US CapitolOnline journal DOD Buzz has some buzz that you might want to hear. Or maybe not.

Reporting on a speech by Jim Jones, Obama’s national security advisor, to the newly-formed Senate Aerospace Caucus, the journal quoted an unnamed “congressional source” throwing water on the idea of a single export licensing agency

A congressional source who knows arms export issues reacted this way when asked about the prospects for legislation that would be needed to get things moving: “Not good. It’s a massive change for a single agency, and rationale has not yet been provided.”

The main reason for congressional caution are memories of what many people believe was the disastrous result of the creation of the Department of Homeland Security, this source said

Although I have no doubt that Congress is not likely to support export control reform — at least the parts that must be approved by Congress — I think the source’s citation of the “disastrous results” of creating DHS is an effort to put another face on the real reason why Congress won’t get on board. While DHS may not have accomplished everything that was hoped for it, calling it a disaster is an overstatement.

The problems that export reform will face in Congress are based more on politics than on policy. Many GOP congress members can be counted to vote against anything that comes from the White House. And the Dems, facing the uphill battle of midterm elections, don’t see any political upside with constituents in supporting a proposal that the constituents don’t understand. Worse they fear that their opponents can hurl an accusation that they are weak on national security for supporting a plan that, so the accusation would go, allowed companies to export uranium enrichment centrifuges and suitcase nukes to the Taliban.

Much of the proposed export reform, particularly to the extent that it involves rewriting existing regulations, can be accomplished without having to get a permission slip from the Hill. But the single licensing agency requires Congressional approval that looks, increasingly, like it might not be obtainable.

Permalink Comments (2)

Bookmark and Share


Copyright © 2010 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)
Jun

29

Former Air Force Colonel Charged With Illegal Arms Brokering

Posted by at 10:44 pm on June 29, 2010
Category: Criminal PenaltiesPart 129

AK47sA retired Air Force colonel, John O’Toole, and an Israeli aeronautics engineer, Chanoch Miller, are the subjects of a recently unsealed indictment in connection with an alleged plan to ship 700 AK-47s to Somalia. What is most interesting about the indictment is that O’Toole is not only charged with illegal exports but also is charged with brokering violations — namely brokering the sale of defense articles to Somalia in violation of the arms embargo against Somalia and brokering the sale of these defense articles without first obtaining a brokering license from the State Department’s Directorate of Defense Trade Controls.

From the indictment it appears that O’Toole was mostly involved in arranging transportation of the rifles to Sudan, whereas Miller was in charge of procuring and selling the AK-47s. In exchange for O’Toole’s services, Miller was going to pay him a commission. This, of course, if true, appears to fit within the definition of brokering under section 129.2 of the ITAR. In particular, the definition of brokering in section 129.2(b) includes arranging for the transportation of defense articles.

What’s interesting here is that because of the brokering offenses, O’Toole is being charged with more counts than Miller, even though it’s not clear that a broker should be more culpable than an exporter. Both O’Toole and Miller are charged with an attempted export and a conspiracy to export. Miller can’t be charged with brokering on top of that because brokering requires an action taken “as an agent for others,” which is not the case for Miller because he bought the rifles himself and was acting on his own behalf in selling them. But what sensible policy would make O’Toole more culpable than Miller when Miller was selling the rifles and was just paying O’Toole to help him transport them?

[Hat tip to Laura Rozen for bringing the indictment to my attention]

Permalink Comments (3)

Bookmark and Share


Copyright © 2010 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)
Jun

24

Registration Follies

Posted by at 9:59 pm on June 24, 2010
Category: DDTCITARPart 122

Under ScrutinyRegular readers are no doubt familiar with this blog’s occasional posts poking fun of press releases from defense manufacturers noting that the company had “achieved” registration with the State Department’s Directorate of Defense Trade Controls (“DDTC”). A common feature of many of these press releases is to try to portray registration under Part 122 of the International Traffic in Arms Regulations as an endorsement by DDTC of the company’s export compliance expertise and procedures.

Well, I think a new bar was set by this press release from Virginia-based Zestron Corporation

ZESTRON process and service solutions, recently renewed its official International Traffic in Arms Regulations (ITAR) registration with the US Department of State, Directorate of Defense Trade Controls.

After several weeks of careful review of ZESTRON’s corporate structure, security, record keeping and procedures for handling sensitive military and intelligence applications, the company successfully passed the system’s strict requirements. The renewal of this registration demonstrates that ZESTRON is dedicated to adhering to the regulations that control the export and import of defense-related articles and services on the United States Munitions List.

Honestly, that doesn’t just take the cake. It takes the table the cake is on, the house where the table is, and the city in which the house is located. There is no scrutiny by DDTC of corporate structure, much less “several weeks” of such scrutiny. Nor is there any review of a company’s procedures for handling military and intelligence applications. And don’t get me started on the import business in the press release. The only strict requirement that a registered company has passed is that it was able to fill out the registration form correctly and submit it with the required fee.

Here’s a new export reform proposal: the DDTC should revoke the registration of any company that issues a press release incorrectly describing the significance of registration.

Permalink Comments (4)

Bookmark and Share


Copyright © 2010 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

« Older Entries
Newer Entries »