Category Archives: defense policy

Flaw?

Posted on by
Reply

The People’s Republic of China government requires everyone attending the Beijing Olympics next month to load a tracking app on their cell phones:

Those who attend the Olympics, including athletes and journalists, are required to download the app and upload their health and vaccination information to track potential outbreaks of COVID-19.

The Citizen Lab, based in the University of Toronto’s Munk School of Global Affairs & Public Policy, has identified what it terms a security flaw.

It turns out that the app, MY2022, fails to validate some SSL certificates. That means it’s a trivial matter for…others…to bypass any security measures, including encryption, that the phone’s owner might have implemented. Those others then can easily intercept and otherwise gain access to the cell phone owner’s sensitive information: all the medical information the PRC government requires to be loaded into the app, ostensibly for Wuhan Virus tracking, along with wholly unrelated information like all traffic in which the phone might be or have been engaged, all passport information, all medical information whether or not related to the Virus, and all other information stored on the cell phone—images and videos, contact lists, other emails, Web sites and bookmarks, and on and on.

The Lab’s key findings are

  • MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users.
  • MY2022 is fairly straightforward about the types of data it collects from users in its public-facing documents. However, as the app collects a range of highly sensitive medical information, it is unclear with whom or which organization(s) it shares this information.
  • MY2022 includes features that allow users to report “politically sensitive” content. The app also includes a censorship keyword list, which, while presently inactive, targets a variety of political topics including domestic issues such as Xinjiang and Tibet as well as references to Chinese government agencies.
  • While the vendor did not respond to our security disclosure, we find that the app’s security deficits may not only violate Google’s Unwanted Software Policy and Apple’s App Store guidelines but also China’s own laws and national standards pertaining to privacy protection, providing potential avenues for future redress.

It’s doubtful, at least to me, that China’s own laws and national standards pertaining to privacy protection are being violated, though, given the PRC government’s already widespread surveillance of all of its citizens. The PRC’s 2017 national intelligence law, too, requires all entities to cooperate with the government’s intelligence community and provide whatever information that community requires, which means that the app’s spying is no violation of the PRC’s own laws.

And there’s this:

[The] Citizen Lab said it had notified the Chinese organizing committee for the Games in December about the potential issues but had never received a response.

The Beijing Organizing Committee’s refusal to respond is itself instructive.

No, this is no flaw; neither PRC government programmers nor Beijing Organizing Committee programmers, who are the ones who officially built the app, are that amateurish. It’s deliberate, and it’s one more reason to not only skip the Beijing Olympics (including not watching them on NBC), but to skip doing any sort of business with any sort of PRC company.

The Lab’s report can be read here.

Written Response

Posted on by
Reply

Russian Foreign Minister Sergey Lavrov repeated Russia’s demand for

a written response this week from the US and its allies to Moscow’s request for binding guarantees that NATO will not embrace Ukraine or any other ex-Soviet nations, or station its forces and weapons there.

I have a written response for him.

“Nuts.”

Putin’s Coming Invasion

Posted on by
Reply

USAF General and Supreme Allied Commander Europe (NATO) from 2013-2016 Philip Breedlove, along with “former officials and analysts,” have posited a scenario for a partial invasion of Ukraine by Russian President Vladimir Putin. The image below Breedlove’s supposition also is supplied by the WSJ. I’m disregarding Putin’s naval maneuvering in the Black Sea in this post.

The northern portion of Russian forces arrayed against Ukraine could easily drive due west through Belarus and arrive very close to Kyiv relatively unopposed. Ukraine’s best forces are tied down on the line of contact on the border of Donbas. So this northern thrust would bypass the most capable Ukrainian forces.
Such a thrust could be used by the Kremlin to put pressure on Ukrainian President Volodymyr Zelensky’s government and attempt to force concessions or perhaps try to bring about its collapse, former officials and analysts said.
A separate group of Russian forces in the east, General Breedlove said, could push into Donbas to support the Russian garrison there and Russian-backed separatists.
Still a third group of Russian forces in Crimea and southwest Russia could seize terrain along the coast and encircle the port city of Mariupol to cut it off from the rest of Ukraine.

I think Breedlove understates the case. If Putin is going to take that northern route, he won’t stop with merely threatening the government in Kiev; he’ll take all of Ukraine—which is what he wants, anyway.

Beyond that, a thrust up from occupied Crimea won’t be used merely to isolate Mariupol; it will form the other side of the pincer to be used in seizing all of the nation. The attack into the Donbas will serve only to keep the bulk of the Ukrainian military occupied there.

If this is the invasion plan, look, too, for the attack into the Donbas to proceed for a couple of days before the attacks through Belarus and up from Crimea go in; Putin will be looking to get those best forces fully involved and their destruction well in progress first.

In the end, too, the whole invasion and conquering affair will take just four to six days—far too fast for Biden-Harris’ “we’ll sanction the hell out of you if you invade” nonsense even to begin to do anything. Fast enough, even, to be well inside Biden-Harris’ decision loop of beginning recognize the invasion in progress, then beginning to think about applying those “devastating sanctions.”

What Does Putin Want?

Posted on by
Reply

It’s not as complicated as some…pundits…want us to believe. One such, James Marson in his Wednesday Wall Street Journal piece, offered the following claim from a Vladimir Putin spokesman. Marson didn’t question it; he simply commented on other politicians’ responses to the claim as though it were accurate.

A Kremlin spokesman said President Vladimir Putin wasn’t presenting ultimatums, but was worried about threats to Russia’s security.

This is a truckload of bravo sierra. Putin knows full well that no one in the West is interested in threatening Russian security, no one in the West is interested in invading Russia. Putin knows full well that Russia has absolutely nothing at all of value to the West that isn’t gotten far more cheaply—and mutually beneficially—through free and honest trade.

Putin wants Ukraine. He wants Georgia and the Baltics and, later, Poland. He’s even cynically trotted out his effort to redress his mythical 20th century tragedy as his rationale for his empire-building.

It’s also entirely possible that Xi is egging Putin on, since a Putin seizure of Ukraine would give the Republic of China to Xi.

Iran’s Nuclear Weapons

Posted on by
Reply

With the pseudo-negotiations with Iran over its nuclear weapons program going the way they are, President Joe Biden, of the Biden-Harris Presidency, is rapidly coming to the first of two moments of truth.

The first is whether Biden-Harris will fold in the talks—he is, after all, consigned by the Ayatollah to the kiddie table where he’s to be seen and not heard by the adults in the room—and give Khamenei everything he wants just so Biden-Harris can come home claiming a deal, however disastrous.

That, though, is a moment of lesser truth. The greater truth moment will come after. As Dubowitz and Kroenig put it in their op-ed at the link,

A nuclear-armed Iran would cause further proliferation as regional powers like Saudi Arabia build their own bombs.

But that’s a lesser truth, also, for all that it’s a greater one than the first. Dubowitz and Kroenig also have this:

It might take a year or two to fashion a functioning nuclear warhead that is deliverable on a missile, but once the clerical regime has enough weapons-grade material, the game is over.

The nuclear warhead doesn’t have to be delivered via missile, though. There are a variety of ways to…truck…such device into Israel.

In the event, too, Iran is likely to wait until it has four or five nuclear warheads, since that is what it will take—and all it will take—to destroy Israel as a polity and as a people. And Iran will strike the moment that fourth or fifth weapon becomes operational.

Ali Akhbar Hashemi Rafsanjani, former President of Iran and then-Chairman of the Expediency Discernment Council, on World Al-Qods Day in 2001, as cited by the Middle East Media Research Institute:

If one day, he [Rafsanjani] said, the world of Islam comes to possess the weapons currently in Israel’s possession [meaning nuclear weapons]—on that day this method of global arrogance would come to a dead end. This, he said, is because the use of a nuclear bomb in Israel will leave nothing on the ground, whereas it will only damage the world of Islam.

And here is the greatest moment of truth for Biden-Harris. Will he, can he, make

the fateful choice between allowing the clerical regime to become a nuclear-weapons power and using military force to stop it.

Will he make the military strike that Dubowitz and Kroenig suggest will be necessary to prevent Iran’s getting nuclear weapons?

Sadly, Biden-Harris doesn’t have it in him to make the strike. The most we can hope for, and it’s a very thin reed given his and his Progressive-Democratic Party’s open hostility toward Israel, is that Biden-Harris will stay out of the way and let Israel and Saudi Arabia (the latter very sub rosa) conduct the strike.