Category Archives: defense policy

So What if it Is?

Posted on by
Reply

Great Britain, in a move toward filling the vacuum left by President Joe Biden’s (D) dangerous timidity when facing Russian President Vladimir Putin, has sent serious arms into Ukraine to help that nation prepare for the coming Russian invasion. (It’s telling that Germany, dependent as it has sold itself into, on Russian energy, forced the British supply aircraft to fly around German airspace to get to Ukraine.)

Putin reacted to that and trotted out his Foreign Ministry’s spokeswoman, Maria Zakharova, to object to plussing up Ukraine’s ability to defend itself. As cited by Fox News, she said that

Ukraine perceives Western military assistance as a “carte blanche for a military operation in Donbas.”

I certainly hope Ukraine has that perception, and that the perception is grounded in fact. The Donbas is, after all, Ukrainian territory, for all that Russia currently occupies most of it.

Flaw?

Posted on by
Reply

The People’s Republic of China government requires everyone attending the Beijing Olympics next month to load a tracking app on their cell phones:

Those who attend the Olympics, including athletes and journalists, are required to download the app and upload their health and vaccination information to track potential outbreaks of COVID-19.

The Citizen Lab, based in the University of Toronto’s Munk School of Global Affairs & Public Policy, has identified what it terms a security flaw.

It turns out that the app, MY2022, fails to validate some SSL certificates. That means it’s a trivial matter for…others…to bypass any security measures, including encryption, that the phone’s owner might have implemented. Those others then can easily intercept and otherwise gain access to the cell phone owner’s sensitive information: all the medical information the PRC government requires to be loaded into the app, ostensibly for Wuhan Virus tracking, along with wholly unrelated information like all traffic in which the phone might be or have been engaged, all passport information, all medical information whether or not related to the Virus, and all other information stored on the cell phone—images and videos, contact lists, other emails, Web sites and bookmarks, and on and on.

The Lab’s key findings are

  • MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users.
  • MY2022 is fairly straightforward about the types of data it collects from users in its public-facing documents. However, as the app collects a range of highly sensitive medical information, it is unclear with whom or which organization(s) it shares this information.
  • MY2022 includes features that allow users to report “politically sensitive” content. The app also includes a censorship keyword list, which, while presently inactive, targets a variety of political topics including domestic issues such as Xinjiang and Tibet as well as references to Chinese government agencies.
  • While the vendor did not respond to our security disclosure, we find that the app’s security deficits may not only violate Google’s Unwanted Software Policy and Apple’s App Store guidelines but also China’s own laws and national standards pertaining to privacy protection, providing potential avenues for future redress.

It’s doubtful, at least to me, that China’s own laws and national standards pertaining to privacy protection are being violated, though, given the PRC government’s already widespread surveillance of all of its citizens. The PRC’s 2017 national intelligence law, too, requires all entities to cooperate with the government’s intelligence community and provide whatever information that community requires, which means that the app’s spying is no violation of the PRC’s own laws.

And there’s this:

[The] Citizen Lab said it had notified the Chinese organizing committee for the Games in December about the potential issues but had never received a response.

The Beijing Organizing Committee’s refusal to respond is itself instructive.

No, this is no flaw; neither PRC government programmers nor Beijing Organizing Committee programmers, who are the ones who officially built the app, are that amateurish. It’s deliberate, and it’s one more reason to not only skip the Beijing Olympics (including not watching them on NBC), but to skip doing any sort of business with any sort of PRC company.

The Lab’s report can be read here.

Written Response

Posted on by
Reply

Russian Foreign Minister Sergey Lavrov repeated Russia’s demand for

a written response this week from the US and its allies to Moscow’s request for binding guarantees that NATO will not embrace Ukraine or any other ex-Soviet nations, or station its forces and weapons there.

I have a written response for him.

“Nuts.”

Putin’s Coming Invasion

Posted on by
Reply

USAF General and Supreme Allied Commander Europe (NATO) from 2013-2016 Philip Breedlove, along with “former officials and analysts,” have posited a scenario for a partial invasion of Ukraine by Russian President Vladimir Putin. The image below Breedlove’s supposition also is supplied by the WSJ. I’m disregarding Putin’s naval maneuvering in the Black Sea in this post.

The northern portion of Russian forces arrayed against Ukraine could easily drive due west through Belarus and arrive very close to Kyiv relatively unopposed. Ukraine’s best forces are tied down on the line of contact on the border of Donbas. So this northern thrust would bypass the most capable Ukrainian forces.
Such a thrust could be used by the Kremlin to put pressure on Ukrainian President Volodymyr Zelensky’s government and attempt to force concessions or perhaps try to bring about its collapse, former officials and analysts said.
A separate group of Russian forces in the east, General Breedlove said, could push into Donbas to support the Russian garrison there and Russian-backed separatists.
Still a third group of Russian forces in Crimea and southwest Russia could seize terrain along the coast and encircle the port city of Mariupol to cut it off from the rest of Ukraine.

I think Breedlove understates the case. If Putin is going to take that northern route, he won’t stop with merely threatening the government in Kiev; he’ll take all of Ukraine—which is what he wants, anyway.

Beyond that, a thrust up from occupied Crimea won’t be used merely to isolate Mariupol; it will form the other side of the pincer to be used in seizing all of the nation. The attack into the Donbas will serve only to keep the bulk of the Ukrainian military occupied there.

If this is the invasion plan, look, too, for the attack into the Donbas to proceed for a couple of days before the attacks through Belarus and up from Crimea go in; Putin will be looking to get those best forces fully involved and their destruction well in progress first.

In the end, too, the whole invasion and conquering affair will take just four to six days—far too fast for Biden-Harris’ “we’ll sanction the hell out of you if you invade” nonsense even to begin to do anything. Fast enough, even, to be well inside Biden-Harris’ decision loop of beginning recognize the invasion in progress, then beginning to think about applying those “devastating sanctions.”

What Does Putin Want?

Posted on by
Reply

It’s not as complicated as some…pundits…want us to believe. One such, James Marson in his Wednesday Wall Street Journal piece, offered the following claim from a Vladimir Putin spokesman. Marson didn’t question it; he simply commented on other politicians’ responses to the claim as though it were accurate.

A Kremlin spokesman said President Vladimir Putin wasn’t presenting ultimatums, but was worried about threats to Russia’s security.

This is a truckload of bravo sierra. Putin knows full well that no one in the West is interested in threatening Russian security, no one in the West is interested in invading Russia. Putin knows full well that Russia has absolutely nothing at all of value to the West that isn’t gotten far more cheaply—and mutually beneficially—through free and honest trade.

Putin wants Ukraine. He wants Georgia and the Baltics and, later, Poland. He’s even cynically trotted out his effort to redress his mythical 20th century tragedy as his rationale for his empire-building.

It’s also entirely possible that Xi is egging Putin on, since a Putin seizure of Ukraine would give the Republic of China to Xi.