Effective Wednesday, 01 September 2010, my blog posts will only appear at Forbes Firewall. In addition, GreyLogic, Inc. will be shuttered so that I may focus full-time on launching Taia Global, Inc. This will have no bearing on services provided to GreyLogic clients, which will be transferred to the new company and continue uninterrupted. If you’re a subscriber to this blog, please subscribe to my articles at Forbes Firewall instead.
Here is how we protect high value individuals:
Figure 1: Secret Service agent warns off a vehicle following too closely
Now imagine if we protected these critically important individuals the way that we protect our most critical data:
Figure 2: vehicle parked alongside high traffic roadway
SECRET SERVICE AGENT: “Don’t worry, Mr. President. You’re off the freeway in a parked vehicle surrounded by metal and windows with safety glass. No one will even know you’re here.”
Then when this happens:
Figure 3: car gets crushed by falling boulder
We wonder what the hell went wrong. We had security through obscurity, our antivirus was up to date, and our firewall could do everything but cook us dinner.
There needs to be a new paradigm for protecting critical assets. The capitol police in Washington DC use entirely different tactics to protect a large building than the Secret Service does to protect an individual. Likewise, a corporation must protect its critical data differently from how it protects its enterprise network, which is why we are launching a new company to do just that – Taia Global – the world’s first personal cyber security company. Contact us for more information about our unique approach to safe-guarding your most critical assets.
When I read the news of this acquistion, I was stunned by its national security implications. Intel has had a cozy relationship with the Russian government and its Federal Security Service (FSB) since 2002 with its sponsorship of a laboratory on wireless technology at Nizhny Novgorod State University (NNGU). The laboratory, located in the Department of Radiophysics, benefits from NNGU’s decades long experience with Russia’s defense industry, especially the radar and air defense sector. According to a 9 August 2004Businessweek article, the lab was working on security software for high-speed wireless applications.
The laboratory’s activity is overseen by a guidance board that includes Leonid Yurevich Rotkov, the head of the Center for Security of Information Systems and Telecommunications Facilities also located in NNGU’s Department of Radiophysics. Leonid Rotkov is a noted expert on IT security. Conference agendas show he works as a security consultant for the Federal Security Service (FSB).
Until around 2008, the Center’s website stated that it was sponsored by the Federal Security Service (FSB). This statement has since been removed. However, the faculty listing for the Center includes one individual who is also an employee of the Nizhny Novgorod Branch of Scientific Technical Center (STC) Atlas. STC Atlas was previously directly subordinate to the FSB, however, it is now a Federal State Unitary Enterprise (government owned) research institute that still works on IT security. The Nizhny Novgorod branch is one of four major STC Atlas research facilities. STC Atlas is currently certified by FSB for work on security issues including cryptology and “special studies.”
Intel’s Chairman and CEO at that time was Craig Barret who is now one of the founders of the Skolkovo Fund which will be financing the construction of the Skolkovo Innovation Center outside of Moscow. The interesting thing about this center is that it’s focus is to bring foreign high tech companies into Russia for R&D work on technologies that President Medvedev has identified as critical: nanoelectronics, semiconductors, photonics, robotics, cloud services, and ICT related to health care and governance. This strategy has worked incredibly well for the Peoples Republic of China (PRC). They have over 1200 foreign R&D labs operating in and around Shanghai, and the PRC’s economic growth (at least 10% each year) combined with its increase in patent filings (up 500% in the last 5 years) is very impressive.
Unfortunately, what’s good for Russia and China is not necessarily good for the U.S., particularly when part of that technology transfer occurs through acts of cyber espionage and insider theft. That’s the ugly truth that no one wants to speak about but everyone knows is happening – especially the leadership of Intel who seem to have no problem with the security lapses occuring at their Nizhny Novgorod lab even when told about them by U.S. government officials. In fact, Intel frequently hires highly trained Russian engineers for positions in their security department; at least one of whom simultaneously taught an InfoSec course for the FSB.
Intel CEO Paul Otellini had this to say at a recent press conference on the McAfee acquistion:
We have concluded that security has now become the third pillar of computing,” he told his listeners, “joining energy-efficient performance and Internet conductivity in importance.”
And that third pillar, Otellini believes, will be best implemented in silicon, not software. “We believe that security will be most effective when enabled in hardware,” he said. “Joining the assets of McAfee with Intel will accelerate and enhance the combination of hardware and software solutions.”
At a time when cyber espionage by Russia and China is one of the greatest threats to U.S. national security today, Intel is helping build a billion-dollar honey trap (aka Skolkovo) for U.S. companies in Russia. Now it owns one of the largest software security companies in the world. So I have to wonder, when Otellini talks about the importance of security – security against whom exactly?
On January 16, 2008 the Ministry of Information Technology and Telecommunications of the Russian Federation amended paragraph 2 of Article 64 of State law regulating the requirements of telecommunications networks for operational and search activities. It requires that intercepted communications which have additional encryption be turned over in decoded form. This includes Research In Motion and all other foreign-owned companies who sell services in the RF through a Russian vendor which, in RIM’s case, is Mobile TeleSystems.
Since MTS trades on the New York Stock Exchange (MBT), it has to file with the SEC. That filing contains the following information under “Equipment Certification”:
“a Presidential decree requires that licenses and equipment certifications be obtained from the Federal Security Service to design, produce, sell, use or import encryption devices. Some commonly used digital cellular telephones are designed with encryption capabilities and must be certified by the Federal Security Service.”
MTS’ Vice President of Corporate Security is Pavel D. Belik, who’s prior employer was the Federal’naya sluzhba bezopasnosti Rossiyskoy Federatsii (Federal Security Service of the Russian Federation); popularly known as the FSB. Hence, there is little doubt that MTS complies with Russian law which requires that encrypted messages be decoded. It also requires remote access from a console installed in FSB headquarters which reports the names of the sender and receiver of the targeted phone call, e-mail, or SMS message, the message itself, and the geo-location of the sender as well as access to the customer database and billing records.
Operation Roadside
Operation Roadside was a 2006 espionage case in Moscow that involved MI6 agents and their Russian assets who used an electronic dead drop disguised as a rock. The “rock” was actually a sophisticated receiver and transmitter contained within a rock-like casing. It would receive and transmit information protected by encryption without the person having to stop and physically place or remove anything. When the FSB rounded up the individuals involved and examined the rock, they discovered that it was powered by a Blackberry (Moscow NTV Mir in Russian 1735 GMT 29 Jan 06 – “Emergency Incident: Investigation” television program). Considering that this happened in 2006 in the same year that Research In Motion was struggling to gain entrance to the Russian market, I would rate the possibility that RIM received a pass from the FSB to abide by its monitoring requirements at about 0%.
These are just some of the facts regarding RIM and its dealings with the Russian government in order to sell its products and services to Russian consumers. Rather than issuing public statements like this one, RIM should simply acknowledge that it is no different from any other telecommunications provider as regards complying with monitoring laws of the countries in which they sell services, and that its corporate customers in those countries do not enjoy secure communications across the board. A little honesty and transparency would be a refreshing change from RIM’s current strategy of employing corporate doublespeak in communications to its customers and the general public while secretly engaging in negotiations with governments that belie its public announcements.
