Thursday, July 05, 2012

Israeli Agents Steal Korean Tech for Chinese Customer

Thanks to the show Asia Biz Today I learned of an industrial espionage case involving South Korea, Israel, and China.

In brief, agents of the South Korean branch of an Israeli company stole technology from two South Korean companies, and passed the loot to Chinese and Taiwanese companies.

On June 27th the Yonhap news agency in South Korea reported the following:

Key technologies to manufacture advanced flat-panel displays at Samsung Mobile Display and LG Display have been leaked by an local unit of an Israeli company, local prosecutors said Wednesday, raising concerns the leakage could pose a major threat to the national interest.

The Seoul Central District Prosecutors' Office indicted under physical detention three employees at the local unit of an Israeli inspection equipment supplier, including a 36-year-old man surnamed Kim, on charges of leaking key local technologies used to produce active-matrix organic light-emitting diode (AMOLED) displays and white organic light-emitting diode (White OLED) displays.

They also indicted without physical detention three other employees and the local unit, the prosecutors said, without identifying the Israeli firm.

According to the prosecution, the indicted employees photographed circuit diagrams of yet-to-be-released 55-inch AMOLED television panels when they were let into Samsung and LG's manufacturing factories to check defects of inspection equipment from November of last year to January of this year.

They stored the images on portable memory cards and slipped them into their shoes, belts and wallets to avoid suspicion, prosecutors said...

Prosecutors said the stolen information was likely relayed to the Israeli headquarters and Chinese and Taiwanese display-making rivals, including the biggest Chinese panel manufacturer BOE.

"It is very likely that the stolen technologies have been given by the Israeli firm to foreign rivals," a prosecution official said. "This may expectedly deal a massive economic blow to the entire nation and can cause a sea change in the landscape of the global display market."

This Korea Herald story revealed the name of the Israeli company and an additional receiving company in Taiwan:

According to prosecutors, circumstantial evidence suggests that circuit diagrams of the two companies’ active-matrix organic light-emitting diode, or Amoled, display technology have been leaked to their rivals in China and Taiwan, including the BOE Technology Group in China, and AU Optronics Corp. in Taiwan...

Prosecutors have indicted six officials from Orbotech Korea, the Korean subsidiary of Orbotech Ltd., an Israeli company specializing in automated optical inspection equipment, on charges of technology theft...

Prosecutors say Orbotech officials in China and Taiwan sought to win inspection contracts from display panel manufacturers there using the circuit diagrams as bait.

So, while the original article implied theft for purposes of duplication, the second article implied theft "to win inspection contracts." That is a narrower function and in line with Orbotech's corporate function as "an international developer and producer of automated optical inspection (AOI) and related imaging and computer-aided manufacturing systems" according to Wikipedia.

Image credits: Korea IT Times.

Wednesday, July 04, 2012

Impressions: Three "Internals" Books for Security

As of last month I'm no longer reviewing technical books. However, I wanted to mention a few that I received during the last few months. All three have an "internals" focus with security implications, and all three are written by authors I've reviewed before.

The first is The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, Second Edition by Bill Blunden. I reviewed the first edition two years ago. I am not in a position to comment on the merit of Bill's technical approach (Greg? Jamie?) but I can say the following about the book.

First, it appears current, with references to developments over the last few years. Second, it is well-sourced, with lots of footnotes. For me, that is a sign that the author cares about attribution and scholarship. Third, I must admit I am very happy to see several references to posts on this blog and also tools and techniques authored by Mandiant (such as Redline and Memoryze.

With respect to citing my practices and philosophy, as well as thoughts by others, I believe author Bill Blunden does a good job placing his technical work in a bigger overall framework. To me, this is a sign of a more advanced book, regardless of the exact technical details.

The second book is Windows® Internals, Part 1, Sixth Edition; Covering Windows Server® 2008 R2 and Windows 7 by Mark E. Russinovich, David A. Solomon, and Alex Ionescu. I reviewed the fifth edition last year. Like the rootkit book, I am not a Windows kernel developer, but I believe everyone would agree that you cannot beat the Russinovich-Solomon-Ionescu team when it comes to how Windows works!

One of the most intriguing aspects of this book is that it's been split into two parts. The previous edition was a hardcover with 1232 pages and a list price of $69.99. Part 1 of the new edition is a paperback with 728 pages and a list price of $39.99. Part 2 will arrive in September, according to the O'Reilly listing, and will feature 688 pages and a list price of $39.99.

The authors decided to split the book into two parts to speed the delivery of material to readers. The new books cover Covering Windows Server® 2008 R2 and Windows 7, but Windows 8 will likely arrive this fall -- just as Part 2 hits Kindles and book stores.

Some might argue that books, even split into parts, aren't the right way to deliver technical material these days. I agree with that sentiment in some respects, but there isn't as much support in the traditional publishing world for supporting and delivering shorter works. I also think authors like to present unified works, not a series of chapters. Does that sound like artists wanting to release albums and not cut singles? We'll see.

The third and final book in this post is FreeBSD Device Drivers by Joseph Kong. I reviewed his book Designing BSD Rootkits in 2007 and interviewed him as well.

This book appears very heavy on readable code and light on theory. I think this approach makes sense given the topic and the expectations the author sets for the reader. I am pleased to see No Starch provide a forum for books like this. They continue to produce high-quality works that read well and address subjects seldom found elsewhere.

Tuesday, July 03, 2012

Not Just Clowns, But Criminals

It turns out my April post Clowns Base Key Financial Rate on Feelings, Not Data was too generous. I cited an Economist story which outlined how LIBOR rates — and the returns on $360 trillion of financial contracts related to them, five times global GDP — are based on best guesses rather than hard data.

I continue to cover this story because the financial industry routinely scoffs at the "risk management" practices of non-financials, as I wrote in 2007.

It turns out that these clowns are actually malicious, as reported in Lies, damn lies, and LIBOR: Barclays, Diamond, and a devalued benchmark:

A pattern of deception extending over a period of years. A flouting of the law to profit at the expense of others on three different continents. And a belief that the rules did not apply to them.

No, not the latest mafia family to be taken down by a special prosecutor. But Barclays PLC, the sprawling British banking group that recently paid a $450 million fine for seeking to rig LIBOR, a benchmark interest rate used to value trillions of dollars of investments...

In simple English, that's an assertion that Barclay's employees on at least three continents spent years lying in order to fix benchmark interest rates that help determine the value of about $10 trillion of global debt and $350 trillion in derivatives, mostly swap contracts.

For instance "Barclays based its LIBOR submissions for US Dollar... on the requests of Barclay's swaps traders, including former Barclays swaps traders, who were attempting to affect the official published LIBOR, in order to benefit Barclays' derivatives trading positions."

The daily LIBOR fixing by the BBA is based on self-reporting from major financial institutions on the cost of short-term unsecured borrowing. Though it's based on the honor system (a regulatory failure if ever there was one) that daily fixing is used as a benchmark that effects the prices of swaps and debt instruments in dollars, pounds, yen, and euros. So if you can fiddle the LIBOR number, you can manipulate markets to your advantage.

I expect more banks to be named in the coming days and weeks.

It's easy to win at "risk management" if you cheat.

How to Kill Teams Through "Stack Ranking"

The newest Vanity Fair offers an article titled Microsoft’s Downfall: Inside the Executive E-mails and Cannibalistic Culture That Felled a Tech Giant. It starts with the following:

Analyzing one of American corporate history’s greatest mysteries — the lost decade of Microsoft — two-time George Polk Award winner (and V.F.’s newest contributing editor) Kurt Eichenwald traces the “astonishingly foolish management decisions” at the company that “could serve as a business-school case study on the pitfalls of success.”

Relying on dozens of interviews and internal corporate records — including e-mails between executives at the company’s highest ranks — Eichenwald offers an unprecedented view of life inside Microsoft during the reign of its current chief executive, Steve Ballmer, in the August issue...

Eichenwald’s conversations reveal that a management system known as “stack ranking” — a program that forces every unit to declare a certain percentage of employees as top performers, good performers, average, and poor — effectively crippled Microsoft’s ability to innovate.

“Every current and former Microsoft employee I interviewed — every one — cited stack ranking as the most destructive process inside of Microsoft, something that drove out untold numbers of employees,” Eichenwald writes.

“If you were on a team of 10 people, you walked in the first day knowing that, no matter how good everyone was, 2 people were going to get a great review, 7 were going to get mediocre reviews, and 1 was going to get a terrible review,” says a former software developer. “It leads to employees focusing on competing with each other rather than competing with other companies.”

When I read that section, I immediately recognized similarities with programs at former employers.

This is not a comfortable post to write, but I believe it is important to learn from management and business failures as well as successes. Clearly programs like "stack ranking" are destructive for organizations and individuals. The sooner managers and human resource departments learn that lesson, the better for the business and its team members.

Is "stack ranking" something you've encountered?

Monday, July 02, 2012

Thoughts on Lessons from Our Cyber Past: The First Cyber Cops

In May I was pleased to attend Lessons from Our Cyber Past: The First Cyber Cops hosted by Jay Healey at the Atlantic Council and featuring Steven R. Chabinsky, Shawn Henry, and Christopher M. Painter. The transcript as well as audio for the event are now online.

All of the attendees made great points, and I wanted to highlight a few.

Mr. Chabinsky:

I think that we’re getting to this point where we really have to reflect upon what risk mitigation looks like in this area, whether our policies that focus predominantly on vulnerability mitigation, are actually a successful long-term security model.

If you think of most security models, I think predominantly you’d find that they rely on threat deterrence, that the notion that the actor won’t act because there will be some penalty-based deterrent at the end of it – they’ll be captured, they’ll have some penalty. Here [in digital security] we have a model where people are predominantly focused on hardening the target, patching their systems. That’s not how we live in the real world. That’s called a fortress, right? I mean, the technology is not meant to be bunkered down.

And so it’s not surprising then, as we move further and further into this model of accepting devices that are not fortified and bunkered down, without a risk model that predominantly relies upon threat deterrence, we would fall further behind. I agree with that sentiment. As I've written before, Real Security Is Threat-Centric.

Mr. Painter emphasized that you need capacity, laws, and global cooperation to make a difference when fighting digital threats.

Mr. Henry:

What I wanted to do – because I’d talked to some people who were in the cyber space – what I wanted to do was to bring many of the things that we had done in the physical world successfully against organized crime groups and against terrorist organizations – white collar crime, public corruption cases – I wanted to take some of those investigative tactics and I wanted to apply them in the cyber realm.

Because I’ve always seen that there are actually more similarities between the physical space and cyber space than there are differences, and I can relate many things in the physical world to the cyber world, and vice versa. And I had a lot of experience working undercover operations and using authorized digital intercepts, using informants and the like.

That is an important point. I think law enforcement has made the most progress when they use old-fashioned infiltration methods and put less emphasis on technical measures to identify intruders.

Sunday, July 01, 2012

Thoughts on Air-Sea Battle Briefing at Brookings

Last month I attended an event at the Brookings Institute about the Air-Sea Battle concept, which I mentioned in China's High-Tech Military Threat and Air Sea Battle yesterday. A good companion to the briefing is the article Air-Sea Battle: Promoting Stability in an Era of Uncertainty published in February in the journal The American Interest. In that article, General Norton A. Schwartz, USAF (at right in the picture) & Admiral Jonathan W. Greenert, USN write:

When Secretary of Defense Leon Panetta introduced the new strategic guidance for the Department of Defense, he stated that the “smaller and leaner” Joint Force of the future must be prepared, in conjunction with allies and partners, to confront and defeat aggressors anywhere in the world, “including those seeking to deny our power projection.”

The new strategic guidance directs U.S. forces to maintain the “ability to project power in areas in which our access and freedom to operate is challenged” and to be “capable of deterring and defeating aggression by any potential adversary...

With Air-Sea Battle, we are reinvigorating the historic partnership between our two departments to protect the freedom of the commons and ensure operational access for the Joint Force.

Air-Sea Battle provides the concepts, capabilities and investments needed to overcome the challenges posed by emerging threats to access like ballistic and cruise missiles, advanced submarines and fighters, electronic warfare and mines...

Air-Sea Battle relies on highly integrated and tightly coordinated operations across warfighting domains—for example, using cyber methodologies to defeat threats to aircraft, or using aircraft to defeat threats on and under the sea. During the Brookings event, the General and the Admiral were careful not to mention China at all. In fact, I checked the transcript and didn't read either of them saying that word, although reporters asked them about China.

I don't have a problem with that, although I think it's a little disingenuous. The remainder of the American Interest article explains a variety of so-called A2AD scenarios, while also never saying "China." It does mention Iran, however.