Friday Brief for 26 November 2021
We're not prepared; DOJ spending stolen bitcoin; & NK hackers target Chinese researchers
Among my many blessings, is you! Thank you for your support and for making The Kitchen Sync such a success. I hope you’re having a very happy Thanksgiving holiday.
Payment Card Industry Data Security Standard (PCI DSS) — A set of security standards that are designed to ensure that all organizations that accept, process, store, or transmit credit card information maintain a secure environment. Failure to comply with PCI requirements can lead to steep fines and penalties, revocation of credit card payment services, or even suspension of accounts.
To Secure Peace, Prepare for War
What’s New: There is mounting evidence that China has already achieved significant military capacity and may enjoy technical superiority in a number of critical capabilities.
Why This Matters: War with China — though far from inevitable — would be so consequential and deadly that it must be prepared for more seriously and systematically than current efforts suggest we are doing.
Chinese military spending — when properly accounting for differences in reporting structure, purchasing power, and labor costs — is approaching 90% of U.S. military spending.
“The Chinese People’s Liberation Army (PLA) remains one of the world’s largest militaries, but its days of largely obsolescent equipment are in the past,” argues the Heritage Foundation’s 2022 Military Index. “Nearly two decades of officially acknowledged double-digit growth in the Chinese defense budget have resulted in a comprehensive modernization program that has benefited every part of the PLA.”
Similarly, this year’s Annual Threat Assessment (ATA) says, “The PLA Navy and PLA Air Force are the largest in the region and continue to field advanced long-range platforms that improve China’s ability to project power. The PLA Rocket Force’s highly accurate short-, medium-, and intermediate-range conventional systems are capable of holding U.S. and allied bases in the region at risk.”
More novel capabilities were most recently demonstrated by the Chinese launch of an earth-orbiting, nuclear-capable hypersonic missile that also discharged some sort of projectile during its terminal glide phase — a capability that some American observers say “defies physics.”
Regarding cyber, the ATA again makes the challenge very clear:
“We assess that China presents a prolific and effective cyber-espionage threat, possesses substantial cyber-attack capabilities, and presents a growing influence threat … We continue to assess that China can launch cyber attacks that, at a minimum, can cause localized, temporary disruptions to critical infrastructure within the United States.”
Summarizing these trends, Robert O. Work and Greg Grant say the following:
“China is keenly focused on blunting the U.S. military’s technological superiority, even as it strives to achieve technological parity, and eventually technological dominance … After considering what the Chinese military has accomplished technologically in little more than two decades and what they plan to do in the decades to come, any objective assessment must at least consider the possibility that the U.S. Joint Force is close to becoming the victim of a deliberate, patient, and robustly resourced military-technical offset strategy.”
What I’m Thinking:
Nothing is inevitable and dispassionate analysis is key. No one knows the future and history is not a math problem to be “solved.” War with China is not an inescapable fate, but the likelihood of such a conflict is growing and the U.S. does not exercise unilateral influence over the matter. Many consider the devastation that would undoubtedly occur in a war between the U.S. and China and simply dismiss the possibility as “insane” or “too awful to consider.” While understandable, this approach is immoral for those tasked with securing the nation and its people. Washington and Beijing are already in a state of confrontation. We must acknowledge and accept that a progression to conflict and possibly even war is possible — but always with an commitment to defend our way of life and a determined willingness to avoid war if we can do so responsibly.
There is good reason to believe we have a false understanding of Chinese capability. First, the closed nature of Chinese society makes it a difficult intelligence target. Second, the U.S. intelligence posture on China has been devastated for years and is slow in its recovery. Third, the fused relationship between the CCP and the nation’s industry make it difficult to identify the source and status of critical innovations and to limit them. For example, as discussed last week, of the 273 known Chinese suppliers of AI to the PLA, just 22 (8%) are limited by U.S. sanctions or other prohibitions. Finally, fourth, China’s hypersonic missile launch is only the latest technological feat to surprise Western analysts. There is broad concern that Beijing also enjoys parity or superiority in AI, quantum computing, and other emerging technologies. Despite all of this, U.S. policymakers and warplanners are dragging their feet by insufficiently funding our own military, failing to pass even these meager budgets, and refusing to prioritize this issue as it deserves. When asked about the recent hypersonic launch being seen as a “Sputnik moment,” Air Force General John Hyten, vice chairman of the Joint Chiefs of Staff, said, “From a technology perspective, it’s pretty impressive … But Sputnik created a sense of urgency in the United States ... The test on July 27 did not create that sense of urgency. I think it probably should create a sense of urgency."
We should, therefore, plan for the worst. We should, I believe, begin by asking the question, “What would we do now if we knew with absolute certainty that the U.S. would be at war with China in the next 10 years?” While every contingency cannot be approached this way, the likelihood of this scenario is now sufficiently possible that it should at least form the boundaries of contemporary policy, planning, and strategy. This is made even more advisable by the fact that military strength and preparations provide both a specific deterrence to growing Chinese aggression as well as a general check on broader geopolitical risk. History is replete with examples of nations failing to recognize and to prepare for a war that — in hindsight — appears obvious. History also teaches that these failures are typically rooted, not in an inability to read the relevant signs at the time, but in a willful apathy fueled by delusional hopes and false assumptions. These are nation-killers.
Three specific actions that can be taken. First, the Biden administration needs to prepare a serious, detailed national security strategy for China. This strategy should not be a blurry-eyed impression of a world we long for, but a clear-eyed articulation of interests and the steps we will take to secure them. Second, Congress should form a bi-partisan special committee on China, made up of members from the House and Senate. This committee should be tasked with holding hearings and generating a report on the current state of U.S.-China policy, the actions necessary for ensuring U.S. national security in the context of U.S.-China policy, and recommending specific executive and legislative action in this regard. Finally, the Defense Advanced Research Projects Agency (DARPA) should be tasked with a specific program of developing innovative strategies and capabilities specifically aimed at countering China. DARPA’s founding mission is “creating strategic surprise for adversaries and preventing strategic surprise to the US.” The agency is about to have its budget doubled by the U.S. Innovation and Competition Act — this seems like a worthy expenditure of these resources.
U.S. Pays Victims $56 Million In Stolen Crypto
What’s New: The Department of Justice (DOJ) seized $56 million in cryptocurrency when it arrested a self-described “number one promoter” of the BitConnect fraud scheme, according to a DOJ statement.
Why This Matters: BitConnect is the largest cryptocurrency fraud scheme ever criminally charged, and the U.S. government intends to sell the coins and use the proceeds to compensate victims.
This week, Glenn Arcaro pleaded guilty to the massive conspiracy to defraud BitConnect investors, in which they invested more than $2 billion.
Arcaro is scheduled to be sentenced in early 2022 and faces up to 20 years of prison time.
The seized funds are primarily in the form of Bitcoin, but will be converted to fiat currency and used to compensate victims in U.S. dollars.
Separate, but relatedly, the IRS has seized $3.5 billion in cryptocurrency this year, accounting for 93% of criminal investigation seizures.
What I’m Thinking:
Throw the book at this guy and give him the full 20. The scale of the BitConnect scheme and of the IRS’s seizures illustrate how bad guys have fully embraced digital cash and how we need to get a hold on this problem now.
North Korean’s Snooping on Chinese Hackers
What’s New: Hackers backed by Pyongyang are targeting Chinese cybersecurity researchers and stealing their tools and techniques, according to The Daily Beast.
Why This Matters: North Korean hackers are under immense pressure to help the regime overcome crippling sanctions, so they’re always on the lookout for new cyber capabilities.
The CrowdStrike cybersecurity firm says Kim Jong Un’s minions lured Chinese researchers with malware-laden files, labeled “Securitystatuscheck.zip” and “_signed.pdf.”
China’s Ministry of Public Security and the National Information Security Standardization Technical Committee were among the groups who were targeted.
The Lazarus Group (aka Stardust Chollima) appears to be behind the operation.
“For vulnerability research in particular that would be interesting—it in effect allows you to collect and steal weapons that you can use for other operations. It could also give them insight into new techniques that they’re not aware of and how research is being conducted,” said CrowdStrike’s VP of Intelligence Adam Meyers. “It also lets you know what the security posture looks like in other countries.”
What I’m Thinking:
There’s no honor among thieves. North Korea is a tier-one cybersecurity threat and they’re highly motivated because these types of operations are critical for the nation’s primary means of supporting itself: cybercrime. While going after China always has some inherent risk, Beijing also understands this is all part of the game. That doesn’t mean that Xi Jinping won’t turn a few screws if and when he feels the need to do so. But, I don’t think this is a huge deal in the context of the broader North Korea-China relationship.
Let’s Get Visual
That’s it for this Friday Brief. Thanks for reading, and if you think someone else would like this newsletter, please share it with your friends and followers. Have a great weekend!