industryterm:control systems

Chinese Surveillance Complex Advancing in Latin America

In February, 2019, in a story that went almost unnoticed in Washington, the small South American nation of #Uruguay began installing the first of 2,100 surveillance cameras, donated by the People’s Republic of China to improve control of its borders with neighboring Argentina and Brazil.

The move highlights the significant deepening of the Uruguay-PRC relationship over the last decade, including their establishment of a “Strategic Partnership” in October 2016, and the signing of a memorandum of understanding in August 2018 for Uruguay to join China’s Belt and Road initiative (despite being about as far from the PRC as is geographically possible).

Beyond Uruguay, the development also highlights a little-discussed but important dimension of China’s advance: its expanding global sales of surveillance and control technologies. Although the press and U.S. political leadership have given significant attention to the risks of employing Chinese telecommunications companies such as Huawei the equally serious but newer issue of expanding sales of Chinese surveillance systems has been less discussed.

The installation of Chinese surveillance systems, acquired through PRC government donations or commercial contracts, is a growing phenomenon in Latin America and elsewhere.

Such systems began to appear in the region more than a decade ago, including in 2007, when then mayor of Mexico City (now Mexican Foreign Minister) Miguel Ebrard returned from a trip to the PRC with a deal to install thousands of Chinese cameras to combat crime in the Mexican capital. More recent examples include ECU-911 in Ecuador, a China-built national system of surveillance and communication initially agreed to by the administration of anti-U.S. populist president Rafael Correa. The system, which has expanded to currently include 4,300 cameras and a command center manned by thousands of Ecuadorans, has been built almost completely from Chinese equipment, designed for a range of otherwise noble purposes from emergency response and combatting crime, to monitoring volcanoes. Bolivia boasts a similar Chinese built system, albeit more limited in scope, BOL-110, in addition to hundreds of surveillance cameras donated by the PRC to at least four of Bolivia’s principal cities.

In Panama, which abandoned Taiwan to establish relations with the PRC in 2017, the government of Juan Carlos Varela has agreed to allow Huawei to install a system of cameras in the crime-ridden city of Colon and the associated free trade zone. Not by coincidence, in July 2019, Hikivision, China’s largest producer of surveillance cameras, announced plans to set up a major distribution center in Colon to support sales of its products throughout the Americas.

In northern Argentina, near where the Chinese are developing a lithium mining operation and constructing the hemisphere’s largest array of photovoltaic cells for electricity generation, the Chinese company ZTE is installing another “911” style emergency response system with 1,200 cameras.

In Venezuela, although not a surveillance system per se, the Chinese company ZTE has helped the regime of Nicholas Maduro implement a “fatherland identity card” linking different kinds of data on individuals through an identity card which allows the state to confer privileges (such as rationing food) as a tool for social control.

As with sectors such as computers and telecommunications, the PRC arguably wishes to support the global export of such systems by its companies to advance technologies it recognizes as strategic for the Chinese nation, per its own official policy documents such as Made In China 2025.

The risks arising from spreading use of Chinese surveillance equipment and architectures are multiple and significant, involving: (1) the sensitivity of the data collected on specific persons and activities, particularly when processed through technologies such as facial recognition, integrated with other data, and analyzed through artificial intelligence (AI) and other sophisticated algorithms, (2) the potential ability to surreptitiously obtain access to that data, not only through the collection devices, but at any number of points as it is communicated, stored, and analyzed, and (3) the long-term potential for such systems to contribute to the sustainment of authoritarian regimes (such as those in Venezuela, Bolivia, Cuba, and formerly Ecuador) whose corrupt elites provide strategic access and commercial benefits to the Chinese state.

The risk posed by such Chinese architectures is underestimated by simply focusing on the cameras and sensors themselves.

Facial and other recognition technologies, and the ability to integrate data from different sensors and other sources such as smartphones enables those with access to the technology to follow the movement of individual human beings and events, with frightening implications. It includes the ability to potentially track key political and business elites, dissidents, or other persons of interest, flagging possible meetings between two or more, and the associated implications involving political or business meetings and the events that they may produce. Flows of goods or other activities around government buildings, factories, or other sites of interest may provide other types of information for political or commercial advantage, from winning bids to blackmailing compromised persons.

While some may take assurance that the cameras and other components are safely guarded by benevolent governments or companies, the dispersed nature of the architectures, passing information, instructions, and analysis across great distances, means that the greatest risk is not physical access to the cameras, but the diversion of information throughout the process, particularly by those who built the components, databases and communication systems, and by those who wrote the algorithms (increasingly Chinese across the board).

With respect to the political impact of such systems, while democratic governments may install them for noble purposes such as crimefighting and emergency response, and with limitations that respect individual privacy, authoritarian regimes who contract the Chinese for such technologies are not so limited, and have every incentive to use the technology to combat dissent and sustain themselves in power.

The PRC, which continues to perfect it against its own population in places like Xinjiang (against the Uighur Muslims there), not only benefits commercially from selling the technology, but also benefits when allied dictatorships provide a testing ground for product development, and by using it to combat the opposition, keeping friends like Maduro in power, continuing to deliver the goods and access to Beijing.

As with the debate over Huawei, whether or not Chinese companies are currently exploiting the surveillance and control systems they are deploying across Latin America to benefit the Chinese state, Chinese law (under which they operate) requires them to do so, if the PRC government so demands.

The PRC record of systematic espionage, forced technology transfer, and other bad behavior should leave no one in Latin America comfortable that the PRC will not, at some point in the future, exploit such an enormous opportunity.

▻https://www.newsmax.com/evanellis/china-surveillance-latin-america-cameras/2019/04/12/id/911484

#Amérique_latine #Chine #surveillance #frontières #contrôles_frontaliers #Argentine #Brésil
ping @reka

Venezuela’s Electric Grid Was Attacked From Abroad: Russia | News | teleSUR English
▻https://www.telesurenglish.net/news/Venezuelas-Electric-Grid-Was-Attacked-From-Abroad-Russia-20190315-00

Russia’s Foreign Ministry spokeswoman Maria Zakharova said Friday her country considers that Venezuela’s blackout was due to a cyber attack from abroad, the same version provided by the Venezuelan government for the massive loss of electric services across most of the country for five days.

“According to the country’s legitimate government headed by President Nicolas Maduro, as well as to information from other credible sources, Venezuela’s power grid was attacked from abroad,” Zakharova said and pointed out that “it was an attempt to remotely influence control systems at major electrical substations where Canadian-made equipment is installed.”

#imperialisme #venezuela

Lime scooters have a software bug that causes them to hurl their riders to the ground / Boing Boing
▻https://boingboing.net/2019/02/24/owner-overrides.html
Was für ein Mist. Das soll nun auch berliner Bürgersteige füllen.

Lime scooters have been recalled in Switzerland and cleared off the streets of New Zealand following a string of injuries, including multiple broken bones, caused by a software bug that brings the scooters to an abrupt halt, throwing their riders off (the scooters are still available in the USA despite an account of a similar incident in Texas).

The company says it has found the bug: “[I]n very rare cases—usually riding downhill at top speed while hitting a pothole or other obstacle—excessive brake force on the front wheel can occur, resulting in a scooter stopping unexpectedly.”

There’s an important underlying issue here that illustrates one of the ways in which devices whose rental terms are enforced by software do not fail safe: Lime scooters are designed so that they can be remotely immobilized, over the internet, if your credit runs out or if the scooter is doing something else the company disfavors.

This design constraint means that the users of the scooter can’t (in some circumstances) override the brakes. Malicious code, or code with errors in it, poses a constant risk for the scooter rider, because if it triggers this braking function, then by design the system will treat attempts by the rider override the immobilization command as an attack.

In an ideal world, we’d design the control systems for devices that can harm their users to fail safe, with overrides for owners that let them judge when safety features are inappropriately triggered. But when the “safety” that these features ensures is the safety of a rental company, not the user of the device, then the “fail safe” mode is one that elevates the protection of the owner’s capital investment over the user’s physical wellbeing.

This is bad enough in scooters, but in cars it’s potentially lethal. It’s also the most rapidly proliferating model of embedded systems design, as “software as a service” metastasizes into “hardware as a service,” sometimes merging with other abusive modes of computing to create a kind of Inkjet Dystopia.

(No word on whether Lime will follow industry leader Bird by sending out bogus legal threats to people who write in detail about its flaws)

The company claims that fewer than 0.0045% of all rides worldwide have been affected, adding that “any injury is one too many.” An initial fix reduced the number of incidents, it said, and a final update underway on all scooters will soon be complete.

A software glitch is throwing riders off of Lime scooters [Corinne Purtill/Quartz]

#disruption #Verkehr

#stuxnet files

W32.Stuxnet Dossier
v1.4, February 2011, Symantec

▻https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf
(Nicolas Falliere, Liam O Murchu, and Eric Chien)

In order to achieve this goal the creators amassed a vast array of components to increase their chances of success. This includes 4 zero-day exploits, a Windows rootkit, the first ever PLC [Programmable Logic Controller] rootkit, [compromise 2 digital certificates] antivirus evasion techniques, complex process injection and hooking code, network infection routines, peer-to-peer updates, and a command and control interface. We take a look at each of the different components of Stuxnet to understand how the threat works in detail while keeping in mind that the ultimate goal of the threat is the most interesting and relevant part of the threat.

[...]

Stuxnet contains many features such as:
• Self-replicates through removable drives exploiting a vulnerability allowing auto-execution. "Microsoft Windows Shortcut ‘LNK/PIF’ Files Automatic File Execution Vulnerability (BID 41732) CVE-2010-2568"
• Spreads in a LAN through a vulnerability in the Windows Print Spooler. "Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability (BID 43073) CVE-2010-2729"
• Spreads through SMB by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874), CVE-2008-4250
• Copies and executes itself on remote computers through network shares.
• Copies and executes itself on remote computers running a WinCC database server.
• Copies itself into Step 7 projects [ Siemens SIMATIC Step 7 industrial control software] in such a way that it automatically executes when the Step 7 project is loaded.
• Updates itself through a peer-to-peer mechanism within a LAN.
• Exploits a total of four unpatched Microsoft vulnerabilities, two of which are previously mentioned vulnerabilities for self-replication and the other two are escalation of privilege vulnerabilities that have yet to be disclosed.
• Contacts a command and control server that allows the hacker to download and execute code, including updated versions.
• Contains a Windows rootkit that hide its binaries.
• Attempts to bypass security products.
• Fingerprints a specific industrial control system (ICS) and modifies code on the Siemens PLCs to potentially sabotage the system.
• Hides modified code on PLCs, essentially a rootkit for PLCs.

Stuxnet Malware and Natanz: Update of ISIS December 22, 2010 Report - update Feb 15, 2011

▻http://isis-online.org/uploads/isis-reports/documents/stuxnet_update_15Feb2011.pdf
(David Albright, Paul Brannan, and Christina Walrond)

In the December 22, 2010 ISIS [Institute for Science and International Security] report on Stuxnet, ISIS found that this malware contained important evidence indicating that its target was the IR-1 centrifuges at the Fuel Enrichment Plant (FEP) at Natanz. ISIS focused on the attack sequences generated by a Siemens S7-315 programmable logic controller (PLC) connected to frequency converters of a particular type. The ISIS analysis centered on the rotational frequencies listed in these detailed attack sequences. These frequencies matched, in two cases identically, key frequencies characteristic of the IR-1 centrifuge at the FEP.

A further analysis of another attack sequence has revealed that this code contains a description of what appears to be an exact copy of the IR-1 cascade at the FEP. The attack is titled “Sequence C” by Symantec, the computer security company that has conducted the most thorough and reliable open analysis of the malware’s code, or “417 code” after the advanced Siemens S7-417 programmable logic controller that Stuxnet targets. However, the 417 code is not activated and thus unable to launch an attack. Moreover, key data is missing from the code available to Symantec that would define exactly what is affected or sabotaged. Symantec has assessed that the 417 code is likely unfinished, perhaps a work in progress.

Additional analysis also lends more support to the conclusion that the Stuxnet malware is aimed principally at centrifuges, not manipulating parameters of the centrifuge cascades so as to lower the production low enriched uranium (LEU) on a sustained basis. To date, Stuxnet is known to have had at least one attack. It is increasingly accepted that, in late 2009 or early 2010, Stuxnet destroyed about 1,000 IR-1 centrifuges out of about 9,000 deployed at the site. The effect of this attack was significant. It rattled the Iranians, who were unlikely to know what caused the breakage, delayed the expected expansion of the plant, and further consumed a limited supply of centrifuges to replace those destroyed. Nonetheless, Iran took steps in the aftermath of the attack that likely reduced further damage by Stuxnet, principally shutting down many centrifuge cascades for months. The shutdown lasted long enough for the malware to be discovered publicly, which time Iran could have found Stuxnet on the Natanz control systems.

[...]

New Finding: Evidence of Targeting Natanz in Sequence C or 417 Code
Soon after the publication of the ISIS December 22 report, Ralph Langner, a German security expert, contacted ISIS after noticing that each of the Natanz centrifuge cascades contained 164 centrifuges. He said that the 417 code, or sequence C, is grouped in six arrays of 164 units each, perhaps representing six cascades, each with 164 centrifuges.
Based on Symantec’s analysis of this array, ISIS discovered that this array is identical to an IR-1 centrifuge cascade at the FEP. This evidence is perhaps the strongest evidence that Stuxnet is aimed at Natanz.

[...]
But with key data missing, one can only speculate about what the 417 code aims to sabotage. According to Symantec, the data sent to the cascades appear more aimed at flipping a series of on/off values rather than sending a packet of commands like the 315 code sends to frequency converters.

L’Arabie Saoudite engage une agence de sécurité accusée de violer les droits des Palestiniens et de torture pour assurer la sécurité durant le pèlerinage à La Mecque | Al Akhbar English

►http://english.al-akhbar.com/content/saudi-hires-occupation-friendly-company-hajj-security

G4S’ subsidiary in Israel (Hashmira) was awarded a contract with the Israeli Prison Service in July 2007 to supply equipment and security services that enable violations of Articles 49 and 76 of the Fourth Geneva Convention. The company provides security systems and centralized control systems to the Hasharon-Ramonim prison, which contains a section for Palestinian political prisoners.

G4S has installed a central command room in Megiddo Prison, in addition to supplying a wide array of security services to the Damon and Ketziot prisons. In Ofer, the prison where more than 1,500 Palestinians are detained – mostly administrative prisoners – G4S has also installed a central command room and provided protection through peripheral defense systems on the walls surrounding the prison. The company routinely supplies systems for command and control, IT, CCTV, and communications to Israeli prisons.

In the Jalma and Maskoubieh interrogation centers, which are also serviced by G4S, not even children are spared from torture. It is in one of those centers that Palestinian detainee Arafat Jaradat was tortured to death earlier this year. There, too, Luay al-Ashqar, a Palestinian administrative detainee, became permanently paralyzed in his left leg when he suffered a triple fracture in his spine during his detention.