Friday, April 11, 2014

Heartbleed bug gives Internet users massive headache

This week Microsoft ended its support of Windows XP meaning that that up to 25% of Windows users in the world could be vulnerable to increased attacks by hackers. While serious this was nothing compared to the reports that OpenSSL, which is meant to encrypt communications between a user's computer and a web server, had bugs.

Discovery of bug

The bug was independently discovered by a team of security engineers at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. Codenomicon team found the Heartbleed bug while improving the SafeGuard feature in Codenomicon's Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to OpenSSL team.

Given the name Heartbleed by the Codenomicon team, it was deemed "a serious vulnerability in the popular OpenSSL cryptographic software library".

This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet, the team said. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs), the team added, on a special website set up following its discovery.

Catastrophic

Dubbed "the biggest security issues that's faced the Internet to date" by some commentators, others described it as even more serious. Bruce Schneier, an American cryptographer, computer security and privacy specialist, said the discovery was "catastrophic" on his blog.

The bug is not only serious in relation to security but also serves as a wake-up call to how security and passwords are handled both by users and the language of the Internet.

Users have been constantly encouraged to use both strong passwords and individual passwords for every website. Furthermore individuals are encouraged to change passwords frequently. However, even those who might have followed such advice would still have been vulnerable to the so-called Heartbleed bug since it had remained undiscovered for at least two years. This would have made it possible for any group or individual with knowledge of its existence to harvest information from users of websites where OpenSSL was employed.

NSA & espionage

In fact some have suggested that this may have been behind the NSA's supposed ability to monitor individuals' Google or Facebook accounts. Although the NSA could have used the Heartbleed vulnerability to obtain usernames and passwords, as well as so-called session cookies to access online accounts, this would have only allowed them to hijack specific accounts whose data they obtained. For the NSA and other spies, the real value in the vulnerability lies in the private keys used for SSL that it may allow attackers to obtain [Wired / EFF].

Cracking SSL to decrypt Internet traffic has long been on the NSA's wish list and according to the Guardian, in an article published in September 2013, the NSA and Britain's GCHQ had "successfully cracked" much of the online encryption Internet users rely on to secure email and other sensitive transactions and data.

Schneier is one of many who have questioned how such a major issue could have been included in the OpenSSL technology, and suggested that, within the context of the PRISM scandal, intelligence agencies may have played a part. "At this point, the odds are close to one that every target has had its private keys extracted by multiple intelligence agencies," he said.

"The real question is whether or not someone deliberately inserted this bug into OpenSSL and has had two years of unfettered access to everything."

Some of the concerns as regards NSA snooping pre-dates the existence of Heartbleed. Nonetheless, the discovery of Heartbleed raises the issue concerning Internet security and privacy once again.

Reporting & advice

Following its discovery on Friday 4th April, Google immediately patched the gaping security hole, as did other tech companies that were made aware of it before it was finally made public on Monday 7th. Even then news leaked out slowly and with much confusion over what people should do. On Tuesday 8th April the BBC reported the vulnerability but gave no clear advice as to what users might do to remain safe online. Indeed even the BBC later reported the whole issue had brought nothing but confusion. 

Other websites were more forthright and suggested Internet users change all their passwords. Time ran with just such a headline and Tumblr, the photosharing website now owned by Yahoo, suggested users take the day off and revise their password list.

"This might be a good day to call in sick and take some time to change your passwords everywhere — especially your high-security services like email, file storage, and banking, which may have been compromised by this bug," Tumblr wrote on an online post.

Bad advice

Whilst such suggestions seemed good advice on the face of it, following through could have left some people even more exposed than they were already. Should a website or server not made appropriate changes and updated certificates and patches, Internet users may, by changing their password pass this on to third parties. Indeed given the vulnerability was now public there would be a far stronger chance that vulnerable websites would be targeted by hackers looking for such data.

In fact the best advice was in fact to sit back a little and wait. Users were correctly advised by some news outlets to check to see whether a website was vulnerable, and whether it had carried out the necessary updates. Only then should users change passwords.

The Heartbleed website itself helped by providing a tool in order to identify affected sites.

Other independent technology websites helped out by providing lists of affected sites and others which were not. Mashable provided a useful list and some advice alongside, while Github also published an extensive list of vulnerable websites [as of 8th April]. Mainstream media reports were however scant on detail. For example ABC cited only a handful of well known tech companies such as Google, Facebook and Yahoo.

The general advice now was that people should change passwords, with the caveat that the site be checked to see that it had patched the security holes. On Wednesday 8th April the BBC reported that both "tech firms" and "security advisors" were urging people to change all their passwords, advice that was repeated on other news outlets throughout the week [Daily Mail].

But other reports in other media suggested the opposite. On the same day the Guardian wrote that "security experts" were warning people not to update passwords.

Confused reports

But what of the tech firms, banks and websites themselves? It appeared they were just as clueless, confused or simply remained silent over the whole issue.

Few sent emails or posted messages on their websites concerning the bug and as to what their users might do.

Indeed given the possibility that even banks might have been affected there might well have been a sense of panic from many uses of online banking systems. Yet banks were either evasive or non committal.

When contacted by the Daily Mail on the 9th April many of Britain's major banks would not comment on whether passwords should be changed. The HSBC said they were 'monitoring' the situation and a Lloyds spokesman said they would not comment on security issues.

Yet in an article published in the Daily Mirror it reported that Lloyds, NatWest and the Royal Bank of Scotland had said their websites were not vulnerable to attack. On the other side of the Atlantic there was just as much confusion. CBC reported that banks weren't at risk but CNN said they could not verify whether American Express and a number of other financial companies were vulnerable. By Thursday the Telegraph provided some clarification in its list which showed UK banks were unaffected

Meanwhile no major banking organisation made any public statement to their users through their websites, email or letter.

In truth, even if vulnerable to the OpenSSL bug most banks have a second layer of security such as the use of special USB sticks, electronic keypads or interfaces within pages which evade keylogging viruses. Nonetheless the absence of information has left some people who use the Internet confused and worried.

Outside of banking there are things that may also have helped prevent third parties accessing data such as 2-step-verification as used by Google and others. Essentially this requires a mobile phone to which special codes are sent in order to log-in at an unfamiliar location or computer.

No-one safe

Such methods can certainly help to protect users but as Reuters reported on Wednesday there is little most people can do to protect themselves from such bugs.

With OpenSSL used on about two-thirds of all web servers there is much patching to be done. To look at it another way it affects more than 60% of the world's websites and some half a million servers. This will be difficult for the millions of websites and companies involved [PCWorld]. In the meantime hackers will be attempting to exploit the remaining open holes.

And with the cat out of the bag, and with many sites still unpatched it is open season for hackers and phishers. Kurt Baumgartner, a researcher with security software maker Kaspersky Lab, told Reuters his firm uncovered evidence Monday that a few hacking groups believed to be involved in state-sponsored cyber espionage were running scans shortly after news of the bug first surfaced on Monday.

By Tuesday, Kaspersky had identified scans coming from "tens" of actors, and the number increased on Wednesday after Rapid7 released a free tool for conducting such scans. "The problem is insidious," Baumgartner said. "Now it is amateur hour. Everybody is doing it."

The risks go further with Kaspersky Lab's Baumgartner saying that devices besides servers could be vulnerable to attacks because they run software programs with vulnerable OpenSSL code built into them.

Others affected

They include versions of Cisco Systems Inc's AnyConnect for iOS and Desktop Collaboration, Tor, OpenVPN and Viscosity from Spark Labs. The developers of those programs should have either updated their software or published directions for users on how to mitigate potential attacks.

Indeed many have already addressed the issue though many users of such services did not get an update emailed to them [VPNspblog]. Instead updates were often posted on social media such as one by 12VPN on Twitter which stated that their webservers were patched and their VPN methods were not affected. As such many users may well have missed this important message.

Problems were further compounded when Cisco and Juniper revealed their server equipment was also affected by Heartbleed [WSJ]. And while the average user of Facebook of Google changed their passwords, the issues surrounding Cisco and Juniper equipment could be time consuming. According to Jaime Blasco, director of AlienVault Labs, part of AlienVault LLC, it will take longer to fix networking equipment and software because Cisco and Juniper will have to rely on customers applying the patches they push out. "It's more painful to update these kinds of devices," Blasco said. "You have to go one by one." [Business Week]

Juniper and Cisco equipment is widely used around the world including China where it has been employed in the so-called Great Firewall of China. It is unclear if China's censorship machine was or will be affected, but websites across China were in just as much as a panic as the rest of the world to patch up the security holes.

Hackers exploit bug

On Thursday both Xinhua and the People's Daily reported that major websites were "taking steps" to mitigate problems. The People's Daily also said there were signs that some hackers had already taken advantage of the flaw, but did not elaborate further. And according to Wang Minghua with the National Computer Network Emergency Response Technical Team Coordination Center, "a surge in such attacks could be expected soon". The US have also issued warnings saying hackers are already exploiting the bug [BBC]. 

All this was surely enough to give anyone potentially affected by Heartbleed a severe headache. The damage may turn out to be small, but as the Guardian this week discussed, there is a risk such flaws could reoccur in the future. With programmer Robin Seggelmann, who wrote the code for the part of OpenSSL that led to Heartbleed, saying it was an accident, the risk of a human error recurring is a sure bet [Mashable].

tvnewswatch, London, UK

Sunday, March 16, 2014

MH370: "Criminal" investigation begins, search widens

Theories on what caused Malaysian Airlines flight MH370 to deviate from its intended flight path from Kuala Lumpur to Beijing have shifted focus with pilot suicide, terrorism & even cyber-hijack cited as possibilities. Meanwhile the search for the missing plane has widened to an area stretching several hundred kilometres and across several countries.

After a week of searching for the missing Boeing 777-200ER new data emerged that confirmed the plane had turned back, headed west and then turned either north or south, travelling for several hours before data was lost.

Investigators are now convinced that someone on the aircraft deliberately took control and flew it on a different route.

Chronology of events

Soon after flight MH370 took off from Kuala Lumpur International Airport the ACARS transmitter was switched off or otherwise disabled. ACARS is used to send various types of data, such as information relating to fuel consumption, engine performance data, aircraft position and occasionally text style messages. The switching off of this data stream may have been overlooked by Malaysian Air Traffic Control however since they raised no concerns and later made the routine call to the plane when it was about to enter Vietnamese airspace.

On being informed to contact Ho Chi Minh ATC in Vietnam there was only the simple audio message response, “All right, roger that” [BBC].
[Note that some media have also reported the pilot returned a response as, “All right, goodnight”] / Timeline: BBC / Washington Post

Deviated

What has now become clear, from studying military radar data, is that the plane made a counter-clockwise turn and headed west back across Malaysia.

Then on Saturday, one week after the disappearance of the Boeing plane, it was revealed that a satellite belonging to Inmarsat had picked up a ‘ping’ from the aircraft [Inmarsat - Press Release].

Analysts had studied this new data and extrapolated the possible route that the plane may have followed. Given only one satellite had picked up the plane, triangulation was not possible. Thus investigators could only determine the plane’s possible trajectory as being within one of two arcs that extended several hundred kilometres.

One one possible route the plane would have headed was south across the Indian Ocean with no possible landing place. The other route would have taken the plane across India, China, and as far north as Kazakhstan.

While the route was approximate, data showed the plane was in the air for several hours, though it has not emerged for exactly how long.

Control

From the newly uncovered data, investigators were now convinced that someone in the cockpit took control of the aircraft. The question was who and why?

Suspicions have focused firstly on the pilots. Plain-clothes detectives have searched the homes of both the captain, 53-year-old Zaharie Ahmad Shah, and co-pilot, 27-year-old Fariq Abdul Hamid.

Neither had, according to authorities, made a request to fly together, something that had been speculated by some media reports. There was some concern expressed by reports that the captain had an elaborate flight simulator installed at his home.

Malaysia's Transport Ministry confirmed that they were examining the flight simulator taken from his home, but did not elaborate further.

Neighbours, speaking to CNN, were sceptical of any suggestion Captain Shah would have endangered his own aircraft or its passengers and said the media were making too many assumptions of his owning a flight simulator.

There are suggestions too that the captain was political fanatic and an ‘obsessive’ supporter of Malaysia’s opposition leader, Anwar Ibrahim [BBC - Profile / Daily Mail].

Possible hijacking

The speed at which ACARS and the transponder were switched off has prompted many investigators to dismiss the possibility of a hijacking.

Flight MH370 departed from Kuala Lumpur International Airport at 00:41 on Saturday [16:41 GMT Friday], and was due to arrive in Beijing at 06:30 [22:30 GMT].

Malaysia Airlines says the plane lost contact at 01:30 [17:30 GMT] 49 minutes after takeoff. However ACARS had been switched off shortly after the aircraft had reached its cruising height of 35 feet at 01:01 [17:01 GMT].

Only on reaching cruising height would seatbelt signs be switched off. Thus terrorists or hijackers would have only a small window in which to launch an attack on the cockpit.

Nonetheless, minutes may be all that was needed.

Terrorism

The possibility of a terrorist attack is raised in several reports. The Sunday Telegraph reported that there was a possible plot being investigated after an Al-Qaeda supergrass told a court that four or five Malaysian men had planned to hijack a passenger airliner.

Giving evidence at the trial in New York of Sulaiman Abu Ghaith, Osama bin Laden’s son-in-law, Saajid Badat, a British-born Muslim from Gloucester, said that he had been instructed at a terrorist training camp in Afghanistan to give a shoe bomb to some Malaysian terrorists. “I gave one of my shoes to the Malaysians. I think it was to access the cockpit,” Badat said.

Badat, who spoke via video link and is in hiding in the UK, said the Malaysian plot was being masterminded by Khalid Sheikh Mohammed, said to be the principal architect of 9/11. The reports have certainly refocused the media spotlight on Al-Qaeda [News.com.au].

Motives

Should terrorists have taken control of Malaysian Airlines flight MH370 there surely must have been a motive.

Several media reports point their suspicions to Uyghur separatists. Indeed such theories do have some credence.

Reuters this week reported that Uyghur rebel Abdullah Mansour had said he was intent on bringing a Holy Fight to China because of its treatment of Muslims in the country.

Speaking from an undisclosed location Pakistan Mansour said, “The fight against China is our Islamic responsibility and we have to fulfil it.”

Interestingly if the plane had turned west from the South China Sea and then turned north-west towards Kazakhstan, it would have taken a direct path over Xinjiang, the Uyghur heartland.

In the Reuter’s report, Mansour said attacking China was the duty of not only his party, but all Muslims. And while he made no mention of the missing Malaysian Airlines plane or a recent terror attack in Kunming, Mansour said there were many operations being planned.

“We have plans for many attacks [against] China,” he told Reuters. “We have a message to China that East Turkestan people and other Muslims have woken up. They cannot suppress us and Islam any more. Muslims will take revenge.”

The Turkestan Islamic Party, which China equates with the East Turkestan Islamic Movement [ETIM], keeps a low profile in Pakistan. Unlike the Taliban, it almost never posts videos promoting its activities or ideology. Its exact size is unknown and some experts dispute its ability to orchestrate attacks in China, or that it exists at all as a cohesive group [Reuters / Guardian Liberty Voice / EuroNews / News.com.au / Daily Mail].

Cyber-hijack

Aside of the obvious theories of a pilot suicide or conventional hijack there has also been the suggestion MH370 was the victim of the first cyber-hijack. Several Sunday newspapers reported that the plane might have been controlled from the ground or even on board the aircraft using something as simple as a mobile phone [CNN].

“It might well be the world’s first cyber hijack,” British anti-terror expert Dr Sally Leivesley said.

Dr Leivesley, a former Home Office scientific adviser, said the hackers could have changed the plane’s speed, altitude and direction by sending radio signals to its flight management system. It could then be landed or made to crash by remote control.

Again both the theory and motive are highly speculative with possible perpetrators cited as being criminal gangs, terrorists or a even a foreign power [Express / Daily Mail].

Wider search

With the search now expanded across a vast stretch of ocean and several countries the hunt for flight MH370 has become all the more complicated.

Many of the countries that the plane may have crossed are particularly sensitive about revealing their defence capabilities. Indeed Indonesia said on Sunday that it would have to take requests for military radar data under advisement though it said it would launch land searches.

Even where countries are prepared to release data this may reveal little. Vast regions are not covered by radar or, according to some reports, operate on an “as needed” basis.

The search now involves 25 countries, from the previous 14 engaged in the multi-national effort. Planes will have to seek special permission to search some territories which may further delay efforts in finding the missing aircraft.

Mystery

What remains a mystery is where the plane might be. Did it crash after running out of fuel? Did the hijackers or pilots land at a remote airfield and if so what has become of the 12 crew members and 227 passengers on board?

If terror related there is the slim possibility they might be planning video executions such as seen throughout the Iraq War. In fact even FBI investigators say the disappearance of MH370 may have been ‘an act of piracy’ with the possibility that hundreds of passengers are being held at an unknown location not being ruled out.

A more likely possibility is a failed 9/11 style plot. However the apparent north-westerly route seems to dismiss this since there are no high profile targets along this trajectory.

If a pilot suicide, this would seem unlikely given the distance covered. Surely any such attempt to commit suicide and destroy the plane would have been conducted as soon as one had control of the aircraft.

A cyber-hijack in some ways makes the most sense. Should someone have taken absolute control of the plane, switching off communications, transponders and sending it on a new course, the pilots may have been unable to do anything but watch as their aircraft flew towards Kazakhstan before finally running out of fuel.

But what would be the purpose? If it was a cyber-hijack it could have been a test run. Finding out how far one could travel undetected or unchallenged. Indeed it does appear that the plane managed to fly without identifying itself for hundreds of kilometres whilst travelling through several countries’ airspace. The only alternative to it running out of fuel or landing is that MH370 was shot down and no country has admitted responsibility.

The shooting down of a civilian aircraft has happened a number of times in the past. There have been more than a dozen such incidents since 1970 many by fighter jets who have downed airliners for violating sovereign airspace and failed to respond to radio transmissions [Wikipedia: List of airliner shootdown incidents].

However much such theories fit, there will be no real way of knowing until the plane, whole or in part, is located.

tvnewswatch, London, UK

Thursday, March 13, 2014

The mystery & tragedy of flight MH370

Mystery still surrounds the disappearance of flight MH370, a Boeing 777-200ER which went missing last Saturday [8/3/2014].

Disappeared

Flight MH370 had departed from Kuala Lumpur International Airport in Malaysia at 00:41 on Saturday local time [16:41 GMT Friday], and was due to arrive in Beijing at 06:30. But Air traffic controllers lost contact at 01:30, less than an hour into its flight.

Malaysian officials said that the last verbal communication with the plane came at the boundary between Malaysian and Vietnamese airspace. Malaysia's air traffic control informed the pilot that the flight was about to fly into Vietnamese airspace and told them to contact Ho Chi Minh control. "OK, roger that", was the last radio transmission.

Soon after the aircraft’s transponder went off and there were no further communications from the aircraft.

Terrorism theory

There have been countless theories as to what became of the plane with a strong focus on terrorism, a catastrophic structural failure or even pilot suicide.

Concerns were doubly raised when it was revealed that two passengers had boarded using stolen passports [Telegraph]. Later identified as two Iranians, Delvar Suyed Mohammad Reza & Pouria Nour Mohammad Mehrdad, their involvement in foul play was discounted since both individuals had arranged to meet up with relatives in Frankfurt, Germany.

Nonetheless some government agencies, including the CIA, said they had still not ruled out terrorism. Indeed there is some concern that coming on the heels of a terror attack in Kunming, Yunnan, China, only a week earlier, the disappearance of flight MH370 might have been a terror attack perpetrated by Uyghur separatists.

There is certainly anecdotal evidence supporting such theories. China has claimed several times to have thwarted terror attacks aimed at bringing down planes.

In June 2012 passengers subdued a person who tried to gain access to the cockpit of Tianjin Airlines Flight 7554 which was travelling between Hotan Airport to Urumqi, the regional capital of Xinjiang of Urumqi [ABC].

In 2008 Chinese state news agencies reported that a China Southern Airlines plane was forced to land because "some people were attempting to create an air disaster." The flight had taken off from Urumqi, the capital of the Xinjiang Uyghur Autonomous Region, and militants had attempted to hijack the plane but were foiled by the flight crew, according to officials. [CNN / LA Times].

Malaysia forcibly returned at least 11 Uyghurs on 6th August 2011. On the same day, the Thai government turned over an ethnic Uyghur, Nur Muhammed, to Chinese diplomats in Bangkok. And on 8th August, Pakistan deported five blindfolded and handcuffed Uyghurs, including a woman and two children, to China, media reports said. It is unclear whether these individuals had any connection to separatist activities, but such deportations certainly raise the finger of suspicion.

Structural failure

One main theory is that there was a catastrophic failure of the aircraft. An FAA [Federal Aviation Administration] had earlier approved an order asking that hundreds of 777s be checked for cracks and corrosion issues. The concern was that should these problems go undetected, they could potentially lead to decompression problems or a "loss of structural integrity of a plane", essentially resulting in a break-up mid-air [CNN].

A sudden depression in the cabin could have resulted in the pilots falling unconscious sending the plane well beyond the current search zone as it flew on autopilot before running out of fuel.

Malaysian authorities dismissed such possibilities saying the aircraft had been inspected in February and given an all-clear. The FAA warning also seemed to reject this possibility. The warning related to the fuselage skin underneath an adapter for the airplane's satellite communications antenna something that was not fitted on the 777-200ER Malaysia Airlines aircraft, and as such was not subject to the FAA order, Boeing said [Reuters].

Suicide

Another theory being discussed is pilot suicide, and there were suggestions that authorities had begun to investigate the backgrounds of the crew. However Malaysian officials denied they had searched the homes of the pilots. Meanwhile, police sources said they had questioned the pilot’s family and were investigating if there were any underlying mental or psychological issues [News.com.au / Daily Mail].

There have also been reports that the co-pilot at the controls of the missing Malaysia Airlines flight MH370 had invited a Melbourne tourist and her friend into the cockpit where he smoked, took photos and entertained the pair during a previous international flight. Fariq Abdul Hamid’s behaviour has certainly raised eyebrows, especially in a post-9/11 world where the integrity of the cockpit is now considered to be off limits to passengers on security and safety grounds [Guardian / News.com.au / Nine MSN]

Confused information

There has been much criticism, especially from China, concerning the information coming from Malaysian officials. Information has been sketchy, confused and contradictory at best.

There have been reports the plane turned back and that military radar had tracked the aircraft to the Malacca Strait, hundreds of kilometres to the west of its last reported position. But these reports were later quashed by another military spokesperson [NBC].

The confusion has resulted in searches being conducted in areas that may not have been necessary. But Malaysian authorities have defended their efforts. “This is a crisis situation... and a complex situation,” a spokesman said Thursday before adding, “We have not done anything to jeopardize this search effort”.

Extensive search

That search effort has been extensive and involved many nations. Much of the search has been conducted conventionally with the use of planes, boats and helicopters. Several nations have sent warships and aircraft to the areas where flight MH370 may have gone down but some 6 days after the plane disappeared there has been no sign of wreckage.

However there are many who believe that the search has been hindered by imprecise, incomplete, and sometimes inaccurate information which have raised doubts about the aircraft's possible location and trajectory.

The searches have also stretched to hi-tech methods. On Wednesday China released satellite images taken on Sunday morning, a full 24 hours after the Malaysian flight disappeared. However, soon after the pictures were posted to the State Administration for Science, Technology and Industry for National Defence (SASTIND) website, the portal became inaccessible for several hours.

Meanwhile news stations poured over the images and debated their veracity, the poor image quality and timing of their release. There were questions over whether the images truly showed wreckage of the missing Boeing 777-200ER. Given the dimensions of the supposed debris some commentators on CNN were sceptical that the images showed parts of an aircraft at all. The estimated size of one piece was 24 metres by 22 metres, too large to be a part of the plane.

There was also a debate over why it had taken more than three days for the Chinese to release the images and a discussion as to why the images were so fuzzy. There was some suggestion that the photographs had been deliberately doctored in order to hide China’s satellite capabilities.

There was a sense that the position of the supposed debris was correct given the last reported position of the aircraft and the prevailing currents. However, by Thursday China said they had released the images by mistake [BBC]. Furthermore, a search in the area concerned proved fruitless.

Crowd-sourcing

There have also been crowd-sourced searches for the missing plane. Digital Globe,  a commercial vendor of space imagery, set up a portal through which Internet users could browse through satellite photographs and mark objects which might show signs of the aircraft [Telegraph].

As well as satellites even the International Space Station has been employed, training cameras on the region, though sifting through all these images can take hundreds of man-hours and even then one could miss any potential evidence.

Wake-up call

While the cause of the disappearance of flight MH370 has yet to be established, the incident should serve as a wake-up call on a number of levels.

In respect to security, there has been a major failure in allowing two individuals to board the plane using stolen documents. These two men should have been stopped and apprehended upon their arrival at Kuala Lumpur airport. However, Malaysia failed to check the passports against a list maintained by Interpol. The number of names is significant, more than 39 million according to Interpol themselves. But the organisation said only a handful of nations, amongst them the UK, USA and UAE, bother even to check names and numbers on a routine basis.

Another concern is the issue surrounding flight data. The main problem surrounding the search for flight MH370 has been determining where it might have gone down. The problem might well have been made much easier should a constant stream of telemetry be broadcast as routine from international flights. While some modern aeroplanes are fitted with such equipment it is not mandatory.

There also needs to be better coordination between different agencies and countries. There have been several erroneous reports concerning what was transmitted from the aircraft and where it was last spotted either by its transponder or radar. Indeed this has led to confusion which may well have impeded search efforts.

Human tragedy

Almost forgotten in the fog of disinformation are the passengers of flight MH370.

There were 227 passengers, including 153 Chinese and 38 Malaysians, according to the manifest. Seven were children. All 12 crew members were Malaysian.

Families have expressed frustration at not receiving enough information and there have been angry scenes at daily press conferences in Beijing where relatives of the 153 Chinese on board the stricken plane have gathered.

In Australia too there have been criticisms coming from family members of seven passengers aboard the plane. The pain and anguish is likely to continue until evidence concerning the whereabouts of the Malaysian aircraft emerges.

Like Air France flight 447 it could take months if not years to find out what happened to the ill-fated flight of Malaysian Airline flight MH370 [BBC]. This delay and the not knowing will only make it harder for those who have lost their loved ones.


tvnewswatch, London, UK

Monday, March 03, 2014

Kunming terror attack leaves dozens dead

An attack on civilians at a train station in China has left at least 30 dead and more than 100 injured. It is the worst single terror attack, believed to have been carried out by Muslim separatists, China has seen in recent history.

The attack occurred at about 9:20 p.m. Beijing time, on Saturday 1st March, which saw at least ten attackers using long-bladed knives to stab and slash passengers.

According to initial reports about twenty had been killed, though the death toll swiftly rose to 33, amongst them four assailants who were said to have been shot by armed police.

State media said the attackers were Xinjiang militants, though there was no immediate claim of responsibility.

Escalation

The attack is an escalation of attacks believed to have been perpetrated by the Turkestan Islamic Party, sometimes referred to or linked with the East Turkestan Islamic Movement. The group, which has claimed responsibility for several attacks in the past, want independence from China.

Xinjiang has seen decades of tension with many people of Uyghur ethnicity having struggled to be an independent country.

A group of Uyghur separatists claim that the region, which they refer to as East Turkestan, is not legally a part of China, but was invaded by the PRC in 1949 and has since been under Chinese occupation. The separatist movement is led by Turkic Islamist militant organizations, most notably the East Turkestan independence movement, against the national government in Beijing.

The group have previously claimed responsibility for bomb attacks in Kunming in 2008 [tvnewswatch: Kunming hit by terror attack / tvnewswatch: Internet access blocked after Kunming attack / tvnewswatch: Islamic terrorism growing in China / tvnewswatch: Kunming bus bomber identified police say] and more recently an incident where a four wheel drive vehicle was deliberately driven into a crowd in Tiananmen Square in October last year [Wikipedia / BBC / SITE Intel Group].

China's 9/11

Given the seriousness of last week’s attack at Kunming station, some Chinese media referred to it as China’s 9/11. While the scale of the attack was much smaller, it was nonetheless significant in that it showed a rise in Islamic inspired terrorism.

The west has often itself been blamed by Chinese media for bringing about the 9/11 attacks through its foreign policy. Even amongst many Chinese there was a sense of excitement on seeing the Twin Towers being struck by planes and subsequently collapsing.

There were reports of people cheering while watching footage of the collapsing towers and some even let off fireworks. Donnie Wang, a project manager from Chongqing, who was 16 at the time, told the state run Global Times of his recollections. He spoke of the reactions of parents and teachers at his school when hearing the news. “Their jaws were flapping all the time and the burst of excitement was quite clear,” he said.

Of course there was a backdrop of resentment that had built over many years. Two years earlier, five American bombs had hit China’s embassy in Belgrade, killing three Chinese. And only months before the 9/11 attacks a US reconnaissance plane had collided with a Chinese fighter jet off the coast of Hainan, killing the Chinese pilot [See also: YouTube / Free Republic / SFGate].

A decade on, those who cheered the attack on America, in which more than 3,000 died, may well feel a sense of shame. Now China is feeling the wrath of Islamic extremists inspired by a similar ideology.

There can be no excuse for such attacks, though there may be some who will feel China has fuelled the fire by its oppression of the Uyghur people.

Reaction

Following 9/11 the Chinese President Jiang Zemin said he was "shocked" and sent his condolences to President Bush, while the Foreign Ministry said China "opposed all manner" of terrorism. And despite some Chinese having celebrated of the attacks, tens of thousands of people visited the US Embassy in Beijing, leaving flowers, cards, funeral wreaths and hand-written notes of condolence on the pavement.

They like many saw, that whatever the policy of the US government, the victims were innocent members of the public.

And so too of the terror attacks in Kunming and elsewhere. While the anger of the Xinjiang separatists might be directed towards the Chinese government, the victims have been ordinary Chinese people going about their everyday business.

Families have been torn apart, some left childless with several children reportedly amongst the victims. Others will be maimed for life, and few will fully understand the reason behind the attacks given how strictly controlled the media is in China. Indeed few will have any real knowledge about Xinjiang and the internal struggles that continue.

Censored news

In fact there will be many in China who may have missed the news of Kunming’s terror attack entirely. Whilst there was some coverage in the regional press with the Kunming Times carrying the story on its front page, for papers outside the region there was scant mention, if any, of the incident.

The Hong Kong based South China Morning Post reported that there was no mention of the attack in Beijing News, Beijing Times or Beijing Youth Daily, and the CCTV evening news did not report the attack. Where news stations did mention the attack it was only briefly referred to. Photos of the attack, many extremely graphic and taken by members of the public, were also swiftly deleted by censors from microblogs and social media.

English language media did report more extensively with the Global Times saying "a nationwide outrage has been stirred... [by] China's '9-11'" Hard to see how a whole nation was outraged, given many may well be oblivious to the attack.

Official response

While the media downplayed the attack, there were nonetheless statements issued by the CPC general secretary Xi Jinping and Premier Li Keqiang who assigned Meng Jianzhu, Secretary of the Central Politics and Law Commission to oversee the investigation. Meanwhile Lü Xinhua, spokesman for the second session of the National Committee of the Chinese People's Political Consultative Conference denounced the attack as a "serious violent terrorist attack [perpetrated by] terrorist elements from Xinjiang."

Abroad, the attack did make the news, though was much obscured by the growing tensions in the Ukraine.

Surprisingly, there were few public messages of condolence. The UN Secretary-General Ban Ki-moon strongly condemned the attack and expressed condolences to the bereaved families. Dilxat Rexit, a spokesman for the World Uighur Congress also condemned the attacks, saying he denounced "any form of violence", and urged the Chinese government to "ease systematic repression".

The French also released a statement expressing “solidarity” with the Chinese people, but that was about the extent of a world wide response.

Indeed, there was almost stony silence from the US, most European countries and others. Perhaps that says volumes for how some see the incident; a symptom and reaction to China’s brutal domestic policy.

More reports: Wikipedia / BBC / BBC / BBC/ Sky NewsGuardian / TelegraphDaily MailMirror / FTWSJ / LATimes / LATimes / China Smack (Graphic) / LiveLeak (Graphic)

tvnewswatch, London, UK

Friday, February 28, 2014

War of words as nations argue over human rights

In the history of the world there have been abhorrent abuses of people’s human rights. The abuses of medieval ages are past, but well into the 21st century human beings are still subject to torture, unjust incarceration, harassment or worse.

Such abuses are often detailed in reports from various organisations, including Amnesty International, Reporters Sans Frontières and Liberty.

Nation states also release reports detailing such abuses. However such reports often stir up consternation with other countries cited in such reports. At particular loggerheads are the United States and China who often engage in a tit-for-tat war of words over human rights abuses, amongst other issues.

US points finger at Syria, Russia & China

This week the US’s Bureau of Democracy, Human Rights and Labor published its annual Country Reports on Human Rights Practices for 2013 [BBC].

This year is particularly poignant since it is marked by the 65th anniversary of the Universal Declaration of Human Rights. But as the papers released by the State Department clearly detail, human rights abuses still continue.

While the main focus was the ongoing rights abuses in Syria, particularly singled out in the US report were Russia [PDF], that “continues to curb civil society and political opposition and target marginalized populations, including religious and ethnic minorities”, and China [PDF] for its “lack of judicial independence” which the US said “has fueled a state-directed crackdown on activists and suppression of political dissent and public advocacy.” 

In addition to the US report the US Ambassador also added his voice to the debate and called on China to respect human rights [Daily Mail].

But Russia and China were just to two biggest countries accused of abusing human rights. Ukraine which has seen a turbulent few weeks was also detailed in the report with its former government accused of exerting “increased pressure on civil society, journalists, and protesters calling for government accountability and a future with Europe.”

There were also concerns raised about Cuba and Egypt where their respective governments also “used excessive force to quell peaceful protests and dissent.” [Summary PDF]

China upset at "arbitrary & irresponsible attacks"

China, it appears, took umbrage at the US report and responded with its own dossier detailing the abuses by the United States [VoA].

In its response, published via China’s state run news agency Xinhua, the State Department of the United States was criticised for making “arbitrary attacks and irresponsible remarks” on the human rights situation in almost 200 countries and regions.

“The US carefully concealed and avoided mentioning its own human rights problems,” Xinhua notes, and goes on to list what it calls “serious human rights problems in the US”.

It talks of America’s lack of personal security due to the “increasing number of violent crimes in 2013 with frequent occurrence of firearms-related criminal cases.”

“American citizens' lives and personal safety are threatened by an increasingly dangerous environment,” the report states. 

The Xinhua report points particularly at US surveillance of its citizens, highlighting the revelations exposed by whistleblower Edward Snowdon.

“The US government took liberty in monitoring its citizens, which shocked the world,” the article lambasts.

China also accused the US of tortures in its prisons and claimed that electoral systems were “plagued by malpractices and inefficiency”.

The US is accused of flagrant disregard for life with its drone strikes in Pakistan and Afghanistan which have left countless civilians dead or maimed.

Truth & contradictions

Both reports have certain elements of truth, but just as China accuses the US of having “carefully concealed and avoided mentioning its own human rights problems”, so too did China fail to acknowledge its own breaches of citizens rights.

Indeed both nations could be accused of being a pot calling the kettle black.

The US democratic system is perhaps far from perfect, and there may well be instances of corruption. However there is no democracy in China at all and little if any way of seeking help or representation from one’s politicians. In fact any attempt to lobby or petition the Chinese government often results in a prison sentence.

It might also be true to say that many people are badly treated with the United States’ prison system Indeed, the Guantanamo detention facility did nothing to raise the image of the country in the eyes of civil rights campaigners.

However, China locks many people up in appalling conditions, following trial which are far from open and just.

As for monitoring and surveillance, both nations are as guilty as each other. In fact all nations may well carry out surveillance in order to protect its interests. What is different is that in the west, Snowdon’s revelations are public and open for debate. Similar discussions in China would likely be deemed as “subversion of the state” and result in lengthy prison sentences for any transgressors. Can one imagine an organisation similar to the ACLU, with its slogan “Because Freedom Can’t Protect Itself”, existing in China?

Casting stones

The use of drones is certainly a valid criticism. But for a nation that fails to recognise or even acknowledge the 1989 Tiananmen massacre, which left hundreds dead, or the great famine that saw millions die in the late 1950s and early 1960s, such criticisms are rather hollow.

The Cold War, and war of words that once used to exist between the West and Russia certainly seems to shifted further east.

But both sides need to take stock concerning these issues. Perhaps they might take note from scripture. As Jesus is once quoted as saying, "let he who is without sin, cast the first stone" [John 8:7]. The contect of his statement may have been different [See Wikipedia] but the basic principle stands.

tvnewswatch, London, UK

Wednesday, February 26, 2014

Virtual currency concerns as MtGox shuts shop

This week saw a tumultuous upset in the currency market, though it was a story mostly consigned to the business columns of financial broadsheets. The story was that Bitcoin, a virtual currency, may soon be consigned to the virtual scrapheap [Telegraph].

MtGox shuts down

One of the biggest Bitcoin Exchanges, MtGox, had gone offline and was informing its customers that “in light of recent news reports and the potential repercussions on MtGox's operations and the market, a decision was taken to close all transactions for the time being in order to protect the site and our users.”

The exchange had already been hit by technical issues and recently halted all customer withdrawals of the digital currency after it spotted what it called "unusual activity".

But while six other major Bitcoin exchanges issued a joint statement distancing themselves from MtGox, the move to shut down such a large enterprise is a setback for backers of Bitcoin, who have been pushing for greater adoption of the currency.

The Bitcoin has had a shaky history, least of all to do with the security issues that are intrinsically tied into a virtual currency. Only days before MtGox shut shop the Financial Times was questioning whether the currency was “brilliant or bonkers”

The virtual currency went up 5,580% in price last year, which rather puts 30% equity market returns in their place, the FT’s New York correspondent Stephen Foley observed.

Such increases have raised eyebrows and prompted some individuals to make potentially unwise financial decisions. A growing number of people have been asking “what is Bitcoin?” and “should I buy some?”- but at Foley suggests, not necessarily in that order.

Given the unease concerning security, potential DDoS attacks on servers, reports of Bitcoin theft and huge fluctuations in Bitcoin’s value, one might have thought most rational people would have steered clear. Granted, it is not easy for governments to trace, thus the virtual currency has been linked to tax evasion, money laundering, and various transactions connected to illegal activity from drugs to arms dealing. As such governments are looking carefully at how they might control Bitcoin.

Crypto-currencies

Bitcoin was created in 2008 by a mysterious computer scientist with the pseudonym Satoshi Nakamoto, who conceived it as an alternative to government-controlled currencies and a means to transfer money quickly, cheaply and anonymously outside the slow, expensive and highly regulated international banking system.

Bitcoins are no more unusual in theory than Air Miles, Nectar points, or credits in online games, except that they can be transferred easily between people and used to pay anyone who wants to accept them, giving them greater currency than loyalty schemes.

The supposed maximum ceiling is 21 million Bitcoins, a built-in scarcity, a little like the gold standard, which is one of the main reasons the price has been driven up, as speculators anticipate greater use of a fixed pool of currency.

However after MtGox went offline the price dropped as concerns rose as to the future of the currency [BBC]. Others who trade in the currency tried to mitigate the damage. The closure of the site did not "reflect the resilience or value of Bitcoin", said a statement from representatives of several other Bitcoin exchanges, including Coinbase and BTC China.

"This tragic violation of the trust of users of MtGox was the result of one company's actions.

"As with any new industry, there are certain bad actors that need to be weeded out, and that is what we are seeing today.” [Business Week]

Repercussions

The Bitcoin might not quite be dead, but its value has slumped in the last month by almost half. Indeed it may well be a life or death moment for this virtual coin [BBC].

The latest reports have perhaps hit home and warned off investors about what some are calling the most dangerous currency in the world [Telegraph].

But Bitcoin isn’t the only virtual currency. An interesting graphic posted by the FT on its Google+ page illustrates several other currencies such as Catcoin, Dogecoin, Litecoin, Peercoin and Nxt.

Whether these virtual cryptocurrencies are any more or less secure, the MtGox shut down has affected them all [IBTimes].

According to the website CoinMarketCap, which monitors the market capitalisation of all cryptocurrencies, the various digital currencies have shown drops of anywhere between 10% and 40% for the digital currencies listed.

As regards the Bitcoin itself it has seen its value rise from $14 for a single Bitcoin to around $850 throughout 2013. But such large inflation has prompted many analysts to suggest short-term speculation is creating a Bitcoin bubble.

And where there are bubbles, there are often crashes. The danger is that even a crash in a virtual currency could cause fluctuations in real financial markets, depending how much money is tied up in the virtual currency.

Concerns

Governments are perhaps rightly cautious about these new virtual currencies, not only because of the legal concerns, but also for knock-on effects on the real economy should these cryptocurrencies fail [Guardian].

But it is not just economists and governments that are raising concerns. Many comments on social networks show that the general public are still quite sceptical about such currencies.

As one man wrote on the FT’s Google+ page, “I am not an economist, but I was much happier when money was based on some physical and tangible commodity like gold. If we decide money is whatever we accept as money then  we may as well go back to barter or collecting sea shells.”

tvnewswatch, London, UK

Saturday, February 22, 2014

Dalai Lama visit prompts war of words with China

China has once again been flexing its muscles and either dictating, or attempting to dictate, the new agenda this week.

Even before the Dalai Lama stepped off the plane in the US this week, China was already rattling a sabre saying that there would be consequences should President Obama meet with the spiritual leader.

Of course such threats were largely ignored by Washington, and were essentially out of China’s control.

Media controls

Meanwhile in China itself, authorities clamped down on media freedom once again, blocking CNN several times throughout the week during its In China series which focused on press freedom.

The roundtable discussion, hosted by CNN’s Kristie Lu Stout, featured The Wall Street Journal’s China bureau chief Charles Hutzler, Foreign Correspondents Club president and Christian Science Monitor correspondent Peter Ford, and Hong Kong University journalism academic Ying Chan.

However, the show was blocked within minutes as it went to air on Wednesday [The Australian]. It is perhaps unsurprising in a country that blocks most western social media websites and controls most of the news output at a central level.

China is ranked at 173 in the most recent World Press Freedom Index due in part to its track record for imprisoning journalists and censoring the Internet The situation also shows little sign of improving. There is no free discussion or an ability to air opposing views without attracting the attention of the authorities.

Reporting risks

Those that attempt to bring change often find themselves in court and imprisoned for years on end. Last month activist Xu Zhiyong found himself in court accused of having "gathered a crowd to disturb public order" after a series of small protests where demonstrators had unfurled banners in Beijing calling for officials to publicly declare their assets [CNN].

Western media who attempted to cover the trial found themselves targeted by police who manhandled several TV crews. A CNN crew was prevented from approaching and filming the court house and CNN's Beijing correspondent, David McKenzie, was kicked, pushed and punched by Chinese security before being forced into a nearby van and driven away.

“The government makes it much more difficult” to cover “the big stories” The Wall Street Journal’s China bureau chief Charles Hutzler told CNN. “And it's gotten much worse in recent years," Hultzer added [CNN].

While western media battles to get the news, it doesn’t face the problems experienced by China’s growing number of investigative journalists. They face battles not only in finding the truth behind the countless number of corruption cases, but also a battle in getting the story published.

Censorship, threats & violence

One such investigator, Wang Keqin, says the biggest problem he faces is not the threats, but the censorship imposed either by the media outlets themselves or the authorities directly.

“China today ought to be a paradise for investigative journalists, the unprecedented amount of shady deals that are happening here is beyond your imagination.” However, Wang has been warned off by officials, paid thugs, and many editors refuse to touch his stories.

He is one of a number of investigators who have been forced out of their jobs. But Wangs says this is only part of the problem. “Our biggest enemy is not physical threats, it’s censorship.”

“What they really need is a good editor in chief who’s willing to sacrifice for the story.”

For western journalists too there is a cost to trying to report the story. In recent years photographers and cameramen have particularly become the target of violence where in some cases their cameras are confiscated or smashed.

There are also inhibiting effects of so-called visa wars where journalists and reporters have had their visas refused or revoked. Both Bloomberg and the New York Times faced restrictions following the publication of stories which highlighted the financial affairs of top politicians and their family members.

Propaganda war

Clearly there is a propaganda war too. And the Dalai Lama’s visit highlighted this very strongly as Xinhua published dozens of articles criticising US policy, the Dalai Lama himself and those who seek Tibetan independence.

But while western media might publish both points of view, China’s media tends only to air the sanctioned view of the state.

China called on the US to hold back from meeting the spiritual leader saying he was engaged in “anti-China secessionist moves” [Xinhua].

Indeed Xinhua went on to describe the White House as becoming a “bully pulpit for Tibetan secessionists” and said the decision to meet the Dalai Lama was “both regrettable and harmful” as well as marking “a flagrant breach of Washington's pledge to refrain from interfering in China's domestic affairs

In another commentary published by Xinhua, the meeting was dubbed a “lose lose deal” that would harm Sino-US relations.

No middle ground

“While it is doomed to fail in its attempt to press for "Tibet independence," or the "middle way" approach that the high monk preaches, the third Obama-Dalai Lama in five years, planned at the White House Friday, is certain to harm China-U.S. relations,” the commentary read.

The US went ahead with its meeting regardless, but did nonetheless acknowledge China’s concerns.

In a statement the Obama administration said it supported the Dalai Lama's "Middle Way" approach to the political tensions over protests for Tibetan independence.

"The United States recognizes Tibet to be a part of the People's Republic of China and we do not support Tibetan independence," said National Security Council spokeswoman Caitlin Hayden. "The United States strongly supports human rights and religious freedom in China."

"We are concerned about continuing tensions and the deteriorating human rights situation in Tibetan areas of China," Hayden added. "We will continue to urge the Chinese government to resume dialogue with the Dalai Lama or his representatives, without preconditions, as a means to reduce tensions."  [CNN]

China for its part rejects the Dalai Lama’s “Middle Way” and the US’s support for saying the approach is “at odds with China's constitution and state system in every conceivable way” and that “It is nothing but smoke and mirrors, camouflage and deceit.” [Xinhua]

The debates on this and other issues are fraught with problems. In China there is no real debate, indeed it is one sided, and opposing or dissenting views or opinions are blocked. In the West both sides of the debate may be covered and discussed, but such discussions will not effect any change.

Those who need to hear the arguments, indeed rarely hear the counter argument. It is a situation brought about by a state that fear change, or an upset to the status quo.

But perhaps with the ongoing political and violent protest seen in the Ukraine these last few weeks, Beijing is justifiably cautious in allowing too much debate.


tvnewswatch, London, UK