Posted originally on The Conservative tree house on December 19, 2020 by Sundance

Why would any foreign actor go through all the trouble to rob a bank and yet take nothing?…

This is the metaphor for U.S. officials noticing the backdoor to our national cyber-network was found wide open, and yet not a single organization attached to the SolarWind’s Orion network points to any negative impact other than the existence itself of the originating malware. It just doesn’t add up.

Keep in mind… this “malware” has been in place since May and only recently identified.

DNI John Ratcliffe announced there was “foreign interference” in the election, and while citing Russia, China and Iran the DNI said the report on election security would be delayed. Secretary of State Mike Pompeo points to Russia as the source of the SolarWinds’ intrusion; but there is no specific evidence outlined. Today, following a briefing on the issues President Trump noted it could be Russia, but it could also be China.

There seems to be a coordinated effort to blame Russia by government officials and a host of media groups.  Russia is a favored scapegoat, and given how the media falsely blamed Russia for 2016 election interference/collusion, corporate media carry a self-interest in perpetrating that narrative.

Any suggestion it was *not* Russia is then used to weaponize a Russia-apologist narrative. However, considering most of our institutions have a financial relationship with China, the self-serving hypocrisy of China-apologists carries a particularly deafening tone.

Accepting that no-one really knows, yet, who originated this intrusion, here is a Big Picture notation from the Rebel Alliance:

Due to the widespread use of SolarWinds and the length of time the SolarWinds vulnerability was possibly exploited, this attack could be the full-on equivalent of Pearl Harbor, except in a global scale.

In defending networks, very good cyber defense teams (eg, as with large financial firms and some portions of the US gov), have a good chance of success, primarily through use of extensive measures aimed at prevention and/or early detection.

But, when an attacker gets inside a network for an extended period of time, they typically focus first on becoming “rooted” (ie, they implement numerous alternate backdoors and cleverly hide malware throughout the network such that attacker access may be restored even after detection and cleanup).

Once rooted, an attacker is often extremely difficult to fully remove from the victim’s network, even if the victim completely replaces all hardware and rebuilds his entire network from scratch.

Most less capable victims, and there were potentially hundreds or thousand of direct and indirect victims in this attack, do not even have the capability to rebuild their networks and, hence, have little hope of ever completely eliminating the attacker.

Attackers are not solely interested in removing information in bulk. When large amounts of information are unexpectedly seen leaving a network, this often flags an attack in progress. So, slower and more careful movement through the network is typically seen by highly skilled attackers.

Attacker motivations are highly varied. In government networks, the attacker may wish to spy to learn about foreign agents, for example.

In a commercial network, there are many opportunities for financial gain (eg, knowledge of pending business deals). Some attackers may also wish to implement a longer term ability to physically or logically destroy the victim’s network.

Restoring a destroyed network in a large enterprise is amazingly complex. Many organizations, even those having backup data, could not do it. Even if skilled enough to rebuild, the lost time can potentially destroy the enterprise. If hundreds of firms were destroyed simultaneously, the economic impact could be crippling.

America must now confront the reality that most of its corporate network infrastructure could be entirely at the mercy of a foreign power AND that this situation is unlikely to be reversed anytime soon. This is a blow potentially as powerfully impactful as Covid-19.

I am NOT convinced this attack was perpetrated by Russia, as is being preliminarily alleged, due to the difficulty of reliable attribution. Hardly any evidence has been provided and attribution is notoriously difficult.

The evidence should be collected, the extent of the attack [in terms of the actual versus potential] use of the SolarWinds backdoor to invade Gov networks and US corporations should be determined. It must also be assessed whether the SolarWinds attack facilitated interference in the election.

Critically, it must be determined whether “nuclear worms”, capable of physical or logical network destruction, were implanted anywhere and which are now silently waiting for a signal to activate.

(Personally, if I were an IT manager, I’d be VERY worried for the safety of my Active Directory right now, since sabotage of AD is relatively easy and recovery can be extremely difficult and sometimes impossible, depending on the implementation.)

If this attack is limited to just gov networks and does not include major corporations, the election, or nuclear worms, the gov networks should be cleaned up and an appropriate response delivered to the attacker via our Cyber Defense force.

If the attack included the gov networks and election, interference, the same gov network cleanup is needed. However, the response must be more severe, and I would think should include some level of physical destruction.

If, however, the attack spread additionally to most of the Fortune 500 networks and/or includes nuclear worms, a massive gov initiative to facilitate a cleanup of corporate systems is needed.

After the initial triage, activation of plans for a kinetic response to such an attack must be considered. Eg, if the attack was attributed to China, we must respond forcefully and the response must fully respond to Chinese perceptions of US psychology. So, if China perceives the US a paper tiger, the appropriate response my be to take control of the Three Gorges Dam and open its valves.

In my view, this attack *requires* a FORCEFUL response, not necessarily limited to a cyber delivered response. The attacker must pay a high price based upon scope and severity. To do nothing projects unacceptable weakness. And the thought that US corporate infrastructure might be taken out at will, possibly through nuclear worms, possibly through more direct individualized attacks, is just unacceptable.

Regardless of the response, this attack should be taken as a wakeup call to the country. The risk of a destructive attack could be far higher than previously acknowledged.

I hope this summary is helpful to you in helping others understand the significance of this.

Posted originally on The Conservative Tree House on December 19, 2020 by Sundance

On July 21st of this year the United States told China they must close their consulate in Houston, Texas, giving them 72 hours to cease operations and events.

Three days later U.S. federal agents and officials entered the consulate alleging the Chinese government was engaging in espionage targeting U.S. interests.

The activities of consulate officials in Houston “are a microcosm, we believe, of a broader network of individuals in more than 25 cities that network is supported through the consulates here,” a US Justice Department official said Friday. “Consulates have been giving individuals in that network guidance on how to evade [and] obstruct our investigation. And you can infer from that the ability to task that [a] network of associates nationwide.”

In an interesting interview a few days ago, Gordon Chang, expanded on the operation that was taking place from within that consulate. (H/T Cari Kelemen)  WATCH (prompted):

What Chang outlines is in alignment with what Trump officials have cited as ongoing malign activity by the Chinese Communist Party (CCP), and speaks to a larger intent by Beijing to influence the 2020 election.

If we overlay what we have witnessed and discussed for the past several years as the Trump administration has tackled the China issues head-on, we can see how our nation has approached an inflection point toward Beijing.

Indeed the larger global community is now aware of a vast network of CCP officials that have infiltrated all systems, processes and institutions of western interests.  The panda mask of China has dropped and now we see the true extent of the dragon tentacles.

Recent reporting on the scale of this influence was ignored by U.S. media, in part due to their financial alignment.  Additionally, the aspects of Hunter and Joe Biden engaging for personal affluence with the Chinese government stands as a remarkable example of the cunning nature of Beijing’s strategy.

Senator Dianne Feinstein with a CCP spy in her office for almost three decades.  House Intelligence Committee member Eric Swalwell having a long-term relationship with another Chinese spy amid recent headlines.  Various academic institutions compromised by Chinese operatives and the theft of intellectual property.  The scale of what China was executing is still unknown as more comes forth each day.

Into this mix we now have a more substantive understanding over how China was influencing U.S. politics; and, as we see in the Houston consulate example, how Beijing was fomenting strife in advance of the November 2020 election as part of a larger plan to install and support U.S. politicians aligned with their interests.

America-First is antithetical to the long-term goals and objectives of the communist Chinese regime.  This was always evident in the way Beijing responded to the trade and economic policies of President Donald Trump.

Ultimately the global battle between the Red Dragon (CCP, Beijing) and President Trump is at the root of the concerted effort to remove/defeat him from office.  CTH has discussed this confrontation at length since the first shots were fired.

U.S. President Trump, representing economic nationalism, stood against China and was winning in the economic war despite the interference from Wall Street and U.S. media.