Money, Bill Clinton, Al Gore, CyberCop, Sanford Robinson, International Profit Associates' RICO Lawsuit, Hillary Clinton, O Sami Saydjari, Matt Donlon, Amit Yoran, Check Point, Snort, Richard Clarke, George W. Bush, Michael S. Goff, Ptech,  Symantec Corp., Israel, Jim Bidzos, Security Dynamics, etc, etc, etc.



U.S. reviewing second Dubai-based company

WASHINGTON (AP) — A second Dubai-owned company confirmed Thursday that the Bush administration has launched an unusual investigation over the potential security risks of its business moves in the United States. (Related blog: Second firm probed)

Dubai International Capital LLC said it was confident the U.S. would approve its plans to buy a British precision-engineering company with plants in Georgia and Connecticut that make parts used in engines for military aircraft and tanks.

The disclosure of a rare, second U.S. review involving an investment by a Dubai-owned company came on the same day lawmakers convened new hearings into the security implications of the first Dubai company's plans to buy a British business that helps operate six major U.S. ports.

The port deal has caused an outcry among congressional Democrats as well as many Republicans, despite President Bush's defense of the deal as safe and of the United Arab Emirates as an ally against terror.

Sen. Christopher Dodd, D-Conn., cited disclosure of the second investigation as proof lawmakers should consider updating the confidential process for approving such transactions after the September 2001 terror attacks.

"This system is broken. I think all of us agree," Dodd said at a hearing of the Senate Banking Committee. "I think you can point to various reasons why that's happened over the years. The world has changed."

The government panel is also conducting a full-blown investigation into an Israeli software company's plans to purchase a smaller U.S. rival. In that transaction, Check Point Software Technologies Ltd. of Ramat Gan, Israel, wants to buy Sourcefire Inc.

The Israeli company has been told U.S. officials feared the transaction could endanger some of the government's most sensitive computer systems. The objections by the FBI and Pentagon were partly over specialized intrusion detection software known as "Snort," which guards some classified U.S. military and intelligence computers.

In the newly revealed deal involving a second UAE company, Dubai International Capital has offered $1.2 billion to buy Doncasters Group Ltd. The Dubai company said it was pursuing all regulatory approvals "as is customary for international business transactions of this nature."

The U.S. has conducted only 25 such investigations among 1,600 business transactions reviewed by the Committee on Foreign Investments in the United States since 1988. The panel, made up of 12 government representatives, judges the security risks of foreign companies buying or investing in American industry.

On Thursday Britain's High Court approved the port deal that is so controversial in the United States.

The court agreed to the $6.8 billion sale of London-based Peninsular and Oriental Steam Navigation Co. to Dubai-owned DP World. But Justice Nicholas Warren agreed to stay his ruling until Friday to permit Miami-based Eller & Company Inc. to appeal his decision. Eller presently is a business partner with the British company and has complained that under the sale it will become an "involuntary partner" with Dubai's government.

DP World would assume some operations at six major U.S. ports.

At the Senate Banking Committee hearing, senators said the ports deal should have been subject to greater scrutiny because DP World is government-owned. They said the United Arab Emirates, a loose federation that includes Dubai, has purported ties to terrorism.

Unclear is whether Dubai's relationship with the United States "is sincere or it's just good for business," said Sen. Jim Bunning, R-Ky.

Deputy Treasury Secretary Robert Kimmitt conceded that U.S. agencies should communicate better about the process. "Always room for improvement," he said

The Washington Post first reported the second Dubai investigation on Thursday.

The review panel, known as CFIUS, has faced broad criticism in Congress over its scrutiny of the ports deal, which it approved Jan. 17 after a routine, 30-day review.

In a highly unusual move, DP World offered earlier this week to submit to a broader 45-day investigation to avert an impending political showdown between President Bush and Congress. That formal investigation has not yet started.

Former President Bill Clinton has acknowledged DP World privately sought his advice about two weeks ago over how to respond to the controversy brewing in Washington. Clinton's wife, Sen. Hillary Rodham Clinton, D-N.Y., has been a leading critic of the ports deal.

"He told them that they needed to submit to full scrutiny and they needed to make their proposal safer and more secure for America's ports," said Jay Carson, a spokesman for the former president. Carson said Clinton is supportive of his wife's position on the subject.
All Credit to USA Today at:

http://www.usatoday.com/news/washington/2006-03-02-port-review_x.htm
__________________________________________________________________

The Interactive Nightmare

Todd Datz , CSO (US)

19/08/2004 10:53:28

CONSIDER THE following scenario. Members of a terrorist organization announce one morning that they will shut down the US Pacific Northwest electric power grid for six hours starting at 4 pm; they then do so. The same group then announces that it will disable the primary telecommunications trunk circuits between the US East and West Coasts for a half day; they then do so, despite the best efforts to defend against them. Then, they threaten to bring down the air traffic control system supporting New York City, grounding all traffic and diverting inbound traffic; they then do so. Finally, they threaten to cripple e-commerce and credit card services for a week by using several hundred thousand stolen identities in millions of fraudulent transactions. Their list of actions is then posted in The New York Times, threatening further action if their demands are not met. Imagine the ensuing public panic and chaos.

Alarmist, perhaps? Far from it. The scenario is actually quoted from a letter sent by a group of concerned scientists to President Bush in February 2002. Signatories included O Sami Saydjari, founder of the Cyber Defense Research Center; Matt Donlon, former director of the security and intelligence office at the Defense Advanced Research Projects Agency; and Robert T Marsh, a retired Air Force general and former chairman of the President's Commission on Critical Infrastructure Protection. The scientists don't mince words about the cyberthreats facing the nation: "The critical infrastructure of the United States, including electric power, finance, telecommunications, health care, transportation, water, defense and the Internet, is highly vulnerable to cyberattack. Fast and resolute mitigating action is needed to avoid national disaster."

While the group's scenario was meant to grab attention, it also was grounded in reality. Each of the events depicted has happened (though not concurrently); some resulted from government-sponsored exercises, some from technical failures and some from actual cyberattacks. All could plausibly be triggered by a few knowledgeable people using some PCs and Internet access.

The cyberthreat to the nation's security and economy may not be as well understood to the general public as a dirty bomb or a vial of ricin in the wrong hands. But to experts in cybersecurity — those who know the vulnerabilities of the Internet and do daily combat with hackers, criminals and foreign governments trying to probe our critical infrastructure and military networks — the threat is vividly real. Indeed, the 54 scientists who signed the letter believe that a professionally coordinated cyberattack on the critical infrastructure could ravage not only the US economy (to the tune of hundreds of billions of dollars in damage) but also undermine public confidence in the government's ability to protect its citizens. In fact, although a cyberattack alone may lack the awful human destruction that can accompany a physical attack, because the systems controlling the critical infrastructure are often densely interconnected, such an attack could have more destructive and widespread consequences.

The lead defender in protecting the critical infrastructure is the Department of Homeland Security, a collection of 23 agencies that began operations in January 2003. Spearheading the effort is the National Cyber Security Division, led by Director Amit Yoran. Like the rest of DHS, Yoran and his staff face a steep uphill climb in accomplishing the department's mission. Eight-five percent to 90 percent of the critical infrastructure rests in private hands. Yet in the absence of regulation, which the private sector often views as a poison pill, DHS has no whip; rather, it must play the role of prodder and pleader, reaching out to a leery private sector that knows it needs to harden security but wonders where the money is coming from to pay for it. As a result, many of those private-sector companies may not feel compelled to move as quickly as DHS might like. Compounding the fledgling division's challenges is its organizational immaturity: At the same time it's trying to boost cybersecurity, it's also dealing with the headaches of hiring staff, integrating IT systems, figuring out how to analyze the boatloads of data coursing through its pipelines and how to share that information. All that will take months — some say years — to sort out.

This story looks at the challenges facing DHS and its cybersecurity team, and how they're working with the private sector to address them. While regulations remain a political third-rail within the US business community, DHS and some in Congress are sending signals to CEOs that serious progress had better happen fast or else regulation may turn from threat to reality.

Cybersecurity Makes a Name for Itself

Given the relatively brief history of ubiquitous computing, cybersecurity wasn't addressed at the presidential level until Ronald Reagan signed the Computer Security Act of 1987, a measure aimed at protecting the security and privacy of sensitive information in the federal government's computer systems. Recognizing the growing dependence of the critical infrastructure on information technology, President Clinton formed the President's Commission on Critical Infrastructure Protection in 1996. Led by Robert Marsh (a signatory of the aforementioned letter), the commission, consisting of both public- and private-sector members, set out to develop a national policy and implementation strategy to protect the critical infrastructure from physical and cyberattacks. In 1997, the commission, which focused primarily on the cyberthreat, issued a report that recommended improving structures and processes to promote information-sharing between government and industry, educating citizens on cybersecurity issues, revising certain statutes to address infrastructure assurance concerns and greatly improving funding for R&D into infrastructure protection.

The White House took the report and the growing infrastructure threat to heart. In May 1998, President Clinton issued Presidential Decision Directive 63 (PDD 63), which set forth a framework to address the Marsh Commission's findings. It created the National Infrastructure Protection Center (NIPC) at the FBI; the Critical Infrastructure Assurance Office (CIAO) at the Department of Commerce; and the National Infrastructure Assurance Council (NIAC), consisting of representatives from both the public and private sectors. It also called for the establishment of Information Sharing and Analysis Centers (ISACs). As with the Marsh report, PDD 63 emphasized that infrastructure protection need not be dictated by government but by market forces. Also that month, the president appointed Richard Clarke as the first national coordinator for security, infrastructure protection and counterterrorism.

In January 2000, the White House issued its National Plan for Information Systems Protection, the first stab at creating a comprehensive cyberdefense strategy. The following year, a month after September 11, President Bush established the President's Critical Infrastructure Protection Board to coordinate protection of critical infrastructure information systems and to recommend policies. Clarke, who was appointed special adviser for cyberspace security that same month, chaired the board. But as much as the Clinton and Bush administrations understood the need for better policy coordination, the federal government was, in fact, a hodgepodge of cybersecurity activities. A July 2002 report by the General Accounting Office identified at least 50 organizations involved in national or multinational critical infrastructure cyberprotection efforts.

As the fallout from 9/11 continued, some members of Congress began calling for a Department of Homeland Security to centralize the nation's counterterrorist efforts and protect the homeland. The Homeland Security Act of 2002, which created the department, established the Information Analysis and Infrastructure Protection Directorate (IAIP) within DHS as the place where cybersecurity efforts would now be coordinated.

DHS as Chief Cybercop

As DHS tried to hit the ground running, it needed to spend a good chunk of time just lacing up its shoes. Some observers expressed serious concerns last year when the department absorbed a number of existing organizations that had been making steady progress on cybersecurity in the critical infrastructure. In March 2003, NIPC (except for the Computer Investigations and Operations Section), CIAO and the Federal Computer Incident Response Center were transferred to DHS. Getting those groups under the same umbrella made sense. But Michael Vatis, the founder and former director of NIPC, testified before Congress last April that even though more than 300 positions were transferred from NIPC to DHS, most of the incumbent staffers found other positions in the FBI; only 10 to 20 actually made the move. Further complicating recruitment, DHS had not yet created its National Cyber Security Division.

Whether recruiting has improved is open for debate. James Lewis, senior fellow and director of technology policy at the Center for Strategic & International Studies, says getting talented people to join DHS is still a tough sell. "The problem they have is that DHS is relatively weak, as agencies go. It routinely gets beaten out by the FBI or CIA.... It's the new kid on the block," he says.

On the other hand, Alan Paller, director of research at the SANS Institute, believes Yoran has nabbed a bunch of good hires. "They're building a high-quality technical team — that's what Amit is doing. He knows how to hire really solid technical people and motivate them," Paller says, adding that employees like working with Yoran because, rather than being an inexperienced appointee, he comes from a cybersecurity background. (Yoran, a former military officer, worked at Symantec before joining DHS.)

As the agency struggled to begin operations, it also had to absorb the loss of Clarke, one of the country's foremost cyberterrorism experts. Clarke resigned just before the president removed the position of cybersecurity czar from the White House. Although many observers speculated that Clarke resigned in frustration at the loss of his White House post, he vehemently denies that. "I was not about to be absorbed — anybody that says that doesn't know what they're talking about." Clarke, now chairman of Good Harbor Consulting, says he left "because I'd completed 30 years of government service, because I'd just finished the project I had undertaken for the president, which was developing the National Strategy to Secure Cyberspace."

Howard Schmidt, the former CSO of Microsoft and vice chair of the infrastructure board at the time, succeeded Clarke as a White House adviser on cybersecurity. But within a few months, Schmidt resigned as well, becoming CISO of eBay.

After a long search, DHS Secretary Tom Ridge appointed Yoran to head the new National Cyber Security Division. Yoran, who reports to Assistant Secretary for Infrastructure Protection Bob Liscouski, took office in October.

Even though Yoran has been crowned the new cybersecurity czar, critics worry his kingdom has lost some power. The departures of Clarke and Schmidt and the removal of the cybersecurity position from the White House prompted questions about the administration's commitment to the issue. Clarke himself believes cybersecurity has fallen somewhat off the administration's radar. "Basically, what we've done is taken the former position we had until a year ago — where the senior person worrying about cybersecurity was a special adviser — and now that person is an office director," Clarke says. "That sent a message that was very widely interpreted by industry of the administration downgrading the importance of the issue."

Jeffrey Hunker, former senior director for critical infrastructure in the White House and now a professor of technology and public policy at Carnegie Mellon, agrees. "Now you're putting it essentially below a secretary, several layers down in a big department," he says. "My experience has been that what it really means is a lack of access, or that it limits access to the Cabinet and the presidential level."

Yoran disagrees about the access issue. "I'm there [at the White House] at least once a week, more frequently twice a week. I can assure you cybersecurity has visibility at the most senior levels of the White House and has their attention. Folks who've spent time in Washington know it's very clear the White House doesn't have an operational role. Actual operations take place in the agencies. Placing cybersecurity in DHS very clearly demonstrates we're in the implementation phase of the national strategy," he says. Lewis concurs. "Cybersecurity only makes sense if it's integrated into the larger critical infrastructure strategy. They did the right thing by putting it in Liscouski's group," he says.

Is the National Strategy Sensible or Toothless?

The National Cyber Security Division has a smorgasbord of responsibilities as it continues ramping up. It's tasked with responding to major incidents, conducting cyberspace analysis, improving information-sharing, issuing alerts and warnings, and aiding in national recovery efforts. The division is also charged with implementing the Homeland Security Act of 2002 and the National Strategy to Secure Cyberspace. In announcing creation of the division last June, Ridge said that its work would focus on "the vitally important task of protecting the nation's cyberassets so that we may best protect the nation's critical infrastructure."

The strategy document, like many of the things associated with DHS, has its share of passionate supporters and critics. It lays out five critical priorities:

— Developing a national cyberspace security response system
— Developing a national cyberspace security threat and vulnerability reduction program
— Developing a national cyberspace security awareness and training program
—Securing the cyberspace of all levels of government
— Assuring national security and international cyberspace security cooperation

In autumn 2002, Clarke was set to release the document at a Stanford University ceremony. But before the release, the strategy was put on the back burner. Lobbyists for businesses likely to be affected by the report (including those in the software, security and telecom industries) had successfully squelched certain provisions in earlier drafts. One, for example, called for ISPs to provide users with personal firewalls; another mandated improved wireless security. When the strategy was finally released in February 2003, some complained it had been left with little bark and even less bite. Its main cornerstone was that cybersecurity should, for the most part, be left to the private sector. While business generally applauded the strategy, many security experts derided the reliance on voluntary action as a capitulation to powerful lobbying interests.

Clarke defends the strategy. Referring to those who think it lacks teeth, he says, "That's kind of a trite criticism. People who say that, one assumes, are advocates of government regulation. If there is one-size-fits-all government regulation on cyberspace, you'll have a least-common-denominator solution. Over time, that won't work. Hackers and other criminals will work their way around whatever homogenous solution you come up with."

Schmidt points out that the government sought plenty of input from around the country. "We did 12 town meetings. We met with the public, CEOs, home users and security technicians. Never before had [a strategy] been vetted so thoroughly." Like Clarke, Schmidt says the result was "a good, balanced approach to the problem."

Paller begs to differ. "It lacks teeth, " he says simply, noting that between the first and final drafts, most of the good ideas were lost. "That was the pinnacle of the business power movement in cybersecurity, the last editing of the plan," he says. "The specific proposals — the 'we will' and 'you must' — disappeared."

Assessing the Threat

How vulnerable is the United States to a massive cyberattack on its critical infrastructure? What are the bad guys zeroing in on? "It's absolutely feasible for a massive attack to take out huge segments of the Internet," says Paller. But he adds that the probability of that happening is pretty low. One reason, he says, is that the bad guys earn a living from cybercrime. Taking down the Net would damage their lifeblood, the digital hand that feeds them. Paller thinks a more likely event would be on a smaller scale, such as taking out the electrical system in some areas.

Tom Longstaff, manager of survivable network technologies at the CERT research and analysis centre, is currently focusing on how to look at sensors all over the nation's computer networks to see what kinds of problems are lurking there. The biggest threats he sees fall into two categories. The first is aimed at the Internet itself. "We're seeing attacks targeting specific points in the infrastructure, not necessarily to bring it down, but to control it. These kinds of attacks focus on the mechanisms that make the Internet work," he says. One kind of attack he's seeing more of targets domain name services, undermining trust that the typed URL will bring a user to a legitimate Web page, or that an e-mail will actually go to its intended recipient.

The second worrisome category of attacks involves the interfaces between the cyber and physical worlds: Scada (supervisory control and data acquisition) systems and other process control systems that connect to power grids, gas lines and manufacturing plants. Longstaff notes that in the past, these sorts of physical systems weren't well connected to the Internet. Now, though, as companies have cut personnel and installed technology to make them more automated and efficient, the physical components of the critical infrastructure are much more vulnerable to cyberattack. "There are small computers in the field or in a manufacturing line feeding into larger computers [that] feed into business computers that are connected to the Internet.... In some cases the security is very good. But that's far from the industry standard," he says.

Schmidt sees a huge challenge in trying to understand the interdependencies that exist where electronic networks interface with the physical world. When the Slammer worm hit in January 2003, for example, people couldn't get cash out of some ATMs that connected to back-end databases compromised by the worm. Schmidt worries that the relationship between the cyber and physical infrastructure isn't well understood. He recalls that when he used to ride the train between Washington and New York, he took notice of a bunch of nondescript brick buildings along the tracks in Philadelphia. When he asked local law enforcement officials what they were doing to secure those buildings, he was told, "We're not doing anything. Nobody wants to break into those; they're just computers."

Carrot or Stick?

Last December, DHS, along with four business associations (the Information Technology Association of America, Business Software Alliance, TechNet and the US Chamber of Commerce), organized a National Cyber Security Summit in Santa Clara, California. Some 350 people from government, academia and industry attended the closed event. Working groups were formed to deal with establishing a cybersecurity early warning system; developing technical standards and common criteria around information security; making management of cybersecurity an integral part of corporate governance; creating better security awareness among home computer users and businesses; and increasing security in software development, installation and patch management.

This sort of private-sector outreach is part of DHS's mission, which emphasizes building a strong public-private partnership to tackle cybersecurity. But all wasn't lovey-dovey in Santa Clara, according to Dan Burton, vice president of government affairs for Entrust, a digital identity security company. DHS's Liscouski delivered a stern message to the attendees. "He basically said we're at war. Industry is not doing enough, and we have no qualms about going to Congress and passing legislation to change [industries'] ways. It was a broadside toward industry at large," Burton says.

"That's not the best way to come across to the [private] sector," says Suzanne Gorman, who chairs the financial services ISAC and attended the summit. But with viruses, worms and other attacks sure to continue — and likely become more destructive — DHS seems to be delivering a not-so-subtle message: Industry secure thyself, or we'll start lighting fires under your feet. The five working groups delivered reports last month, and another summit is planned for September. If DHS determines then that enough progress hasn't been made, businesses may hear unpleasant news from Washington.

Waiting in the wings on Capitol Hill, and casting a keen eye on the task forces' progress, is Rep. Adam Putnam (R-Fla.), the youngest member of Congress. Last fall Putnam, who chairs a House subcommittee on technology and information policy, drafted legislation (the Corporate Information Security Accountability Act of 2003) that calls for companies to disclose annually to the SEC an audit of how they're doing on information security. Compliance with Putnam's legislation could involve performing independent corporate security and risk assessments, and developing risk-mitigation, incident-response and business-continuity plans.

Putnam circulated the draft for feedback from industry and other groups. Not surprising, it generated a number of concerns, including the view that more regulation isn't the answer. Says Bob Dix, the subcommittee's staff director, Putnam listened to the private-sector feedback and decided to hold his legislation in abeyance for a period of time. Putnam, Dix says, challenged corporate America to come up with an alternative approach to "meaningfully move the ball down field to get significant improvements." In the meantime, Putnam and his staff assembled a working group from the private sector and academia to report back to him on ways that corporate information security can be improved. His report was due out around the same time as the findings from the Cyber Security Summit working groups.

While Putnam sees regulation as a last resort, Dix implies it's up to the private sector to take action. "The potential for a combined cyber and physical attack is frightening," he says. "We have reason to believe there are vulnerabilities that exist in the critical infrastructure that need to be addressed now."

SIDEBAR: Bunch of Hacks

How vulnerable are the US's computer networks? How much devastation can cyberattacks wreak? According to Mi2g, a digital security company, digital attacks caused an estimated $US185 billion to $US226 billion in economic damage in 2003. Here are some events from recent history that show why.

Eligible Receiver. This is the code name for a 1997 Defense Department exercise. DoD assigned a team from the National Security Agency to see if it could hack into Pentagon computer networks using only publicly available computers and hacking software. No problem, as it turned out. The team took control of Pacific Command Center computers, as well as power grids and 911 systems. A few years later, on the PBS series Frontline, John Hamre, deputy secretary of defense from 1997 to 1999, acknowledged that for "the first three days of Eligible Receiver, nobody believed we were under cyberattack."

Moonlight Maze. The Defense Information Systems Agency discovered that computer systems at the Pentagon, NASA, other government agencies, universities and research labs had been under attack for nearly two years, since March 1998. The attackers broke into hundreds of computer networks, stealing information on contracts, research and unclassified military data, including troop data and maps of military installations. Investigators, who dubbed the investigation Moonlight Maze, traced the hackers to Russia, but the Russian government denied any knowledge of the attacks. Because of the sophisticated "back doors" the attackers built, they continued stealing data for at least three years after the break-ins were discovered.

Code Red. This fast-propagating worm, which struck in July 2001, infected some 260,000 computers in its first 12 hours by exploiting a hole in Microsoft IIS Web servers. In its first variation, affected computers were used to bombard the White House Web site in a denial-of-service attack-which was thwarted. Many other Web sites were defaced with the words, "Hacked by Chinese."

Nimda. "Admin" spelled backward. This worm disrupted the US financial sector a week after September 11. Like Code Red, it exploited flaws in Microsoft IIS Web servers, though on a much broader scale. It spread via e-mail attachments, infected Web pages and other computers linked on a network. Despite the timing, the worm was not linked to the September 11th terrorist attacks.

Slammer. This worm hit computers on January 25, 2003, by exploiting a flaw (for which a patch had been written) in Microsoft's SQL Server 2000 software. It disrupted ATM systems and airline reservation systems, infected a number of large financial institutions and snarled the Internet. Ninety percent of its damage was done in the first 10 minutes, making it, at that time, the fastest cyberattack in history.

Blaster. Aimed mainly at businesses, this worm also was designed to overwhelm one of Microsoft's technical assistance Web sites. It infected computers running Microsoft Windows.

SoBig.F. Bigger than big. Launched in August 2003, it sent itself to all the e-mail addresses in a user's computer, propagating so rapidly that, for a time, one of every 17 e-mails of total e-mail traffic was a copy of the worm.

Mydoom. SCO Group, a Utah-based software company that has made news by claiming IBM is illegally running pieces of its Unix code in their Linux system, was the target of this worm. It struck in January and succeeded in shutting down SCO's Web site, as well as clogging e-mail systems all over the country.

SIDEBAR: Cybersecurity Timeline

1987

JAN. President Reagan signs the Computer Security Act.

1997

OCT. The President's Commission on Critical Infrastructure Protection (known as the Marsh Commission) recommends new cyberdefense initiatives.

1998

MAY President Clinton issues Presidential Decision Directive 63, which creates NIPC, CIAO and NIAC.

2000

JAN. The White House issues its National Plan for Information Systems Protection, the first attempt to create a national cyberdefense strategy.

2001

OCT. President Bush establishes the President's Critical Infrastructure Board and names Richard Clarke as its chairman.

2003

JAN. The Department of Homeland Security begins operations.


FEB. The White House releases the National Strategy to Secure Cyberspace. Clarke resigns; President Bush dissolves the position of cybersecurity czar in the White House.

MARCH DHS absorbs CIAO, the Federal Computer Incident Response Center and most of NIPC.

JUNE DHS creates the National Cyber Security Division (NCSD), located in the Information Analysis and Infrastructure Protection Directorate, and later appoints Amit Yoran to lead it.

DEC. DHS cohosts with four industry associations a National Cyber Security Summit in California; five working groups are established to address specific areas of cybersecurity.

2004

JAN. NCSD launches the National Cyber Alert System.

http://www.csoonline.com.au/index.php/id;604811920;fp;32768;fpid;1641696808_
_____________________________________________________________________________________Who's on First

The objections by the FBI and Pentagon were partly over specialized intrusion detection software known as "Snort," which guards some classified U.S. military and intelligence computers.

Snort's author is a senior executive at Sourcefire Inc., which would be sold to publicly traded Check Point Software Technologies Ltd. in Ramat Gan, Israel. Sourcefire is based in Columbia, Md.

Check Point was told U.S. officials feared the transaction could endanger some of government's most sensitive computer systems. The company announced it had agreed to acquire Sourcefire in October.

The contrast between the administration's handling of the $6.8 billion Dubai ports deal and the Israeli company's $225 million technology purchase offers an uncommon glimpse into the U.S. government's choices to permit some deals but raise deep security concerns over others.

Senate hearings over the ports deal were expected to continue Thursday.

The ongoing 45-day investigation into the Israeli deal is only the 26th of its type conducted among 1,600 business transactions reviewed by the Committee on Foreign Investments in the United States. The panel, facing criticism by Congress about its scrutiny of the ports deal, judges the security risks of foreign companies buying or investing in American industry.

In private meetings between the panel and Check Point, officials from the FBI and Defense Department objected forcefully to permitting any foreign company to acquire some sensitive Sourcefire technology for preventing hacker break-ins and monitoring data traffic, an executive familiar with the discussions told The Associated Press. This executive spoke on condition of anonymity because government negotiations are supposed to remain confidential.

Under the sale, publicly announced Oct. 6, Check Point would own all Sourcefire's patents, source-code blueprints for its software and the expertise of employees.

William Reinsch, a former senior U.S. official who participated in reviews under President Clinton, said the Israeli sale involves more dire security issues than the administration's recent approval for a Dubai-owned company to take over significant operations at six major American ports.

"This raises a lot more important issues," said Reinsch, a former Commerce Department undersecretary. "The most important case is where we're making an irrevocable technology transfer to a foreign party. Port operations raise security issues, but the ports are still in the United States."

The review panel privately notified Check Point on Feb. 6 it intended to fully investigate the transaction's security risks, the executive said. That was days before the furor erupted over the Dubai ports deal. Check Point disclosed the news to investors Feb. 13, but the announcement drew little attention despite escalating scrutiny and interest in Washington over such reviews.

The same panel had approved the ports deal Jan. 17 after a routine, 30-day review. In a highly unusual move, UAE-based DP World offered earlier this week to submit to a broader 45-day investigation to avert an impending political showdown between President Bush and Congress. That formal investigation has not yet started.

Check Point and Sourcefire declined to comment. Officials at the Defense Department, FBI and Justice Department also declined to comment.

All Credit to: Redmondmag.com  and The Associated Press  at
 
http://redmondmag.com/news/article.asp?EditorialsID=7219
________________________________________________________________

Free Computer Security Software Not Catching On

Monday , September 18, 2006

NEW YORK — 

Microsoft (MSFT) gives away a security firewall with its latest operating system. Many high-speed Internet service providers offer free anti-virus protection for subscribers. And several Web sites distribute free toolbars to warn of Web scams.

AOL even recently made a package of basic security tools — anti-virus, anti-spyware and firewall programs — available for free to anyone, not just paying subscribers.

• Click here to visit FOXNews.com's Cybersecurity Center.

Despite all the free protection, primarily for Windows computers, leading security vendors are moving forward with plans to start selling their annual slate of security products this fall.

Why bother, when so much is available elsewhere at no cost?

"I absolutely don't argue that the highly tech-savvy consumer will and can search the Web for freeware and knock out 90, maybe 95 percent of the risk," said Lane Bess, Trend Micro Inc.'s (TMC) general manager for consumer products. "That's not the largest [base of] consumers out there."

Most people, he said, would rather install a package — for $50 in Trend Micro's case — that does everything.

Free often means cobbling a package together:

• Taking the basic firewall that comes with the Service Pack 2 version of Microsoft Corp.'s Windows XP, or getting a stronger one like Check Point Software Technologies Ltd.'s (CHKP) Zone Alarm to monitor and block outbound traffic as well;

• Adding anti-virus protection from a high-speed Internet provider like Comcast Corp. (CMCSA) or Time Warner Inc.'s (TWX) Road Runner;

• Obtaining one or more free spyware removal tools like Spybot Search & Destroy;

• Installing a toolbar from EarthLink Inc. (ELNK) or elsewhere to block Web sites known to engage in e-mail "phishing" scams.

Even AOL's free all-in-one package, which uses technology from McAfee Inc. (MFE) and others, is incomplete, said Joel Davidson, an AOL executive vice president for products and technologies.

Last week, the Time Warner unit announced that subscribers who pay $26 a month will get additional protections, such as a stronger firewall and alerts when malicious software tries to send out a bank account or credit card number.

They'll even get more online storage for backup and free insurance for identity theft and computer damage.

The free stand-alone products have even more limits.

Major e-mail providers scan messages for viruses automatically, but they won't address threats that come from instant-messaging or a rogue Web site, or a virus already on the computer.

Trend Micro's free HouseCall virus scanner covers those situations, but users must remember to periodically perform a check, and they won't be automatically protected in the interim.

Same goes for the free scan from Microsoft; automated scanning comes with Windows Live OneCare, which costs $50 a year for up to three computers and includes computer backup and tuneup services.

And while Microsoft plans a more robust firewall in its upcoming Windows Vista operating system, it's holding back enough to justify selling OneCare separately.

The free Zone Alarm, meanwhile, will generate a pop-up warning when newly installed software attempts to connect to the outside world.

The $40 Zone Alarm Pro will have a continually updated database of programs that researchers know as good or bad, so pop-up prompts only come up in rare cases.

"I don't think [the free version] reduces protection, but it is definitely less convenient," said Laura Yecies, general manager of Check Point's Zone Labs consumer division. "The user is essentially then putting themselves in the role of making determinations."

The free and subscription versions of Grisoft Inc.'s anti-virus and anti-spyware products are nearly identical, but paying customers can get technical help from humans, instead of only the software's help files and Web site documents.

And free software won't come with the ability for companies to easily update all their computers remotely, an issue for larger organizations, said Johannes B. Ullrich, chief research officer with the SANS Institute security group.

Google Inc. (GOOG), Yahoo Inc. (YHOO) and computer manufacturers distribute free security products as well, but they are trial versions often with features disabled, said Kraig Lane, Symantec Corp.'s (SYMC) manager for consumer security products.

The six-month Symantec software bundled with Google, for instance, will block known viruses but won't detect unknown ones, based on behavioral patterns, in the hours before a software update can be developed and distributed for new threats.

"We want to have a little extra value" for paying customers, Lane said.

Other restrictions are in the free software's license terms.

A standalone version of AOL's anti-virus software, from Kaspersky Lab, comes with terms that permit AOL to send e-mail marketing messages, while Sophos Inc. gives free software only if a person's employer or school is already a paying customer.

Some security is better than no security, said Bruce Schneier, a computer security expert with Counterpane Internet Security Inc. "I can complain about them (the free products), but going out free to millions and millions of users, you have to like that."

Yet it's not entirely clear how many users even know of the free offerings.

Bari Abdul, McAfee's vice president for consumer marketing, said Internet users often configure their browsers to bypass home pages that high-speed service providers use to promote free software.

AOL subscriber Gail Taylor, a teaching assistant at the University of Illinois at Urbana-Champaign, said she never knew AOL gave away security software.

But even after checking a number of free products at the request of The Associated Press, she said she still couldn't decide which of the free or fee offerings work best for her. She said she'd need to find time for more research, leaving her computer largely unguarded for now.

Consumers who do install free products may be left with a false sense of security, added David Luft, a senior vice president for security vendor CA Inc.

"Some of those limitations aren't always obvious to the end users until they run into a problem they thought might be addressed," he said. "They think they have something that's fully protecting them, when in reality they don't protect in a way they might need."

All Credit Fox News and Associated Press at:
http://www.foxnews.com/printer_friendly_story/0,3566,214285,00.html_
_________________________________________________________

Israelis Hold Keys to NSA  Critical U.S. Government and Military Computer Networks using Israeli "Security" Software by Christopher Bollyn 15 June 2006 The most critical computer and communication networks used by the U.S. government and military are secured by encryption software written by an Israeli "code breaker" tied to an Israeli state-run scientific institution.

Photo: Amit Yoran, the Israeli "Cyber Security Czar" appointed by President George W. Bush in 2003. Yoran has held various positions since the 1990s in which he oversaw computer security for the Dept. of Defense computers. Although he and his brother reportedly grew up in Pound Ridge, New York during the 1970s and 1980s, the heads of the Jewish community told AFP that they had never heard of him. One said that she had conducted a survey of the Jews living in the small village of Pound Ridge in the 1970s and she would have remembered if a wealthy Israeli family named Yoran had been found. Why did the locals in Pound Ridge NOT remember the Yorans? Probably because they were NOT in Pound Ridge - but in Israel. The Pound Ridge address was used to give the appearance that the Yorans were Americans. I spoke with Elad and he has a distinctive Israeli accent - not what you would expect for a guy who grew up in a posh Yankee village. So who are the Yorans? Who are their parents and why did they come to the United States? To raise a couple high-level moles to infiltrate the most sensitive U.S. computer networks? How could they have lived for 20 years in Pound Ridge and NOT be remembered.

The National Security Agency (NSA), the U.S. intelligence agency with the mandate to protect government and military computer networks and provide secure communications for all branches of the U.S. government uses security software written by an Israeli code breaker whose home office is located at the Weizmann Institute in Israel. A Bedford, Massachusetts-based company called RSA Security, Inc. issued a press release on March 28, 2006, which revealed that the NSA would be using its security software: "U.S. Department of Defense Agency Selects RSA Security Encryption Software" was the headline of the company's press release which announced that the National Security Agency had selected its encryption software to be used in the agency's "classified communications project." RSA stands for the names of the founders of the company: Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. Adi Shamir, the lead theoretician, is an Israeli citizen and a professor at the Weizmann Institute, a scientific institution tied to the Israeli defense establishment. "My main area of research is cryptography – making and breaking codes," Shamir's webpage at the Weizmann Institute says. "It is motivated by the explosive growth of computer networks and wireless communication. Without cryptographic protection, confidential information can be exposed to eavesdroppers, modified by hackers, or forged by criminals." The NSA/Central Security Service defines itself as America’s cryptologic organization, which "coordinates, directs, and performs highly specialized activities to protect U.S. government information systems and produce foreign signals intelligence information." The fact that the federal intelligence agency responsible for protecting the most critical computer systems and communications networks used by all branches of the U.S. government and military is using Israeli-made encryption software should come as no surprise. The RSA press release is just the icing on the cake; the keys to the most critical computer networks in the United States have long been held in Israeli hands. AFP inquired with the NSA about its use of Israeli-made security software for classified communications projects and asked why such outsourcing was not seen as a national security threat. Why is "America’s cryptologic organization" using Israeli encryption codes? NSA spokesman Ken White said that the agency is "researching" the matter and would respond in the coming week. American Free Press has previously revealed that scores of "security software" companies – spawned and funded by the Mossad, the Israeli military intelligence agency – have proliferated in the United States. The "security" software products of many of these usually short-lived Israeli-run companies have been integrated into the computer products which are provided to the U.S. government by leading suppliers such as Unisys. Unisys integrated Israeli security software, provided by the Israel-based Check Point Software Technologies and Eurekify, into its own software, so that Israeli software, written by Mossad-linked companies, now "secures" the most sensitive computers in the U.S. government and commercial sector. The Mossad-spawned computer security firms typically have a main office based in the U.S. while their research and development is done in Israel. The Mossad start-up firms usually have short lives before they are acquired for exaggerated sums of money by a larger company, enriching their Israeli owners in the process and integrating the Israeli directors and their Mossad-produced software into the parent company. RSA, for example, an older security software company, acquired an Israeli-run security software company, named Cyota, at the end of 2005 for $145 million. In January 2005, Cyota, "the leading provider of online security and anti-fraud solutions for financial institutions" had announced that "security expert" Amit Yoran, had joined the company's board of directors. Prior to becoming a director at Cyota, Yoran, a 34-year old Israeli, had already been the national "Cyber Czar," having served as director of the Department of Homeland Security's National Cyber Security Division. Yoran had been appointed "Cyber Czar" at age 32 by President George W. Bush in September 2003. Before joining DHS, Yoran had been vice president for worldwide managed security services at Symantec. Prior to that, he had been the founder, president and CEO of Riptech, Inc., an information security management and monitoring firm, which Symantec acquired in 2002 for $145 million. Yoran and his brother Naftali Elad Yoran are graduates of the U.S. Military Academy at Westpoint. Elad graduated in 1991 and Amit in 1993. Along with their brother Dov, the Yoran brothers are key players in the security software market. Amit has also held critical positions in the U.S. government overseeing computer security for the very systems that apparently failed on 9/11. Before founding Riptech in 1998, Yoran directed the vulnerability-assessment program within the computer emergency response team at the US Department of Defense. Yoran previously served as an officer in the United States Air Force as the Director of Vulnerability Programs for the Department of Defense's Computer Emergency Response Team and in support of the Assistant Secretary of Defense's Office. In June 2005, Yoran joined the board of directors of Guardium, Inc., another Mossad-spawned "provider of database security solutions" based in Waltham, Massachusetts. Guardium is linked with Ptech, an apparent Mossad "cut out" computer security company linked with the 9/11 attacks. Ptech, a computer software company in Quincy, Mass., was supposedly a small start-up company founded by a Lebanese Muslim and funded by a Saudi millionaire. Yet Ptech's clients included all the key federal governmental agencies, including the U.S. Army, the U.S. Air Force, the U.S. Naval Air Command, Congress, the Department of Energy, the Federal Aviation Administration, the Internal Revenue Service, NATO, the Federal Bureau of Investigation, the Secret Service and even the White House. The marketing manager at Ptech, Inc. when the company started in the mid-1990s, however, was not a Muslim or an Arab, but an American Jewish lawyer named Michael S. Goff who had suddenly quit his law firm for no apparent reason and joined the Arab-run start-up company. Michael S. Goff  Goff was the company's information systems manager and had single-handedly managed the company's marketing and "all procurement" of software, systems and peripherals. He also trained the employees. Goff was obviously the key person at Ptech. In the wake of 9/11, during the Citizens' Commission hearings in New York, Indira Singh, a consultant who had worked on a Defense Advanced Research Project, pointed to Ptech and MITRE Corp. being involved in computer "interoperability issues" between the FAA and NORAD. At this time Ptech's ties to Arabs was the focus, and Goff was out of the picture. "Ptech was with MITRE Corporation in the basement of the FAA for two years prior to 9/11," Singh said. "Their specific job is to look at interoperability issues the FAA had with NORAD and the Air Force in the case of an emergency. If anyone was in a position to know that the FAA – that there was a window of opportunity or to insert software or to change anything – it would have been Ptech along with MITRE." The Mossad-run Guardium company is linked with Ptech through Goff Communications, the Holliston, Mass.-based public relations firm previously run by Michael S. Goff and his wife Marcia, which represents Guardium. Since being exposed in AFP in 2005, however, Michael's name no longer appears on the company website.

 

Important: Bollyn's provides his articles for free.

http://www.iamthewitness.com/Bollyn-Israel-NSA.html_
_________________________________________________________________

Al Gore's Red China policy

---

Posted: September 13, 2000
1:00 a.m. Eastern

In 1993 Al Gore was charged by a presidential directive to oversee U.S. secure communications and encryption export policy. The vice president is documented as running the high-tech federal export policy from a White House Interagency Working Group that advised President Clinton.

In 1994, Gore advised President Clinton to ban the export of books. More precisely, in November 1994, the White House National Security Council directly approved the decision to deny a request to export encryption computer source code published in a book. The source code appeared in text format on a diskette that was sold with the book in retail store outlets.

A letter written by Wendy Sherman, then State Department Assistant Secretary of Legislative Affairs, illustrates Al Gore and his encryption policy. Not only was the letter provided to Bill Clements of the National Security Council for White House approval, the document also included a fax on the export problem titled "TO: Pres. Clinton."

"The decision that controls should continue was based on several considerations," wrote Ms. Sherman. "The administration will continue to restrict export of sophisticated encryption devices, both to preserve our own foreign intelligence gathering capability and because of the concerns of our allies who fear that strong encryption technology would inhibit their law enforcement capabilities. One result of the interagency review of Mr. Karn's disk was a determination that the source code on it is of such a strategic level as to warrant continued State Department licensing."

Of course, anyone wishing to purchase the disk of encryption source code could do so from an insecure bookstore. The disk could easily pass by Customs or the computer source code could even be e-mailed from an anonymous account to any point on the globe. In addition, there are the other dangerous possibilities that a terrorist could scan the source code in with a scanner or even the old tried and true method of simply keying in the source code from the printed text.

Another example of the Gore trade policy occurred in 1995. In October 1995, Ron Brown led a trade mission to China. One deal the administration struck with the Chinese leadership was for the leading U.S. computer security company, RSA of California, to sell encryption technology directly to the Chinese Laboratory Of Information Security. LOIS is also known as the home of Chinese information warfare studies for the People's Liberation Army.

The deal between LOIS and RSA has Gore roots. In November of 1995, Al Gore made a call from the White House to a DNC supporter named Sanford Robertson. Al made that call on the taxpayer's tab. Sanford Robertson obliged by coughing up $100,000; $80,000 going to soft money and $20,000 directly into Al Gore's 1996 campaign fund.

In 1995 Sanford Robertson and his investment company, Robertson and Stephens, were the investment bankers for Boston based Security Dynamics Inc., a supplier of computer security systems. Robertson and Stephens also sponsored Security Dynamics stock issues.

In 1995, Security Dynamics decided to purchase RSA of California. Robertson and Stephens wrote the merger document between Security Dynamics and RSA for a two million dollar fee. By April 1996, the merger was completed, Security Dynamics bought RSA, and Robertson's company pocketed the fee.

There is evidence that Al Gore was not unaware of RSA and the encryption exports to China. Gore had a previous official interest in RSA. During a 1998 interview, RSA Chairman Jim Bidzos stated that Al Gore was involved in a 1994 effort by the Clinton administration to purchase RSA patent technology.

According to Bidzos, in 1994 the top legal counsel for Commerce Secretary Ron Brown, Ginger Lew, met with the RSA chairman when the Clinton administration launched an initiative to purchase some of RSA's patents. Curiously, Bidzos stated that Ms. Lew announced she was on a mission from Vice President Al Gore.

"I did not meet with Al Gore on this," answered Mr. Bidzos when asked about the Vice President's role in the patent purchase.

"Only Ginger Lew and four other lawyers, but they did say they were there on his (Al Gore's) authority. It was in early 1994, in March, I think. I have never met personally with Al Gore (nor have I ever spoken with him on the phone), only government representatives (Ginger Lew) who claimed to be meeting me on his authority."

Another example of Al Gore's encryption export policy occurred when Motorola determined it wanted to sell high-tech equipment to China. Under the Clinton/Gore administration Motorola was able to sell encrypted radios and the Iridium satellite encrypted control system to China.

"This is to request that your office initiate action to obtain a waiver from requirement for individual export license notifications to Congress for wireless mobile communications systems containing encryption for China," wrote Motorola executive Richard Barth to the State Department.

"Such a waiver was issued by the President in September of this year for civilian satellite systems and encrypted products for use by American firms operating in China," noted Motorola executive Barth.

President Clinton eventually approved the Motorola request. By July 1995, the CEO of Motorola, Gary Tooker wrote a personal note to Ron Brown, expressing his gratitude for Clinton's signature approving the encryption export to China.

"I am writing to thank you," wrote Tooker. "And some key members of the Commerce Department for your assistance in obtaining the Presidential waiver for encryption export sales to China."

There are other examples of the Clinton/Gore export policy. Under Gore's tenure Loral was able to export encrypted satellite and telemetry control systems to the Chinese army. One such export, a board of radiation hardened encryption electronics, was missing after a Chinese space rocket crashed. The board has never been recovered.

According to a GAO report on encryption exports, the Clinton-Gore administration approved the direct transfer of secure communications to the Chinese army.

"Waivers were also granted to permit the export of encryption equipment controlled on the Munitions List," states the report. "One case involved a $4.3-million communications export to China's Air Force."

Gore could have intervened with the Commerce Department or with President Clinton directly and prevented the exports to China. Clearly, Al Gore as administration guru on encryption approved the bent policies that restrict the personal use of computer security software by Americans while allowing the export of military level systems. The Clinton/Gore policy to restrict the "export of sophisticated encryption devices" may have included source code in a book but it did not include military hardware for the People's Liberation Army.

---

http://www.worldnetdaily.com/news/article.asp?ARTICLE_ID=20583

Charles Smith is a national security and defense reporter for WorldNetDaily. Visit his site, Softwar.
_____________________________________________________________________________________

Dead men tell no tales -- Part 2

WorldNetDaily
Tuesday, March 23, 1999
Charles R. Smith

In 1994, "American" businessman K.S. Wu traveled with Ron Brown to Communist China. Today, Mr. Wu is reported to be dead, and no one in the Democratic Party (Democratic National Committee) wants to talk about him.

In my last column, we learned that, in August 1994, Mr. Wu accompanied Ron Brown to China and Hong Kong. Wu was invited to various special events, including a post Hong Kong dinner and Democrat fund-raiser.

Wu traveled with several major DNC donors, including Bernard Schwartz, CEO of Loral [Space Communications]; Sanford Robertson, CEO of Robertson & Stephens [a technology investment bank]; Democratic Gov. Caperton of West Virginia; and Edwin Lupberger, CEO of Entergy Corp.

Entergy Corp., of course, is part owned by the Riady family and the Lippo Group.

In fact, Wu actually worked for Chinese billionaire Li Ka-Shing. According to documents provided by the Commerce Department, Wu, Lupberger, Caperton and Brown met with PRC billionaire Li Ka-Shing in Beijing during the 1994 trip.

K.S. Wu, CEO of a so-called "American" firm, traveled at the expense of the U.S. taxpayers, to meet his Chinese boss Li Ka-Shing. Li Ka-Shing owns the vast shipping enterprise, Hutchison Whampoa, Ltd. Li works closely with the official PRC shipping carrier, COSCO. Li and COSCO own both ends of the Panama canal. Li and COSCO tried to buy the former Navy port at Long Beach.

Li financed several satellite deals between Hughes and China Hong Kong Satellite (CHINASAT), a company half owned by the Peoples Liberation Army (PLA). Li Ka-Shing and the Chinese navy nearly obtained four huge roll-on/roll-off container ships, financed by loans backed by U.S. Treasury notes.

The bio of Li Ka-Shing was forced from the White House by this author during a lawsuit filed in federal court. The Commerce Department claimed the material was withheld for review by another "agency." In fact, the material was secretly sent by Commerce to the real authors, the White House, which is not an agency. The legal "Catch-22" situation was all too obvious to Commerce and White House lawyers who caved in rather than being made to look stupid in front of a Federal Judge.

The reason for the resistance becomes all too clear when Li Ka-Shing's bio is compared to the accompanying materials forced from the grips of the White House. Li was the only so-called "civilian." Li's bio was included by the White House along with the entire leadership of Communist China from Jiang Zemin to the mayor of Shanghai.

The Long Beach affair demonstrated that Li Ka-Shing is an agent of Beijing. The White House material clearly shows that Mr. Li Ka-Shing is a member of the Communist government. The Long Beach deal led by Li Ka-Shing was clearly a national security threat. It was canceled after U.S. intelligence sources revealed that Li Ka-Shing's empire is used for PRC espionage. Li Ka-Shing provides fronts for Chinese military operations and "civilian" covers for PLA soldiers to enter the U.S. under "commercial" camouflage.

In 1995, Mr. K.S. Wu of Pacific Century -- a company owned by Li Ka-Shing, teamed with Sen. Jay Rockefeller of West Virginia to provide Red China with an airbase only 50 miles from downtown Washington, D.C.

According to a January 1996 speech by Gov. Caperton on the Democrats' website, "Mr. Wu was a trusted adviser to Sen. Rockefeller and me. He was instrumental in helping Senator Rockefeller develop the Swearingen aircraft project. He was also extremely helpful in expanding our relationships with China and Japan. We extend to his family our deepest respect and sympathy. His death is a deep loss to West Virginia."

Today, Sen. Rockefeller will not comment on either the departed Mr. Wu, or the Li Ka-Shing airbase at Martinsburg, West Virginia. The Jan. 1996 speech by Governor Caperton published on the Democrats' website was removed from the Internet immediately after I submitted a fax copy to Sen. Rockefeller's office in Washington, D.C.

Yet, in 1996, Sen. Rockefeller led a delegation of Asian investors to Martinsburg, West Virginia. According to Gov. Caperton, K.S. Wu was instrumental in helping Rockefeller bring the Asian investors to West Virginia.

In fact, these investors were so special that Rockefeller ran a VIP train to transport them to West Virginia from Washington, D.C. The joint U.S.-Sino delegation broke ground for a new aircraft plant now located at the Martinsburg airport under a project called "Sino-Swearingen SJ-30."

The Sino-Swearingen plant in West Virginia is a joint project between Texas based Swearingen aircraft, the AFL-CIO, and Sino-Aerospace Investment Corporation. The joint interests of PRC billionaire Li Ka-Shing, a big U.S. union, and Sen. Rockefeller were teamed up to manufacture business jets in the remote mountains of rural West Virginia.

The so-called SJ-30 "business" jet is state-of-the-art. The SJ-30 can travel 2,500 miles at nearly the speed of sound and is rated to cruise at 49,000 feet. The SJ-30 is considered to be the leading edge of U.S. commercial aerospace technology and includes all the latest in avionics such as GPS navigation.

The immense speed, range and altitude capability of the SJ-30 can be attributed to the twin Rolls Royce/Williams FJ-44 turbofans that power it. The Williams FJ-44 is also used in the Swedish SK-60 military attack trainer and powers the USAF DarkStar stealth robot spy plane. Williams is best known for making the jet engines for U.S. Tomahawk and ALCM cruise missiles.

The Sino-Swearingen facility is located at the Martinsburg airport just south of the town along U.S. Rt. 81. Martinsburg is a key point in the West Virginia hills, located only 50 miles from downtown D.C. The narrow valley is a major north/south and east/west crossing for U.S. microwave and fiber-optic telecommunications. The Martinsburg airport is supported by the U.S. taxpayer via the National Guard facilities and the airport ground facilities, such as fire and rescue.

In 1996, a host of the Asian officials attending the groundbreaking included Dr. Shih-Chein Yang of Taiwan Aerospace and Benjamin Lu of the Taipei Economic office. In fact, the entire groundbreaking at Martinsburg is covered in detail on Sen. Rockefeller's web page, including a wonderful photograph of Rockefeller and several Asian businessmen with shovels in hand.

In 1996, Jay Rockefeller had very close ties to the real money behind the Sino-Swearingen aerospace deal, Li Ka-Shing. Li Ka-Shing is also a known PLA operative. Today, Asian "engineers" roam the hills of West Virginia with a "commercial" cover. The perfect location, complete with jets to test fly and a huge facility constructed to order was paid for by American and Chinese taxpayers.

There are two more twists to this tale of a PRC base only 50 miles from the White House. A fellow reporter, Danny Casolaro, was murdered in Martinsburg West Virginia while investigating Hillary Clinton and her business connections to an Arkansas airport called Mena.

Casolaro was found in his Martinsburg hotel with his wrists slashed in 1991. He was reportedly trying to meet an informant who had documented evidence of the involvement of the CIA and NSA in dope smuggling to support military operations in Central America. Casolaro was murdered after he had linked Rose Office clients with the NSA attempts to penetrate foreign banks to monitor drug dealing and money-laundering.

The worst news comes not from a dead reporter but a living hero. Softwar has obtained an exclusive interview with former GRU Colonel Stanislav Lunev. Col. Lunev is the highest-ranking member of the former Soviet Union intelligence services to defect to America. He is, to this day, surrounded by FBI agents for his protection.

In 1999, I presented the K.S. Wu information to Colonel Lunev for his evaluation. According to Col. Lunev, Russian and Chinese army operatives in the U.S. have created large stockpiles of arms for use in time of war. These communist weapon caches are reportedly hidden all over America. According to Lunev, the Chinese and Russian weapon stockpiles include explosives, nerve gas, anthrax and as many as 120 "suitcase" nuclear bombs!

I have confirmed Colonel Lunev's story with several members of Congress. Red China and Russia have pre-positioned nuclear, chemical and biological weapons on American soil with the intent of destroying our nation. President Clinton and Congress are aware that China and Russia have smuggled nuclear bombs into the United States.

Li Ka-Shing and his new airbase in Martinsburg are the perfect delivery points for PRC special forces operations. Chinese Army operatives in Li Ka-Shing's employ can be "activated" years after being planted, whenever needed.

For example Charlie Trie, Johnny Chung, John Huang, Hua Di and K.S. Wu all had the perfect "civilian" credentials. Trie, Chung, and Huang await justice in America but Wu is dead and Hua Di has "defected" back to China.

According to Lunev, PRC special forces agents are rotated on a regular basis in and out of America, usually through diplomatic sites at the U.N. or the PRC Embassy. Washington and New York are only minutes away from Martinsburg by jet.

A so-called "civilian" project could put PRC bombers over the U.S. capitol without warning. A single "business" jet with a suitcase bomb could fly to ground zero with satellite navigation accuracy and a GPS autopilot. Such an unmanned flight in the crowded skies of Washington D.C. would go unnoticed until the final fatal second.

The surprise nuclear attack will kill the entire U.S. leadership. U.S. military leaders in the Pentagon, the White House, Congress, the Supreme Court and nearly a million Americans will die in a single flash.

If there were enough concerns to shut down the planned PRC takeover of Long Beach then the PRC airbase in Martinsburg should at least also undergo close scrutiny. The relationship between Li Ka-Shing, Ron Brown, K.S. Wu, Sen. Rockefeller and Bill Clinton should be investigated by an FBI director and attorney general interested in protecting the national security.

We need to kick out known espionage agents and close their front operations. Covert operations to put atomic bombs on American soil are an act of war. We should confront the Red Chinese and Russian leadership