Monthly Archives: October 2011

Cyberattacking Japan, China says it did Not do it

A virus that infected computers at Japanese overseas diplomatic missions had been designed to send data to servers in China, a report said.  The virus — Backdoor Agent MOF — has been found to have infected computers at around 10 embassies and consulates, and at least two of the servers designated as the recipients of stolen information were in China, the Yomiuri Shimbun said.  The virus is capable of transmitting user IDs and other information to terminals outside and operating software by bypassing authorised users, the daily said.  The domain of the servers was the same as that used for earlier cyber attacks on Google and tens of other companies, the Yomiuri said, quoting unnamed sources.  A “backdoor” virus opens a route into a computer’s system to allow access by a remote hacker, who could use it to steal data.

The Yomiuri earlier this week reported Japan had found viruses in computers at overseas diplomatic missions including those in France, the Netherlands, Myanmar, the United States, Canada, China and South Korea.  The government has admitted virus infections at some offices but said no classified information had been stolen.  On Friday, government spokesman Osamu Fujimura again said no sensitive information had been compromised, but refused to comment on the specifics of the Yomiuri report.  “I’d like to withhold comment on what kind of viruses they were or where they came from,” Fujimura told reporters.

The Asahi Shimbun this week reported that computers in the lower house of parliament were hit by cyber attacks from a server based in China that left information exposed for at least a month.  That revelation came after a probe began into attacks on defence contractor Mitsubishi Heavy, which could have resulted in the theft of information on military aircraft and nuclear power plants.  China has been accused of spearheading online attacks on government agencies and companies, allegations Beijing has always denied.

In June, Internet giant Google said a cyber-spying campaign originating in China had targeted the Gmail accounts of senior US officials, military personnel, journalists and Chinese political activists.  It was the second time that Google has reported a China-based cyber attack. Early last year, a similar incident prompted the company to reduce its presence in China.

China-based servers in Japan cyber attacks: Report, Agence France Presse, Oct 28, 2011

Banning Hazardous Waste Trade: an invitation to illegal marketers

More than 170 countries have agreed to accelerate adoption of a global ban on the export of hazardous wastes (pdf), including old electronics, to developing countries.  The environmental group Basel Action Network called Friday’s deal, which was brokered by Switzerland and Indonesia, a major breakthrough.  “I’m ecstatic,” said its executive director, Jim Puckett. “I’ve been working on this since 1989 and it really does look like the shackles are lifted and we’ll see this thing happen in my lifetime.”

The deal seeks to ensure that developing countries no longer become dumping groups for toxic waste including industrial chemicals, discarded computers and mobile phones and obsolete ships laden with asbestos, he said.Delegates at the UN environmental conference in Cartagena agreed the ban should take effect as soon as 17 more countries ratify an amendment to the so-called 1989 Basel Convention.  “This agreement was stalled for the past 15 years,” Colombia’s environment minister, Frank Pearl, said in praising the vote. Katharina Kummer, the convention’s executive secretary, estimated it would take five years to reach the required 68 ratifying nations. Puckett said he thought it would be closer to two years….The United States, the world’s top exporter of electronic waste, is among nations that have not ratified the original convention.  “Unless the US joins the treaty they are just going to be a renegade,” Puckett said, adding that the US had no rules for exporting electronic waste, which it sends mostly to China but also to Africa and Latin America.  The global ban has been strongly backed by African countries, China and the European Union, which already prohibits toxic exports and Puckett said Colombia played a strong role in Friday’s breakthrough.  Opponents have been led by Canada, Australia, New Zealand and Japan, and recently joined by India, said Puckett….The issue took centre stage in 2006 when hundreds of tonnes of waste were dumped around the Ivory Coast’s main city of Abidjan, killing at least 10 people and sickening tens of thousands.  The waste came from a tanker chartered by the Dutch commodities trading company Trafigura Beheer BV, which had contracted with a local company to dispose of the waste.  Puckett said shipping companies had opposed inclusion in the ban, wanting to keep sending old ships to India, Pakistan and Bangladesh to scrap them.  “Just about four days ago another six people died on the beaches of Bangladesh,” he said.  He told AP there were no reliable estimates on how many tonnes of toxic waste were exported annually because developed nations did not accurately report them.

Global hazardous waste ban advances, Sydney Morning Herald, Oct. 23, 2011

Transnational Movements in Hazardous and Nuclear Waste

Jordan Plays Nuclear Hardball While Mid-East in Chaos

Jordan has warned Japan that if the Diet fails to ratify a bilateral civil nuclear cooperation accord by yearend, a Japan-France consortium will miss out on the chance to win a lucrative contract to build the country’s first nuclear power plant, diplomatic sources said Saturday.  Khaled Touqan, Jordan’s energy and mineral resources minister, met with Japanese officials in early October and requested that the Diet endorse the accord by the end of December, when the successful bid will be selected, the sources said.

A consortium of Mitsubishi Heavy Industries Ltd. and French nuclear power company Areva SA is competing with Russian and Canadian firms to win contracts worth more than $4 billion (about-

How Much Oil Spills Cost? BP and Deepwater Horizon

BP and Anadarko Petroleum Company have reached an agreement to settle all claims between them related to the Deepwater Horizon accident…. The agreement is not an admission of liability by any party regarding the accident.  Under the settlement agreement, Anadarko will pay BP $4 billion in a single cash payment. BP will apply the payment to the $20 billion trust it established that is available to meet individual, business and government claims, as well as the cost of the natural resource damages. Anadarko will also transfer all of its 25 per cent interest in the MC252 lease to BP.  In addition, Anadarko will no longer pursue its allegations of gross negligence with respect to BP. Anadarko and BP have agreed to work cooperatively with respect to indemnified claims, and Anadarko has the opportunity for a 12.5 per cent participation in future recoveries from third parties or insurance proceeds cumulatively exceeding $1.5 billion, up to a total cap of $1 billion.  Finally, the parties have also agreed to mutual releases of claims against each other. BP has agreed to indemnify Anadarko for certain claims arising from the accident. However, BP’s indemnity excludes civil, criminal or administrative fines and penalties, claims for punitive damages, and certain other claims.

“This settlement represents a positive resolution of a significant uncertainty and it resolves the issues among all the leaseholders of the Macondo well,” said Bob Dudley, BP group chief executive. “There is clear progress with parties stepping forward to meet their obligations and help fund the economic and environmental restoration of the Gulf. It’s time for the contractors, including Transocean and Halliburton, to do the same.”  BP previously announced settlements with MOEX, which had a 10 per cent interest in the Macondo well, and Weatherford, which provided drilling equipment.

According to its public filings, BP has recorded a charge in excess of $40 billion for total estimated costs associated with the event. To date, BP has invoiced Anadarko an aggregate of $6.1 billion for what BP considers to be Anadarko’s 25-percent proportionate share of BP’s actual and near-term costs….Anadarko will record a $4.0 billion liability associated with this settlement in its third-quarter 2011 financials……

“Consistent with official investigations that found the accident was the result of multiple causes, involving multiple parties, BP is working to ensure that other parties, including Halliburton and Transocean, contribute appropriately,” says a BP press release. “Multiple official investigations, including those conducted by the Presidential Commission and the Marine Board of Investigation, found that conduct by those parties contributed to the accident. The issuance of regulatory violations last week to BP, Transocean and Halliburton by the U.S. Department of Interior demonstrates that the contractors responsible for well control and cementing, not just the operator, should be held accountable for their conduct.  From the outset, says BP, it has committed to paying all legitimate claims and fulfilling its obligations to the Gulf Coast communities under the Oil Pollution Act. BP has to date paid out more than $7 billion.

BP chief says agreement with Andarko resolves “a significant uncertainty”, http://www.marinelog.com, Oct. 21, 2011

See also http://www.restorethegulf.gov/

Cyberattacks for Industrial Espionage, the Duqu Virus

Internet security firms have raised the specter of a new round of cyber warfare with last week’s detection of the Duqu virus – a “relative” of last year’s Stuxnet malware, which is thought to have slowed down at least one Iranian nuclear facility.  Duqu’s detection comes amid growing talk in Europe about launching pre-emptive strikes to stop cyberattacks before they happen. But the nature of malware like Duqu and Stuxnet make pre-emptive strikes unrealistic.

“The problem is you can’t really say where they come from,” Candid Wüest, a virus expert at IT security firm Symantec told Deutsche Welle.  “You need evidence about who is behind an attack before you can strike pre-emptively,” said Wüest, “but you can never be sure – you can’t attack infrastructure, or even send in a stealth bomber, because any information about a location could be a red herring.”

Malware makers can hide their tracks using spoofing, VPNs, proxy services and other means to make it look like they are based in any number of countries – when in truth they are somewhere completely different.

Wüest is one of the experts at Symantec, who is currently analyzing the source code behind Duqu. Symantec says it was alerted to the new threat on October 14 by a laboratory that has “international connections.”  Since then, Symantec’s investigations suggest that a “few hundred systems have been infected at a handful of companies,” many of which are in Europe.  Another IT security firm, McAfee, is also working on the virus. McAfee and Symantec both believe that Duqu shares strong similarities with the Stuxnet virus.

Some of its source code matches that of Stuxnet and because the Stuxnet code is not known to be available online, they say it is likely that Duqu was created by the same people or that they sold the code to another group. While it remains unclear where Stuxnet came from, the New York Times reported in January 2011 that Stuxnet was developed by the American and Israeli governments.

But there are significant differences as well between Duqu and Stuxnet.  “Duqu is not spreading like Stuxnet,” said Wüest, “Duqu was carefully placed and can be controlled remotely.”  Experts believe that Duqu has been used to target only a limited number of organizations for the specific assets.  “Its warhead is not aimed at the technology industry, it’s being used to steal information, so it’s more like industrial espionage,” Wüest added.

By contrast, Stuxnet was created to attack particular computer control systems made by the German firm Siemens.  These control systems are typically used to manage water supplies, oil rigs, power plants and other critical infrastructure.  Stuxnet infections were also found at Iranian nuclear facilities in 2010, leading some to speculate that the virus may have been designed by state actors – by governments or state security services who had wanted to disrupt Iran’s nuclear program.  A year later, Siemens spokesman Wieland Simon is keen to stress that “no customers reported any disruptions” of their control systems because of Stuxnet.

British Foreign Minister William Hague has said his country is developing an unspecified electronic weapons that could be used to defend Britain against cyber attacks or prevent them….In Germany,the Criminal Police Union (BDK) called this week for a specialized federal ministry for the Internet.  Andre Schulz, the head of the BDK, told Deutsche Welle there was no danger that such a ministry would politicize issues around cyber warfare.  “It’s a sad situation,” said Schulz, “to realize that the government considers the Chaos Computer Club as its experts on IT security – we need a centralized body and I think that would be in the interest of business too.”  The CCC revealed nearly two weeks ago that a German government tool designed to perform digital surveillance domestically, went well beyond its legal guidelines.

Wieland Simon, the Siemens spokesperson, was less than encouraging, suggesting that “no government can guarantee it can protect a country or entity against cyber attack.”  But there is still pressure for governments to do something.  “In future wars, there will be a cyber element,” said Mikko Hypponen, the chief research officer of F-Secure, a computer security firm, in an interview with Deutsche Welle. “Countries hope that if they threaten to use missiles to retaliate against a cyber attack, others will think twice about about launching one.”

Zulfikar Abbany, ‘Son of Stuxnet’ hits European computer networks, DW-World.De, Oct. 21, 2011

Shell in Alaska, the jobs vs. environment game

Royal Dutch Shell  won a final U.S. air-pollution permit to operate an oil-exploration rig in Alaska’s Beaufort Sea beginning in 2012.  Shell is authorized to use its Kulluk rig and supporting icebreakers and oil-spill response vessels for 120 days each year in the Arctic waters, the Environmental Protection Agency said today in an e-mailed statement.  “This air permit is one of several federal authorizations Shell needs to explore for oil and gas” off Alaska “starting in July 2012,” the agency said. “EPA’s final permit significantly reduces the potential air pollution from Shell’s drilling operations.”

Shell, which has invested about $4 billion in the Arctic leases since 2005, hasn’t drilled any wells in the region while opponents won delays with appeals and lawsuits. Environmental organizations and Alaskan native groups said it would take too long for equipment to reach the remote and icy region during an oil spill.  The company, based in The Hague, received approval from the EPA in September for the Discoverer ship to drill and station icebreakers and spill-response vessels in the Beaufort waters and the neighboring Chukchi Sea. Discoverer is owned by Noble Corp., based in Baar, Switzerland.

Pete Slaiby, vice president of Shell Alaska, said in a May 2 interview that having two rigs in the Arctic would enable faster drilling of relief wells.  “We will continue to advance our drilling plans and evaluate investment decisions that would allow us to commence with a 2012 drilling season,” Curtis Smith, a Shell spokesman, said today in an e-mailed statement.  Shell, Europe’s largest oil company, still needs Interior Department approval of its Chukchi Sea exploration plan and a permit from U.S. offshore-oil regulators for each of 10 planned wells. The company won the Interior Department’s approval for an exploration plan for the Beaufort Sea, near the North Slope towns of Deadhorse and Kaktovik, in August.

The Beaufort and Chukchi seas hold about 25 billion barrels of oil, Shell says, citing government estimates. A study commissioned by the company said developing these resources would lead to 54,700 new jobs across the U.S.

Katarzyna Klimasinska, Shell Wins U.S. Air Permit for Oil Exploration Off Alaska, Bloomberg, Oct. 21, 2011

Chronic Oil Pollution, an effective lawsuit against Shell?

A village in Nigeria’s oil-rich southern delta where observers found a drinking-water well polluted with benzene 900 times the international limit has sued Royal Dutch Shell PLC for $1 billion in a U.S. federal court.  The lawsuit alleges that Shell, long the dominant oil company over Nigeria’s more than 50 years of production, acted willfully negligent in pursuing profits over protecting the nation’s Niger Delta.mm The lawsuit filed by lawyers in Detroit uses a recent United Nations report over widespread pollution in the delta’s Ogoniland area for much of its evidence. However, that report implied Nigeria’s state-run oil company, rather than Shell, was responsible for recent damage in village of Ogale in Nigeria’s Rivers state.  “It is not isolated or accidental, but part of a culture and ongoing pattern of conduct that consistently and repeatedly ignored risks to others in favor of financial advantage,” the lawsuit filed Tuesday in U.S. District Court in the Eastern District of Michigan reads.  Some environmentalists say as much as 550 million gallons of oil have poured into the Niger Delta during 50 years of production — at a rate roughly comparable to one Exxon Valdez disaster per year. Even today, oil laps up in brackish delta creeks in Ogoniland, creating a black ring around the coastlines.

Ogale was one of the first operational oil fields discovered in Nigeria, where the nation’s first shipment of 22,000 barrels of crude oil exported to Europe came from, the lawsuit said. In the time since, the village suffered from the pollution of oil exploration, putting villagers at risk, the suit said.  A U.N. report released in August highlighted the plight of the village, describing how investigators found about 3 inches (8 centimeters) of refined oil floating on the surface of groundwater that serves the community’s wells. It also described finding high levels of benzene, a known carcinogen, in the water.  Though Shell abandoned production in Ogoniland in 1993 following civil unrest, miles of aging pipelines and flow stations sit in the area. However, the U.N. report said that a pipeline abandoned in 2008 by the state-run Nigerian National Petroleum Corp. lies near Ogale and showed signs that a large amount of oil spilled from it.

Lawyers filed the U.S. lawsuit on behalf of the villagers in Nigeria using the 222-year-old Alien Tort Statute, a law increasingly used in recent years to sue corporations for alleged abuses abroad. On Monday, the U.S. Supreme Court said it will use a separate lawsuit between Nigerian villagers and Shell to decide whether corporations may be held liable in U.S. courts for alleged human rights abuses overseas under the law.  Shell has been sued in the past in the U.S. over its Nigerian operations. In June 2009, it agreed to a $15.5 million settlement to end a lawsuit alleging that the oil giant was complicit in the executions of activist Ken Saro-Wiwa and other civilians by Nigeria’s former military regime.

Nigeria village cited by UN for chronic oil-spill damage sues Royal Dutch Shell for $1B in US, Associated Press, Oct. 21, 2011