Nobody But Us, But For How Long?

What does China know about UAP? What happens when American "Nobody But Us" becomes "Fear Of Missing Out"

Nobody But Us, But For How Long?

For years the National Security Agency (NSA) has operated under a doctrine known internally as "NOBUS."

It means "Nobody But Us." Former NSA director General Michael Hayden simultaneously acknowledged and explained the concept in a Washington Post Live summit:

You look at a vulnerability through a different lens if even with the vulnerability it requires substantial computational power or substantial other attributes and you have to make the judgment who else can do this? If there's a vulnerability here that weakens encryption but you still need four acres of Cray computers in the basement in order to work it you kind of think "NOBUS" and that's a vulnerability we are not ethically or legally compelled to try to patch – it's one that ethically and legally we could try to exploit in order to keep Americans safe from others -Michael Hayden in "Why everyone is left less secure when the NSA doesn’t help fix security flaws"

In short, when the NSA becomes aware of a vulnerabilities, it often elects to leave them open – provided it is confident that only the NSA has the capability to exploit that vulnerability.

Such confidence is predictably often tested, and the NSA doesn't always come out well in the mix.  

For example, the NSA is alleged to have had a hand in weakening an important cryptographic standard, the Dual Elliptic Curve Deterministic Random Bit Generator. The technology is often shorthanded in security circles as Dual_EC. The NSA is further alleged to have used weaknesses in Dual_EC to install covert access methods in the software of a widely used technology company, Juniper Networks, around 2008.

In his recent book The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics, Ben Buchanan claims that in 2012 Chinese hackers likely further modified the software. The hackers managed to simultaneously enable their own access while denying access to the NSA using an incredibly subtle alteration of the source code.

In 2008, the NSA may have confidently concluded that their backdoor access to Juniper was a NOBUS capability. In four short years, the tables turned. Of course, the problems didn't begin in 2012.

In 2009, Chinese state hackers conducted Operation Aurora, a sweeping campaign that penetrated thirty four major corporations, including Google. Among the haul: access to Google's "legal-discovery" portal containing a list of all requests for information from American law enforcement.

The list would have been a digital road map to virtually every significant counter-intelligence investigation in the United States.

It got worse. In 2015, China penetrated the Office of Personnel Management (OPM). The hackers obtained details on approximately 20 million Americans, including fingerprint data on a further 5.6 million people. Among the data include answers to form SF-86, the lengthy and comprehensive background check form. FBI Director James Comey stated:

It is a very big deal from a national security perspective and from a counterintelligence perspective. It’s a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States government.

This is understatement. The CIA does not use the OPM process with its operatives. However, the State Department does. The OPM exfiltration meant that it was suddenly possible to burn virtually every CIA officer under official diplomatic cover. It was a simple matter of cross-referencing embassy staff with the stolen OPM data: if the person doesn't show up in the data, chances were good they were CIA.

The hacks were not limited to personnel files. They included top-tier military contractors, too.

In 2016, Su Bin pled guilty to a long-running (and successful) plot to steal technology related to the C-17 military transport plane. Chinese hackers have also been implicated in obtaining secrets related to the Patriot missile system, the Navy's Aegis ballistic missile defense, the F-18 fighter jet, Black Hawk helicopters, and of course, the most expensive and sophisticated fighter in history, the F-35.

In the Su Bin case, the Justice Department wrote: "thanks to Su Bin, the Chinese were able to develop, build, and deploy their own copy, in barely a third of the time it had taken the United States to design, test and build the original C-17." Ironically, the United States no longer has a strategic airlifter in production according to reporting by the War Zone, even as China massively accelerates its martial ambitions.

Xi'an Y-20, the development of which was "accelerated" by hacking efforts. By L.G.Liao -, CC BY-SA 3.0,

NOBUS Doctrine and UAP

Arguably, the United States has been on the losing side of the shadow intelligence war. How does this impact the UAP issue?

To begin, the national security apparatus should have little confidence that its UAP data is fully secure and out of the reach of foreign intelligence services. The Chinese have shown themselves to be highly capable in accessing secrets both within the public and private sector, including elite defense contractors.

The security posture of the United States with respect to the Nimitz incident and other UAP cases has not exactly been strict. Pilots and other witnesses were not sworn to NDAs, and speak relatively freely today. The effort to study UAPs has been consistently characterized as informal and under-resourced. In fact, the lack of resources applied to the UAP issue led the former head of DOD efforts in this realm, Luis Elizondo, to resign in protest.

In short, there is a possibility, perhaps even a likelihood, that China has detailed information regarding the American UAP program.

Some may argue that the planet's best funded and best equipped military would surely be capable of protecting such secrets. Demonstrably, it is not. Platform after strategic platform has been compromised. China almost certainly has intimate details of Elizondo and Mellon's personal life from the OPM attack. They have mine, too, thanks to a short stint in the defense industry between college and graduate school.

If China has such information, it has a privileged vantage on the UAP problem. In the United States, we wring our hands in consideration of the possibility of "strategic surprise" – the scenario where a rival like China manages to technologically leapfrog our capabilities. Our intelligence services exist in large part to prevent this from happening. To be sure, our capabilities are formidable. However, China is a relatively opaque society, and there are no guarantees in intelligence. We have irreducible uncertainties about China's technology.

On the other hand, Chinese intelligence services know their own programs. They will be able to definitively conclude if data from something like the Nimitz incident comes from their platforms.

What they will be uncertain of is whether or not the entire affair is an intelligence misdirect. Here are just a few scenarios, from the Chinese vantage:

  1. The Americans don't have this technology and are bewildered by it, and are themselves truly unsure if it is a competitor or an exotic technology.
  2. There was no actual technology on display, and the Americans incompetently frightened themselves by jumping at shadows.
  3. The Americans do have this technology, but parts of their intelligence community (e.g. Luis Elizondo) are not aware of it and are thus genuinely confused internally.
  4. The Americans do have this technology, and its larger intelligence community is aware of it, and the entire affair is a complex ruse in order to confuse foreign intelligence.

All of these scenarios have intriguing intelligence implications for China. In the first scenario, China knows if it perpetrated the incident. If it did not – and there is no evidence that it did – it would seem to point to there being a truly unusual situation. Strangely, it may actually know more than the United States, even if only through exclusion.

The second scenario is the best possible outcome for China, because it means that the United States military is not only incompetent, but it actually magnifies its own incompetence by subsequently creating myths that waste time and resources.

The third scenario is intriguing. It is based on something that China already knows: the American defense system is not monolithic. It also leaves open the possibility that the United States has a formidable capability in its back pocket.

The final scenario is perhaps the least likely. Given that in 2004, our overwhelming national focus was on the Middle East and Iraq, it would seem unlikely that the Nimitz incident was an enormous theatrical display for the sole purpose of confusing foreign intelligence services.

Of the possibilities, the third situation is the most threatening. China's conclusions on this point will largely depend on the strength of the rest of their intelligence capabilities. Can they find any evidence that the Americans really do have something hidden away?

Enter the "bizarre saga" of the United States Navy patents. If you're not familiar with the Navy's effort to patent seemingly hyper-advanced technology, take a moment to read the War Zone's essential reporting on this.

In short, an inventor affiliated with the Navy attempted to obtain patents describing technology that would “engineer the fabric of our reality at the most fundamental level.” Most working physicists regard the claims in the patents as outlandish. The patent examiner apparently held the same view, and the patent was rejected on the basis that it called for high energy electromagnetic fields on the order of a magnetar. In other words, totally impossible to achieve on earth.

Yet the Chief Technology Officer of the Navy wrote a letter supporting the patent:

Notably, China is cited as "already investing significantly in this area."

Ultimately, the full story is not yet available to the public. There are gaps that are impossible to fill without access to the highest levels of both the American and Chinese intelligence services.

However, one scenario could go something like this:

In 2004, aviators and crew of the Nimitz CSG stumbled into something extraordinary. Remarkable data was collected, but in the ensuing confusion and chaos, many were not sworn to secrecy. At the time, it was probably not entirely clear what happened, and thus there was no particular need for secrecy. The full significance of the data was only apparent later, after more prosaic possibilities were eliminated.

In the following years, China grew from a significant competitor to a strategic rival. By 2009 it was worming its way into American corporations in unprecedented ways. In 2012 it took a torch to the NSA's concept of NOBUS by depriving them of a key asset. It was a direct attack on NOBUS, since it exploited deliberate vulnerabilities once thought to only be useful to the United States. By 2015 they dealt a spectacular blow in the OPM hack. In the intelligence and defense community, it was impossible to miss this development because your personal information was hacked. It hit virtually every person in the national security enterprise, individually.

Along the way, the Chinese stole vast amounts of data on strategically sensitive programs. As we saw, they dramatically accelerated their own military technology with what they found.

At some point in this timeline there is a distinct possibility that they gained significant visibility into UAP efforts – either through the programs themselves, or through private contractor partners.

Knowing that the objects described are not Chinese platforms, and sufficiently convinced of American internal confusion on the topic, they undertook their own programs.

The US intelligence services likely became aware that they had lost their own version of NOBUS when it came to UFOs. In the past, competitors likely concluded that their own strange sightings were just advanced American spy platforms. To be sure, many if not most sightings probably were. However, at some point in the 21st century, China may have pierced the veil. Perhaps they learned that Americans are clueless about the truly strange cases, too.

Just as with the C-17, China was free to bootstrap their own research with whatever it has gained through hacking or other means.

In a clumsy effort to regain supremacy in the information war, the United States is now partly posturing as if it knows more than it does. The patents reflect the best working theory available – still far from anything actionable– but essentially a signal to China.

We know you're working on this. We know more than you do. We're still ahead. You didn't get everything.

In reality, we've possibly lost the only advantage we had: the uncertainty of our rivals. The strangeness of the recent news about UAP/UFO programs is not a form of high minded disclosure: it is self-defense. China is becoming more capable, and if there is something significant behind these sightings there is a risk that it will take the lead.

By coming out into the open now, the United States sacrifices little – the game is already up. It stands to gain a great deal if it can successfully activate its own considerable STEM resources. Advances will arguably only be made by leveraging a larger portion of society. Small groups working on this problem have not apparently yielded much.

NOBUS has collapsed, and we now find ourselves in a race. Our most significant rival has stolen decades of our homework. In 2017, the number of scientists leaving the United States for China increased 69% over 2010. Research and development spending continues to grow. China's Five-hundred-meter Aperture Spherical Radio Telescope (FAST), constructed in 2016, is the largest radio telescope in the world.

In short, American NOBUS may have become FOMO: Fear Of Missing Out.