Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘MSS MID Seventh Bureau’ Category

从中国用爱 From China with Love: The Chairman Meow Collection

with 3 comments

From China with Love:

Within the last year (since Stuxnet) the general populace has become more aware of the problems we all face from digital attacks and espionage. Of course sitting here today writing this blog entry, I look back at my past posts and wonder just why people are catching on now. China has been working us over for a long time and with each day’s passing we have been steadily more and more compromised by the 7th directorate and their proxy hacking groups. This is not to say that others aren’t doing the same thing as well. China just happens to be the more active due to their single minded desire to be the pre-eminent superpower and they have the politically charged populace to do it (i.e. PLA and their civilian hacking counterparts)

Israel, Russia, England, the list goes on, all spy on us as we spy on them. In the case of industrial espionage, the Chinese are first on the list, followed closely by Israel and Russia as well as France. Its a game we all play, its just that China has been going at it in a much smarter and cohesive way is all. All one need do is look at the current state of affairs to determine that they have been exceedingly adept at it as well, kudos to them really and shame on us. We (the US) have been too busy being slaves to greed and cheap products from, you guessed it, China, to notice that our collective clocks were being cleaned. Sure, some have been in the know about this (the military, DOD DIB parters) but we have been hampered by several things.

1) Contractors (i.e. private companies) do not have robust security postures and often are connected to DOD systems (say an air force base) Not to mention that these systems that the contractors own hold the goodies and escalation vectors that the APT want. Patching, IDS/IPS, SIEM, DLP, all words that are foreign to many exectuives making decisions about security and often have not one clue in the matter to start. I have in fact seen one place that had a C level exec with a 4 character password to their system! One that also had a pre-populated ID! YAY! Way to go there Mr. C level who manages a company that makes war-fighter systems! So, suffice to say that they companies have been ill equipped to handle security and the executives have been reticent to care.

2) Government regulations have been too lax in governing the security mandates and repercussions on any and all contractor companies that work on war-fighter systems. Sure, there are ITAR regs and potential fines, but really, how many of these companies have had true audits of their networks and environments to test their security postures? A good red team of many of these places I am sure would turn up shockingly scary vulnerabilities and network security gaff’s that would, if leveraged by the likes of the Chinese, lead to huge compromises of the companies as well as their proprietary data. In the time I was at a defence contractor, I only saw one red team and in that event it only took about an hour to compromise the place utterly. We need to enforce security on all defense contractors for both sides of their businesses (defense base and public) in order to insure that the data is safe. Right now, even after everything that has happened with China, we still have no real regulation and control over these companies security postures and that is why we will keep failing.

3) Human nature and corporate group think are the lead causes in our failures mentioned above. We as beings seem to lack the ability to see the long term dangers with regard to this type of warfare. We are also being leveraged by social engineering attacks (phishing, vishing, etc) to gain the toehold into the networks that lead to escalation and persistence. We need to be teaching secure computer practices both on a personal and a corporate level in order to be better equipped to try and stop these attacks. It’s not going to be the new piece of hardware or software that the vendors want to sell you (though they do have a place if they work) but instead the human factor that will be able to help here. I just would like to see the C levels at least aware of the security threats and really understand them. So far, I have seen too many in management without a clue and who don’t seem to care.

So, what I think we really need are some rules set up for companies doing government business that mandate secure practices and insure that if those companies are not following through, will be fined and shamed as well as lose their contracts. Its one thing to be compromised even if you are doing the due diligence, its quite another to be compromised and not really care nor understand the problem because there are no negative incentives to being that way. In today’s world, we need to be sharper than this if we want to stay in play on the global scale.

What we really need to be now is a ‘Digital Sparta’

Meanwhile, we are behind the game here. The government is trying to come to grips with all of this (poorly) all the while the Chinese and others now using the APT style of persistent attacks, are making bigger and more audacious hits against us (cough RSA & Lockheed cough!) while the news media spins on telling only half of the story that they comprehend to the masses that have little comprehension of the issues at all. Meanwhile, we in the security community talk about attribution and the problems of not only trying to stop all this from happening, but also deal with the repercussions politically trying to capture those carrying out the attacks.

All of this during the cacophony of vendors (and I mean you McAffee) spewing buzzword bingo out of your collective keisters trying to make sales and use the situation to your advantage.

Its time to pay real attention to the problems allowing these attacks to take place so easily and to the companies that are being targeted by the likes of China. For a little more history, I have collected the “From China With Love” collection on my blog. Dating back to 2008/2009 to today, you can see that this has been going on for a long time, and there is much more that has gone on that you might know about, or ever will unless you are cleared to know.

Enjoy.

Is Someone in China Reading Your Emails?

Our Chinese Overlords, Or how China is pwning the US

Economic Warfare: The New World Threat Via Cyberspace

Ni HAO!

Ghost Net: Aka Subseven or any other trojan backdoor program

Cyber SPIES in our GRID! Let the hand wringing begin!

DoD 2009 PLA Cyber Warfare Capabilities Assessment

MID’s “Seventh Bureau” and You.

Major General Dai Qingmin’s Cyberwar

The Cyber Cold War

How The Hackers Took Google A Theory: Manipulation, Geopolitics, and Cyber Espionage

PLA officer urges challenging U.S. dominance

Operation: NIGHT DRAGON Nothing New, but It Bears Some Repeating

The Thousand Grains of Sand In The Electronic Age: China’s Cyber Espionage Capabilities Outstripping Ours

The Dragon and Eagle: China’s Rise from Hacking To Digital Espionage

Talk on Chinese Cyber Army Pulled From Black Hat: Nothing To See Here… Move Along…

America Faced With Wave of Chinese Espionage: Hello? Where Have You Been?

3322

Oh and as a post script; This post was also brought to you by @diocyde because he/she was such a pendantic wanker about me not caring about what China was up to as I was too busy chasing “pimple faced jihadists” online..

Moron.

K.

MID’s “Seventh Bureau” and You.

with one comment

Two examples of Chinese firms buying U.S. companies are China National Aero-Technology Import & Export Corp. (CATIC) and Huawei. In the first case, CATIC bought the American defense technology firm Mamco Manufacturing, a Seattle-based aircraft parts manufacturer, in 1990. CATIC has a direct connection to the PLA and probably wanted to use the Seattle firm to acquire aerospace technology. The U.S. investigation also found that Mamco technology itself was already under export limitations. Huawei has attempted to buy many foreign firms outright, includingU.S.-based 3com.

Huawei established a joint venture with the U.S. anti-virus software company Symantec in 2008, headquartered in Chengdu, China. At this point it only offers software in China, but STRATFOR sources say that if Huawei were to be used for Chinese intelligence, it could easily insert spyware into computer systems subscribing to the service.

In Hong Kong, agents are recruited by the MSS’ Third Bureau, which handles Chinese intelligence operations in Taiwan, Hong Kong and Macao. One of their major tasks is purchasing targeted technologies through front companies. These businesses are usually not run by intelligence officers themselves but by people who have connections, sometimes overt, to the MSS.

One recent case involved the 88 Queensway Group, named for the address of an office building in central Hong Kong that houses many state-owned Chinese companies, along with the China Investment Corporation, the country’s sovereign wealth fund. A U.S. Congressional report claimed a possible link between the building and “China’s intelligence apparatus.”

“If” Huawei were to be used for Chinese intelligence? I would probably just say “when” but, I guess one can’t be sure unless there are some serious code checks going on in the US. Anyone you know actually done a security code review of Symantec lately?

The above text comes from a recent STRATFOR bulletin on Chinese espionage tactics and organizational structure. A rather enlightening piece really for anyone interested in how the Chinese juggernaut of espionage works. Of course when you think about it, their paradigm is much different than ours of any of the other intelligence agencies in other countries just from their “Human Wave” aegis.

What I really hope here is that more corporate types are actually able to get this content from Stratfor and get enlightened on how things work. As the report states, and many of us in the security business have known, is that the Chinese are VERY focused on industrial espionage. They also carry out this espionage in rather interesting ways.

Another fascintating factoid was the following passage:

In the past, a major criticism of China’s intelligence operations was the time it took to clone a weapons system — gather the information, reverse-engineer the system and put the pieces back together. By the time something was copied from an adversary’s arsenal, the adversary had already advanced another step ahead. That does not seem to be such a problem today, especially in those areas involving asymmetrical technologies such as anti-ship ballistic missiles, which China is developing on its own.

I believe that this paragraph infers a lot on the revelations about Operation “AURORA” and others like it of late. You see, traditional espionage takes more time to develop assets and get the data. With the new techniques of Advanced Persistent Threat technology, they can harvest the data at the speed of PWN. So, it’s in their best interest for getting the data and reverse R&D to just steal  it through hard to detect channels.

THIS is something that the mainstream media nor the “in the know” guys are not getting across to the masses. It is only natural that their paradigm would change and thus the “attacks” would ramp up.. Well, at least that we would finally catch on to the fact that they are doing this. We have been asleep at the digital security wheel far too long.

So, there you have it. Take a look at the report and read for yourselves.

“Know your enemy, Know yourself, Win the battle”

CoB