Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Ni Hao Chairman Meow!’ Category

Weapons Of Mass Disruption: Cyberpocalypse-a-palooza

leave a comment »

To avoid a digital doomsday, Clarke and co-author Robert Knake argue that America needs to treat cyberattack capabilities as nothing less than weapons of mass destruction that can “skip over the battlefield” to target civilian life. That sort of threat, like nuclear weapons, calls for a multi-tiered response: treaties, transparency, beefed-up defenses and a focused concern on rogue states.

Cyberwar treaties face a problem that traditional ones don’t. An enemy could easily hide the source of attacks by routing them through hijacked computers in another country or attributing them to independent criminals.

But Clarke contends that a government could be held accountable for helping to track down any cyberattack originating within its borders, just as the Taliban was held responsible for harboring Osama bin Laden. Although attribution on the Internet isn’t as simple as in traditional warfare, cyberattacks can be traced. Clarke says forensic hackers can follow the trail of bits when they’re given time and leave to breach enemy computers.

“The NSA can do that. And the NSA tells me that attribution isn’t actually a problem,” he says bluntly.

Full article HERE

Dick, Dick, Dick, I am with you in so many ways.. BUT, when you start talking about DPI of the WHOLE INTERNET, then you lose me pal.

Sorry *shrug*

I personally don’t want the whole of the internet being siphoned even MORE than it already is by DPI at every providers NOC with a NARUS STA6400 system installed.

Nope, no thank you.

Now, on the other things likes accountability for nations with server on their soil I am with you. If a server is public/private and is on your soil, there should be “some” responsibility there. At least there should be enough to enforce security practices be carried out to prevent it from becoming the botnet slave in the first place no? Of course Obama wussed out on that one here didn’t he? No rules will be created to enforce that type of accountability here in the private sector.. No sir! It would put an undue strain on the private sector!

*tap tap* Uhh sir, most of the infrastructure is in “private” hands… Umm without making them do some due diligence we are fucked mmmkay?

Yeah…

Meanwhile, lets talk to the italicized and BOLD text. Back in the days of yore, when pirates roamed the seas, there was a thing called a “Letter of Marque” basically, government would give a pirate hunter the letter and say “go git em” This is what we need today I think. Of course this is touchy, but, this is pretty much what Dick is alluding to. He says that he “knows” that were the NSA given a letter of marque, they could not only penetrate the systems involved, but also run the forensics to attribute where the perp really is.

“Whoa” to quote Neo…

Yes, it’s quite true. Not only the NSA could do this though. Go to the BlackHat or Defcon and you would have a plethora of people to choose from really. So this is no mysterious mojo here. Its just that this type of action could cause much more ire than the original attack maybe and lead us into that physical war with the nukes. Who knows.

I guess though, that what has been seen as the model for the future “internet” with cyber-geographic demarcations might just be the real future state we need. At least that is what Dick’s advocating here and I can sorta see that as a way to handle certain problems. If we break up cyberspace so to speak, into regions (like the whole .XXX debacle) then we can have set rules of governance. At present the internet is just a giant wild west stage complete with digital tumbleweeds and an old whore house.

*pictures the dual swinging doors and spurs jangling*

The one thing that rings true though, is that there needs to be some accountability.. Just what form that will take is anyone’s guess. For now though, we will continue on with the lame government jabbering and frothing with the lapdog that is the so called “press” lapping it all up and parroting it back to the masses.

Smoke em if ya got em…

CoB

Let’s File This Under: No Shit Sherlock

leave a comment »

Internet-based attempts to steal U.S. military technology via defense contractors are on the rise, according to an annual Department of Defense analysis of data supplied by the defense industry.

Not only are network probes and intrusions on the increase, the Department of Defense said in the report, which it released late last month, but so are “bold and overt” requests for information made via e-mail and even social networks.

Information systems are the most-heavily targeted of military technologies, according to the report, closely followed by aeronautics. Efforts to get details on unmanned aerial vehicle technology are becoming so widespread that the report broke out a separate section about UAVs, finding that, there, too, foreign elements are looking for information on UAV IT systems.

Full Article HERE:

Yet again, this is not news per se.. This has been going on for some time at the defense contractors as well as other places of business. The Chinese are very adept at this.. Well sometimes not so “adpet” as much as persistent. Often they will send people on “knowledge exchanges” to get data from companies by simply asking for it nicely.

Often that is all it takes much to the chagrin of the companies that have been thieved from by such exploits. The new twist though has been the use of the social networking angle. Of course the APT is agile enough to figure out that this is a great way to socially engineer what they want from some shmuck online. Whats more, many of these companies may in fact NOT have any rules on their employees use of social media at the office, never mind any guidance of what not to publish personally about work.

Know what it’s gonna take to prevent this stuff?

Education of users!

GAH! I SAID IT!

Many are loathe to hear such things… But, that’s the key kids. I was thinking about it this morning as I listened to NPR’s second installment on cyberwar. Many of the problems we face today in the private sector where cyberwar is concerned  stem from user issues as well as uneducated management. The combination of the two can be a potent recipe for major PWN.

When management doesn’t get security, and does not teach or mandate security principles for the EU’s, then you have a complete FAIL on security measures. So much so that in some cases I have been party to, servers are placed into environments un-patched and effectively pre-pwn3d by lack of due diligence and due care to secure them.

Suffice to say that in some cases these low end social engineering attacks are the least of their worries… But they trundle on developing more insecure homegrown apps and buying every COTS package that promises to secure the shit out of them but in reality does little to protect them. Without education of the users and management, you have a null sum game.

Anyway, back to the Chinese… Yes, they have been calling/emailing/Friend-ing for a while now to use the OSINT/Social Engineering/ Pretexting exploits that work ever so well on an innocently slumbering nation.

It’s not new. It’s just the news du jour… How about some education huh?

CoB

MID’s “Seventh Bureau” and You.

with one comment

Two examples of Chinese firms buying U.S. companies are China National Aero-Technology Import & Export Corp. (CATIC) and Huawei. In the first case, CATIC bought the American defense technology firm Mamco Manufacturing, a Seattle-based aircraft parts manufacturer, in 1990. CATIC has a direct connection to the PLA and probably wanted to use the Seattle firm to acquire aerospace technology. The U.S. investigation also found that Mamco technology itself was already under export limitations. Huawei has attempted to buy many foreign firms outright, includingU.S.-based 3com.

Huawei established a joint venture with the U.S. anti-virus software company Symantec in 2008, headquartered in Chengdu, China. At this point it only offers software in China, but STRATFOR sources say that if Huawei were to be used for Chinese intelligence, it could easily insert spyware into computer systems subscribing to the service.

In Hong Kong, agents are recruited by the MSS’ Third Bureau, which handles Chinese intelligence operations in Taiwan, Hong Kong and Macao. One of their major tasks is purchasing targeted technologies through front companies. These businesses are usually not run by intelligence officers themselves but by people who have connections, sometimes overt, to the MSS.

One recent case involved the 88 Queensway Group, named for the address of an office building in central Hong Kong that houses many state-owned Chinese companies, along with the China Investment Corporation, the country’s sovereign wealth fund. A U.S. Congressional report claimed a possible link between the building and “China’s intelligence apparatus.”

“If” Huawei were to be used for Chinese intelligence? I would probably just say “when” but, I guess one can’t be sure unless there are some serious code checks going on in the US. Anyone you know actually done a security code review of Symantec lately?

The above text comes from a recent STRATFOR bulletin on Chinese espionage tactics and organizational structure. A rather enlightening piece really for anyone interested in how the Chinese juggernaut of espionage works. Of course when you think about it, their paradigm is much different than ours of any of the other intelligence agencies in other countries just from their “Human Wave” aegis.

What I really hope here is that more corporate types are actually able to get this content from Stratfor and get enlightened on how things work. As the report states, and many of us in the security business have known, is that the Chinese are VERY focused on industrial espionage. They also carry out this espionage in rather interesting ways.

Another fascintating factoid was the following passage:

In the past, a major criticism of China’s intelligence operations was the time it took to clone a weapons system — gather the information, reverse-engineer the system and put the pieces back together. By the time something was copied from an adversary’s arsenal, the adversary had already advanced another step ahead. That does not seem to be such a problem today, especially in those areas involving asymmetrical technologies such as anti-ship ballistic missiles, which China is developing on its own.

I believe that this paragraph infers a lot on the revelations about Operation “AURORA” and others like it of late. You see, traditional espionage takes more time to develop assets and get the data. With the new techniques of Advanced Persistent Threat technology, they can harvest the data at the speed of PWN. So, it’s in their best interest for getting the data and reverse R&D to just steal  it through hard to detect channels.

THIS is something that the mainstream media nor the “in the know” guys are not getting across to the masses. It is only natural that their paradigm would change and thus the “attacks” would ramp up.. Well, at least that we would finally catch on to the fact that they are doing this. We have been asleep at the digital security wheel far too long.

So, there you have it. Take a look at the report and read for yourselves.

“Know your enemy, Know yourself, Win the battle”

CoB

PLA officer urges challenging U.S. dominance

with one comment

(Reuters) – China should build the world’s strongest military and move swiftly to topple the United States as the global “champion,” a senior Chinese PLA officer says in a new book reflecting swelling nationalist ambitions.

China

The call for China to abandon modesty about its global goals and “sprint to become world number one” comes from a People’s Liberation Army (PLA) Senior Colonel, Liu Mingfu, who warns that his nation’s ascent will alarm Washington, risking war despite Beijing’s hopes for a “peaceful rise.”

“China’s big goal in the 21st century is to become world number one, the top power,” Liu writes in his newly published Chinese-language book, “The China Dream.”

“If China in the 21st century cannot become world number one, cannot become the top power, then inevitably it will become a straggler that is cast aside,” writes Liu, a professor at the elite National Defense University, which trains rising officers.

Full article HERE

Why do I feel like I have suddenly found myself in the plot of “The Bear and the Dragon” by Tom Clancy? Except instead of oil and gold deposits in Siberia we are waging battle for the gold of IP in the digital void?

This is a very important piece to pay attention to though. This Colonel really does have a contingent of the populace (the younger set) who would love nothing more than to just let the “Dragon” out of the cage to wreak havoc on us. The PLA has become strong and I am sure that some of the hard liners in power think that the “Thousand Grains of sand” approach has about run out of sand.

Look at it this way:

  • Our economy is in the worst place its been since the great depression
  • Our government is completely ossified and unable to do anything
  • Our economic engine has been stalled out and outsourced
  • Our schools are turning out less and less qualified technical people
  • We are a nation divided
  • Our debt is pretty much wholly owned by China
  • We are in a three front war with terrorism
  • Our forces are overstressed and dispersed
  • We have been terrible at securing our digital infrastructure

I could go on, but this was likely ponderous enough for you all. Look, what I am saying is this guy’s right. We are easy pickins really at this moment in time. We are down on the ground and they are the cobra kai.. And we ain’t no “Daniel San” to mix movie cultural references.

Either way I look at it I see some real problems. I know I know, you are thinking that they (China) need us as a trading partner. Yes, yes they do. However, I do not think that they need us “that much” that they would not consider at the very least pulling the plug on us.

There is a growing contingent of ultra national followers in China and they want to be “THE” superpower… And I think that they see their chance now. What would it take to trip the switch?

A blended Cyberwar attack with physical and economic contingent.

Like they say “May you live in interesting times”

Indeed.

Ni Hao Chairman Meow REDUX

leave a comment »

No Time Name Source
1 3/8/2010 14:59 SCAN nmap TCP 210.73.83.210
2 3/8/2010 14:58 SCAN nmap TCP 123.127.123.82
3 3/8/2010 14:39 SCAN nmap TCP 210.73.83.210
4 3/8/2010 14:39 SCAN nmap TCP 123.127.123.82
10 3/8/2010 14:19 SCAN nmap TCP 210.73.83.210
11 3/8/2010 14:19 SCAN nmap TCP 123.127.123.82
14 3/8/2010 13:19 SCAN nmap TCP 210.73.83.210
15 3/8/2010 13:19 SCAN nmap TCP 123.127.123.82
17 3/8/2010 10:38 SCAN nmap TCP 210.73.83.210
18 3/8/2010 10:38 SCAN nmap TCP 123.127.123.82
21 3/8/2010 9:38 SCAN nmap TCP 210.73.83.210
22 3/8/2010 9:38 SCAN nmap TCP 123.127.123.82
24 3/8/2010 8:18 SCAN nmap TCP 210.73.83.210
25 3/8/2010 8:18 SCAN nmap TCP 123.127.123.82
29 3/8/2010 7:37 SCAN nmap TCP 210.73.83.210
30 3/8/2010 7:37 SCAN nmap TCP 123.127.123.82
31 3/8/2010 7:18 SCAN nmap TCP 210.73.83.210
32 3/8/2010 7:18 SCAN nmap TCP 123.127.123.82
33 3/8/2010 7:17 SCAN nmap TCP 210.73.83.210
34 3/8/2010 7:17 SCAN nmap TCP 123.127.123.82
35 3/8/2010 6:38 SCAN nmap TCP 210.73.83.210
36 3/8/2010 6:38 SCAN nmap TCP 123.127.123.82
37 3/8/2010 6:26 SCAN nmap TCP 202.106.106.160
38 3/8/2010 6:20 SCAN nmap TCP 61.150.43.96
39 3/8/2010 6:20 SCAN nmap TCP 117.35.158.20
42 3/8/2010 3:18 SCAN nmap TCP 210.73.83.210
43 3/8/2010 3:18 SCAN nmap TCP 123.127.123.82
44 3/8/2010 2:58 SCAN nmap TCP 210.73.83.210
45 3/8/2010 2:58 SCAN nmap TCP 123.127.123.82
46 3/8/2010 2:33 SCAN nmap TCP 60.199.67.8
47 3/8/2010 2:18 SCAN nmap TCP 210.73.83.210
48 3/8/2010 2:18 SCAN nmap TCP 123.127.123.82
49 3/8/2010 2:10 SCAN nmap TCP 220.191.241.2
50 3/8/2010 2:09 SCAN nmap TCP 60.12.6.238
51 3/8/2010 1:57 SCAN nmap TCP 210.73.83.210
52 3/8/2010 1:57 SCAN nmap TCP 123.127.123.82
54 3/7/2010 22:57 SCAN nmap TCP 210.73.83.210
55 3/7/2010 22:57 SCAN nmap TCP 123.127.123.82
56 3/7/2010 22:37 SCAN nmap TCP 210.73.83.210
57 3/7/2010 22:37 SCAN nmap TCP 123.127.123.82
585 3/3/2010 5:07 SCAN nmap TCP 61.150.43.96
586 3/3/2010 5:07 SCAN nmap TCP 117.35.158.20
587 3/3/2010 4:39 SCAN nmap TCP 61.150.43.96
588 3/3/2010 4:38 SCAN nmap TCP 117.35.158.20
589 3/3/2010 4:31 SCAN nmap TCP 61.150.43.96
590 3/3/2010 4:30 SCAN nmap TCP 117.35.158.20
623 3/2/2010 14:54 SCAN nmap TCP 58.252.173.218

The Chairman has been busy lately hitting my IP address. I have to wonder how many other systems they are just scanning out there every second of the day. I think the greatest one was the “Peoples Party School” that was a knocking.

Of course these could just be systems that have been compromised and used to bounce these scans…

Either way, interesting traffic… Inscrutable.

Written by Krypt3ia

2010/03/08 at 20:46